Licensing Working Group/Minutes/2019-09-12

From OpenStreetMap Foundation

OpenStreetMap Foundation, Licensing Working Group - Agenda & Minutes
Thursday September 12th 2019, 20:00 - 21:00 UTC



  • Nuno Caldeira
  • Simon Poole
  • Kathleen Lu



  • Michael Cheng

Minutes by: Dorothea


Adoption of past Minutes

Previous Action Items

  • 2017-03-02 Simon to determine existing obligations towards sources listed on the copyright page.
  • 2017-05-04 All/Simon to review import guidelines wrt licence “approval”.
  • 2017-09-05 Simon to ask Lawdit for quotes for registering for the additional class suggested.
  • 2018-03-08 All to look at the Working Groups collecting personal information.
  • 2018-04-12 LWG to follow-up on the iD editor, as the number of changesets is now included on the changeset comments thread.
  • 2018-04-12 Simon to contact The LWG will allow use of domain name on the condition that if there's local group in the future, they will have to concede control to them and get agreement in writing, so that if domain expires it doesn't get squatted on.
  • 2018-05-10 Jim to sign the LWG NDA.
  • 2018-10-11 Simon to ask the board to contact the Working Groups about the NDA and ask people to sign up.
  • 2018-11-08 Simon to ask William to provide information about the Canadian OGL variants he is interested in, in a systematic format.
  • 2019-01-10 Simon to draft text to developers of apps related to geo/mapping, having OSM in their names or using variations of our logo.
  • 2019-02-14 Simon to summarise the advice regarding information requests from law enforcement and send it around.
  • 2019-04-11 Simon to add LWG past guidance which has not gone into the attribution page.
  • 2019-06-13 LWG members to look at mobile app attribution of other map providers.
  • 2019-07-11 Kathleen to draft one-line attribution statement for the Tile Licence and get feedback from the LWG.
  • 2019-07-11 Jim and Lucas to provide feedback on the Attribution Guidance.
  • 2019-08-08 Simon to talk to Christine about having a Birds of a Feather session at State of the Map.
  • 2019-08-08 Simon to seek legal advice on potential GDPR/privacy issues with a no-deal Brexit.
  • 2019-08-08 Simon to answer to the France transit data question that it is ok with us and that they are technical solutions that could avoid the issue to start with.
  • 2019-09-12 Simon to get advice during next month on Brexit.
  • 2019-09-12 Simon to update the date on the Attribution Guidance draft.
  • 2019-09-12 Kathleen to talk to iD developers and see what they can implement as an iD internal based solution.



Action item: Simon to get advice during the next month.

Thanks to Lucas

Lucas Lasota has stepped down from the LWG and was thanked for his participation.

Attribution Guidance

Snapshot of draft on 2019-10-07

Birds of Feather session at SotM 2019, other feedback.

Multiple source attribution

  • Will get more feedback at SotM.
  • Facebook to provide feedback as well.
  • Relayed external feedback that in the current language there's a part that's not clear and does not reflect what we intended.
  • Discussion on suggestions tweaking the text.
  • Agreement on the need to have a practical solution on multiple data sources and not settling for less.

Suggestion: Process SotM-US feedback post-SotM in Heidelberg.

Action item: Simon to update the date of the draft.

Provide explicit Machine Learning related guidance

Preliminary discussion if a separate document is needed given the increasing number of questions on the topic.

Points mentioned during discussion:

  • Need to explain that there are limits, even if assuming normal classical creative copyright - which doesn't apply in this case.
  • We can't expect to control derivatives of indirect derivatives. It gets to a point where we have to say we have no rights in the work which is produced out of it - except if it's used in devious way to essentially copy OSM indirectly.

iD leakage of data to Facebook

Background by S.P: The 2.15 version of iD retrieves brand images from Facebook leaking at least the image in question, IP address and other browser related information to Facebook. This was implemented without discussion with or information of the LWG and is at odds with the statements made by the OSMF in the privacy policy and would likely require explicit consent from the user to be GDPR compliant.

The board has been informed of the situation, but has not provided any feedback to date.

Note: while in general both the editors (outside of the above mentioned case) and the website itself only use self-hosted assets, we do have the pre-GDPR legacy issue of Gravatars for those users that have them enabled being retrieved from Automattic (the operators of Wordpress and Gravatar) leaking the IP address etc. of users viewing references to the Gravatar enabled users to Automattic.

Other points mentioned during discussion

  • Historically all assets -with the exception of imagery- are hosted on Departing from that is quite a significant departure.
  • Earlier assumption that iD developers would be scraping the logos from wikidata and storing them locally.
  • Vespucci: Simon has implemented a warning the first time you look at background imagery.

Suggestion: have a separate consent based procedure for iD, display a warning and possibly check a tickbox.

Action item: Kathleen to talk to iD developers and see what they can implement as an iD internal based solution.