GDPR/Support for Downstream Controllers
< GDPRJump to navigation Jump to search
Downstream data controllers - sites that do something with the personal information in OSM - will need support in order to make it possible for them to comply with GDPR:
- include controllers who ask for it in some general declaration on the OSMF platform, helping them fulfil their responsibility to inform data subjects;
- publish information about redacted data, so that data removed by us can also be removed downstream
- publish information about deleted users (perhaps also: renamed users?) so that deleted users aren't kept alive downstream
Deleted Users (done)
A new API endpoint or regular "dump"-style file will be required to inform downstream data processors of deleted users, so they can execute the deletion on their side as well.