The social value of the freedom to study source code in the Spanish Court
While copyright and licensing currently form the core legal
structures that support Free Software, a September 2025 ruling from the
Spanish Supreme Court provides a legal precedent that underlines the
importance of transparency in source codes and algorithms, and support
for the Freedom to Study!
Photo provided by Spanish Supreme Court. Modified to 16:9 aspect
ratio.
In 2009, the Spanish central government passed a law to
award a so-called “social bonus” to an estimated 5 million
households, in order to subsidise their electricity costs. A 2016 court
ruling later compelled the government to introduce stricter rules
regulating who could receive this social bonus. All existing
beneficiaries were required to re-register by the end of 2018, whereupon
their eligibility for the social bonus would be re-evaluated by a
software known as BOSCO, administered by the Spanish Ministry for Green
Energy Transition (the “Ministry”).
Following this re-evaluation, close to 1.5
million beneficiaries were approved for the social bonus. This was
almost a million fewer than the 2.4 million under the previous scheme,
and significantly less than the estimated 4.5 million who fulfilled the
criteria to receive the social bonus in the first place. Several
applicants who had been rejected contacted Civio, a non-profit based in Madrid that
works to investigate
shortcomings in the public sector and advocate for positive changes
to support transparency and social support, raising suspicions that the
BOSCO software had failed to properly review their claims.
As highlighted by AlgorithmWatch,
one of the complaints to Civio involved a retired widower who applied
for the social bonus under means testing. Under the regulations, she
would still be eligible for the bonus due to her status as a retiree and
a widower, even if her income exceeded the maximum to be eligible under
means testing. BOSCO nevertheless discarded her application
automatically.
Civio therefore contacted the Ministry to ask for BOSCO’s source
code, in order to confirm the veracity of the testimonials that they had
received, as well as to check for other malfunctions. In response, the
Council
of Transparency and Good Governance (the “Council”), Spain’s freedom
of information authority, denied Civio’s request, on the grounds of
protection of “intellectual property rights”, and protection of personal
data. This in turn prompted Civio to file
an administrative appeal, which kicked off the lengthy judicial
process that concluded in September 2025 in the Supreme Court of Spain
(the “Court”).
The Supreme
Court ruling displayed a general support of transparency and the
Freedom to Study, by clearly stating that Civio’s initial request for
access to BOSCO’s source code should be granted. In doing so, the Court
has now established a concrete legal precedent in Spain that the Freedom
to Study is constitutionally necessary in the context of publicly
administered software programmes a algorithms, and in accordance with
principles inherent to a democratic state .
Explaining its position, the Court stated that:
“… the right to access to public information transcends its
status as an objective principle governing the actions of public
administrations, to constitute a constitutional right that can be
exercised, as a subjective right, against administrations, derived from
the demands of democracy and transparency, and inseparably linked to the
democratic rule of law set out in Article 1 of our
Constitution.”
In simpler terms, the Court’s analysis on the importance of public
transparency relating to software programmes and algorithms can be
broken down into the following key findings:
- Access to source code can be needed to verify automated government
decisions;
- “Intellectual property rights” do not automatically block
transparency;
- Security concerns must be balanced against democratic
accountability; and
- Transparency is especially critical for systems affecting social
rights.
Access to Source Code For Verification
In reviewing Civio’s request for access to BOSCO’s source code, the
Court was quick to emphasise that the validity of public administrations
to make use of automated decision-making systems was not in question.
Indeed, it recognised that such automated processes were often essential
for efficiency and adequate provision of public services.
Rather, the Court stressed the need for the principle of transparency
to continue to be observed even in the use of such automatic systems, as
enshrined in Article 105.b of the Spanish
Constitution. It is therefore a legal requirement in Spain for
public administrations to allow citizens to access fundamental features
of the algorithms used in decision-making, or their source code.
The Court considered such transparency to be associated with an
important broader concept that it called “digital or electronic
democracy”:
“Digital democracy is not only a technological extension of
representative democracy, but also the fruit of a real structural
transformation in the democratic functioning of public authorities,
characterised by the validity of the principles of transparency,
participation, and accountability in a digital environment, where access
to public information and algorithmic transparency play an essential
role in guaranteeing it.”
Public authorities are therefore obliged to allow citizens to
understand how algorithms used in decision-making that affect citizens
work. The Spanish Supreme Court considers that doing so would be inline
with the principles of digital democracy, in order to allow citizens to
know, control, and participate in public management.
“Intellectual Property Rights” and Security Concerns vs Democratic
Accountability
In Spain, Article 14(1)(j) of the Spanish Law on
Transparency, Access to Public Information and Good Governance (the
“LTAIBG”) allows access of information to be limited if such access is
detrimental to what they referred to as “intellectual property rights”.
Indeed, throughout the litigation of this case, the Ministry relied on
this provision to argue on the vague and unspecific claim that BOSCO’s
source code was protected generally by “intellectual property rights”,
which gave the Ministry the option to refuse to share BOSCO’s source
code with Civio.
Similarly, Article 14(1)(a) of the LTAIBG restricted access of public
information on national or public security grounds, and was also relied
on by the Ministry in its arguments to refuse access to BOSCO’s source
code.
