I am a professional data protection expert and a passionate long-term contributor to OSM.

For this talk, I want to combine both worlds and discuss:

• 0) How OSM already today is beneficial for the privacy of OSM consumers?
• 1) Which personal data is in the OSM public database (spoiler: behavioural
  data of contributors)?
• 3) Which potential privacy risks stem from the data for OSM contributors?
• 4) What are the GDPR compliance issues?
• 5) What is the outlook? I open the discussion (Q&A) with some ideas to mitigate privacy risks. They involve likely changes to the current data governance, OSM database structure and OSM data itself.

Problems that are already evident that I plan to mention:
1. transparency on the processing of personal data of contributors
2. tracking of contributors, e.g. via
- https://resultmaps.neis-one.org/oooc
- https://overpass-turbo.eu/ with search "user:username"
- https://hdyc.neis-one.org/?username
3. sharing of OSM data with third parties, see https://wiki.osmfoundation.org/wiki/Registered_data_controllers

For the purpose of the discussion, I want to introduce the audience to a few core data protection concepts:
- purpose limitation
- data minimisation
- definition of personal data in the GDPR
- concept of anonymous and pseudonymous data