[OSM-talk] HDYC, login requirement and "privacy"

Thu May 4 23:36:14 UTC 2017

Hi,

On 05/05/2017 12:39 AM, Michał Brzozowski wrote:
> Many national communities use their own change monitoring tools that
> will break, for instance greeting and monitoring new mappers. 

Why? Would it be so hard to adapt the tools to log in to OSM to access
user information?

> We use one site in Poland and the Dutch community also uses another site.
> There's also Overpass API.

Sure, all these would have to change in the long run but it is such a
big deal? Even today, Overpass only gives you user names if you
explicitly ask for it.

> This is not feasible on a technical level IMO 

I don't agree, I think it would be quite easy.

> and would require
> significant effort to satisfy just these paranoid people. 

I don't think it is fair to talk of "just these paranoid people". Our
mappers are not enemies; they trust us with their data and it is our
moral duty to handle the data they trust us with responsibly. (And I'm
not even starting to talk about what our legal duties are!)

> I don't
> trust OSMF to accommodate everyone's needs on change monitoring.

I don't know what "everyone's needs" are but if these needs include "I
must be able to download personal user data without logging in" and "I
must be able to distribute personal user data without taking any
safeguards as to its further use" then I'm not sure if these needs
*should* be accommodated.

I am sure that all existing quality control measures can be kept up even
if we start saying that username data is for internal use only.

> Also, I see no reasonable way that upcoming EU privacy rules would
> affect us. Would they consider OSM as a special case or what?
> Everything mappers do, as has been said, is consensual and explicit.

As I said, I think that even in a world without data protection, it
would be our duty to think about how to protect the privacy of our
contributors. Just saying "you've signed this here, ha ha ha, your fault
if you haven't read the small print" is not enough. Certainly not
morally; maybe even not legally.

If you start looking at the legal side there are many aspects that need
to be evaluated. I am not a lawyer but I have a feeling that even today
there's a lot of issues not directly related to the above topic where we
fall foul of data protection rules, for example the way we continue to
offer old planet files for download complete with user names, even if
people have asked us to delete their personal information. (Remember,
even if people should have agreed to the distribution of their personal
data on signup, they can - as far as personal data is concerned - always
withdraw their agreement; we cannot then say "har har it is too late now
the data is already released under ODbL".) It is also totally unclear if
this "metadata" is even part of the ODbL licensed database. Another
issue is that there's no way for downstream users mirroring our data to
know that "user XY has revoked permission to distribute their user
name". Another big issue at least for European users is likely that many
governemnt institutions and large companies have strict house rules on
working with personal data; if your random government agency importing a
planet file into a database were told that this actually contains a ton
of personal data, they'd probably have to stop their machines
immediately and ask for permission from the relevant data protection
commissioner or whomever.

But I don't want this to become discussion about "how low can we go with
data protection to still be legal". I want this to be "how high can we
go with data protection to still be useful", and I think there's a lot
that can be done that will make our project better, friendlier, and a
safer place to be for everyone.

> When I said spirit, I though for instance mapping parties which were
> once very popular and still somewhat are. It was customary to make
> animated progress maps colored by user.

I think that a viable middle ground could be to make user data available
to signed-up project members only, and they'd have to promise to only
use that data for project-internal purposes. Hence, anyone with an OSM
account could make such an animated progress map, and it could be shown
to anyone with an OSM account. Only if you want to distribute it outside
of OSM you'd either have to remove/pseudonymize the user names or get
explicit permission (as in: "I am ok with you publishing this particular
work with my name in it") from the participants. Would that really be
such a big issue? I think you're making this into a much bigger issue
than it needs to be.

Bye
Frederik

-- 
Frederik Ramm  ##  eMail frederik at remote.org  ##  N49°00'09" E008°23'33"