> and EU law isn't applied by some overarching entity.
It is. EU law as a whole is ultimately applied by an entity, the Court of Justice of the European Union. It is overarching, over national courts, over national governments, and over EU bodies.
Then within EU law, you have several branches and distribution of who has authority etc. Primary EU law is the foundational basis (some would say a "constitution" effectively even though the word has been a political minefield) and does provide some "overarching entity" in some areas.
Then within Secondaru EU law, you have regulations, orders, directives, etc. Many regulations and orders have an EU overarching entity, and in many cases the European Commission has a central role.
> On a technical level, each country ratifies and applies their own laws in their own ways.
That is a gross mischaracterisation and overgeneralization of EU Directives.
EU Directives as a general rule* don't have "direct effect" in a Member State. They set a goal agreed at the EU level, and the Member State are bound to implement the means in their national laws to reach the goal. That usually (but not always) means at a national level the adoption of a legal act by national Parliament.
*as a general rule because as always there are exceptions.
I think you are correct about the article. But I still think a lot of cars on the EU market collects (top much) information. But thats just a guess for sure
Random post on the internet by what seems a a nonlawyer. Be careful.
"The AGPL, like the GPL, is a copyright licence, not a contract" actual authoriative legal source needed. For what it's worth, this is plain wrong under French law (and I'm a lawyer and there is actual case law in France to support the view that GPL is a contract).
Not a lawyer, but as part of my degree, I had to study the relevant parts of the law for an engineer.
The one thing I learned, and the teacher (lawer) was very clear about: “all is a contract”.
Event two people agreeing something with a handshake, if witnesses are present, can be enforced like a written contract.
So I’m extremely uncertain of the assertions made there. Also the AGPL was written with lawyers involved in the process…
Under US law, a license is different than a contract. The GPL and friends are very explicitly NOT contracts (in contrast to EULAs, which try to be).
Which is super-helpful only if you never intend to leave the US.
Most software has users in 200+ jurisdictions, and you can get sued in almost any of them. A court in the Maldives or New Zealand might have a very hard time enforcing a judgment if your legal presence is only in the US, but outstanding judgments can mean:
1) A cap on growth (you can never establish a presence in those jurisdiction until / unless you've resolved you ballooning liabilities)
2) A cap on acquisitions (you can never be sold to or buy an organization with a legal presence there, again, without work)
3) In a worst-case, if the liability is bad, being personally thrown in prison the instant you step off of a plane in a jurisdiction where you have outstanding liabilities.
... and other badness.
It, therefore, often make sense to avoid walking along the edge cases of the law.
> The GPL and friends are very explicitly NOT contracts
The FSF and friends have very explicitly commented that the GPL is not a contract. (In my experience, they are also rather sloppy lawyers in the sense that they tend to put ideology over positive law.) There's nothing explicitly saying so in the GPL text, and the section saying that if you don't accept the "license" you will be in violation of copyright law can actually be read both ways (IMHO).
If you search around, quite a few jurisdictions have apparently ruled that the GPL can be treated as contract. Even the US, maybe: https://qz.com/981029/a-federal-court-has-ruled-that-an-open... (note: take conclusion with a grain of salt). From a common law perspective though, there's really no reason to not consider the GPL a contractual license..
That said, I honestly don't know what's worse -- breach of contract or breach of copyright law. The latter can sometimes carry criminal consequences (and yes, you can be extradited if you are unlucky), while a court ordering performance of contractual obligations can be bad if it's really inconvenient for the business.
> The FSF and friends have very explicitly commented that the GPL is not a contract.
One of the interesting pieces of law is that in a situation like this one, the intent of the drafter is strongly taken into account. The FSF says it's not a contract, publicly and vocally. That will be used in any court, and a court is very unlikely to overturn that.
> (In my experience, they are also rather sloppy lawyers in the sense that they tend to put ideology over positive law.)
I can't speak for FSF lawyers in general, but Eben Moglen, who drafted this language, is a super-careful lawyer.
Once you’ve lawfully obtained code you don’t need a license to run it in the USA. The Copyright Act explicitly gives you the right to make additional copies necessary (like loading into memory) to execute it so no license is required to run it.
