GDPR/Affected Services

From OpenStreetMap Wiki
Jump to navigation Jump to search

This page tries to spec out the consequences for individual API calls that derive from the LWG white paper on https://wiki.openstreetmap.org/w/images/8/88/GDPR_Position_Paper.pdf .

"Drop (XML) attributes" means that user name, user id, changeset id, and possibly timestamp have to be dropped. The jury is still out on the timestamp; LWG have initially recommended dropping or diluting it, but further discussion has shown that this would make little sense and cause more problems than it is worth. At the time of creating this document, OSM XML format was the only supported format by the API. Meanwhile, OSM JSON format is also available, and needs to be considered accordingly. For the sake of brevity, we imply both XML and JSON formats (where available) when the document talks about dropping XML attributes.

An earlier version of the page had distinguished between "logged in users" and "non logged in users". This is not the correct terminology; legally we want to distinguish cases governed by our terms of use, and cases where we don't know if the user has agreed to the terms or not. The difference between the two concepts is explained in the following table:

Terms of Use
accepted not accepted/unknown
logged in yes frequent case: This will be the standard case for access by logged-in users through the web interface once all users have accepted the ToU. rare case: For a transition period, there will be old user accounts that have not yet accepted the ToU. These would not be given access to "sensitive" material.
no rare case: If, at some point, we offer some kind of API access with an API key where registration of the API key requires accepting the ToU, then even non-logged-in accesses that come with an API key would be given access to "sensitive" material. frequent case: This is the standard case for access through the web interface by a non-logged in user.


API calls and website functions

API

Main article: API_v0.6

Miscellaneous

call controller/method Status Reason for Status "done" change suggested if not governed by ToU
GET /api/capabilities api#capabilities done no metadata
GET /api/0.6/capabilities api#capabilities done no metadata
GET /api/0.6/permissions api#permissions done no metadata
GET /api/0.6/map api#map open

Changesets

call controller/method Status Reason for Status "done" change suggested if not governed by ToU
PUT /api/0.6/changeset/create changeset#create done no metadata, already requires login
POST /api/0.6/changeset/:id/upload changeset#upload done no metadata, already requires login
GET /api/0.6/changeset/:id/download changeset#download open drop XML attributes
GET /api/0.6/changeset/:id changeset#read open disallow call
PUT /api/0.6/changeset/:id changeset#update done no metadata, already requires login
PUT /api/0.6/changeset/:id/close changeset#close done no metadata, already requires login
GET /api/0.6/changesets changeset#query open disallow call

Changeset discussion

call controller/method Status Reason for Status "done" change suggested if not governed by ToU
POST /api/0.6/changeset/:id/comment changeset#comment done no metadata, already requires login
POST /api/0.6/changeset/comment/:id/hide changeset#hide_comment done no metadata, already requires login
POST /api/0.6/changeset/comment/:id/unhide changeset#unhide_comment done no metadata, already requires login
POST /api/0.6/changeset/:id/subscribe changeset#subscribe done no metadata, already requires login
POST /api/0.6/changeset/:id/unsubscribe changeset#unsubscribe done no metadata, already requires login

Elements

call controller/method Status Reason for Status "done" change suggested if not governed by ToU
PUT /api/0.6/node/create node#create done
no metadata, already requires login
GET /api/0.6/node/:id/ways way#ways_for_node open drop XML attributes
GET /api/0.6/node/:id/relations relation#relations_for_node open drop XML attributes
GET /api/0.6/node/:id/history old_node#history open drop XML attributes
POST /api/0.6/node/:id/:version/redact old_node#redact done no metadata, already requires login
GET /api/0.6/node/:id/:version old_node#version open drop XML attributes
GET /api/0.6/node/:id node#read open drop XML attributes
PUT /api/0.6/node/:id node#update done no metadata, already requires login
DELETE /api/0.6/node/:id node#delete done no metadata, already requires login
GET /api/0.6/nodes node#nodes open drop XML attributes
PUT /api/0.6/way/create way#create done no metadata, already requires login
GET /api/0.6/way/:id/history old_way#history open drop XML attributes
GET /api/0.6/way/:id/full way#full open drop XML attributes
GET /api/0.6/way/:id/relations relation#relations_for_way open drop XML attributes
POST /api/0.6/way/:id/:version/redact old_way#redact done no metadata, already requires login
GET /api/0.6/way/:id/:version old_way#version open drop XML attributes
GET /api/0.6/way/:id way#read open drop XML attributes
PUT /api/0.6/way/:id way#update done no metadata, already requires login
DELETE /api/0.6/way/:id way#delete done no metadata, already requires login
GET /api/0.6/ways way#ways open drop XML attributes
PUT /api/0.6/relation/create relation#create done no metadata, already requires login
GET /api/0.6/relation/:id/relations relation#relations_for_relation open drop XML attributes
GET /api/0.6/relation/:id/history old_relation#history open drop XML attributes
GET /api/0.6/relation/:id/full relation#full open drop XML attributes
POST /api/0.6/relation/:id/:version/redact old_relation#redact done no metadata, already requires login
GET /api/0.6/relation/:id/:version old_relation#version open drop XML attributes
GET /api/0.6/relation/:id relation#read open drop XML attributes
PUT /api/0.6/relation/:id relation#update done no metadata, already requires login
DELETE /api/0.6/relation/:id relation#delete done no metadata, already requires login
GET /api/0.6/relations relation#relations open drop XML attributes

