Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
Data Governance Act
- Recitals
CHAPTER I
General provisionsArticles 1 — 2
CHAPTER II
Re-use of certain categories of protected data held by public sector bodiesArticles 3 — 9
CHAPTER III
Requirements applicable to data intermediation servicesArticles 10 — 15
CHAPTER IV
Data altruismArticles 16 — 25
CHAPTER V
Competent authorities and procedural provisionsArticles 26 — 28
CHAPTER VI
European Data Innovation BoardArticles 29 — 30
CHAPTER VII
International access and transferArticles 31 — 31
CHAPTER VIII
Delegation and committee procedureArticles 32 — 33
CHAPTER IX
Final and transitional provisionsArticles 34 — 38
DGA Article 21. Specific requirements to safeguard rights and interests of data subjects and data holders with regard to their data
- 1.A recognised data altruism organisation shall inform data subjects or data holders prior to any processing of their data in a clear and easily comprehensible manner of:
- (a)the objectives of general interest and, if applicable, the specified, explicit and legitimate purpose for which personal data is to be processed, and for which it permits the processing of their data by a data user;
- (b)the location of and the objectives of general interest for which it permits any processing carried out in a third country, where the processing is carried out by the recognised data altruism organisation.
- 2.The recognised data altruism organisation shall not use the data for other objectives than those of general interest for which the data subject or data holder allows the processing. The recognised data altruism organisation shall not use misleading marketing practices to solicit the provision of data.
- 3.The recognised data altruism organisation shall provide tools for obtaining consent from data subjects or permissions to process data made available by data holders. The recognised data altruism organisation shall also provide tools for easy withdrawal of such consent or permission.
- 4.The recognised data altruism organisation shall take measures to ensure an appropriate level of security for the storage and processing of non-personal data that it has collected based on data altruism.
- 5.The recognised data altruism organisation shall, without delay, inform data holders in the event of any unauthorised transfer, access or use of the non-personal data that it has shared.
- 6.Where the recognised data altruism organisation facilitates data processing by third parties, including by providing tools for obtaining consent from data subjects or permissions to process data made available by data holders, it shall, where relevant, specify the third-country jurisdiction in which the data use is intended to take place.
Relevant Recitals for this Article
There is a strong potential for objectives of general interest in the use of data made available voluntarily by data subjects on the basis of their informed consent or, where it concerns non-personal data, made available by data holders. Such objectives would include healthcare, combating climate change, improving mobility, facilitating the development, production and dissemination of official statistics, improving the provision of public services, or public policy making. Support to scientific research should also be considered to be an objective of general interest. This Regulation should aim to contribute to the emergence of sufficiently-sized data pools made available on the basis of data altruism in order to enable data analytics and machine learning, including across the Union. In order to achieve that objective, Member States should be able to have in place organisational or technical arrangements, or both, which would facilitate data altruism. Such arrangements could include the availability of easily useable tools for data subjects or data holders for giving consent or permission for the altruistic use of their data, the organisation of awareness campaigns, or a structured exchange between competent authorities on how public policies, such as improving traffic, public health and combating climate change, benefit from data altruism. To that end, Member States should be able to establish national policies for data altruism. Data subjects should be able to receive compensation related only to the costs they incur when making their data available for objectives of general interest.
The registration of recognised data altruism organisations and use of the label ‘data altruism organisation recognised in the Union’ is expected to lead to the establishment of data repositories. Registration in a Member State would be valid across the Union and is expected to facilitate cross-border data use within the Union and the emergence of data pools covering several Member States. Data holders could give permission to the processing of their non-personal data for a range of purposes not established at the moment of giving the permission. The compliance of such recognised data altruism organisations with a set of requirements as laid down in this Regulation should bring trust that the data made available for altruistic purposes is serving an objective of general interest. Such trust should result in particular from having a place of establishment or a legal representative within the Union, as well as from the requirement that recognised data altruism organisations are not-for-profit organisations, from transparency requirements and from specific safeguards in place to protect rights and interests of data subjects and undertakings.