I find GeoFabrik’s history files very useful. When accessing them (example), I am shown this message:
The OpenStreetMap data files provided on this server contain personal data of the OpenStreetMap contributors. Therefore, their usage is governed by data protection regulations in the European Union. These regulations apply even to data processing that happens outside the European Union because some people whose data is contained in this files live in the European Union. The personal information contained in these files must only be used for OpenStreetMap internal purposes, e.g. quality assurance. You must ensure that derived databases and works based on these files are only accessible to OpenStreetMap contributors if they contain personal information.
Example scenario: I want make a map showing which users contributed to which power lines. If I use Geofabrik’s history data, I have to make sure only OSM contributors can see this map. This is how I understand that warning, which might be wrong.
Reasons for doubting this interpretation:
Using Overpass Turbo, I can access map elements touched by a particular user. Example.
On osm.org, I can look up any changeset, with the username visible on the changeset, even when I’m not logged in. Example.
Open Energy Transition’s KPI Tracker tools website also enables me to view summaries of how particular users contributed.
I am wondering what I am missing. What’s in Geofabrik’s history files which make them sensitive, data which is not publicly accessible by the other sites I listed?
Geofabrik here. You are right - you can download this data from other sources without any restrictions, including Overpass but also the OSM API or the history planet file published by the OSMF.
Jarek ist also right - we think that data protection is a worthy goal. In distributing OSM data with user-identifying information, we think that an individual’s right to privacy and OSM’s right to do quality control and vandalism detection should be balanced. This cannot be (and isn’t legally) a case of “you chose to contribute to OSM, tough luck”. OSM user account is not necessarily personal data but it could well be; many people use names and/or edit OSM in a way that makes them identifiable. Therefore we have chosen to only give the data to people with an OSM account and who have therefore agreed to OSM’s terms. We are trusting that OSM’s terms regarding the use of this data will strike a sensible balance.
Geofabrik is not attempting to add any license or redistribution terms to the data. When you download data from Geofabrik it is under ODbL and you can do with it what you want, at your own responsibility - including re-distributing it to third parties outside of the OSM community.
You are free to take this data and make a web site that details which user has worked on which power lines. But ask yourself - is there any value added for people outside of OSM to consume this information? Is it not sufficient to show this web site to OSM contributors? Pascal Neis with his “how did you contribute” page has chosen that path - the page reveals nothing that cannot be gained from publicly available information but seeing it compiled on one page is a lot. Does the whole world have to be presented with a nicely laid out page that says at what times of day and what weekdays a mapper is usually active, when they are on holiday, and where they (likely) live…?
There’s not a shred of doubt that that the APIs, the related web pages, and the data distribution in its current form are not compliant. There might be some discussion about certain aspects that we at the time did not suggest to restrict and which were planed to be left open, but that’s it.
- a post was clearly using understatement as a way to get a point across politely 