OSM data: Privacy Risks and GDPR compliance

Room: Track 1 - Talks

Friday, 15:00 UTC
Duration: 20 minutes (plus Q&A)


video on media.ccc.de
video on YouTube
video on YouTube (Russian (русский) translation)


Back to schedule
  • Robert Riemann

I am a professional data protection expert and a passionate long-term contributor to OSM.

For this talk, I want to combine both worlds and discuss:

  • 0) How OSM already today is beneficial for the privacy of OSM consumers?
  • 1) Which personal data is in the OSM public database (spoiler: behavioural data of contributors)?
  • 3) Which potential privacy risks stem from the data for OSM contributors?
  • 4) What are the GDPR compliance issues?
  • 5) What is the outlook? I open the discussion (Q&A) with some ideas to mitigate privacy risks. They involve likely changes to the current data governance, OSM database structure and OSM data itself.

Problems that are already evident that I plan to mention:

  1. transparency on the processing of personal data of contributors
  2. tracking of contributors, e.g. via
  3. sharing of OSM data with third parties, see https://wiki.osmfoundation.org/wiki/Registered_data_controllers

For the purpose of the discussion, I want to introduce the audience to a few core data protection concepts:

  • purpose limitation
  • data minimisation
  • definition of personal data in the GDPR
  • concept of anonymous and pseudonymous data