OSM data: Privacy Risks and GDPR compliance
I am a professional data protection expert and a passionate long-term contributor to OSM.
For this talk, I want to combine both worlds and discuss:
- 0) How OSM already today is beneficial for the privacy of OSM consumers?
- 1) Which personal data is in the OSM public database (spoiler: behavioural
data of contributors)?
- 3) Which potential privacy risks stem from the data for OSM contributors?
- 4) What are the GDPR compliance issues?
- 5) What is the outlook? I open the discussion (Q&A) with some ideas to mitigate privacy risks. They involve likely changes to the current data governance, OSM database structure and OSM data itself.
Problems that are already evident that I plan to mention:
- transparency on the processing of personal data of contributors
- tracking of contributors, e.g. via
- sharing of OSM data with third parties, see https://wiki.osmfoundation.org/wiki/Registered_data_controllers
For the purpose of the discussion, I want to introduce the audience to a few core data protection concepts:
- purpose limitation
- data minimisation
- definition of personal data in the GDPR
- concept of anonymous and pseudonymous data