Much like most lease agreements that are full of illegal or inoperative clauses, EULAs are largely a bluff backed not by the law but the other party’s ignorance and the threat of a ruinous lawsuit. The process is the punishment.
Of course once you want to redistribute or create derivative works you need additional permission.
It's more complex. EULAs /were/ a bluff when originally created, and would never have stood up in a 1990-era court. In 2020, it's more complex. Courts try not to disrupt the status quo. After 3 decades of industry practice, failing to enforce an EULA would do that. Ergo, recent Courts have often upheld EULAs as contracts...
Under U.S. law, a license is a contract. In fact, an EULA is an "end user license agreement."
The difference between a license like the AGPL and a normal contract is in how the contract is formed. Normally a contract requires explicit acceptance to be valid, but for licenses implicit acceptance is allowed, such as by using the licensed material after having been showed the license governing the use of that material.
Excerpt for where to start reading: "This right to exclude implies an equally large power to license—that is, to grant permission to do what would otherwise be forbidden. Licenses are not contracts: the work's user is obliged to remain within the bounds of the license not because she voluntarily promised, but because she doesn't have any right to act at all except as the license permits."
What constitutes as a contract can depend on the legal system at play. Even in western legal systems, the English, French, and German based approaches to law can have different implications when it comes to philosophical questions like "are licenses contracts". As far as I know, GPLv2 is considered a contract under these legal systems, but I'm not lawyer.
AGPL and most GPL derivates were certainly made with the help of lawyers, but those lawyers overwhelmingly studied American law, since that's where these licenses came from. They can be used in other countries of course, but they are full of American legalese. Direct translations do exist but they don't alter the words to accomplish the same effect under different systems of law. For example, the vitality of GPLv2 does not apply in Germany: https://cms-lawnow.com/en/ealerts/2022/01/developments-in-op... and GPLv3's punishment clause protecting violators for their first incompliance, without further punishment, was denied: https://blog.versioneye.com/2015/09/21/judgment-to-gpl-viola...
The exact same legal text can have an entirely different meaning when interpreted by a foreign judge in another country. What is a watertight contract in one place, is a breach of a party's freedoms in another. There's a reason the exact text written in treaties is argued over for years, because it's challenging to express what you want to say in a way that's legal for every party's jurisdiction.
IANAL. But, obviously, a license is a license, and a contract is a contract.
If I produce a copyrighted work, you can't copy it without my permission, which is what a license is. If I grant you a license, I can require that you do something for me in return (e.g. pay me), and I can restrict what you can do with your copies. That's a contract, and if you violate it's terms, you might lose the license.
In the german context, everything that is agreed upon with two or more parties is a contract (afaik, I'm not a lawyer). Buying something => (implicit) contract. agreeing to cookies => contract. T&C on a website => contract. Borrowing something from a friend => (very implicit and vague) contract.
accepting a license (maybe implicitly by downloading content) => contract.
Lawyers and courts then decide if certain clauses are ok and valid or not, if and when someone sues. I'm not sure what differences you see between contracts and licenses. In Both cases, both parties have obligations and responsibilities to follow, in return for a gain (or sometimes no gain).
> I'm not sure what differences you see between contracts and licenses.
The licence is the permission to do something that without the licence you would not be permitted to do.
The contract is the agreement between the licensor and licensee as to the specific terms that surround the granting of that licence.
Consider a company licensing music - company A and B might both have an identical licence to use a particular song for any purpose, but the contracts they agreed for payments could be very different based on expected usage.
Breaking the terms of the licence is using the thing in a way that the licence doesn't expressly permit, e.g. if you have a licence to use any song from a company's entire catalogue for a TV show, but you then use it for a different show or in a film. Another example: I've worked on a computer game where we had a licence to use a particular song in-game, but not in promotional material.
Breaking the terms of the contract is failing to uphold your obligations, e.g. failing to pay an agreed annual fee or the correct amount of royalties.
You missed the part where a license is a type of contract...
