Data altruism: how the EU is screwing up a good idea

In a new AlgorithmWatch discussion paper, data regulation expert Winfried Veil argues that the Data Governance Act is not only annoyingly bureaucratic, but a missed opportunity to breathe life into the “Data for Good” idea.

Susan Q Yin ǀ Unsplash

The EU’s new Data Governance Act (DGA) will likely stifle the very thing it seeks to promote: activities the European Commission calls "data altruism". Data altruism refers to people voluntarily donating their data for the public good, e.g. by voluntarily providing information about adverse reactions to vaccinations or other health data for scientific analysis. Another example could be people sharing their personal credit scores in order to find out whether the scoring has discriminating effects, as practiced through projects like OpenSchufa, when AlgorithmWatch and the Open Knowledge Foundation Germany looked into the procedures of Schufa, the dominant German credit scoring company (

Many such data donation projects exist in a legal grey area, with daunting requirements for both altruistic organizations and donors under the European Union’s General Data Protection Regulation (GDPR).

Veil’s paper thus suggests ways in which the EU could have lifted GDPR requirements had it truly wanted to facilitate processing of personal data for altruistic purposes. Instead, the EU’s chosen path has been to use the Data Governance Act to introduce even more obligations for altruistic organizations — which promises to quash any enthusiasm for altruism in practice.

“So long as the anti-processing straitjacket of the GDPR is not loosened even a little for altruistic purposes, there will be little hope for data innovations from Europe,” writes Veil. “In any case, the EU’s bureaucratic ideas threaten to stifle any altruism.”

An earlier version of this paper was originally published in German at

To see the list of obligations for data altruism organizations under the Data Governance Act, visit

Dr. Winfried Veil

Dr. Winfried Veil studied law at the University of Mainz and received his PhD from the German University of Administrative Sciences in Speyer. He has previously worked as a lawyer in public commercial law and at the Federal Ministry of the Interior, where he accompanied the Council negotiations on the GDPR from 2013 onwards as a consultant in the project group responsible for the reform of data protection law in the EU. Since then, he has been working academically on issues of data protection law and data regulation. Veil is co-editor and author of a commentary on the GDPR, author of numerous articles in scientific journals and handbooks, and blogs at He also initiated Dataprotection Landscape, an online resource which helps both experts and laypersons to navigate the extraordinarily complex maze of data protection regulations. He also lectures at the University of Göttingen and the FernUniversität in Hagen.

Sign up for our Community Newsletter

For more detailed information, please refer to our privacy policy.