Let's say that I run a web-based mapping service which performs various analyses of OSM data on behalf of its clients. As part of this service, I allow users to extend and edit the OSM data, but my tool limits the visibility and use of these edits to just the user or user's organization (assuming user is operating on behalf of a business entity in a work-for-hire arrangement). Further, there is an explicit agreement between my business and the user that the copyright of user-produced edits belongs to the user/user's business. I'd agree that my tool should properly attribute OSM to the user. However, as a host to the user's data and as the host/developer of the tool which the user is utilizing to perform their edits, am I considered to be distributing a produced work to the user? That is, am I forced to redistribute their edits upon request? Does the situation change at all if I have an explicit agreement which states that I'm operating as the user's agent with respect to modification/storage of this data?data? Editing to include some background and my own thoughts on the matter: I ask this question not to identify a loophole in the open data license, but to verify that open data should be (and per the answers below, is) compatible with privacy, even in the face of a derivative work. Specific examples of this might be certain human-optimized routes which might provide a competitive edge, or perhaps street data about private/secure locations which was produced as an extension of existing ODbL-license data. I think to be a good member of the community, such services have a responsibility to educate their users on ODbL data, and how that pertains to sharing of produced works. Vendors should provide tools which support distribution should the user choose to open their private data. This should allow users to very easily retrieve an OSM file or similar, which contains all, or a subset, of their private data. It could also allow users to mark data as "no longer private" so that the SaaS/PaaS vendor may service third party requests to the data.

Let's say that I run a web-based mapping service which performs various analyses of OSM data on behalf of its clients. As part of this service, I allow users to extend and edit the OSM data, but my tool limits the visibility and use of these edits to just the user or user's organization (assuming user is operating on behalf of a business entity in a work-for-hire arrangement). Further, there is an explicit agreement between my business and the user that the copyright of user-produced edits belongs to the user/user's business. I'd agree that my tool should properly attribute OSM to the user. However, as a host to the user's data and as the host/developer of the tool which the user is utilizing to perform their edits, am I considered to be distributing a produced work to the user? That is, am I forced to redistribute their edits upon request? Does the situation change at all if I have an explicit agreement which states that I'm operating as the user's agent with respect to modification/storage of this data?

Let's say that I run a web-based mapping service which performs various analyses of OSM data on behalf of its clients. As part of this service, I allow users to extend and edit the OSM data, but my tool limits the visibility and use of these edits to just the user or user's organization (assuming user is operating on behalf of a business entity in a work-for-hire arrangement). Further, there is an explicit agreement between my business and the user that the copyright of user-produced edits belongs to the user/user's business. I'd agree that my tool should properly attribute OSM to the user. However, as a host to the user's data and as the host/developer of the tool which the user is utilizing to perform their edits, am I considered to be distributing a produced work to the user? That is, am I forced to redistribute their edits upon request? Does the situation change at all if I have an explicit agreement which states that I'm operating as the user's agent with respect to modification/storage of this data?