GDPR related API changes

[Don-vip]

Seen on ​dev mailing list:

The LWG has made some recommendations about what we need to change on the web site and API to comply with future European data protection rules. On the whole this boils down to "logged-in users get the same stuff they get today, but guests who are not logged in will not see details about users".

The detailed LWG recommendations are ​here.

List of what Frederik believes needs to be changed on the API and web site, ​here.

For JOSM it means we have to check the various anonymous API calls don't provoke any crash when data is missing. I doubt it :)

GDPR enters into force on 25th May. So we must release 18.05 before that.

The API is not going to change before GDPR enters in to force, as per Frederik's ​e-mail:

the general feeling is that it's going to be something like a 6 month project for the whole package, with some measures certainly being taken early on to demonstrate our will to comply. Regarding the API changes specifically, once we're clear about the scope we'll need to determine how much work it is to make the changes, and then find someone to make them... it's certainly on a scale of months not weeks.