EULA 不能禁止使用者 decompile 修 bug

Hacker News Daily 上翻到的,歐洲法院認為 EULA 不能禁止使用者 decompile 修 bug:「EU court rules no EULA can forbid decompilation, if you want to fix a bug (europa.eu)」,官方的英文版文件在這邊可以翻到,不過原始判決是法文:

* Language of the case: French.

這是 Top System SA 與比利時政府打的訴訟,法院認為修 bug 而需要 decompile 這件事情是合法的,即使考慮到 Article 6 的規範:

In the light of the foregoing considerations, the answer to the first question referred is that Article 5(1) of Directive 91/250 must be interpreted as meaning that the lawful purchaser of a computer program is entitled to decompile all or part of that program in order to correct errors affecting its operation, including where the correction consists in disabling a function that is affecting the proper operation of the application of which that program forms a part.

In the light of the foregoing considerations, the answer to the second question referred is that Article 5(1) of Directive 91/250 must be interpreted as meaning that the lawful purchaser of a computer program who wishes to decompile that program in order to correct errors affecting the operation thereof is not required to satisfy the requirements laid down in Article 6 of that directive. However, that purchaser is entitled to carry out such a decompilation only to the extent necessary to effect that correction and in compliance, where appropriate, with the conditions laid down in the contract with the holder of the copyright in that program.

案子看起來應該還有得打?看起來好像不是最終判決...

REQUEST for a preliminary ruling under Article 267 TFEU from the Cour d’appel de Bruxelles (Court of Appeal, Brussels, Belgium), made by decision of 20 December 2019, received at the Court on 14 January 2020[.]

但不管怎樣,算是有些東西出來了... 然後 Hacker News 上面的討論就看到一些很歡樂的例子:

This becomes incredibly interesting in terms of e.g. Denuvo. This anti-piracy middleware has been shown to make games unplayable, and this EU law seems to support removing it.

哭啊怎麼提到該死的 Denuvo XDDD

GitHub 拿掉所有非必要的 Cookie 了

GitHub 家的老大宣佈拿掉 cookie banner 了,因為他們直接把所有非必要的 cookie 都拿掉了:「No cookie for you」。

會有 cookie banner 主要是因為歐盟的規定:

Well, EU law requires you to use cookie banners if your website contains cookies that are not required for it to work. Common examples of such cookies are those used by third-party analytics, tracking, and advertising services. These services collect information about people’s behavior across the web, store it in their databases, and can use it to serve personalized ads.

然後他們的解法是拔掉:

At GitHub, we want to protect developer privacy, and we find cookie banners quite irritating, so we decided to look for a solution. After a brief search, we found one: just don’t use any non-essential cookies. Pretty simple, really. ?

是個「解決製造問題的人」的解法 XDDD (但是是褒意)

EU-US Privacy Shield 被歐盟法院拒絕

在「EU rejects US data sharing agreement over privacy concerns」這邊看到的新聞,引用自「EU rejects US data sharing agreement over privacy concerns」這邊的新聞報導。

歐盟最高法院的新聞稿則是在「The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield」這邊可以看到,雖然 EU-US Privacy Shield 被推翻,但本來在 2010 年的框架仍然有效:

However, it considers that Commission Decision 2010/87 on standard contractual clauses for the transfer of personal data to processors established in third countries is valid.

維基百科上的條目寫的比較簡單,主要是協議裡美國的保護機制不到歐盟的標準:

A final CJEU decision was published on 16 July 2020. The EU-US Privacy Shield for data sharing was struck down by the European Court of Justice on the grounds it did not provide adequate protections to EU citizens on government snooping.

記得這個戰了好久,最後在最高法院定案了...

歐盟更新了對於 Cookie 同意方式的準則

TechCrunch 上面看到的,歐盟更新了對於 Cookie 同意方式的準則:「No cookie consent walls — and no, scrolling isn’t consent, says EU data protection body」,英文版的 PDF 文件可以在「Guidelines 05/2020 on consent under Regulation 2016/679」這邊看到。

這篇準則主要是在說明,什麼情境下取得的「同意」才是有效的。主要在在說明使用者與開發者權力不對等的情況下,GDPR 會擋下哪些對使用者不利的情況。

準則文件裡開頭的地方先解釋了什麼是 free/freely given,然後給了不少範例,另外翻例子的時候還看到在雇傭關係下因為員工有無法拒絕的壓力,這時候的同意也未必是有效的,藉以保護員工...

