GDPR/Support for Downstream Controllers

From OpenStreetMap Wiki
Jump to navigation Jump to search

Downstream data controllers - sites that do something with the personal information in OSM - will need support in order to make it possible for them to comply with GDPR:

  • include controllers who ask for it in some general declaration on the OSMF platform, helping them fulfil their responsibility to inform data subjects;
  • publish information about redacted data, so that data removed by us can also be removed downstream
  • publish information about deleted users (perhaps also: renamed users?) so that deleted users aren't kept alive downstream

Deleted Users (done)

A new API endpoint or regular "dump"-style file will be required to inform downstream data processors of deleted users, so they can execute the deletion on their side as well.

Link: https://planet.openstreetmap.org/users_deleted/

Retrieved from "https://wiki.openstreetmap.org/w/index.php?title=GDPR/Support_for_Downstream_Controllers&oldid=1659517"