We’re building an AR SDK, that runs on a worldwide AR cloud.
Our user data is protected by an Self Sovereign Identity system, and we are looking for a map system that also does not sell data to data brokers.
As even in anonymous form, it is pretty simple for a data broker to re-connect that anonymous data after they have bought it.
So my question is:
How does OpenStreetMap work on the data side?
If we implement it, and our users use it, what happens with the data they generate?
if your users “use” data (e.g. maps, geocoding, routing information, etc.), you’ll have to look at the way the service provider that you will use in your application/sdk handles user data. OpenStreetMap is not a service provider but rather provides raw data. While some service providers collect telemetry data (e.g. Mapbox), others don’t. Some providers are based in Europe and fall under the GDPR, others don’t. Some offer you a DPA, others don’t (or offer you one that is rather useless for European laws if the provider is from outside the EU). Some run their own CDN for privacy concerns, others rely on CDN services by (often) US providers.
So you best options are either to build it yourself (then you would be solely responsible how user data is handled) or find the right service provider, that offers the right privacy policies and DPAs to handle the service of providing maps or geocoding etc. for your SDK/platform.