Methods for user data

call controller/method Status Reason for Status "done" change suggested if not governed by ToU
GET /api/0.6/user/:id user#api_read open disallow call
GET /api/0.6/users?users=#id1,#id2,...,#idn (tbd) open disallow call
GET /api/0.6/user/details user#api_details done already requires login
GET /api/0.6/user/preferences user_preferences#read done
already requires login
GET /api/0.6/user/preferences/:preference_key user_preferences#read_one done
already requires login
PUT /api/0.6/user/preferences user_preferences#update done
already requires login
PUT /api/0.6/user/preferences/:preference_key user_preferences#update_one done
already requires login
DELETE /api/0.6/user/preferences/:preference_key user_preferences#delete_one done
already requires login

GPS traces

call controller/method Status Reason for Status "done" change suggested if not governed by ToU
GET /api/0.6/trackpoints api#trackpoints done no metadata
GET /api/0.6/user/gpx_files user#api_gpx_files done
already requires login
POST /api/0.6/gpx/create trace#api_create done
already requires login
GET /api/0.6/gpx/:id trace#api_read done
already requires login
PUT /api/0.6/gpx/:id trace#api_update done
already requires login
DELETE /api/0.6/gpx/:id trace#api_delete done
already requires login
GET /api/0.6/gpx/:id/details trace#api_read done
already requires login
GET /api/0.6/gpx/:id/data trace#api_data done
already requires login

Map Notes API

call controller/method Status Reason for Status "done" change suggested if not governed by ToU
GET /api/0.6/notes/search notes#search open disallow call
GET /api/0.6/notes/feed notes#feed open disallow call
POST /api/0.6/notes/:id/comment notes#comment done already requires login
POST /api/0.6/notes/:id/close notes#close done already requires login
POST /api/0.6/notes/:id/reopen notes#reopen done already requires login
GET /api/0.6/notes notes#index open disallow call
POST /api/0.6/notes notes#create open allowed with and without login - does this make sense when you cannot see existing notes?
GET /api/0.6/notes/:id notes#show open disallow call
DELETE /api/0.6/notes/:id notes#destroy done already requires login

Website

call controller/method Status Reason for Status "done" change suggested if not governed by ToU
GET /way/:id browse#way open drop attributes
GET /way/:id/history browse#way_history open drop attributes
GET /node/:id browse#node open drop attributes
GET /node/:id/history browse#node_history open drop attributes
GET /relation/:id browse#relation open drop attributes
GET /relation/:id/history browse#relation_history open drop attributes
GET /changeset/:id browse#changeset open disallow call
GET /changeset/:id/comments/feed changeset#comments_feed open disallow call
GET /note/:id browse#note open disallow call
GET /note/new browse#new_note done allowed with and without login
GET /user/:display_name/history changeset#list open disallow call
GET /user/:display_name/history/feed changeset#feed open disallow call
GET /user/:display_name/notes notes#mine open disallow call
GET /history/friends changeset#list done already requires login
GET /history/nearby changeset#list done already requires login
GET /history changeset#list open disallow call
GET /history/feed changeset#feed open disallow call
GET /history/comments/feed changeset#comments_feed open disallow call