A copyright license is a contract, wherein the copyright owner agrees to allow a third party the use of their copyrighted material in exchange for [X]. X might be money, or it might be an agreement to limit how the copyrighted material is used. There isn't another document or anything that says "License to Use [Copyrighted Material]",
This means that losing the "license" is the same as saying you no longer have an agreement allowing you to use the copyrighted material.
I agree with your general point (and I upvoted), but I think the author of both of your links misunderstands how even American courts would apply the GPL.
As to the first link:
When a person redistributes a GPLed program or a derivative work of one and refuses to share the source code with their recipients, there is a reason even most American GPL lawsuits are brought by or with delegated authority from a copyright holder of the original work. A regular recipient with no copyright claim might not have as strong of a claim to standing, especially if the defendant claims not to have consented to the GPL in the first place.
Without consent to the GPL, or even if the GPL is breached after valid consent, it’s entirely possible that the consequences imposed by an American court will be damages for copyright infringement and an injunction against further distribution of the infringing work without further copyright holder permission. It is not automatic that source code sharing, which would be an example of what’s called specific performance, will be ordered. It’s only one tool in a court’s toolbox of remedies, and a relatively disfavored one (especially in cases like this where unrelated corporate trade secrets might be exposed by such an order or where conflicting third-party licenses might actually forbid compliance).
The reason some level of source code sharing often results from these lawsuits is not because of a clear legal right to demand that a court order it, but because defendants usually prefer to comply than pay damages and suffer an injunction against further infringement, and plaintiffs in GPL lawsuits usually prefer to forgive past infringements in connection with obtaining compliance.
As to the second link:
The approach of American courts to this circumstance would likely vary by state. The GPLv3 doesn’t actually say that the penalties for the first violation are waived if the violation is cured within 30 days, and the wording for what it does say in this provision isn’t ambiguous, so some American courts would limit their analysis to the “four corners” of the contract/license and not infer a waiver of the penalties for the first violation any more than did that German court.
Other American courts would accept evidence of what the licensor or the license author intended, and therefore possibly waive those penalties in case of a timely cure.
(When I say “some American courts” or “other American courts”, it’s really a matter of which state’s law applies more than which court. But which court is actually making the ruling may literally matter when the relevant point of the relevant state’s law has not been clearly settled by that state’s highest court, when that highest state court is considering reversing its own prior ruling, when it’s unclear which state’s law should apply, or when the court makes mistakes in inexpertly applying the law of a state whose law it doesn’t often apply.)
A lot of people assume that more of the GPL has been authoritatively interpreted in court than is actually true. Most GPL compliance disputes never make it to court, and some that do end in settlements. Only very few end in final rulings, and most of those are lower courts or mid-level courts which in no way (beyond potential persuasive value) bind the rulings of other judges within the state or country.
Disclaimer for this entire comment:
I am not a lawyer in any country and am not giving any specific advice here about how any specific court would rule in any specific case. I have however attended the beginning of US law school including the introductory contracts law course, and have also collaborated in the past with lawyers specialized in the area of free and open source software as part of my Debian developer activities and my director and officer roles in the free software nonprofit Software in the Public Interest (SPI), as well with similarly specialized lawyers when I was in an open source-focused technical role at Google.
To avoid confusion, I hold no current director or officer role with SPI and am currently entirely inactive in Debian, though I officially remain a Debian developer and a non-contributing member of SPI. I also no longer work for Google. I am only speaking for myself here and not for Debian, SPI, or Google. I mention my past work with them only as relevant context informing my comments above.
Probably not. It's so much easier to choose one jurisdiction and do everything there. For multinationals they'll set up a legal entity in each jurisdiction and rewrite their agreements to be compliant in each place.
International law sucks and it's 100x more expensive than enforcing a domestic agreement.
And yet, free and open source software licenses are meant for licensors and licensees from around the world, so far more than just two jurisdictions for any of the common licenses, and rarely for only one or two jurisdictions even for more custom licenses except in the case where the license is different per jurisdiction or where almost all (licensor, licensee) pairs are in one or two jurisdictions.
Let’s say I use some code from stack overflow and it turns out to be GPL. Can the owner of the code sue to compel specific performance of the GPL? Probably not, since I can’t be bound be a contract I never even saw, I can be sued for copyright infringement however.
