On Tuesday 19 June 2018, Frederik Ramm wrote: > [...] > 3b. ensure that everyone who has an OSM account agrees to these > guidelines one way or the other,
This is the point that looks very fuzzy to me. Could someone point out the legal concept behind this idea for me? Such agreement would not be an agreement to process your own data given by individuals to the OSMF (which is the kind of agreement you would normally expect in the GDPR context). You probably mean some kind of contractual agreement about what can be done with the data. But to be honest i don't really see the point in that. People who download the data can easily create an ad hoc account every time they download data. The OSMF does not verify the identity of who is behind a user account created. So what do you expect to gain from such an agreement? Is there any reason to assume that in a case of such data being released in a way that is not according to the legal requirements by a third party the agreement can be used to avoid legal responsibility for the OSMF it would otherwise need to face? To me this looks more like cargo cult actionism, doing something that communicates being a serious measure at the surface but which is a hollow promise at a closer look. Note these concerns are not about the idea of restricting access to sensitive data to logged in users, it is about requiring some kind of agreement from these users. What i can understand is giving people a simple selection option between [ ] i want to be safe w.r.t. personal data and not being provided potentially sensitive information when logged in. [ ] i want to have the possibility to access potentially sensitive data when logged in. which would mainly be a service to the user - kind of like the sensitive content switch on youtube. -- Christoph Hormann http://www.imagico.de/ _______________________________________________ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev