[Osmf-talk] GDPR introduction

Heather Leson heatherleson at gmail.com
Sat Apr 21 04:12:11 UTC 2018 

Hi folks that for this conversation.

To some of Rob's questions:

Yes, let's create an exec summary and an faq wiki page to help the clarity.

In addition to Kathleen's input, Simon and I also got probono review from
the Brussels Privacy Hub and a lawyer from Cisco.

Heather

On Sat, 21 Apr 2018, 02:13 Rob Nickerson, <rob.j.nickerson at gmail.com> wrote:

> Thanks Simon. Lots of work has obviously gone in to this so a big thank
> you (and the LWG) for your time.
>
> Three questions/comments:
>
>    1. It's quite a long document so would benefit from a Exec Summary if
>    time permits.
>    2. I'm interested in who you have engaged with as we are clearly not
>    the only company affected. In addition to the "professional counsel"
>    have we reached out to similar groups to the OSMF - for example WikiMedia
>    and maybe the Open Data Institute?
>    3. I understand that GDPR does not stop companies from
>    using/processing data (business as usual activities) internally and it does
>    not stop them sharing it with a third party under standard business
>    contracting. Rather it is setting the rules of the game - or more precisely
>    creating a common standard across the EU (the UK has had a Data Protection
>    Act for many years now). As such OSMF can continue to use/process the full
>    dataset, but as we know OSMF company is small with no full time employees.
>    Their hands off approach to date has allowed for an ecosystem to grow
>    around OSM. In the new GDPR world, OSMF will be forced to make more
>    decisions as to which parties can be handed the full dataset
>    ("processors"/"third parties" in GDPR speak if I have understood it
>    correctly). Do we know how OSMF intend to manage this? Will OSMF now be in
>    a position where it has to formally commission/contract out research
>    projects if we want to analyse user stats to better understand our member
>    diversity (as an example)?
>
> That last question is probably one for the OSMF Board and is a reflection
> that their hand's off style may have to change in light of GDPR - unless of
> course they decide that nobody should get the complete data.
> Thank you,
>
> *Rob*
>
> On 17 April 2018 at 11:48, Simon Poole <simon at poole.ch> wrote:
>
>> On the 25th of May 2018 the *General Data Protection Regulation (GDPR)
>> <https://en.wikipedia.org/wiki/General_Data_Protection_Regulation>* will
>> enter in to force, this will likely result in some changes in how
>> OpenStreetMap operates and distributes its data.
>>
>> The LWG has prepared a position paper on the matter that has been
>> reviewed by data protection experts and in general the approach to not rely
>> on explicit consent has been validated. It should be noted that while the
>> paper outlines our approach, some of the details still need to be
>> determined. In particular the future relationship with community and third
>> party data consumers that utilize OSM meta-data and what will actually be
>> dropped/made less accessible of the data listed in Appendix B.
>>
>> LWG GDPR Position Paper
>> <https://wiki.openstreetmap.org/wiki/File:GDPR_Position_Paper.pdf>
>>
>> Please feel free to discuss on the talk page
>> <https://wiki.openstreetmap.org/wiki/Talk:GDPR> or on this list.
>>
>> Simon
>>
>> _______________________________________________
>> osmf-talk mailing list
>> osmf-talk at openstreetmap.org
>> https://lists.openstreetmap.org/listinfo/osmf-talk
>>
>>
> _______________________________________________
> osmf-talk mailing list
> osmf-talk at openstreetmap.org
> https://lists.openstreetmap.org/listinfo/osmf-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/osmf-talk/attachments/20180421/4fffc6cc/attachment.html>

More information about the osmf-talk mailing list