Am 23.09.2015 um 19:16 schrieb Tom Lee: > I'm not sure what basis there is for thinking a service provider will > necessarily reuse clients' data. Maybe! Not "maybe" but dead certain, see for example geocoder.ca and I hope you don't really believe that google doesn't reuse the data you submit to its geo-coding API.
> That's not my experience, but I can imagine how it might be useful. I > hope you'll agree that data security and stewardship is a trickier > thing to implement within an open project made up of volunteers than > it is in an organization with contract employees. > > To point b: if the addresses remain associated with the entity doing > the geocoding, as I think you're proposing, problematic linkages > remain possible. Consider how Brendan Eich's career ended at Mozilla. > That case involved campaign finance records, but a political > organization's geocoded membership database could easily achieve the > same result, even with just addresses. > > Anyway even if the organization->address linkage were to be removed, > organizations who comply with EU Safe Harbour privacy requirements > (and, I assume, the EU privacy provisions from which they're derived) > could not share users' address data with a third party in this manner*. > You are getting slightly carried away: we are talking about SA obligations for data derived from OSM that is publicly used, which in in the vast vast majority of cases will not have any relevant data-protection issues at all. A typical use case would be a company geo-coding the addresses of its dealerships for display on a map, 4square geo-coding its locations and similar. NOT an insurance geo-coding the addresses of its customers and publishing them. The very legislation you are referring to would in general strongly limit any use of location information associated with individuals in the first place and it may be that that is actually a rare use case which will never be possible to cover with OSM. > Put bluntly: expecting data back from geocoding users is not workable > and never has been. Maintaining the hope that someday it will produce > useful contributions merely leads to some noncompliance and lots and > lots of deadweight loss. It's a shame, and is inhibiting useful work > being accomplished both outside of OSM and within it. > > Tom > > * Partner and vendors can receive data from complying organizations, > but the relationship must be disclosed and users must be given the > right to delete data about them. Partner organizations also have to > complete certification procedures (including things like HR training), > and may not pass the data on further, as OSM presumably would want to > under sharealike. > See above, all the relevant larger scale use cases which I can think of that touch private data of individuals do not involve publishing the location information and OSM can be used for that NOW without any fear at all of share-alike. Matter of fact you are even better of with OSM than with any service provider, because you can actually do it in house and don't have to disclose the information to a third party with all the involved paper work (yes I've actually signed such contracts and they are a pain). Simon
signature.asc
Description: OpenPGP digital signature
_______________________________________________ legal-talk mailing list legal-talk@openstreetmap.org https://lists.openstreetmap.org/listinfo/legal-talk
