[OSM-talk] GDPR introduction

[Andrew Harvey]

On 17 April 2018 at 23:31, Christoph Hormann <osm at imagico.de> wrote:

> On Tuesday 17 April 2018, Simon Poole wrote:
> >
> > > * When you add new 'terms of use' or 'data processing agreement'
> > > provisions that people who want to access OSM data with metadata
> > > need to agree to does that constitute an amendment of the ODbL and
> > > therefore a change in license?  If not would any downstream data
> > > user who distributes a derivative database be allowed to add
> > > similar terms of use that restrict use of the data to the data they
> > > distribute?
> >
> > As the mail said, the exact details are not nailed down there yet,
> > however it is likely that we will not want to enter in to an
> > agreement with such people, but would simply offer to help with their
> > obligations from Art. 14. It is not as if the GDPR suddenly
> > disappears when we distribute data on ODbL terms so people processing
> > the full dataset are going to be subject to it in any case.
>
> Ok - that is much clearer (and IMO also addresses what Andrew wondered
> about).  If it is sufficient for the GDPR to (a) not have technically
> unrestricted access and (b) make sure everyone receiving the data is
> made aware of the legal obligations that seems something that can be
> reasonably dealt with.
>
> The terminology used in the position paper however seems to point into a
> somewhat different direction (i.e. that providing bulk metadata would
> be subject to a specific contractual agreement).


Yes that does help clarify my concerns too. I still wonder if someone
outside the EU can go ahead and publish the full metadata included OSM
database under the ODBL outside the OSMF, or in the worst case local
communities outside the EU can still publish their regional extracts with
metadata publicly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk/attachments/20180417/372fcd40/attachment.html>