[Osmf-talk] GDPR introduction

Robert Kaiser kairo at kairo.at
Thu Apr 26 20:27:33 UTC 2018


Andrew Harvey schrieb:
> The OSMF mission statement includes "protecting the OSM database, and
> making it available to all". Usernames and timestamps of edits are an
> important part of the OSM database, ensuring OSM is truly is an open and
> transparent about the edits that have taken place and when and where these
> came from. I feel it's the OSMF's role to do everything possible to
> continue to make the OSM database available to all and not redact part of
> that database from the public feeds/dumps.

I fully agree with you, but EU law (which BTW in this specific case of 
the GDPR, the UK has said to adhere to even with Brexit) disagrees with 
us. By that law that anyone involved with EU countries or residents need 
to follow, people can retract the right to use any personally 
identifiable information of them and that data has to be actually 
deleted (not just hidden) - which includes things like nicknames, IP 
addresses, locations and more. Even seeing that a certain person 
identified by an ID or similar moniker has edited a specified set of 
locations at specified times is probably unlawful if that person 
retracted their consent to use their data. For the OSM database this is 
certainly problematic but solvable. For things like Git repos (or 
blockchains, which OSM doesn't operate), this can be really tough.

Cheers,
KaiRo



More information about the osmf-talk mailing list