[Osmf-talk] [OSM-talk] GDPR introduction

[Andrew Harvey]

>From the paper:

> However, nothing explicitly states that personal data in metadata is
distributed with our geo-data, and a person who does not fully investigate
OSMF’s APIs and data dumps would not necessarily understand this. In
summary we currently lack both the explicit consent and contractual
obligations to process the personal data lawfully in all of the current
ways we do so. The Contributor Terms and Privacy Policy could be updated to
explicitly describe and require affirmative consent to all data processing.

I couldn't see that last point in the Recommendations. Is it not an option
to simply be more explicit in the Contributor Terms that your username,
timestamp, and geo-data which you are uploading to OSM is made publicly
available? That would prevent any need to cut out metadata from the public
apis, data dumps.

I can understand having in place a clear policy on what OSMF does with
non-public data like user email, ip address, but OSM was designed to make
the username and timestamp of all edits public.

On 18 April 2018 at 02:23, Simon Poole <simon at poole.ch> wrote:
>
> The GDPR applies to anybody either in the EU or processing data of EU
> residents, there is no reason that you can't run a hdyc like site outside
> of the EU (it would likely have to be in a country for which an equivalence
> determination has been made), as long as you adhere to the relevant
> regulations.
>

I guess I'm trying to work out is there any way OSM communities outside the
EU can avoid being caught up in this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/osmf-talk/attachments/20180418/c84fcc0b/attachment.html>