<div dir="ltr"><div><div>Thanks Simon. Lots of work has obviously gone in to this so a big thank you (and the LWG) for your time.<br><br></div><div>Three questions/comments:<br></div><ol><li>It's quite a long document so would benefit from a Exec Summary if time permits.</li><li>I'm interested in who you have engaged with as we are clearly not the only company affected. In addition to the "professional <span class="gmail-highlight gmail-selected">couns</span>el" have we reached out to similar groups to the OSMF - for example WikiMedia and maybe the Open Data Institute?</li><li>I understand that GDPR does not stop companies from using/processing data (business as usual activities) internally and it does not stop them sharing it with a third party under standard business contracting. Rather it is setting the rules of the game - or more precisely creating a common standard across the EU (the UK has had a Data Protection Act for many years now). As such OSMF can continue to use/process the full dataset, but as we know OSMF company is small with no full time employees. Their hands off approach to date has allowed for an ecosystem to grow around OSM. In the new GDPR world, OSMF will be forced to make more decisions as to which parties can be handed the full dataset ("processors"/"third parties" in GDPR speak if I have understood it correctly). Do we know how OSMF intend to manage this? Will OSMF now be in a position where it has to formally commission/contract out research projects if we want to analyse user stats to better understand our member diversity (as an example)?<br></li></ol><p>That last question is probably one for the OSMF Board and is a reflection that their hand's off style may have to change in light of GDPR - unless of course they decide that nobody should get the complete data.<br></p></div><div class="gmail_extra">Thank you,<br><br clear="all"></div><div class="gmail_extra"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><span style="color:rgb(0,0,255)"><b>Rob</b></span><br></div></div></div></div></div>
<br><div class="gmail_quote">On 17 April 2018 at 11:48, Simon Poole <span dir="ltr"><<a href="mailto:simon@poole.ch" target="_blank">simon@poole.ch</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>On the 25th of May
2018 the <b><a href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation" rel="mw:ExtLink" target="_blank">General
Data Protection Regulation (GDPR)</a></b> will enter in to
force, this will likely result in some changes in how
OpenStreetMap operates and distributes its data.</p>
<p>The LWG has prepared
a position paper on the matter that has been reviewed by data
protection experts and in general the approach to not rely on
explicit consent has been validated. It should be noted that while
the paper outlines our approach, some of the details still need to
be determined. In particular the future relationship with
community and third party data consumers that utilize OSM
meta-data and what will actually be dropped/made less accessible
of the data listed in Appendix B.</p>
<p><a href="https://wiki.openstreetmap.org/wiki/File:GDPR_Position_Paper.pdf" rel="mw:ExtLink" target="_blank">LWG
GDPR Position Paper</a></p>
<p>Please feel free
to discuss on the <a href="https://wiki.openstreetmap.org/wiki/Talk:GDPR" target="_blank">talk page</a>
or on this list.</p><span class="HOEnZb"><font color="#888888">
<p>Simon<br>
</p>
</font></span></div>
<br>______________________________<wbr>_________________<br>
osmf-talk mailing list<br>
<a href="mailto:osmf-talk@openstreetmap.org">osmf-talk@openstreetmap.org</a><br>
<a href="https://lists.openstreetmap.org/listinfo/osmf-talk" rel="noreferrer" target="_blank">https://lists.openstreetmap.<wbr>org/listinfo/osmf-talk</a><br>
<br></blockquote></div><br></div></div>