cross-posted from: https://beehaw.org/post/12170575

The GDPR has some rules that require data controllers to be fair and transparent. EDPB guidelines further clarify in detail what fairness and transparency entails. As far as I can tell, what I am reading strongly implies a need for source code to be released in situations where an application is directly executed by a data subject and the application also processes personal data.

I might expand on this more but I’m looking for information about whether this legal theory has been analyzed or tested. If anyone knows of related court opinions rulings, or even some NGO’s analysis on this topic I would greatly appreciate a reference.

#askFedi

  • HumanPenguin
    link
    fedilink
    English
    arrow-up
    1
    ·
    8 months ago

    I would agree failing to be open about how data is used. Is a breach. But that is also the argument that will be used to argue code dosent need to be open source.

    Lets look at it from a legal equivalent rather then a technical one.

    Growing drugs in your house is illegal. But the law still protects your right to privacy in your home. Police cannot search your home without going evidence of you growing drugs. And in most cases the need to prove that to a judge. ( yeah we will ignore how far away from most the police have gotten )

    The right of a dishware company to protect its code is and likely will always be treated as important.

    Hell your right to protect your code and choose to make it open or closed source. Is the very ideal the GPL and other OS licences depend on to force other using your code to treat it as you demand. So a law removing that choice from you. May well do more harm then good.

    The problem is like many when it comes to law. Making code transparent is not designedvto ensure the transparency of data use. It is designed to make prooving people are breaking the law easier.

    Unfortunately I feel protecting the right of developers or house holders. Is way more important then reducing the cost to society of prooving someone is stealing data or growing pot.

    Society has a duty to invest in its enforcement of law. And when someone dose as you have done and traced down the actions of a scummy app. It is the job of our societies law enforcement to take your report. And investigate your evidence. Before forcing the company to let them inspect the attic.