Is the license of alltheplaces suitable?

I found such a changeset when I roughly browsing modifications in Taiwan. The changeset content is not very large, but there is a long discussion ()about which kind of branch list is suitable for OSM editing:

The original text is written in Chinese, but I think it can be browsed well in translation software (such as google translate?)

At the same time, in daily editing life, I noticed that there is such a project called alltheplaces. I would like to know whether it will encounter the license problem mentioned in the above changeset when it obtains the list of branches?

Here is original thread content written in Chinese, for those mapper who can read, hope this can make your reading more convenient

我在关注台湾的编辑时发现了这样一个changeset，内容并不算非常多，但有一段很长的讨论：

Changeset: 98825499 | OpenStreetMap

原文是用中文写的，但我想在翻译软件（比如google翻译）中可以很好的浏览它

---

与此同时，在日常的编辑过程中我了解到有这样一个名为alltheplaces的项目，我很想知道它在获取分店清单的时候，是否会遇到在上述changeset中提及的许可问题？

As far as I know - no, it is not suitable. Or at least, I see no reason why it would be suitable.

See also Clarify license · Issue #5133 · alltheplaces/alltheplaces · GitHub

EDIT: Note that further information appeared that resulted in change of my opinion. I am quite happy that I remembered to add “As far as I know” disclaimer when I wrote it.

To answer the question: yes, the license of alltheplaces is absolutely compatible with OpenStreetMap. The data is released as CC-0, and that is compatible with OSM.

@Mateusz_Konieczny says no because he doesn’t agree that alltheplaces can release the data with that license. Obviously I (as maintainer of alltheplaces) disagree, otherwise I wouldn’t have selected CC-0 as the license.

Itʼs the old disagreement between scraping public information, which is legal in the US, and database rights in the EU.

The European perspective is that the Alltheplaces project canʼt license the scraped data, as they don’t own the intellectual rights in the data – the source website owners do.

I would like to bring forth the argument that we should think about what consequences an import of this data could have for OSM. Can an EU user of OSM data rely on our license and be sure that they don’t violate any hidden third partyʼs rights?

Also we want others to follow our ODbL license including share-alike. It would undermine our credibility if we appear to ignore other peopleʼs rights. What would you say if someone wrote a scraper to pull data off osm.org and then “licensed” it as CC-0?

It’s certainly a challenge for a global project like OSM to deal with varying intellectual property (IP) laws in different countries. It seems to me that respecting the laws in ones own county is the best we can do. Otherwise we’d have to limit the whole project to operate under the most restrictive country’s laws. I imagine there are some countries with more restrictive IP laws than those found in Europe.

I’ve written my understanding in that github thread. Also, database rights are often misunderstood - for example, in my understanding, they do not pertain to any collection of data, but only a subset of it. E.g. from DIRECTIVE 96/9/EC:

Article 3
Object of protection

1. In accordance with this Directive, databases which, by reason of the selection or arrangement of their contents, constitute the author’s own intellectual creation shall be protected as such by copyright. No other criteria shall be applied to determine their eligibility for that protection.

You publish a list of your shops. There is no really “reason of the selection or arrangement of their contents” (nor is it likely “author’s own intellectual creation”), so that does not seem to apply.

Article 7

1. Member States shall provide for a right for the maker of a database which shows that there has been qualitatively and/or quantitatively a substantial investment in either the obtaining, verification or presentation of the contents to prevent extraction and/or re-utilization of the whole or of a substantial part, evaluated qualitatively and/or quantitatively, of the contents of that database.

Willfully publicly publishing a list of your shops IMHO does not constitute “substantial investment in either the obtaining, verification or presentation of the contents to prevent extraction and/or re-utilization”, to the contrary (now if such data was hidden behind paywall or similar it would be different).

Article 6
Exceptions to restricted acts

1. The performance by the lawful user of a database or of a copy thereof of any of the acts listed in Article 5 which is necessary for the purposes of access to the contents of the databases and normal use of the contents by the lawful user shall not require the authorization of the author of the database. […]

seems to imply to me that such content made available publicly by their creator for the explicit purpose of people finding their shops should thus not require the authorization for “normal use of the content” (e.g. openly publishing the database of opening hours of your shops on the web should not prevent you from looking up location or opening_hours of those shops in say OsmAnd using OSM database so you can go there buy stuff).

