Neville Samuell
August 10, 2023What GDPR and OSS Licenses have in common
Read how our VP of Engineering Neville Samuell combines his love for the General Data Protection Regulation (GDPR) and the open-source software community here.
If you’re like a lot of software engineers, you probably love open-source software (OSS) but hate the GDPR.
That’s a shame!
There’s a lot to love in the GDPR, and I’d like to highlight a lesser-known “feature” that it shares with OSS: they both are designed to multiply their impact by leveraging the power of communities.
One of the lesser known features of the GDPR is the requirement for data processing agreements (DPAs). Two companies must enter into a DPA before they are allowed to transfer personal data between each other.
For example, when one company (data controller) wants to use another company (data processor) to process personal data on its behalf, the controller *must* enter into a DPA with the processor to be compliant. Additionally, the processor needs to enter into DPAs with all the other companies they use.
And so on…
The end result is that privacy protections spread from one company to another organically and multiply each time. This gradually increases the scope and impact of the GDPR until user data is protected end-to-end.
Similarly, the writers of open-source software projects allow other users to copy and reuse their source code, as long as they agree to the terms of their OSS license. Examples of these licenses include GPL, MIT, and Apache. All of them typically require that the original license text is preserved and maintained in all copies of the source code This allows the code to be reused while protecting the interests of the code’s original authors.
It’s not unusual for a single open-source project to include licenses from hundreds of other projects. This web of interconnected licenses forms strong protections for the OSS community overall.
So, what’s my point? In general, most of the focus on the GDPR is the big, visible news like multi-million dollar fines and huge compliance costs. However, when I think about the overall impact of privacy regulations, I think about the millions of DPAs that exist, and the power of all those bonds to build a stronger fabric of trust on the Internet.
Announcing faster, better privacy support@ethyca.com
Read MoreToday we’re announcing faster and more powerful Data Privacy and AI Governance support
Fides 2.28 Release: user experience enhancements
Read MoreSee new feature releases enhancing user experience, adding new integrations and support for IAB GPP
Fides 2.27 Release: customer privacy experience enhancements
Read MoreLearn more about the privacy and data governance enhancements in Fides 2.27 here.
Fideslang: an open ontology for data privacy and AI governance
Read MoreRead Ethyca’s CEO Cillian Kieran describe why and how an open data governance ontology enables companies to comply with data privacy regulations and frameworks.
Webinar Recap: Unpacking Privacy Engineering for Lawyers
Read MoreEthyca sponsored the Unpacking Privacy Engineering for Lawyers webinar for the Interactive Advertising Bureau (IAB) on December 14, 2023. Our CEO Cillian Kieran moderated the event and ran a practical discussion about how lawyers and engineers can work together to solve the technical challenges of privacy compliance. Read a summary of the webinar here.
LinkedIn Live Recap: Unpacking the European AI Act for Governance & Data Teams
Read MoreEthyca’s CEO Cillian Kieran hosted a LinkedIn Live about the newly agreed upon EU AI Act. Read a summary of his talk and find a link to his slides on what governance, data, and engineering teams need to do to comply with the AI Act’s technical risk assessment and data governance requirements.
Ready to get started?
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Request a Demo