[Osmf-talk] GDPR introduction

Luigi Toscano luigi.toscano at tiscali.it
Thu Apr 26 20:47:25 UTC 2018


Robert Kaiser ha scritto:
> Andrew Harvey schrieb:
>> The OSMF mission statement includes "protecting the OSM database, and
>> making it available to all". Usernames and timestamps of edits are an
>> important part of the OSM database, ensuring OSM is truly is an open and
>> transparent about the edits that have taken place and when and where these
>> came from. I feel it's the OSMF's role to do everything possible to
>> continue to make the OSM database available to all and not redact part of
>> that database from the public feeds/dumps.
> 
> I fully agree with you, but EU law (which BTW in this specific case of the
> GDPR, the UK has said to adhere to even with Brexit) disagrees with us. By
> that law that anyone involved with EU countries or residents need to follow,
> people can retract the right to use any personally identifiable information of
> them and that data has to be actually deleted (not just hidden) - which
> includes things like nicknames, IP addresses, locations and more. Even seeing
> that a certain person identified by an ID or similar moniker has edited a
> specified set of locations at specified times is probably unlawful if that
> person retracted their consent to use their data. For the OSM database this is
> certainly problematic but solvable. For things like Git repos (or blockchains,
> which OSM doesn't operate), this can be really tough.

I'm not a lawyer, but the exact condition and whether the extend of the
removal applies also to code is still under discussion.
While some data can be removed without harm (like blog posts), for others...
there are some limits to the removal, let's see what lawyers will say.
https://gdpr-info.eu/art-17-gdpr/

-- 
Luigi



More information about the osmf-talk mailing list