Article 8
Rights and obligations of lawful users
2. A lawful user of a database which is made available to the public in whatever manner may not perform acts which conflict with normal exploitation of the database or unreasonably prejudice the legitimate interests of the maker of the database.

also seems to confirm that - looking up location of the shop is IMHO quite “normal exploitation of the database (of locations of the shops)”

42. Whereas the special right to prevent unauthorized extraction and/or re-utilization relates to acts by the user which go beyond his legitimate rights and thereby harm the investment; whereas the right to prohibit extraction and/or re-utilization of all or a substantial part of the contents relates not only to the manufacture of a parasitical competing product but also to any user who, through his acts, causes significant detriment, evaluated qualitatively or quantitatively, to the investment;

The OSM in my view is not “competing product” to shop publishing the list of their locations publicly on their website, nor it would “cause significant detriment to the investment” (to the contrary, it might only bring more business); thus it should not be applicable.

But IANAL, and I have only briefly looked at alltheplaces readme, not deeply investigating what they do or exactly how.

That I agree for any mass import. For individual use, that is likely not a problem from copyright/database rights point, because:

Article 8
Rights and obligations of lawful users

1. The maker of a database which is made available to the public in whatever manner may not prevent a lawful user of the database from extracting and/or re-utilizing insubstantial parts of its contents, evaluated qualitatively and/or quantitatively, for any purposes whatsoever […]

I personally would say “yay!” but that is probably not what you wanted to hear - but it you read that github ticket, you’ll see that is quite legally possible (CC0 only waves away your own rights; it specifically disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work). IOW, CC0 does not mean what most people probably think it means.

I’d be happy if OSM data was public domain (CC-0) and we just used social pressure to encourage attribution. It’s all we seem to really have anyway as the ODbL hasn’t proven very enforceable.

If there are multiple perspectives, I would obviously favor the one that discursive the data can be seen as open.

It is entirely possible that my suspicion may be wrong here.

But remember about Import/Guidelines - OpenStreetMap Wiki and that such import would need to be reviewed on imports mailing list.

Oh, and in case that it turns out that such data clearly can be used: I would definitely spend some time on getting it into OSM.

Contributors agree to only upload data compatible with the ODbL (1.(a) of CTs), and they do so under English law (8. of CTs). What the OSMF distributes would be bound by English, Dutch, and Irish law, because that’s where the OSMF is located and distributes its data from.

It’s easy to say that users should respect the laws of their own country (or of the country they’re mapping), but that would exclude parts of the world where people need permission from the government to make a map. This includes some EU countries where there are still laws on the book requiring a license.

Users who commit activities that are illegal where they are located are doing so at their own risk, and because I don’t live under a government like that, I’m not qualified to evaluate it.

which ones have this? Or is it applying to some subset of data like military installations/strategic pipelines etc?

I can’t find references on which country. It was on the act of collecting data for maps, not on publishing maps.

It might have been Sweden. My recollection was a local group got a license that covered all OSM mappers, since it was a law no one cared about.

A city in Germany, in response to Google Street View, outlawed the types of activity done when mapping, prohibiting them from being done while on city streets.

This might not be enforceable.

@Matija_Nalis, the Database Directive has two types of protection which can apply independently of each other: copyright in Articles 3–6 and the sui generis right in Article 7ff.

I agree. Article 3 is similar to software copyright. It protects the intellectual work that went into the design of a database. Think about a large relational database with lots of tables and columns that refer to each other. It doesn’t apply here.

The important part where I disagree with your conclusion is that there needs to be substantial investment in either obtaining, verification or the presentation. It’s enough if it was a lot of work to collect the data. There’s no need to protect it behind some access control or paywall.

There is certainly some soft threshold after which a trivial list of shops with opening hours becomes a database. E.g. the big supermarket chains with hundreds or even thousands of stores must put a lot of manpower into making sure that the data is always up-to-date and correct.

Yes. It’s similar to map copyright. Single facts are not copyrightable. I can look at a shop listing, check which ones are missing in OSM, then go there and map the place myself.

Looking up single shop info certainly falls under “lawful use of a database”.

