[OSM-dev] GDPR implementation on planet.osm.org

Jochen Topf jochen at remote.org
Wed Jun 20 09:38:30 UTC 2018

On Wed, Jun 20, 2018 at 09:03:01AM +0200, Frederik Ramm wrote:
> > All of
> > this needs to be tied in the OAuth stuff and it has to be done in a way
> > that 3rd party services using OSM data can ask *their* downstream users
> > to identify in the same way which allows OSM to track everybody who uses
> > the full OSM data everywhere adding more personal data to keep and to
> > explain to users and get permissions from users for.
> No, there's a mistake in your reasoning here.
> It is true that downstream data distributors like Overpass or the
> Geofabrik downloads need to be able to verify whether someone has an OSM
> account or not. Pascal has been doing that for ages on his HDYC site,
> for example.
> But downstream data distibutors do not need to know or store anything
> more than that; the Geofabrik download server for example will not even
> store the user name of the person who has logged in, just that "whoever
> is here has just proven they have an OSM account". So the downstream
> distributor can deal with this without processing any personal data. (It
> would be possible to extend our OAuth system by a call that would not
> even return the user's identity to the caller - currently the identity
> is returned to the caller and the caller must then decide whether to
> process it or not.)

It doesn't matter if you store the user name or not. If you ask somebody
to enter personal information, you have to tell them them what this is
for. The user doesn't understand how OAuth works or how it is
configured, so for them both the downstream site and OSMF get the
personal information, so you have to explain to the user what's
happening, even if you don't store the data for more than the few
milliseconds it needs to authenticate them. And the downstream site has
to make the user aware of any restrictions, too.

And chances are all of this will end up in some logfiles unless
everybody makes sure it doesn't.

And if you actually want to make sure that redacted data (because the
user wanted it to be deleted) is deleted downstream also, you have to
know who you gave this data to and inform them or find some other way
of informing them.

> > Please stop this nonsense now!
> Given these alternatives, I think the course currently followed by the
> OSMF is the least disruptive.

It might be "the least disruptive", but if it doesn't make any sense,
that doesn't make it better. Any judge will laugh at you if you tell
them: Well, we trust the million users we already have and the other 6
billion who can sign on to OSM anonymously more than we trust the
general public.

I don't know what the right way of handling this is, but I do know that
this isn't the right way. It isn't even a step in the right direction.
It is a step towards making the project more closed and burying it in
burocracy. You are ceding ground leading into a morass of legal details
instead of arguing that this data needs to be public for everyone.

Jochen Topf  jochen at remote.org  https://www.jochentopf.com/  +49-351-31778688

More information about the dev mailing list