<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">2018-02-16 13:37 GMT+01:00 Simon Poole <span dir="ltr"><<a href="mailto:simon@poole.ch" target="_blank">simon@poole.ch</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span class="gmail-"></span>The intellectual property rights (I re-quote: "that is restricted by
copyright, database right or any related right") have nothing to do
with the subject at hand, the data privacy rights of the individual
data subject. As a consequence the contributor terms have no
bearing, in any form, at all, even in an alternative universe, on
the matter.<br></div></blockquote><div><br><br></div><div>I really have no idea what "related right" means, not even if it relates to "copyright and database right" or to "Contents". <br><br><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div bgcolor="#FFFFFF">
<br>
If you look at our recommendation document you will note that we
believe that we currently do not have consent as defined by the GDPR
for the processing we do. As a consequence we will likely recommend
asking for explicit consent somewhere in the sign up process (from a
content pov this already exists in the privacy policy but it needs
to be re-jigged to work as part of the terms of use that will have
to be explicitly agreed to for account creation).<br>
<br>
However having valid consent for current processing does not remove
the issue that Paul has pointed out (again) that consent can be
redrawn and that such a withdrawal applies retroactively. The main
cause why we one way or the other should change what data we
distribute to the general public.</div></blockquote></div><br><br></div><div class="gmail_extra">by asking explicitly we would confirm we believe that privacy rights are relevant, and it could indeed become more of a problem as people revoke.<br><br></div><div class="gmail_extra">You are refering to this document: <a href="https://docs.google.com/document/d/1EjccQNm3awl7eQlk1jGYyoGJVavJG_bEfX8iCMEuC9U/edit#">https://docs.google.com/document/d/1EjccQNm3awl7eQlk1jGYyoGJVavJG_bEfX8iCMEuC9U/edit#</a><br><br>The relevant paragraph is "Does the OSMF process ‘personal data’?"<br><br></div><div class="gmail_extra">I don't share the interpretation that OSMF processes personal data (besides the e-mail addresses and maybe IP addresses used by its contributors, which are neither distributed nor public), because I don't think that our mappers can be identified with the data and metadata of their contributions. I.E. they are not identifiable natural persons because they cannot be identified, directly or indirectly. Yes, if you know who they are you can see what they did, but you cannot see from what they did who they are. At best you can guess, but it only works if you have additional information that the person (or someone else) would have to provide you with. What we have according to these definitions is "pseudonymisation" (because OSMF has the sign-up e-mail address associated with the user number, and is therefor in a position to make personal data from the contributions).<br><br></div><div class="gmail_extra">If someone tries to reverse the pseudonymisation of our contributor's data and metadata, it would be this person to be in breach of the law.<br></div><div class="gmail_extra"><br></div><div class="gmail_extra">An exception might occur in very rare cases in areas where the contributor is the only person being there within a big distance, i.e. extremely remote areas, and probably not in the European Union.<br></div><br>For reference,<br><br>General Data Protection Regulation<br><a href="https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en">https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en</a><br><div class="gmail_extra"><br><br></div><div class="gmail_extra">Cheers,<br></div><div class="gmail_extra">Martin<br></div></div>