In this issue, I delve into several recent updates where legal and technology issues cross paths.

DISCLAIMER: This and all Legal Notes columns should not be construed as specific legal advice. Although I’m a lawyer, I’m not your lawyer. The column presented here is for informational purposes only. Whenever you’re seeking legal advice, your best course of action is to always seek advice from an experienced attorney licensed in your jurisdiction.

Facebook Reverses Course and Ditches Its ReactJS Licensing Scheme

A few issues ago, I addressed the absurd licensing scheme Facebook concocted with its ReactJS JavaScript Library. When React was first released, Facebook used the BSD license plus something Facebook purported to be a patent promise. Facebook attempted to explain their intent in this blog post: https://code.facebook.com/posts/112130496157735/explaining-react-s-license/. The main problem is that although on one hand Facebook claimed that ReactJS was open source, on the other hand, the licensing scheme was not open source. The Adobe Software Foundation (ASF) called the BSD + Patent Promise a "Category X" license. As you can imagine, and as I explained in the January 2017 issue of CODE Magazine, the impedance mismatch with Facebook’s licensing scheme was a fool’s errand. Fast forward to September 25, 2017 when Facebook announced that ReactJS would be licensed under MIT. Between BSD and MIT, I find MIT preferable because it allows sublicensing with different licenses, whereas BSD is silent on the matter. In my opinion, it would have been better if Facebook had settled on the Apache V2 license because Apache is more explicit in its language and is both open source and commercially friendly. In any case, it’s good to see that Facebook listened to the community. I don’t know of anybody outside of Facebook that thought the BSD + Patent Promise was a good idea.

The New EU General Data Protection Regulation (GDPR) Goes into Effect in Just Over Six Months

Many of you who read CODE Magazine have cause to deal with the European data privacy laws where the rules and regulations are quite strict on how personal data is handled. Those rules are about to get even more strict! One of the biggest changes is the territorial coverage. Soon, if you’re a European company, regardless of where you process data, you’re subject to GDPR. Another interesting feature is what the GDPR calls the right to be forgotten. The GDPR gives people the right to demand that companies erase a person’s data such that they not only won’t be contacted any more, the company won’t have physical custody of that person’s data. For more information on the GDPR, follow this link: http://www.eugdpr.org/.

Copyright Enforcement: It’s Becoming Big Business

To review, a copyright is the exclusive legal right given to an originator or an assignee to print, publish, perform, film, or record literary, artistic, or musical material, and to authorize others to do the same. Typically, a creator of work earns money from their work by either selling copies of the work or licensing others to do the same. The problem today for creators is that in this digital age, it’s easy to simply copy and use another’s work without paying for the right to do so. In some cases, this is perfectly fine when the creator declares that something is in the public domain (i.e., doesn’t enforce their copyright) or uses a licensing scheme like Creative Commons. Increasingly, people who operate websites or have apps in the market place are getting demand letters from companies, often law firms that represent creators. These letters often demand huge sums of money because they claim material is being used without the creator’s permission. If you get a letter like this, DON’T IGNORE IT! Just because you get a demand letter, doesn’t mean you’re in trouble. There are many things that a copyright plaintiff must do to both assert and prevail on a claim. The letter itself is just an assertion, not proof of copyright ownership. These letters, often referred to as troll letters, merely make bare assertions that they’re entitled to their demands. If you get such a letter, consult an attorney with experience in dealing with these matters. The last thing you want to do is ignore the letter only to have a suit filed against you that you can’t defend. You may also luck out when ignoring, if the letter is all bark and no bite. In my opinion, it’s not a risk worth taking.

There are many things a copyright plaintiff must do to assert and prevail on their claim. A letter is just an assertion, not proof of copyright ownership.

Professional Liability Insurance: If You’re Independent You Should Have It

In my last column, I discussed whether software developers should be held to professional standards along with my caution that if you do feel that way, be careful what you ask for. Increasingly, software developers are finding themselves on the wrong end of a lawsuit where a client claims that the developer breached the contract and the client suffered damages as a result. If you’re an independent developer, there are two things you should have in place before you sign a contract to deliver software. First, create an entity like an LLC. Even if you are the only member of an LLC, you get the benefit of a corporate veil that protects your personal assets. Of course, there are ways to pierce the veil. However, if you follow the rules, it’s quite difficult for one company to pierce another company’s veil to get to individuals. Second, you need liability insurance. A one-million-dollar liability policy may seem like a lot, but it’s probably the minimum you should carry. If you sign a contract, it’s quite likely that the contact requires you to not only have insurance, but to show proof of insurance. Whether the client asks for it or not is another matter. If you get sued, you want to mitigate your risk with insurance, not your personal savings or your house!

Introducing the New Linux Foundation Community Data License Agreement

Taking a cue from FOSS (Free Open Source Software) licenses, the Linux foundation has created an open license that’s geared toward data. FOSS licenses like BSD, MIT, Apache, etc., don’t work well in the non-software context. This is why the Creative Commons licenses were established for creative works. The Linux Foundation Community Data License (CDL) comes in two flavors: Shareable and Permissive. The shareable license can be found here: https://cdla.io/sharing-1-0/. The sharable licenses embrace what are known as Copyleft rights. Copyleft is about making sure downstream code continues to have the same license terms as the original code. The permissive license can be found here: https://cdla.io/permissive-1-0/. Permissive licenses don’t require downstream code to be shared. As the category name implies, permissive is about affording people the maximum amount of flexibility possible such that people can use, modify and share (or not share) as they please.