[Osmf-talk] GDPR introduction

Rob Nickerson rob.j.nickerson at gmail.com
Fri Apr 20 23:39:08 UTC 2018 

Thanks Simon. Lots of work has obviously gone in to this so a big thank you
(and the LWG) for your time.

Three questions/comments:

   1. It's quite a long document so would benefit from a Exec Summary if
   time permits.
   2. I'm interested in who you have engaged with as we are clearly not the
   only company affected. In addition to the "professional counsel" have we
   reached out to similar groups to the OSMF - for example WikiMedia and maybe
   the Open Data Institute?
   3. I understand that GDPR does not stop companies from using/processing
   data (business as usual activities) internally and it does not stop them
   sharing it with a third party under standard business contracting. Rather
   it is setting the rules of the game - or more precisely creating a common
   standard across the EU (the UK has had a Data Protection Act for many years
   now). As such OSMF can continue to use/process the full dataset, but as we
   know OSMF company is small with no full time employees. Their hands off
   approach to date has allowed for an ecosystem to grow around OSM. In the
   new GDPR world, OSMF will be forced to make more decisions as to which
   parties can be handed the full dataset ("processors"/"third parties" in
   GDPR speak if I have understood it correctly). Do we know how OSMF intend
   to manage this? Will OSMF now be in a position where it has to formally
   commission/contract out research projects if we want to analyse user stats
   to better understand our member diversity (as an example)?

That last question is probably one for the OSMF Board and is a reflection
that their hand's off style may have to change in light of GDPR - unless of
course they decide that nobody should get the complete data.
Thank you,

*Rob*

On 17 April 2018 at 11:48, Simon Poole <simon at poole.ch> wrote:

> On the 25th of May 2018 the *General Data Protection Regulation (GDPR)
> <https://en.wikipedia.org/wiki/General_Data_Protection_Regulation>* will
> enter in to force, this will likely result in some changes in how
> OpenStreetMap operates and distributes its data.
>
> The LWG has prepared a position paper on the matter that has been reviewed
> by data protection experts and in general the approach to not rely on
> explicit consent has been validated. It should be noted that while the
> paper outlines our approach, some of the details still need to be
> determined. In particular the future relationship with community and third
> party data consumers that utilize OSM meta-data and what will actually be
> dropped/made less accessible of the data listed in Appendix B.
>
> LWG GDPR Position Paper
> <https://wiki.openstreetmap.org/wiki/File:GDPR_Position_Paper.pdf>
>
> Please feel free to discuss on the talk page
> <https://wiki.openstreetmap.org/wiki/Talk:GDPR> or on this list.
>
> Simon
>
> _______________________________________________
> osmf-talk mailing list
> osmf-talk at openstreetmap.org
> https://lists.openstreetmap.org/listinfo/osmf-talk
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/osmf-talk/attachments/20180421/9a90804f/attachment.html>

More information about the osmf-talk mailing list