I'd assume you follow Stackoverflow's license here (creative commons). You do follow the necessary attribution requirement that Stackoverflow demands of you when you copy snippets from the site, don't you?
If you're made aware that the code you copied in good faith was not allowed to be granted to you under those terms, you'd probably just lose your right to use the code and nothing more. The person redistributing code under a wrong license is the main culprit, but since they were never allowed to hand out a license, you're screwed because of them. If you choose not to distribute the source code, you must remove it from your product as soon as possible.
Of course, this does assume that the code you copied passes the originality threshold. A simple multiplication or a very basic algorithm can be considered too simple to copyright, and GPL would be powerless.
It's so possible the use of the copyrighted code can be considered fair use. In the USA, Oracle sued Google over some GPLv2 API definition, but Google was ruled not to have to abide by the terms of the GPL license in that case, because of fair use reasons.
I'm pretty sure all contracts require an exchange, even if a token one. That's why there's a concept of a token payment. A contract without an exchange (a 1-sided contract) is a covenant.
A FOSS license is granting a right of use under a particular set of restrictions, and it is doing it through the means of voluntarily giving up the government-granted right to enforce copyright that the author is entitled to. But the customer is giving nothing. It can't be a contract. The violation of it only represents a loss for one side.
A license in exchange for payment is a different story.
It can still be considered like an exchange when there is written: "If you use this software, then you agree to comply to the license". Im not sure though to be honest. I might depend on the law system or the mood of the judge.
To me, that's like saying, "You can have a glass of water, but you can't have my car" is a contract.
"Give me a dollar and you can have this glass of water" is a contract.
edit: and to be a tiny bit less glib, a license is where I give up rights I already have, under particular conditions that I dictate. If you choose not to abide by those conditions, the only thing that happens is that I regain the ability to use the rights that I already have. I don't gain any super-copyright powers, or a more powerful copyright.
I know a farmer in a small village and they sell milk and cheese etc.
There is no cashier, you take what you want and let the money there.
It would still be breaking a contract if you dont...
I'm also an engineer that had to study basic law and what you described matches what I learnt. A contract requires a statement of intent[1], where the bar for this is pretty low, e.g. a handshake. So, many things are considered a contract that a layman wouldn't
think of. Of course not literally everything is a contract and the question regarding the GPL here is if this minimum threshold can be considered crossed.
[1] I think this is pretty universal across legal systems, but I could be wrong.
In American law, a contract must have three parts: an offer, acceptance, and consideration. Consideration is something of value given in exchange for the offer in the contract.
Because there is nothing paid for a piece of open source software downloaded off the interwebs, there is no consideration. Therefore, open source licenses by themselves constitute what is known as a bare license and may be revoked at any time, for any reason, by the licensor.
Yes, it has been argued, but has it been ruled so in a court of law?
The answer is no -- just the opposite. In Jacobsen v. Katzer it was ruled that the Artistic License is not a contract, and the licensor could seek damages for copyright infringement, not just breach of contract. In Artifex v. Hancom it was ruled that because the defendants did not agree to the contract terms for a proprietary license, the terms defaulted to the GPL which they were found in violation of as a license, not a contract.
And if a license is not a contract then it is a bare license and can be rescinded at any time for any reason.
I thought the problem with that argument was one part promissory estoppel and one part non-monetary consideration. EG you realized something under the GPL with expectation that said work would serve to for instance help you get a job later by demonstrating your work and users by submitting bug reports, code, endorsements helped you achieve the expected goals by making your work more visible and credible.
I'm not aware of any case in which for instance someone has successfully defended their right to rescind a license to the GPL license code they granted in history. A pragmatic court given 2 plausible interpretations with some merit isn't obligated to endorse an interpretation with an obviously negative effect they're people not CPUs interpreting code.
A timeline where we need a GPLv4 to cover the case of assholes taking back their shit contrary to decades of expectations and leaving mission critical v2 projects like Linux constantly at risk of a 10,000 time bombs from heirs taking back daddy's code is clearly the dumbest of all possible worlds and we are under no obligation to live there if their is a reasonable out.