GPS traces

call controller/method Status Reason for Status "done" change suggested if not governed by ToU
GET /user/:display_name/traces/tag/:tag/page/:page trace#list open disallow call
GET /user/:display_name/traces/tag/:tag trace#list open disallow call
GET /user/:display_name/traces/page/:page trace#list open disallow call
GET /user/:display_name/traces trace#list open disallow call
GET /user/:display_name/traces/tag/:tag/rss trace#georss open disallow call
GET /user/:display_name/traces/rss trace#georss open disallow call
GET /user/:display_name/traces/:id trace#view open disallow call
GET /user/:display_name/traces/:id/picture trace#picture open disallow call
GET /user/:display_name/traces/:id/icon trace#icon open disallow call
GET /traces/tag/:tag/page/:page trace#list open disallow call
GET /traces/tag/:tag trace#list open disallow call
GET /traces/page/:page trace#list open disallow call
GET /traces trace#list open disallow call
GET /traces/tag/:tag/rss trace#georss open disallow call
GET /traces/rss trace#georss open disallow call
GET /traces/mine/tag/:tag/page/:page trace#mine done
already requires login
GET /traces/mine/tag/:tag trace#mine done
already requires login
GET /traces/mine/page/:page trace#mine done
already requires login
GET /traces/mine trace#mine done
already requires login
POST /trace/create trace#create done
already requires login
GET /trace/:id/data trace#data open disallow call
POST /trace/:id/edit trace#edit done already requires login
POST /trace/:id/delete trace#delete done already requires login

User diaries (done)

call controller/method Status Reason for Status "done" change suggested if not governed by ToU


POST /diary/new diary_entry#new done already requires login
GET /diary/friends diary_entry#list done allow
GET /diary/nearby diary_entry#list done allow
GET /user/:display_name/diary/rss diary_entry#rss done allow
GET /diary/:language/rss diary_entry#rss done allow
GET /diary/rss diary_entry#rss done allow
GET /user/:display_name/diary/comments/:page diary_entry#comments done allow
GET /user/:display_name/diary/comments diary_entry#comments open
GET /user/:display_name/diary diary_entry#list done allow
GET /diary/:language diary_entry#list done allow
GET /diary diary_entry#list done allow
GET /user/:display_name/diary/:id diary_entry#view done allow
POST /user/:display_name/diary/:id/newcomment diary_entry#comment done already requires login
POST /user/:display_name/diary/:id/edit diary_entry#edit done already requires login
POST /user/:display_name/diary/:id/hide diary_entry#hide done already requires login
POST /user/:display_name/diary/:id/subscribe diary_entry#subscribe done already requires login
POST /user/:display_name/diary/:id/unsubscribe diary_entry#unsubscribe done already requires login

User page (done)

call controller/method Status Reason for Status "done" change suggested if not governed by ToU


GET /user/:display_name user#view done keep accessible (but LWG document seems unclear)
POST /user/:display_name/make_friend user#make_friend done already requires login
POST /user/:display_name/remove_friend user#remove_friend done already requires login
POST /user/:display_name/account user#account done already requires login
GET /user/:display_name/set_status user#set_status done already requires login
GET /user/:display_name/delete user#delete done already requires login
POST /users user#list done already requires login
POST /users/:status user#list done already requires login

Geocoder / Search (done)

call controller/method Status Reason for Status "done" change suggested if not governed by ToU
GET /search geocoder#search done not relevant for GDPR
GET /geocoder/search_latlon geocoder#search_latlon done not relevant for GDPR
GET /geocoder/search_ca_postcode geocoder#search_ca_postcode done not relevant for GDPR
GET /geocoder/search_osm_nominatim geocoder#search_osm_nominatim done not relevant for GDPR
GET /geocoder/search_geonames geocoder#search_geonames done not relevant for GDPR
GET /geocoder/search_osm_nominatim_reverse geocoder#search_osm_nominatim_reverse done not relevant for GDPR
GET /geocoder/search_geonames_reverse geocoder#search_geonames_reverse done not relevant for GDPR

Directions, Export (done)

call controller/method Status Reason for Status "done" change suggested if not governed by ToU


GET /directions directions#search done not relevant for GDPR
POST /export/finish export#finish done
GET /export/embed export#embed done


User messages (done)

call controller/method Status Reason for Status "done" change suggested if not governed by ToU


