On Wednesday 20 June 2018, Roland Olbricht wrote: > [...] > Taking GDPR serious means every data processor must decide which use > cases they make simple, which use cases they make hard, and tailor > the documentation according to that. For example, for that reason > Overpass API has no feature to track all actions of a single user. I > have proposed a declaration tailored to Overpass API on the FOSSGIS > list (the FOSSGIS is sponsoring the server operations), and I would > prefer to go forward with that one. A central ToU does not help, > hence having it ticked or not is of no interest to the data > processor.
Since not everyone knows the draft you suggested in FOSSGIS - the plans you sketch there (correct me please if i am wrong) essentially say that you intend to continue distributing geodata and timestamps without access restrictions but plan to manage restricted access to other data (changesets and user identities) using your own mechanism and own criteria of approval (which are not completely finalized yet). As i understand your mail here you think this clashes with the OSMF plans because these will require you - for accessing the raw data to feed into the Overpass API - to accept the OSMF ToU which likely will a) not allow you to distribute data with timestamps without access restrictions b) require you to implement access restrictions using OAuth I assume if this is actually the case will depend on the specifics of the OSMF ToU. I would also assume that (b) most likely would not require you to use OAuth with every request, you probably could just use OAuth when people register with you for an API key. -- Christoph Hormann http://www.imagico.de/ _______________________________________________ dev mailing list [email protected] https://lists.openstreetmap.org/listinfo/dev
