GDPR/Support for Downstream Controllers

From OpenStreetMap Wiki
Jump to navigation Jump to search

Downstream data controllers - sites that do something with the personal information in OSM - will need support in order to make it possible for them to comply with GDPR:

  • include controllers who ask for it in some general declaration on the OSMF platform, helping them fulfil their responsibility to inform data subjects;
  • publish information about redacted data, so that data removed by us can also be removed downstream
  • publish information about deleted users (perhaps also: renamed users?) so that deleted users aren't kept alive downstream

Deleted Users (done)

A new API endpoint or regular "dump"-style file will be required to inform downstream data processors of deleted users, so they can execute the deletion on their side as well.