GET /user/:display_name/inbox message#inbox done already requires login
GET /user/:display_name/outbox message#outbox done already requires login
POST /message/new/:display_name message#new done already requires login
GET /message/read/:message_id message#read done already requires login
POST /message/mark/:message_id message#mark done already requires login
POST /message/reply/:message_id message#reply done already requires login
POST /message/delete/:message_id message#delete done already requires login

OAuth

call controller/method Status Reason for Status "done" change suggested if not governed by ToU


GET /user/:display_name/oauth_clients oauth_clients#index done already requires login
POST /user/:display_name/oauth_clients oauth_clients#create open
GET /user/:display_name/oauth_clients/new oauth_clients#new done already requires login
GET /user/:display_name/oauth_clients/:id/edit oauth_clients#edit open
GET /user/:display_name/oauth_clients/:id oauth_clients#show open
PATCH /user/:display_name/oauth_clients/:id oauth_clients#update open
PUT /user/:display_name/oauth_clients/:id oauth_clients#update open
DELETE /user/:display_name/oauth_clients/:id oauth_clients#destroy open
POST /oauth/revoke oauth#revoke open
POST /oauth/authorize oauth#authorize open
GET /oauth/token oauth#token open
POST /oauth/request_token oauth#request_token open
POST /oauth/access_token oauth#access_token open
GET /oauth/test_request oauth#test_request open
POST /user/:display_name/role/:role/grant user_roles#grant done already requires login
POST /user/:display_name/role/:role/revoke user_roles#revoke done already requires login


User blocks

call controller/method Status Reason for Status "done" change suggested if not governed by ToU


GET /user/:display_name/blocks user_blocks#blocks_on open disallow call
GET /user/:display_name/blocks_by user_blocks#blocks_by open disallow call
GET /blocks/new/:display_name user_blocks#new done already requires login
GET /user_blocks user_blocks#index open disallow call
POST /user_blocks user_blocks#create done already requires login
GET /user_blocks/new user_blocks#new done already requires login
GET /user_blocks/:id/edit user_blocks#edit done already requires login
GET /user_blocks/:id user_blocks#show open disallow call
PATCH /user_blocks/:id user_blocks#update done already requires login
PUT /user_blocks/:id user_blocks#update done already requires login
DELETE /user_blocks/:id user_blocks#destroy done already requires login
POST /blocks/:id/revoke user_blocks#revoke done already requires login


Redactions (done)

call controller/method Status Reason for Status "done" change suggested if not governed by ToU


GET /redactions redactions#index done public
POST /redactions redactions#create done already requires login
GET /redactions/new redactions#new done already requires login
GET /redactions/:id/edit redactions#edit done already requires login
GET /redactions/:id redactions#show done public
PATCH /redactions/:id redactions#update done already requires login
PUT /redactions/:id redactions#update done already requires login
DELETE /redactions/:id redactions#destroy done already requires login

CGImap

Some API calls are also executed through CGImap and need to be restricted there as well.

Github issue: https://github.com/zerebubuth/openstreetmap-cgimap/issues/144

GET /api/0.6/map
GET /api/0.6/node/:id
GET /api/0.6/way/:id
GET /api/0.6/relation/:id
GET /api/0.6/changeset/:id
GET /api/0.6/node/:id/history
GET /api/0.6/way/:id/history
GET /api/0.6/relation/:id/history
GET /api/0.6/way/:id/full
GET /api/0.6/relation/:id/full
GET /api/0.6/nodes
GET /api/0.6/ways
GET /api/0.6/relations
GET /api/0.6/changeset/:id/download

(Source: chef rewrite rules)

Additional calls to be checked (already implemented on CGImap)

GET /api/0.6/node/:id/:version 
GET /api/0.6/way/:id/:version 
GET /api/0.6/relation/:id/:version 



GPS Tiles

GPS TIle updater (https://github.com/ericfischer/gpx-updater) does not support deletion of GPS tracks. GDPR implications to be investigated.

OpenGraph

Investigate impact of GDPR on OpenGraph: https://github.com/openstreetmap/openstreetmap-website/issues/2007

planet.osm.org

Moved to GDPR/Planet.osm Migration

Deleted Users (done)

Moved to GDPR/Support for Downstream Controllers

Editors / Libraries

Moved to GDPR/Clients_and_Libraries