[OSM-dev] GDPR implementation on planet.osm.org
osm at imagico.de
Wed Jun 20 06:32:06 UTC 2018
On Tuesday 19 June 2018, Frederik Ramm wrote:
> 3b. ensure that everyone who has an OSM account agrees to these
> guidelines one way or the other,
This is the point that looks very fuzzy to me. Could someone point out
the legal concept behind this idea for me?
Such agreement would not be an agreement to process your own data given
by individuals to the OSMF (which is the kind of agreement you would
normally expect in the GDPR context). You probably mean some kind of
contractual agreement about what can be done with the data. But to be
honest i don't really see the point in that. People who download the
data can easily create an ad hoc account every time they download data.
The OSMF does not verify the identity of who is behind a user account
created. So what do you expect to gain from such an agreement? Is
there any reason to assume that in a case of such data being released
in a way that is not according to the legal requirements by a third
party the agreement can be used to avoid legal responsibility for the
OSMF it would otherwise need to face? To me this looks more like cargo
cult actionism, doing something that communicates being a serious
measure at the surface but which is a hollow promise at a closer look.
Note these concerns are not about the idea of restricting access to
sensitive data to logged in users, it is about requiring some kind of
agreement from these users.
What i can understand is giving people a simple selection option between
[ ] i want to be safe w.r.t. personal data and not being provided
potentially sensitive information when logged in.
[ ] i want to have the possibility to access potentially sensitive data
when logged in.
which would mainly be a service to the user - kind of like the sensitive
content switch on youtube.
More information about the dev