而 TechCrunch 的文章則是拉出了兩個目前在 internet 上很常用的情況來報導 (cookie wall 與 scrolling),解釋現在 internet 上面常用的這些方法在 GDPR 下並沒有取得授權。

這樣的話 Medium 的 login wall 應該也會踩到 (強迫你要註冊 Medium 才能看,這邊會需要同意 Medium 的使用條款),這次歐盟文件算是蠻清楚的,多幾次訴訟,再讓 GDPR 跑個幾年,應該有會有不同的方法了...

法國法院判決 Steam 上的遊戲可以轉賣

Valve 不允許轉賣 Steam 上的遊戲,結果就被告上法院,並且判決違反歐盟法律:「French court rules Steam games must be able to be resold」。

French website Next Inpact reports the Paris Court of First Instance ruled on Tuesday that European Union law allows Steam users to resell their digital games, just like they can any physical product.

看起來 Steam 會上訴,再等幾個月看看...

歐盟在推動的設備維修權...

歐盟在推動設備的維修權:「EU brings in 'right to repair' rules for appliances」,歐盟的新聞稿在「New rules make household appliances more sustainable」這邊。

主要是因為現在很多廠商會故意將維修成本拉高,推動使用者去買新的,反而導致浪費:

Owners are usually unable to repair the machines themselves - or find anyone else to do it at a decent price - so are forced to buy a replacement.

新法會在 2021 年實施,主要是以家電為主,強迫製造商必須設計可被更換,並且需要提供備料讓使用者採購。

Backblaze 開了歐洲區機房

Backblaze 開了歐洲機房,所以包括了一般性的 Computer BackupB2 Cloud Storage 都可以選擇要放哪邊了...

歐洲的點是放在荷蘭:

Big news: Our first European data center, in Amsterdam, is open and accepting customer data!

價錢也都跟美國的相同:

Whether you choose EU Central or US West, your pricing for our products will be unchanged:

對於在意資料放美國機房的問題應該有緩解一些...

Spotify 向歐盟投訴 Apple Music 的不公平競爭

Spotify 向歐盟提出不公平競爭的投訴,並且發出新聞稿:「Consumers and Innovators Win on a Level Playing Field」。

重點在於 Spotify 服務透過蘋果的平台會有 30% 的抽成,但 Apple Music 因為自家服務而不需要:

To illustrate what I mean, let me share a few examples. Apple requires that Spotify and other digital services pay a 30% tax on purchases made through Apple’s payment system, including upgrading from our Free to our Premium service. If we pay this tax, it would force us to artificially inflate the price of our Premium membership well above the price of Apple Music. And to keep our price competitive for our customers, that isn’t something we can do.

不過裡面好像沒提到超過一年後的費用會降到 15% (參考「Auto-renewable Subscriptions」),應該會是蘋果向歐盟回應的重點?

歐盟對十四套 Open Source 軟體推出 Bug Bounty Program

歐盟對於 14 套 open source 軟體推出 bug bounty program,協助改善這些軟體的品質 (主要是資安這塊):「EU to fund bug bounty programs for 14 open source projects starting January 2019」、「In January, the EU starts running Bug Bounties on Free and Open Source Software」。

這十四套軟體的選擇應該可以參考「EU aims to increase the security of password manager and web server software: KeePass and Apache chosen for open source audits」這邊...

然後看到「Intigriti/Deloitte」這個才知道原來 Deloitte 也有做這個啊...

歐盟通過終結日光節約時間

看到歐盟通過終結日光節約時間的新聞:「Latest: European Parliament approves proposal to end bi-annual clock change」。

Fine Gael MEP Sean Kelly, who has been campaigning for the change, said: "I'm very pleased that after years of discussions at Committee level in the European Parliament, of which I'm the only Irish member, that out proposal was debated and voted on today in Parliament, and that Parliament accepted our proposal to ask the European Commission to come forward with a recommendation that we would end the bi-annual clock change."

其中藍色是目前還有在實施的地區,其他都是已經終止的:

取自「File:DaylightSaving-World-Subdivisions.png

主要是因為日光節約時間對於現代社會的好處愈來愈少的關係吧... 早期在歐美國家很盛行,現在歐洲決定廢止這個制度,應該會讓美國再次討論起來。