[infogulch]

Using SPA vs SSR as the sole factor in determining "published" status rings hollow for me, because it completely excludes any analysis based on intent, and intent usually matters in law! (Though I admit I'm not familiar in this case and this country.)

Also it's easy to poke holes: does this mean that scraping data from html is always hacking, regardless of the expressed intent? (See recent Missouri case for what that might degenerate into.) What if it's "semantic web" and the html contains metadata specifically designed to aid data extraction?

I think the parents should own the data, and that's why it should be open. But I don't think drawing the line based on which kind of technology is used to deliver the content is a good method of adjudicating published intent.

[titusjohnson]

Publication intent is trivial to verify.

Q) Are you able to retrieve a document using the credentials issued to you by the API? A) Yes: Then you're authorized to view it. No: You're not authorized to view it.

An API is the encoding of business rules around data access and modification. If your API is allowing access that you don't intend a user to have, fix your authorizations.

[infogulch]

See I like this argument better because it has nothing to do with being an API or HTML and everything to do with access authorization. It doesn't make sense for the government to have the power to control how the data the parents are authorized to view is displayed, or what tool they use to display it.

[zmmmmm]

> drawing the line based on which kind of technology is used to deliver the content is a good method

Apart from other reasons, it would almost certainly result in providers obfuscating data or reverting to SSR which is a perverse outcome.