Open Source Initiative (OSI) Privacy Fiasco in Detail: In Conclusion and Enforcement Action Proceeds Against OSI at the California Privacy Protection Agency (CPPA)

posted by Roy Schestowitz on Apr 17, 2025,
updated Apr 17, 2025

IN THE introduction and the following two parts we gave sufficient background for people who are not familiar with this fiasco. The previous three parts - including the last part - showed most of the complaint (as a PDF). It named Stefano Maffulli and Deb Nicholson. It pointed the finger at culprits, whether it was willful or not (no need for a "ringleader" when sufficiently advanced incompetence begets what seems like deliberate failure).

We meanwhile got some good news as well. The complaint is advancing. There's merit found by the regulator/enforcer. To show the quote in full: (text version follows beneath)

From the above, as text (message to the complainant, whose name is redacted):

April 9, 2025

Via Email ([redacted])

RE: CCPA Complaint and Open Source Initiative et al.

Dear [redacted],

Thank you for submitting a sworn complaint to the California Privacy Protection Agency (Agency) on March 3, 2025. The Agency has completed a preliminary review of your complaint. This letter details the action the Agency has taken or plans to take, together with the reason for that action or nonaction.

The Agency will be referring your complaint to the Enforcement Division for additional review. The Enforcement Division’s additional review might result in a formal investigation based on the allegations contained within your complaint and further fact-finding. The Agency has taken this action because your complaint appears to raise at least one issue within the Agency’s jurisdiction.

The Agency may reach out to you again for additional information. The absence of a request for additional information does not indicate, one way or another, whether the Agency is investigating, and any requests for information might come later. We are unable to share further developments, as the Agency’s investigations are generally confidential unless and until a matter becomes public through an enforcement action.

We're not overzealous with redaction. Remember that the OSI had a habit of chasing critics to censor and deplatform them, even libel them. Like the OSI's masters - notably Microsoft - there is no tolerance of dissenting/opposing views.

It's not about sharing or Software Freedom; it's all about money and control (even over the narrative).

Back in March we published the previous chapter with a number of other OSI blunders - some of which we'll revisit later this month and next month. Like the Linux Foundation, today's OSI is a part-time Microsoft front group. No matter what it used to be (or could be or was supposed to be), the general public must understand what it is right now. Information is essential here; transparency is imperative.

With proper understanding, which is perpetually needed (even imperative), the OSI might simply cease to exist. Its purpose at this point is detrimental to many things due to rogue stewardship. █