GDPR

The General Data Protection Regulation (2016/679), abbreviated GDPR, is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law. It also governs the transfer of personal data outside the EU and EEA. It entered into force on 25 May 2018, affecting how OpenStreetMap operates and distributes its data.

The OSMF Licensing Working Group has prepared a position paper that has been reviewed by data protection experts and in general the approach to not rely on explicit consent has been validated. It should be noted that while the paper outlines our approach, some of the details still need to be determined. In particular the future relationship with community and third party data consumers that utilize OSM meta-data and what will actually be dropped/made less accessible of the data listed in Appendix B.

• LWG GDPR Position Paper
• Updates related to changes to support GDPR requirements have been covered in the monthly OSMF board meetings.
• GDPR Primer - what is it, how organizations are preparing

Pages on this wiki that deal with GDPR related changes:

• planet.openstreetmap.org migration
• affected API services
• support for downstream data controllers

Related material

• OSMF blog post
• OSMF RfQ
• SOTM 2021 talk by Robert Riemann
• SOTM 2024 talk by Andrew Hain