Just looking at the data is “normal exploitation” in my opinion. “Repeated and systematic extraction” sounds exactly like scraping to me, though. And taking the publisher’s data, publishing it in an own POI database (ATP) or as part of a larger geo database (OSM), under an open license, and then having it commercially exploited by all kinds of downstream data users – that sounds like it would “unreasonably prejudice the legitimate interests of the maker of the database”. Such interest might simply be to stay in control of their own data.

Please don’t get me wrong: If we come to the conclusion that it’s no problem to use this data, that would make me happy! Or let’s say a weakened version that it’s fine for non-EU users using the data of non-EU companies? Great!

I just would like OSM to stay out of legal grey areas and offer data to its users that is 100 % free of potential legal trouble. The best way to ensure that is to rely on self-collected data and imports with explicit, documented permission.

The case law is a bit murky here below the ECJ level of decisions, but “a lot of work” has not been equated by the ECJ with a substantial investment. It is actually the other way around, in that databases that are created as a side effect of a businesses normal operation have not been afforded sui generis database protection by the court*. It should be noted that it is completely open if a non-financial investment would be considered equivalent to a financial one.

It was one of the points I noted that would be good to clarify when I participated in a meeting with the EU leading up to the Data Act, at which point in time there were (unfounded) rumours that there would be changes to the corresponding legislation.

* the canonical solution to the slight dilemma that this causes for OSM is to ask the data owner for permission.

At least this is something I think the project could more easily get behind. Many of the mappers most eager to use AllThePlaces systematically are based in the U.S., and many of the scrapers in ATP are for chain stores based in the U.S. without a significant presence in the E.U. I’d imagine it would be difficult for a non-E.U. entity to have standing for a claim of database rights in the E.U.

From a U.S. perspective, the information that ATP scrapes isn’t protected by copyright law, since the compilation isn’t curated creatively and ATP ignores its presentation and layout. Furthermore, ATP’s scraping is legally protected under a 2022 federal court ruling, which found that scraping a public site does not violate laws against hacking or trespassing. It also builds on earlier case law that browse-wrap agreements (“by using this site, you agree”) are unenforceable.

At least some of the scraped data pertains to UK addresses.

In the absence of other evidence one does not know if the site made use of the Postcode Address File (the main definitive source of postal addresses in the UK) which certainly has some form of protection. One of the reasons why the OpenAddresses project did not proceed from its initial scoping phase was the risk of being sued by the owners of PAF meant that they were unable to obtain professional indemnity insurance.

A simple way for someone to invalidate any data on a website would be simply validate it against PAF, because then the data becomes tainted with some of the rights asserted by PAF’s owners. This argument led to the Land Registry Prices Paid data (some 42% of addresses in England and Wales) becoming useless for OSM (although I remain sceptical that the data had been ‘improved’ by PAF validation). Later on the open licence for this data was rescinded so that it can only be used for real estate purposes.

I think what this illustrates is that it is not possible to consider such data without reflection on the local legal position, not just that of the US. Whilst OSMF is domiciled in England and Wales it is wise to be cautious about this data. A clean set of UK addresses on OSM would reduce the value of PAF in the same way that OSM reduced the value of some Ordnance Survey data. Whilst not important in the US this has always been a good reason for mapping in the UK (and, probably, elsewhere). Some fuzziness about how clean OSM data are will not help eliminate this kind of monopoly.

A further point to note that in general it is naturally possible to ignore certain local regulations* if the actor in question is domiciled offshore. However a consequence of that is that the product will often not be usable in that legislation (not usable as in you cannot offer it and products based on it for sale, use etc.).

In some cases we accept that consequence as the alternative would be too dire, for example we don’t have the expectation that OSM based products are legal in China, but that is acceptable as there is no way we can conform to the relevant legislation, and simply leaving China empty isn’t a real option.

However when we expect that violating a regulation or law would make OSM unusable in our large markets (that is both from a contributing and use angle), then that should be avoided, particularly when it is just a matter of convenience. Just consider Mapbox, OsmAnd and many others not being able to use OSM data in the EU because somebody in the US decided to dump sui generis protected data in to OSM, because they can.

* BTW classical copyright and many other IP related rules doesn’t belong in this category as near universal.

there is no way we can conform to the relevant legislation, and simply leaving China empty isn’t acceptable

why isn’t it acceptable to leave China empty? Isn’t it the only variant that doesn’t result in local people (in China) breaking the law? We are encouraging people to respect local legislation anywhere but in China, what’s so special with China?

You just need to read what I wrote.