[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

Josh Berkus josh at berkus.org
Sat Feb 15 20:22:47 UTC 2020

On 2/14/20 4:24 PM, Brian Behlendorf wrote:
> I realize this is moot with the OSI board recommending approval (or did
> they approve?), but I'm not persuaded by what was written at that link
> (starting with "GDPR is about privacy, not data" - the "D" is literally
> "Data" and the P is not "Privacy"). I'm not a GDPR expert by any
> stretch, but found in other discussions that making self-sovereign
> identity systems GDPR-compatible to involve several layers of
> non-trivial issues. Issues such as the fact that any particular bit of
> data is rarely about just one person, and more often than not about two
> people; hashed/encrypted data can also be PII; and that there are
> reasonable exceptions where data can't be shared or deleted upon request
> that are not machine-parseable situations (such as "valid business
> reason"). GDPR's impact is also still evolving as enforcement actions
> establish a track record for how it will be enforced and accepted by
> judges on broad or narrow interpretive bases. It's a ton of complexity -
> but all of which I find myself arguing on the side of being an
> unavoidable part of the ethics of dealing with data about other people.

Hmmm.  I know a law student who is writing a paper on GDPR for school;
I'll see if I can interest her in taking on CAL vs. GDPR as a law paper.

Josh Berkus

More information about the License-review mailing list