[Osmf-talk] GDPR introduction

Simon Poole simon at poole.ch
Thu May 17 15:05:08 UTC 2018

Nice, except that it is at odds with the GDPR (if you ask for consent you can't stop people from withdrawing it).

Am 17. Mai 2018 03:20:29 MESZ schrieb Andrew Harvey <andrew.harvey4 at gmail.com>:
>It looks like GitLab is dealing with this with a waiver which you are
>required to agree to to log into your account. Adapted for OSM it
>As part of my voluntary contribution to OpenStreetMap, I acknowledge
>agree that my username and any geographic data I edit will become
>and part of the OpenStreetMap data, which may be publicly available. I
>understand the removal of this information would be impermissibly
>destructive to the project and the interests of all those who
>utilize, and benefit from it. Therefore, in consideration of my
>participation in any project, I hereby waive any right to request any
>erasure, removal, or rectification of this information under any
>privacy or other law and acknowledge and understand that providing this
>information is a requirement under the agreement to contribute to
>I don't know how they plan to deal with users who choose not to agree,
>at least it shows how other organisations are dealing with this.
>On 21 April 2018 at 18:14, Simon Poole <simon at poole.ch> wrote:
>> This is going off a bit on a tangent, to restate: we are -not-
>> to go back to every contributor and get explicit consent from them.
>> Besides the already mentioned issues in actually reaching out to
>them, it
>> wouldn't solve anything, as lawful processing based on consent by the
>> subjects is the rabbit hole of problems that we are trying to avoid.
>> What we will likely do is get everybody using the website and the API
>> re-read a revised privacy policy and agree to ToU that point out the
>> obligations from the GDPR.
>> Simon
>> Am 21.04.2018 um 06:28 schrieb Andrew Harvey:
>> The OSMF mission statement includes "protecting the OSM database, and
>> making it available to all". Usernames and timestamps of edits are an
>> important part of the OSM database, ensuring OSM is truly is an open
>> transparent about the edits that have taken place and when and where
>> came from. I feel it's the OSMF's role to do everything possible to
>> continue to make the OSM database available to all and not redact
>part of
>> that database from the public feeds/dumps.
>> > Second, I don't have the exact stats, but I believe with the
>> change some 30% of mappers could not be reached. That is a *lot* of
>> metadata that would be affected. My view is that it is important for
>OSM to
>> maintain this metadata so that it can be referenced by DWG in future
>> investigations, even if the metadata is treated confidentially.
>> Additionally, sending out all those emails and tracking check-ins is
>> logistically quite difficult. Given OSM's purposes, which really are
>in the
>> public interest, I think a legitimate interests basis is on balance a
>> better fit.
>> Even if we won't get 100% of historical edits to accept new terms, at
>> least we can ensure a significant proportion of historical and all
>> edits agree to new terms. Again, this is only worst case scenario if
>> need new terms to publish usernames and timestamps of historical
>> I do wonder what other orgs are doing. OSM seems no different to
>> to Wikimedia where the time and username or IP of your edits are made
>> public, or Twitter where if you choose to post a geotagged tweet,
>> location, username and timestamp are made public.
>> On 21 April 2018 at 14:12, Heather Leson <heatherleson at gmail.com>
>>> Hi folks that for this conversation.
>>> To some of Rob's questions:
>>> Yes, let's create an exec summary and an faq wiki page to help the
>>> clarity.
>>> In addition to Kathleen's input, Simon and I also got probono review
>>> the Brussels Privacy Hub and a lawyer from Cisco.
>>> Heather
>>> On Sat, 21 Apr 2018, 02:13 Rob Nickerson,
><rob.j.nickerson at gmail.com>
>>> wrote:
>>>> Thanks Simon. Lots of work has obviously gone in to this so a big
>>>> you (and the LWG) for your time.
>>>> Three questions/comments:
>>>>    1. It's quite a long document so would benefit from a Exec
>>>>    if time permits.
>>>>    2. I'm interested in who you have engaged with as we are clearly
>>>>    the only company affected. In addition to the "professional
>>>>    have we reached out to similar groups to the OSMF - for example
>>>>    and maybe the Open Data Institute?
>>>>    3. I understand that GDPR does not stop companies from
>>>>    using/processing data (business as usual activities) internally
>and it does
>>>>    not stop them sharing it with a third party under standard
>>>>    contracting. Rather it is setting the rules of the game - or
>more precisely
>>>>    creating a common standard across the EU (the UK has had a Data
>>>>    Act for many years now). As such OSMF can continue to
>use/process the full
>>>>    dataset, but as we know OSMF company is small with no full time
>>>>    Their hands off approach to date has allowed for an ecosystem to
>>>>    around OSM. In the new GDPR world, OSMF will be forced to make
>>>>    decisions as to which parties can be handed the full dataset
>>>>    ("processors"/"third parties" in GDPR speak if I have understood
>>>>    correctly). Do we know how OSMF intend to manage this? Will OSMF
>now be in
>>>>    a position where it has to formally commission/contract out
>>>>    projects if we want to analyse user stats to better understand
>our member
>>>>    diversity (as an example)?
>>>> That last question is probably one for the OSMF Board and is a
>>>> reflection that their hand's off style may have to change in light
>of GDPR
>>>> - unless of course they decide that nobody should get the complete
>>>> Thank you,
>>>> *Rob*
>>>> On 17 April 2018 at 11:48, Simon Poole <simon at poole.ch> wrote:
>>>>> On the 25th of May 2018 the *General Data Protection Regulation
>>>>> will enter in to force, this will likely result in some changes in
>>>>> OpenStreetMap operates and distributes its data.
>>>>> The LWG has prepared a position paper on the matter that has been
>>>>> reviewed by data protection experts and in general the approach to
>not rely
>>>>> on explicit consent has been validated. It should be noted that
>while the
>>>>> paper outlines our approach, some of the details still need to be
>>>>> determined. In particular the future relationship with community
>and third
>>>>> party data consumers that utilize OSM meta-data and what will
>actually be
>>>>> dropped/made less accessible of the data listed in Appendix B.
>>>>> LWG GDPR Position Paper
>>>>> <https://wiki.openstreetmap.org/wiki/File:GDPR_Position_Paper.pdf>
>>>>> Please feel free to discuss on the talk page
>>>>> <https://wiki.openstreetmap.org/wiki/Talk:GDPR> or on this list.
>>>>> Simon
>>>>> _______________________________________________
>>>>> osmf-talk mailing list
>>>>> osmf-talk at openstreetmap.org
>>>>> https://lists.openstreetmap.org/listinfo/osmf-talk
>>>> _______________________________________________
>>>> osmf-talk mailing list
>>>> osmf-talk at openstreetmap.org
>>>> https://lists.openstreetmap.org/listinfo/osmf-talk
>>> _______________________________________________
>>> osmf-talk mailing list
>>> osmf-talk at openstreetmap.org
>>> https://lists.openstreetmap.org/listinfo/osmf-talk
>> _______________________________________________
>> osmf-talk mailing
>listosmf-talk at openstreetmap.orghttps://lists.openstreetmap.org/listinfo/osmf-talk
>> _______________________________________________
>> osmf-talk mailing list
>> osmf-talk at openstreetmap.org
>> https://lists.openstreetmap.org/listinfo/osmf-talk

Diese Nachricht wurde von meinem Android-Mobiltelefon mit Kaiten Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/osmf-talk/attachments/20180517/124c9852/attachment.html>

More information about the osmf-talk mailing list