My money is on this theory remaining a fairy tale until someone actually spends enough money to test it and its dissolved forever by actual case law.
Artifex Software, Inc. v. Hancom, Inc. which was ultimately settled out of court seems to have found the exact opposite of what you said if I read this correctly.
Jacobsen v. Katzer is a complicated affair but regardless of your interpretations it certainly doesn't concern the revocation of a bare license. Most of the action seems to concern whether the party could get damages.
In Artifex v. Hancom it was ruled that because the defendants did not agree to the contract terms for a proprietary license, the terms defaulted to the GPL which they were found in violation of as a license, not a contract.
This is not what the motion for summary judgment in Artifax v Hancom ruled...
The issue was not whether the GPL was a contract, but rather what the proper measure for damages should be. The Defendant argued $0 because there was no royalty owed for the GPL license, but the court ruled that the correct measure for damages of this breach of contract should probably have been the royalty that would have been paid if Defendant had entered into the commercial licensing contract which would have applied if they had entered into the proper license for their intended use of the copyrighted material. However, as this was a motion for summary judgment and not a ruling on the merits, it has no precedential value.
And with respect to Jacobsen v. Katzer, the issue was that the Plaintiff was seeking to enforce copyright infringement provisions in lieu of pursuing the infringement as a breach of contract. The Federal Appeals court ruled that a breach of an open source contract constituted both a breach of contract and also a infringement of copyright. The point of the case was to allow a second cause of action because copyright infringement claims are easier and usually more monetarily valuable to pursue than a breach of contract claim.
Red Hat may start requiring CLAs for any source they accept as contribution to any software they maintain. To do otherwise would put them at risk of contributors rescinding their licenses and preventing Red Hat from distributing the software they make money on.
CLAs may become standard for all serious open source projects for similar reasons.
There's a reason why CLAs, including signed permission from your employer, have been standard for GNU Project contributions since forever ago, even if it weren't tied to this particular issue. It gives the FSF free and clear rights to the code to enforce copyleft without the potential for legal snags regarding ownership and permission to distribute later on down the line.
You still need to show that rescinding the license you granted for your open source code is even a thing. It would basically look to collapse a good portion of the software industry into an endless flurry of lawsuit from any number of contributors and their heirs looking to monetize blackmailing projects by threatening to take back contributions. Why wouldn't the US court system nope out of all that by any means available?
Yeah, I was also led to understand that if you've distributed version 1.00 of your code with a license, there's no rescinding that, you can only stop distributing the license for versions 1.01 onwards. People wouldn't be allowed to use your new versions, but they can stay on version 1.00 forever.
Maybe that's just the GPL due to how it's formulated.
> But this means that it is impossible for the GPL to restrict any action which you would have been legally authorized to do even if the software had not been licenced under any licence.
how would this statement be affected by French Law?
This is an actual interested question and not HN know-it-all being aggressive and trying to claim you're wrong (figured I should say it)
The analysis is wrong even if we accept the flawed premise presented (whether in US or French law).
Section 13 of the AGPL which is the one the author says is ineffective starts:
"Notwithstanding any other provision of this License, if you modify the Program, your modified version must ..."
The obligation starts from "modification" of the software, and modification of software is an act protected under copyright law. Hence you need an authorisation for it (without prejudice to fair use and copyright exceptions of course).
Modification of software for your own use is fair use. This was established in Nintendo v. Galoob.
Take for example the DeHackEd Doom patch editor for old-school DOS Doom, which patched the Doom.exe binary to change player speed, enemy behavior, text messages, etc. in ways that WADs alone couldn't. You are free under copyright law to use DeHackEd to patch your own binary, and to distribute your patches so others may use DeHackEd to apply them, but not to distribute patched Doom binaries.
The same holds true for any game mod, really, and even those Windows installer editors which produce stripped down versions of Windows (like 98lite or the more recent Mini11).
not a lawyer, but if there is no requirement without modification, lets say I developed X, someone made a version Y, they gave it to you. ( as you are the only user, they are only required to share modifications with you ), then you run this without modifications as a network service. how is it ensured users of you have access to the source?
