My favourites

Chapter IV – Data altruism (Art. 16-25)

Art. 16 DGA - National arrangements for data altruism arrow_right_alt

Art. 17 DGA - Public registers of recognised data altruism organisations arrow_right_alt

Art. 18 DGA - General requirements for registration arrow_right_alt

Art. 19 DGA - Registration of recognised data altruism organisations arrow_right_alt

Art. 20 DGA - Transparency requirements arrow_right_alt

Art. 21 DGA - Specific requirements to safeguard rights and interests of data subjects and data holders with regard to their data arrow_right_alt

Art. 22 DGA - Rulebook arrow_right_alt

  1. The Commission shall adopt delegated acts in accordance with Article 32, supplementing this Regulation by establishing a rulebook laying down:
    1. appropriate information requirements to ensure that data subjects and data holders are provided, before a consent or permission for data altruism is given, with sufficiently detailed, clear and transparent information regarding the use of data, the tools for giving and withdrawing consent or permission, and the measures taken to avoid misuse of the data shared with the data altruism organisation;
    2. appropriate technical and security requirements to ensure the appropriate level of security for the storage and processing of data, as well as for the tools for giving and withdrawing consent or permission;
    3. communication roadmaps taking a multi-disciplinary approach to raise awareness of data altruism, of the designation as a ‘data altruism organisation recognised in the Union’ and of the rulebook among relevant stakeholders, in particular data holders and data subjects that would potentially share their data;
    4. recommendations on relevant interoperability standards.
  2. The rulebook referred to in paragraph 1 shall be prepared in close cooperation with data altruism organisations and relevant stakeholders.
Close tabsclose
  • 46
  • 58

Recital 46

The registration of recognised data altruism organisations and use of the label ‘data altruism organisation recognised in the Union’ is expected to lead to the establishment of data repositories. Registration in a Member State would be valid across the Union and is expected to facilitate cross-border data use within the Union and the emergence of data pools covering several Member States. Data holders could give permission to the processing of their non-personal data for a range of purposes not established at the moment of giving the permission. The compliance of such recognised data altruism organisations with a set of requirements as laid down in this Regulation should bring trust that the data made available for altruistic purposes is serving an objective of general interest. Such trust should result in particular from having a place of establishment or a legal representative within the Union, as well as from the requirement that recognised data altruism organisations are not-for-profit organisations, from transparency requirements and from specific safeguards in place to protect rights and interests of data subjects and undertakings.

Further safeguards should include making it possible to process relevant data within a secure processing environment operated by the recognised data altruism organisations, oversight mechanisms such as ethics councils or boards, including representatives from civil society to ensure that the data controller maintains high standards of scientific ethics and protection of fundamental rights, effective and clearly communicated technical means to withdraw or modify consent at any moment, on the basis of the information obligations of data processors under Regulation (EU) 2016/679, as well as means for data subjects to stay informed about the use of data they made available. Registration as a recognised data altruism organisation should not be a precondition for exercising data altruism activities. The Commission should, by means of delegated acts, prepare a rulebook in close cooperation with data altruism organisations and relevant stakeholders. Compliance with that rulebook should be a requirement for registration as a recognised data altruism organisation.

Recital 58

In order to ensure the effectiveness of this Regulation, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission for the purpose of supplementing this Regulation by laying down special conditions applicable to transfers to third countries of certain non-personal data categories deemed to be highly sensitive in specific Union legislative acts and by establishing a rulebook for recognised data altruism organisations, with which those organisations are to comply, that provides for information, technical and security requirements as well as communication roadmaps and interoperability standards. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making (1). In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

(1) OJ L 123, 12.5.2016, p. 1.

Art. 23 DGA - Competent authorities for the registration of data altruism organisations arrow_right_alt

Art. 24 DGA - Monitoring of compliance arrow_right_alt

Art. 25 DGA - European data altruism consent form arrow_right_alt