[Osmf-talk] GDPR introduction
simon at poole.ch
Thu May 17 15:05:08 UTC 2018
Nice, except that it is at odds with the GDPR (if you ask for consent you can't stop people from withdrawing it).
Am 17. Mai 2018 03:20:29 MESZ schrieb Andrew Harvey <andrew.harvey4 at gmail.com>:
>It looks like GitLab is dealing with this with a waiver which you are
>required to agree to to log into your account. Adapted for OSM it
>As part of my voluntary contribution to OpenStreetMap, I acknowledge
>agree that my username and any geographic data I edit will become
>and part of the OpenStreetMap data, which may be publicly available. I
>understand the removal of this information would be impermissibly
>destructive to the project and the interests of all those who
>utilize, and benefit from it. Therefore, in consideration of my
>participation in any project, I hereby waive any right to request any
>erasure, removal, or rectification of this information under any
>privacy or other law and acknowledge and understand that providing this
>information is a requirement under the agreement to contribute to
>I don't know how they plan to deal with users who choose not to agree,
>at least it shows how other organisations are dealing with this.
>On 21 April 2018 at 18:14, Simon Poole <simon at poole.ch> wrote:
>> This is going off a bit on a tangent, to restate: we are -not-
>> to go back to every contributor and get explicit consent from them.
>> Besides the already mentioned issues in actually reaching out to
>> wouldn't solve anything, as lawful processing based on consent by the
>> subjects is the rabbit hole of problems that we are trying to avoid.
>> What we will likely do is get everybody using the website and the API
>> obligations from the GDPR.
>> Am 21.04.2018 um 06:28 schrieb Andrew Harvey:
>> The OSMF mission statement includes "protecting the OSM database, and
>> making it available to all". Usernames and timestamps of edits are an
>> important part of the OSM database, ensuring OSM is truly is an open
>> transparent about the edits that have taken place and when and where
>> came from. I feel it's the OSMF's role to do everything possible to
>> continue to make the OSM database available to all and not redact
>> that database from the public feeds/dumps.
>> > Second, I don't have the exact stats, but I believe with the
>> change some 30% of mappers could not be reached. That is a *lot* of
>> metadata that would be affected. My view is that it is important for
>> maintain this metadata so that it can be referenced by DWG in future
>> investigations, even if the metadata is treated confidentially.
>> Additionally, sending out all those emails and tracking check-ins is
>> logistically quite difficult. Given OSM's purposes, which really are
>> public interest, I think a legitimate interests basis is on balance a
>> better fit.
>> Even if we won't get 100% of historical edits to accept new terms, at
>> least we can ensure a significant proportion of historical and all
>> edits agree to new terms. Again, this is only worst case scenario if
>> need new terms to publish usernames and timestamps of historical
>> I do wonder what other orgs are doing. OSM seems no different to
>> to Wikimedia where the time and username or IP of your edits are made
>> public, or Twitter where if you choose to post a geotagged tweet,
>> location, username and timestamp are made public.
>> On 21 April 2018 at 14:12, Heather Leson <heatherleson at gmail.com>
>>> Hi folks that for this conversation.
>>> To some of Rob's questions:
>>> Yes, let's create an exec summary and an faq wiki page to help the
>>> In addition to Kathleen's input, Simon and I also got probono review
>>> the Brussels Privacy Hub and a lawyer from Cisco.
>>> On Sat, 21 Apr 2018, 02:13 Rob Nickerson,
><rob.j.nickerson at gmail.com>
>>>> Thanks Simon. Lots of work has obviously gone in to this so a big
>>>> you (and the LWG) for your time.
>>>> Three questions/comments:
>>>> 1. It's quite a long document so would benefit from a Exec
>>>> if time permits.
>>>> 2. I'm interested in who you have engaged with as we are clearly
>>>> the only company affected. In addition to the "professional
>>>> have we reached out to similar groups to the OSMF - for example
>>>> and maybe the Open Data Institute?
>>>> 3. I understand that GDPR does not stop companies from
>>>> using/processing data (business as usual activities) internally
>and it does
>>>> not stop them sharing it with a third party under standard
>>>> contracting. Rather it is setting the rules of the game - or
>>>> creating a common standard across the EU (the UK has had a Data
>>>> Act for many years now). As such OSMF can continue to
>use/process the full
>>>> dataset, but as we know OSMF company is small with no full time
>>>> Their hands off approach to date has allowed for an ecosystem to
>>>> around OSM. In the new GDPR world, OSMF will be forced to make
>>>> decisions as to which parties can be handed the full dataset
>>>> ("processors"/"third parties" in GDPR speak if I have understood
>>>> correctly). Do we know how OSMF intend to manage this? Will OSMF
>now be in
>>>> a position where it has to formally commission/contract out
>>>> projects if we want to analyse user stats to better understand
>>>> diversity (as an example)?
>>>> That last question is probably one for the OSMF Board and is a
>>>> reflection that their hand's off style may have to change in light
>>>> - unless of course they decide that nobody should get the complete
>>>> Thank you,
>>>> On 17 April 2018 at 11:48, Simon Poole <simon at poole.ch> wrote:
>>>>> On the 25th of May 2018 the *General Data Protection Regulation
>>>>> will enter in to force, this will likely result in some changes in
>>>>> OpenStreetMap operates and distributes its data.
>>>>> The LWG has prepared a position paper on the matter that has been
>>>>> reviewed by data protection experts and in general the approach to
>>>>> on explicit consent has been validated. It should be noted that
>>>>> paper outlines our approach, some of the details still need to be
>>>>> determined. In particular the future relationship with community
>>>>> party data consumers that utilize OSM meta-data and what will
>>>>> dropped/made less accessible of the data listed in Appendix B.
>>>>> LWG GDPR Position Paper
>>>>> Please feel free to discuss on the talk page
>>>>> <https://wiki.openstreetmap.org/wiki/Talk:GDPR> or on this list.
>>>>> osmf-talk mailing list
>>>>> osmf-talk at openstreetmap.org
>>>> osmf-talk mailing list
>>>> osmf-talk at openstreetmap.org
>>> osmf-talk mailing list
>>> osmf-talk at openstreetmap.org
>> osmf-talk mailing
>listosmf-talk at openstreetmap.orghttps://lists.openstreetmap.org/listinfo/osmf-talk
>> osmf-talk mailing list
>> osmf-talk at openstreetmap.org
Diese Nachricht wurde von meinem Android-Mobiltelefon mit Kaiten Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the osmf-talk