B modifies X (becomes X.1) and because B has been well advised by lawyers, B knows that modification of software is an act restricted under copyright law, and so B went to go read the LICENSE file and found Section 13 of AGPL. As a result because he/she is diligent, B ensures that the source code of X.1 can be accessed by putting a link to a server in X.1's user interface.
See Section 13 of AGPL:
B's "modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge ..."
B distributes X.1 to C
C runs X.1 which is a version that already offers all users a way to get the source code.
You're absolutely correct and if I'm not wrong this is a common loophole used by companies to get around the AGPL (when they really want to)
That is, contract the development to a third party. Let's say A wants proprietary modifications to an AGPL product (X). A contracts B, a solutions provider to make the changes. B is legally required to provide the changes to their X.1 product to anyone that uses it. However, only A is their direct user. Now since A did not modify X to X.1 they are not required to provide a direct download link in the application to the sources for X.1
I'm unsure if GPL style protections still apply and I as a user can request the sources from A by making an explicit request. (I guess not, since they never shared the application with me, only access to it via the network)
i don't think that works. it should not matter who makes the modifications. you are running a modified version of X hence you must provide the source.
but the distribution requirement in the AGPL should trigger just as well as in the GPL. the only difference is that access through the network is added as a trigger.
so i don't actually believe that the AGPL distribution requirement only triggers on modifications. it should trigger on unmodified versions too, just like the GPL. whoever provides the program, is required to provide the source.
this certainly was the intent, and if the AGPL does not implement that intent then that would be a major flaw, which i can't believe they would allow to slip through when designing the license
Yes and no, I think. If you have a valid exemption under copyright (e.g. fair use) then you don't need a licence for the use or making of the derivative work. Obviously such a defence (e.g. fair use) would likely be very difficult in the context of commercial use of the copyrighted work.
There are no personalised ads or no ads at all in WhatsApp, are there?
What got rejected is using the data for "service improvement" and "security" - in particular how WhatsApp used personal data for these purposes, and how in the opinion of Europea data protection authorities this was not necessary for Meta to perform the contract.
So many wrong things in this comment, which is generally uncalled for given the article is quite good (which cannot be said of all GDPR related coverage).
So, duty calls[1]:
> This decision is from the Irish data privacy regulator, DPC. They are "in charge" of this investigation because Facebook's EU subsidiary is in Ireland. They are not a "lead" regulator in any sense of the word.
The DPC are officially acting on this case as the "lead supervisory authority" as defined in the GDPR ("Article 56 - Competence of the lead supervisory authority").
> In fact, this decision does not come from the DPC.
In fact it actually does come from the DPC. The process is:
- DPC issues draft decision, after conducting an investigation, etc.
- Other authorities in impacted countries ("concerned supervisory authorities" in the official terms of the GDPR) chime in, provide comments, and possibly disagree with the draft decision (they raise "objections")
- The authorities try to aree, and if they don't, they have a dispute that gets resolved at the European Data Protection Board
- The EDPB takes a binding decision, which is imposed on the DPC (and the other concerned authorities)
- The DPC takes notes of the decision, and issue their sanction accordingly.
In the end, it is indeed a decision formally issued by the DPC against WhatsApp. That's why Meta need to appeal against the DPC in Irish Courts - and why Meta cannot appeal direclty in the European General Court against the EDPB.
> The DPC's decision was to pussy out and issue a smaller fine, and rubber-stamp several of Facebook's arguments. Their authority to do so was overturned by the regulators for other countries, and by the EDPB (EU-level agency). The EDPB is also requiring the DPC to do more investigations which will probably eventually result in even more fines.
> GDPR fines tend to be about specific issues related to specific complaints. [...] There has NOT been a general "is Whatsapp in its entirety compliant with GDPPR" investigation yet.
> The EDPB-mandated investigation is creeping closer to that.
Actually, the EDPB's request is also specific: it is asking the DPC to look precisely about the part of the complaint on WhatsApp's use of sensitive data ("special categories" under GDPR Article 9).
