[OSM-dev] GDPR implementation on planet.osm.org

Jochen Topf jochen at remote.org
Wed Jun 20 05:58:39 UTC 2018

[ a lot of stuff that is (technically) reasonably easy deleted ]

On Tue, Jun 19, 2018 at 10:54:07PM +0200, Frederik Ramm wrote:
> 3a. issue guidelines about what you are allowed to do with the user data
> files,
> 3b. ensure that everyone who has an OSM account agrees to these
> guidelines one way or the other,

This is the part that's not easy and where there is a lot of important
detail missing. You have to get everybody to agree, which is not going
to happen. So you have to add some flag to the database telling the
system whether you are allowed to download or not. You probably have to
change rules in the future so you have to make this generic, keeping
information about who clicked through which version of the rules. So you
are generating more information you are tracking with each user, more
personal information for which you need consent from the user. All of
this needs to be tied in the OAuth stuff and it has to be done in a way
that 3rd party services using OSM data can ask *their* downstream users
to identify in the same way which allows OSM to track everybody who uses
the full OSM data everywhere adding more personal data to keep and to
explain to users and get permissions from users for.

Please stop this nonsense now!

Jochen Topf  jochen at remote.org  https://www.jochentopf.com/  +49-351-31778688

More information about the dev mailing list