Hi, On 05/05/2017 12:39 AM, Michał Brzozowski wrote: > Many national communities use their own change monitoring tools that > will break, for instance greeting and monitoring new mappers.
Why? Would it be so hard to adapt the tools to log in to OSM to access user information? > We use one site in Poland and the Dutch community also uses another site. > There's also Overpass API. Sure, all these would have to change in the long run but it is such a big deal? Even today, Overpass only gives you user names if you explicitly ask for it. > This is not feasible on a technical level IMO I don't agree, I think it would be quite easy. > and would require > significant effort to satisfy just these paranoid people. I don't think it is fair to talk of "just these paranoid people". Our mappers are not enemies; they trust us with their data and it is our moral duty to handle the data they trust us with responsibly. (And I'm not even starting to talk about what our legal duties are!) > I don't > trust OSMF to accommodate everyone's needs on change monitoring. I don't know what "everyone's needs" are but if these needs include "I must be able to download personal user data without logging in" and "I must be able to distribute personal user data without taking any safeguards as to its further use" then I'm not sure if these needs *should* be accommodated. I am sure that all existing quality control measures can be kept up even if we start saying that username data is for internal use only. > Also, I see no reasonable way that upcoming EU privacy rules would > affect us. Would they consider OSM as a special case or what? > Everything mappers do, as has been said, is consensual and explicit. As I said, I think that even in a world without data protection, it would be our duty to think about how to protect the privacy of our contributors. Just saying "you've signed this here, ha ha ha, your fault if you haven't read the small print" is not enough. Certainly not morally; maybe even not legally. If you start looking at the legal side there are many aspects that need to be evaluated. I am not a lawyer but I have a feeling that even today there's a lot of issues not directly related to the above topic where we fall foul of data protection rules, for example the way we continue to offer old planet files for download complete with user names, even if people have asked us to delete their personal information. (Remember, even if people should have agreed to the distribution of their personal data on signup, they can - as far as personal data is concerned - always withdraw their agreement; we cannot then say "har har it is too late now the data is already released under ODbL".) It is also totally unclear if this "metadata" is even part of the ODbL licensed database. Another issue is that there's no way for downstream users mirroring our data to know that "user XY has revoked permission to distribute their user name". Another big issue at least for European users is likely that many governemnt institutions and large companies have strict house rules on working with personal data; if your random government agency importing a planet file into a database were told that this actually contains a ton of personal data, they'd probably have to stop their machines immediately and ask for permission from the relevant data protection commissioner or whomever. But I don't want this to become discussion about "how low can we go with data protection to still be legal". I want this to be "how high can we go with data protection to still be useful", and I think there's a lot that can be done that will make our project better, friendlier, and a safer place to be for everyone. > When I said spirit, I though for instance mapping parties which were > once very popular and still somewhat are. It was customary to make > animated progress maps colored by user. I think that a viable middle ground could be to make user data available to signed-up project members only, and they'd have to promise to only use that data for project-internal purposes. Hence, anyone with an OSM account could make such an animated progress map, and it could be shown to anyone with an OSM account. Only if you want to distribute it outside of OSM you'd either have to remove/pseudonymize the user names or get explicit permission (as in: "I am ok with you publishing this particular work with my name in it") from the participants. Would that really be such a big issue? I think you're making this into a much bigger issue than it needs to be. Bye Frederik -- Frederik Ramm ## eMail frede...@remote.org ## N49°00'09" E008°23'33" _______________________________________________ talk mailing list talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/talk