I asked a lawyers during a conference that discussed privacy and law. I initially asked if a 50 page document was fine, which they said was not, but then lowered it to 30 and they said "sometimes" without any irony in sight. After an additional discussion they said that even if people did not read the document or had the ability to understand it, it would still count as consent.
I have also talked personally with politicians who was involved with the work of writing GDPR, and the people who wrote the ePrivacy Directive has reportedly said that lawyers interpretation of consent was beyond the imagination of the original intent of the directive, which is why GDPR now require freely given informed consent in contrast to the old consent.
> [...] we felt it necessary to state unequivocally that this post does not reflect the reality of the facts and contradicts the verdict by the Berlin Labour Court.
> The court judgement of 19 November 2020 (reference number 42 Ca 5723/20) did not acknowledge any factual basis to the assertions. Furthermore the judges concluded that our former employee's own statements prove that she “neither experienced hostility, nor was she offended, nor in another form intimidated or demeaned”. Additionally they found, she received equal treatment, and that “the boundaries of socially acceptable conduct” were “not exceeded”.
> Until the end of the proceedings, we do not wish to comment any further [...]
It seems to me that the court in question is the Arbeitsgericht Berlin. I couldn't find the referenced code[1], and I then went through the list of documents of Nov 2020 in chronological order, and couldn't find it either. I don't know where to take this next--write to or call the court to ask for details?
Start at page 28 if you want to skip the recap of EU law, or start at page 35 if you want to skip the details of US law and surveillance programs as recap by the Irish court who referred the ruling.
I think there is a multitude of reasons, most consumer protection NGOs aren’t very tech savvy and it’s hard to raise funding for privacy because the general population doesn’t care enough to donate money to it. It’s also a rather hard battle to enter because EU law is so ridiculous complex, and most privacy advocates aren’t very law savvy.
There are a lot of smaller groups fighting, but it takes years and years to see results. Hopefully the EU itself will get more into it now that our relationship with the US is deteriorating and China is getting more and more aggressive.
Not that it’ll matter too much with Microsoft being the only real option in non-tech enterprise.
European privacy and consumer support groups are mainly after lawyers' fees. They mostly make money by notifying misbehaving companies of their misbehaviour, collecting fees for the (usually unwanted, but enforcedly payable) notification ("Abmahnung" in German).
Dieselgate was started by such a group.
The system is not all bad, but incentives are against stuff like this being litigated by the usual privacy or consumer support groups, because you just can't collect fees from the legislative branch...
nyob is in need of financial support https://noyb.eu/en/support-us. No need to leave you address unless you want to receive the goodies. No Credit Card required either, an EU bank account for SEPA transfers is sufficient.
If you donate EUR 100, you get Consultation on private data protection cases (2h/year)
The Irish DPA seems to focus on not doing their work, and actively fighting back against having to do their work.
The German DPAs love going after random individual cases they find, often in ways incompatible with reality (e.g. a small company not using GPG when e-mailing employees about HR issues), while ignoring major abuses that happen at scale. The biggest fine they issued was to a real estate management company for not deleting old documents (e.g. proof of income) that tenants had provided.
The UK data protection authority (ICO) has also announced huge fines against British Airways and Marriott - but these fines are not in effect yet - unsure how high they will be exactly if any.
True whatever that means :)
> and EU law isn't applied by some overarching entity.
It is. EU law as a whole is ultimately applied by an entity, the Court of Justice of the European Union. It is overarching, over national courts, over national governments, and over EU bodies.
Then within EU law, you have several branches and distribution of who has authority etc. Primary EU law is the foundational basis (some would say a "constitution" effectively even though the word has been a political minefield) and does provide some "overarching entity" in some areas.
Then within Secondaru EU law, you have regulations, orders, directives, etc. Many regulations and orders have an EU overarching entity, and in many cases the European Commission has a central role.
> On a technical level, each country ratifies and applies their own laws in their own ways.
That is a gross mischaracterisation and overgeneralization of EU Directives.
EU Directives as a general rule* don't have "direct effect" in a Member State. They set a goal agreed at the EU level, and the Member State are bound to implement the means in their national laws to reach the goal. That usually (but not always) means at a national level the adoption of a legal act by national Parliament.
*as a general rule because as always there are exceptions.