[Osmf-talk] GDPR introduction

Andrew Harvey andrew.harvey4 at gmail.com
Sat Apr 21 04:28:07 UTC 2018


The OSMF mission statement includes "protecting the OSM database, and
making it available to all". Usernames and timestamps of edits are an
important part of the OSM database, ensuring OSM is truly is an open and
transparent about the edits that have taken place and when and where these
came from. I feel it's the OSMF's role to do everything possible to
continue to make the OSM database available to all and not redact part of
that database from the public feeds/dumps.

> Second, I don't have the exact stats, but I believe with the license
change some 30% of mappers could not be reached. That is a *lot* of
metadata that would be affected. My view is that it is important for OSM to
maintain this metadata so that it can be referenced by DWG in future
investigations, even if the metadata is treated confidentially.
Additionally, sending out all those emails and tracking check-ins is
logistically quite difficult. Given OSM's purposes, which really are in the
public interest, I think a legitimate interests basis is on balance a
better fit.

Even if we won't get 100% of historical edits to accept new terms, at least
we can ensure a significant proportion of historical and all future edits
agree to new terms. Again, this is only worst case scenario if we need new
terms to publish usernames and timestamps of historical edits.

I do wonder what other orgs are doing. OSM seems no different to different
to Wikimedia where the time and username or IP of your edits are made
public, or Twitter where if you choose to post a geotagged tweet, your
location, username and timestamp are made public.



On 21 April 2018 at 14:12, Heather Leson <heatherleson at gmail.com> wrote:

> Hi folks that for this conversation.
>
> To some of Rob's questions:
>
> Yes, let's create an exec summary and an faq wiki page to help the clarity.
>
> In addition to Kathleen's input, Simon and I also got probono review from
> the Brussels Privacy Hub and a lawyer from Cisco.
>
> Heather
>
> On Sat, 21 Apr 2018, 02:13 Rob Nickerson, <rob.j.nickerson at gmail.com>
> wrote:
>
>> Thanks Simon. Lots of work has obviously gone in to this so a big thank
>> you (and the LWG) for your time.
>>
>> Three questions/comments:
>>
>>    1. It's quite a long document so would benefit from a Exec Summary if
>>    time permits.
>>    2. I'm interested in who you have engaged with as we are clearly not
>>    the only company affected. In addition to the "professional counsel"
>>    have we reached out to similar groups to the OSMF - for example WikiMedia
>>    and maybe the Open Data Institute?
>>    3. I understand that GDPR does not stop companies from
>>    using/processing data (business as usual activities) internally and it does
>>    not stop them sharing it with a third party under standard business
>>    contracting. Rather it is setting the rules of the game - or more precisely
>>    creating a common standard across the EU (the UK has had a Data Protection
>>    Act for many years now). As such OSMF can continue to use/process the full
>>    dataset, but as we know OSMF company is small with no full time employees.
>>    Their hands off approach to date has allowed for an ecosystem to grow
>>    around OSM. In the new GDPR world, OSMF will be forced to make more
>>    decisions as to which parties can be handed the full dataset
>>    ("processors"/"third parties" in GDPR speak if I have understood it
>>    correctly). Do we know how OSMF intend to manage this? Will OSMF now be in
>>    a position where it has to formally commission/contract out research
>>    projects if we want to analyse user stats to better understand our member
>>    diversity (as an example)?
>>
>> That last question is probably one for the OSMF Board and is a reflection
>> that their hand's off style may have to change in light of GDPR - unless of
>> course they decide that nobody should get the complete data.
>> Thank you,
>>
>> *Rob*
>>
>> On 17 April 2018 at 11:48, Simon Poole <simon at poole.ch> wrote:
>>
>>> On the 25th of May 2018 the *General Data Protection Regulation (GDPR)
>>> <https://en.wikipedia.org/wiki/General_Data_Protection_Regulation>*
>>> will enter in to force, this will likely result in some changes in how
>>> OpenStreetMap operates and distributes its data.
>>>
>>> The LWG has prepared a position paper on the matter that has been
>>> reviewed by data protection experts and in general the approach to not rely
>>> on explicit consent has been validated. It should be noted that while the
>>> paper outlines our approach, some of the details still need to be
>>> determined. In particular the future relationship with community and third
>>> party data consumers that utilize OSM meta-data and what will actually be
>>> dropped/made less accessible of the data listed in Appendix B.
>>>
>>> LWG GDPR Position Paper
>>> <https://wiki.openstreetmap.org/wiki/File:GDPR_Position_Paper.pdf>
>>>
>>> Please feel free to discuss on the talk page
>>> <https://wiki.openstreetmap.org/wiki/Talk:GDPR> or on this list.
>>>
>>> Simon
>>>
>>> _______________________________________________
>>> osmf-talk mailing list
>>> osmf-talk at openstreetmap.org
>>> https://lists.openstreetmap.org/listinfo/osmf-talk
>>>
>>>
>> _______________________________________________
>> osmf-talk mailing list
>> osmf-talk at openstreetmap.org
>> https://lists.openstreetmap.org/listinfo/osmf-talk
>>
>
> _______________________________________________
> osmf-talk mailing list
> osmf-talk at openstreetmap.org
> https://lists.openstreetmap.org/listinfo/osmf-talk
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/osmf-talk/attachments/20180421/05d27a0d/attachment.html>


More information about the osmf-talk mailing list