I have a similar question. The Constitution gives regulation of interstate commerce to Congress, not the states. Suppose that I am a Delaware company that does business in California but is headquartered in New Jersey. If I sell personal data to a New York company where some of the IP addresses and cookies are associated with Californians, what gives California authority to regulate that commercial transaction?
I am not a lawyer, but this sure feels like overreach. On Sun, Feb 16, 2020 at 6:59 PM Lawrence Rosen <[email protected]> wrote: > I would appreciate a more complete answer to Brian’s question. GDPR and > CCPA deal with “personal information” under statutory authority in various > jurisdictions. Neither relies on copyright law to control access to or use > of personal information. So is CAL relying only on contractual law stated > in the license agreement to provide restrictions on the use or distribution > of such data? Where is the constitutional or statutory authority to control > *data* used by a copyrighted or patented work of software? Is this in > principle like the attempt of software licenses to control the uses of > APIs? Both may be an overreach. Strong wishes and heartfelt goals may not > be sufficient authority to do something with intellectual “property,” if > property it actually is short of trade secrets or personal information. > > > > This reveals how little I understand about this topic and about CAL. > > > > /Larry > > > > *From:* License-review <[email protected]> *On > Behalf Of *VanL > *Sent:* Thursday, February 13, 2020 12:03 PM > *To:* License submissions for OSI review < > [email protected]> > *Subject:* Re: [License-review] For approval: The Cryptographic Autonomy > License (Beta 4) > > > > Hi Brian, > > > > On Thu, Feb 13, 2020 at 1:56 PM Brian Behlendorf <[email protected]> > wrote: > > > Has anyone considered the PII and GDPR/CCPA/etc implications of the CAL? > Could there be scenarios where the CAL requires behavior that the GDPR > prevents? > > > > The CAL was written with particular care to be compatible with the GDPR > and CCPA, and carefully use similar language. In fact, the first version > had a interpretive aid specifying that complying with specific paragraphs > of the GDPR would also result in a compliant delivery of user data under > the CAL. That paragraph was removed due to misunderstandings about its > effects, but it is still true. > > > > Thanks, > Van > > > > > > > > > > > _______________________________________________ > License-discuss mailing list > [email protected] > > http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org >
_______________________________________________ License-discuss mailing list [email protected] http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
