My favourites

Chapter IV – Data altruism (Art. 16-25)

Art. 16 DGA - National arrangements for data altruism arrow_right_alt

Art. 17 DGA - Public registers of recognised data altruism organisations arrow_right_alt

Art. 18 DGA - General requirements for registration arrow_right_alt

Art. 19 DGA - Registration of recognised data altruism organisations arrow_right_alt

Art. 20 DGA - Transparency requirements arrow_right_alt

Art. 21 DGA - Specific requirements to safeguard rights and interests of data subjects and data holders with regard to their data arrow_right_alt

Art. 22 DGA - Rulebook arrow_right_alt

Art. 23 DGA - Competent authorities for the registration of data altruism organisations arrow_right_alt

  1. Each Member State shall designate one or more competent authorities responsible for its public national register of recognised data altruism organisations.

The competent authorities for the registration of data altruism organisations shall comply with the requirements set out in Article 26.

  1. Each Member State shall notify the Commission of the identity of their competent authorities for the registration of data altruism organisations by 24 September 2023. Each Member State shall also notify the Commission of any subsequent change to the identity of those competent authorities.
  2. The competent authority for the registration of data altruism organisations of a Member State shall undertake its tasks in cooperation with the relevant data protection authority, where such tasks are related to processing of personal data, and with relevant sectoral authorities of that Member State.
Related
Close tabsclose
  • 46
  • 51

Recital 46

The registration of recognised data altruism organisations and use of the label ‘data altruism organisation recognised in the Union’ is expected to lead to the establishment of data repositories. Registration in a Member State would be valid across the Union and is expected to facilitate cross-border data use within the Union and the emergence of data pools covering several Member States. Data holders could give permission to the processing of their non-personal data for a range of purposes not established at the moment of giving the permission. The compliance of such recognised data altruism organisations with a set of requirements as laid down in this Regulation should bring trust that the data made available for altruistic purposes is serving an objective of general interest. Such trust should result in particular from having a place of establishment or a legal representative within the Union, as well as from the requirement that recognised data altruism organisations are not-for-profit organisations, from transparency requirements and from specific safeguards in place to protect rights and interests of data subjects and undertakings.

Further safeguards should include making it possible to process relevant data within a secure processing environment operated by the recognised data altruism organisations, oversight mechanisms such as ethics councils or boards, including representatives from civil society to ensure that the data controller maintains high standards of scientific ethics and protection of fundamental rights, effective and clearly communicated technical means to withdraw or modify consent at any moment, on the basis of the information obligations of data processors under Regulation (EU) 2016/679, as well as means for data subjects to stay informed about the use of data they made available. Registration as a recognised data altruism organisation should not be a precondition for exercising data altruism activities. The Commission should, by means of delegated acts, prepare a rulebook in close cooperation with data altruism organisations and relevant stakeholders. Compliance with that rulebook should be a requirement for registration as a recognised data altruism organisation.

Recital 51

The competent authorities for the registration of data altruism organisations designated to monitor compliance of recognised data altruism organisations with the requirements of this Regulation should be chosen on the basis of their capacity and expertise. They should be independent of any data altruism organisation as well as transparent and impartial in the exercise of their tasks. Member States should notify the Commission of the identity of those competent authorities for the registration of data altruism organisations. The powers and competences of the competent authorities for the registration of data altruism organisations should be without prejudice to the powers of the data protection authorities. In particular, for any question requiring an assessment of compliance with Regulation (EU) 2016/679, the competent authority for the registration of data altruism organisations should seek, where relevant, an opinion or decision of the competent supervisory authority established pursuant to that Regulation.

Art. 24 DGA - Monitoring of compliance arrow_right_alt

Art. 25 DGA - European data altruism consent form arrow_right_alt