[Osmf-talk] GDPR introduction
Heather Leson
heatherleson at gmail.com
Sat Apr 21 04:12:11 UTC 2018
Hi folks that for this conversation.
To some of Rob's questions:
Yes, let's create an exec summary and an faq wiki page to help the clarity.
In addition to Kathleen's input, Simon and I also got probono review from
the Brussels Privacy Hub and a lawyer from Cisco.
Heather
On Sat, 21 Apr 2018, 02:13 Rob Nickerson, <rob.j.nickerson at gmail.com> wrote:
> Thanks Simon. Lots of work has obviously gone in to this so a big thank
> you (and the LWG) for your time.
>
> Three questions/comments:
>
> 1. It's quite a long document so would benefit from a Exec Summary if
> time permits.
> 2. I'm interested in who you have engaged with as we are clearly not
> the only company affected. In addition to the "professional counsel"
> have we reached out to similar groups to the OSMF - for example WikiMedia
> and maybe the Open Data Institute?
> 3. I understand that GDPR does not stop companies from
> using/processing data (business as usual activities) internally and it does
> not stop them sharing it with a third party under standard business
> contracting. Rather it is setting the rules of the game - or more precisely
> creating a common standard across the EU (the UK has had a Data Protection
> Act for many years now). As such OSMF can continue to use/process the full
> dataset, but as we know OSMF company is small with no full time employees.
> Their hands off approach to date has allowed for an ecosystem to grow
> around OSM. In the new GDPR world, OSMF will be forced to make more
> decisions as to which parties can be handed the full dataset
> ("processors"/"third parties" in GDPR speak if I have understood it
> correctly). Do we know how OSMF intend to manage this? Will OSMF now be in
> a position where it has to formally commission/contract out research
> projects if we want to analyse user stats to better understand our member
> diversity (as an example)?
>
> That last question is probably one for the OSMF Board and is a reflection
> that their hand's off style may have to change in light of GDPR - unless of
> course they decide that nobody should get the complete data.
> Thank you,
>
> *Rob*
>
> On 17 April 2018 at 11:48, Simon Poole <simon at poole.ch> wrote:
>
>> On the 25th of May 2018 the *General Data Protection Regulation (GDPR)
>> <https://en.wikipedia.org/wiki/General_Data_Protection_Regulation>* will
>> enter in to force, this will likely result in some changes in how
>> OpenStreetMap operates and distributes its data.
>>
>> The LWG has prepared a position paper on the matter that has been
>> reviewed by data protection experts and in general the approach to not rely
>> on explicit consent has been validated. It should be noted that while the
>> paper outlines our approach, some of the details still need to be
>> determined. In particular the future relationship with community and third
>> party data consumers that utilize OSM meta-data and what will actually be
>> dropped/made less accessible of the data listed in Appendix B.
>>
>> LWG GDPR Position Paper
>> <https://wiki.openstreetmap.org/wiki/File:GDPR_Position_Paper.pdf>
>>
>> Please feel free to discuss on the talk page
>> <https://wiki.openstreetmap.org/wiki/Talk:GDPR> or on this list.
>>
>> Simon
>>
>> _______________________________________________
>> osmf-talk mailing list
>> osmf-talk at openstreetmap.org
>> https://lists.openstreetmap.org/listinfo/osmf-talk
>>
>>
> _______________________________________________
> osmf-talk mailing list
> osmf-talk at openstreetmap.org
> https://lists.openstreetmap.org/listinfo/osmf-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/osmf-talk/attachments/20180421/4fffc6cc/attachment.html>
More information about the osmf-talk
mailing list