[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

Brian Behlendorf brian at behlendorf.com
Thu Feb 13 19:55:27 UTC 2020

Has anyone considered the PII and GDPR/CCPA/etc implications of the CAL? 
Could there be scenarios where the CAL requires behavior that the GDPR 
prevents? Those licenses introduce a concept completely foreign to 
copyright law, which is data protection rights for the subjects of data 
(who that data is about), even if that subject isn't a party to the 
transfer of software and thus covered by this license. What would be the 
ramifications of such a clash? Could someone using the software have to 
stop using it based on a request from a data subject?


On Thu, 13 Feb 2020, Eric Schultz wrote:
> Sorry to bring this up at a late stage but I just thought of a situation I wanted clarification on. Let's say a voice recognition provider using the CAL allows users to confidentially choose to submit
> their voice recordings to improve the quality of recognition. Is there any sort of dynamic here where one user would be able to request access to all of the other users confidential recordings? My
> hunch is no but it's a little bit of a different situation than I had seen considered on the list.
> Eric

More information about the License-review mailing list