Jochen Topf wrote: > It doesn't matter whether you can identify everyone or only a few > people. If you can identify one, you have breached his privacy. And > thats bad enough.
So clearly for Dutch law it does; if there only a few people directly addressable and you will not a priori know who they are, it is a "good luck with that" situation. We are still talking about *one* file, not correlated sources. Because yes, if I had access to my serverlogs, and the server logs of my providers DHCP pool, and to their CRM-system then I could say exactly tell you the customer name, and still would only know that someone could be potentially be at that location, or used a connection routed trough this location. We are only talking about IP addresses as an uncorrelated individual measurement. If we actually took the API logs; with usernames; and we make statistics out of that, which is already been done(!) we are actually violating privacy. Now I don't hear anyone complaining about letting everyone know that they have edited at a certain time. >>>> Never the less, I expect from any users that do aggregation task they >>>> care about aggregation results not about raw data :) >>> Well, we were not talking about "users that do aggregation", but >>> "anybody". You said you give anybody access to log files. If you give >>> anybody access, thats more than just "users that do aggregation". >> Anybody that can login to my server yes, TomH was noting root rights >> where required for this. Anyone that is able to login to my server has >> read rights on those files. > > Then I hope you restrict the number of people who can log in to your > server. Like everyone else does :) Stefan _______________________________________________ dev mailing list [email protected] http://lists.openstreetmap.org/listinfo/dev