The Court found that, while the right to access of public information
is neither unlimited nor absolute, the restrictions stated in the LTAIBG
must be applied in a manner that is justified and proportionate. This in
turn has to be decided by a weighing of the interests at stake, namely
the importance of the access to public information on the one hand, and
the importance of protecting the rights of the copyright holders of
BOSCO, or of any national security concerns, on the other. Indeed, it
considered that while copyright and security concerns are important
considerations, they cannot be invoked as automatic shields for
secrecy.
When weighing these interests against each other, the Court gave
particular importance to Civio’s request for BOSCO’s source code. It
recognized that the public relevance of Civio’s investigation into
whether BOSCO was functioning correctly was of significant magnitude: it
served to ensure the protection of consumers who are in a more fragile
social and economic situation, specifically in this case to protect them
against energy poverty.
Accordingly, the Court found that the mere risk of possible harm to
the “intellectual property rights” of the public administration was not
sufficiently important enough to be considered valid grounds for
refusing Civio’s right of access, when weighed against the significance
of Civio’s investigation.
Similarly, when considering possible risks to public security, the
Court found that a request for source code and algorithmic transparency
does not contain or include personal data of the citizens applying for
the social bonus. This was sufficient for the Court to consider that the
public interest for Civio to access BOSCO’s source code outweighed any
public security concerns.
Interestingly, the Court further noted that even if access to BOSCO’s
source code could potentially increase certain security risks,
transparency itself can contribute towards counterbalancing this risk,
since it would:
- encourage the administration to take security precautions in the
design and control of the software; and
- allow scrutiny from independent actors to reveal previously
unnoticed vulnerabilities.
Transparency is Critical for Social Rights
By coming to the above conclusions, the Court further acknowledged
that the right of access to public information takes on special
relevance in light of how digital technologies are exercised in the use
of public powers and the provision of public services. Such use of
computerized and automated decision-making systems in public
administration, especially when their purpose is the recognition of
social rights, must necessarily entail transparency of the computer
processes followed in such actions.
This kind of transparency, which the Court recognized to include the
possibility of access to source code, has the effect of providing
citizens with the necessary information for their understanding and
knowledge of their operation, in order to make it possible to check the
conformity of such systems against the applicable regulatory
provisions.
Indeed, the Court recognized that such fundamental principles of
transparency and access to public information in the public use of
digital technology are not just unique to Spanish jurisdiction, but are
also the logical extension of Article 42 of the Charter
of Fundamental Rights of the European Union (the “CFR”):
“Any citizen of the Union, and any natural or legal person residing
or having its registered office in a Member State, has a right of access
to documents of the institutions, bodies, offices and agencies of the
Union, whatever their medium.”
The Importance of the Freedom to Study to a Healthy Digital
Society
The Spanish Supreme Court’s conclusions in the BOSCO case clearly
lays out the importance of transparency of source code and algorithms in
public administrations, and how they are important to the healthy
functioning of societies that depend on digital technology. It is
gratifying to see a European court clearly lay out how important it is
to have public access to knowledge on how software and algorithms work,
especially when they have significant impact on the lives of individuals
at large.
Nevertheless, while we appreciate the recognition of the importance
of transparency in publicly administered source code by the Spanish
Supreme Court here, this case only establishes this limited standard in
Spain. While the aforementioned Article 42 of the CFR can be
interpreted to include algorithmic transparency and access to source
code used by public administrations, the interpretation taken by the
Spanish Supreme Court is still not a unified stance seen throughout the
EU.
Still, some positive steps can be seen in other European
jurisdictions. For example, in France, the Digital Republic Law ("Loi
pour une République numérique”) of 2016 codifies source code as part
of government documentation that must be released in certain
circumstances. Of course, this does not necessarily mean that all
publicly administered source code is immediately available in practice
in France, as there have been cases in the past of the French
courts blocking access even after the Digital Republic Law came into
force.
There also remain other EU jurisdictions that are resistant to the
public access of state administered code. For example, in the
Netherlands, the Debat
Direct app, which allows the public to view livestreams of the
debates in the Dutch House of Representatives (Tweede Kamer), is only
available in the Apple, Google, and Microsoft app stores and is not
available under a Free Software licence. When FSFE Dutch volunteer Jos
van den Oever was unable to run the app on his devices and made a
request for the Debat Direct source code from the Dutch parliament,
the resulting legal proceedings unfortunately resulted in a ruling that
the code should remain unavailable to the public.
The Way Forward to Guaranteeing all Four Freedoms
In addition to the Freedom to Study, an informed and empowered
citizenry also needs other
freedoms that come with Free Software, in order to enjoy true
sovereignty in our current society that is defined by its reliance on
digital technology. We therefore ask that the European courts take a
leaf from the Spanish Supreme Court’s book in weighing the true social
costs of non-free publicly administered algorithms and programmes,
especially when faced with arguments for the mere sake of protection of
intellectual property.
Indeed, this is exactly why the FSFE’s Public Money? Public Code! (PMPC)
campaign has been working to ensure that this philosophy of
transparency, collaboration, and innovation in public administrations is
upheld throughout Europe. Software used by public administrations have
the ability to closely affect the lives of the public, regardless of
whether or not these members of the public are users of the software.
Having such software be released as Free Software returns control of
public administration to the people, and is a crucial step to ensure
digital democracy.
Support FSFE
