The EU’s new Data Governance Act (DGA) will likely stifle the very thing it seeks to promote: activities the European Commission calls "data altruism". Data altruism refers to people voluntarily donating their data for the public good, e.g. by voluntarily providing information about adverse reactions to vaccinations or other health data for scientific analysis. Another example could be people sharing their personal credit scores in order to find out whether the scoring has discriminating effects, as practiced through projects like OpenSchufa, when AlgorithmWatch and the Open Knowledge Foundation Germany looked into the procedures of Schufa, the dominant German credit scoring company (https://openschufa.de/).
Many such data donation projects exist in a legal grey area, with daunting requirements for both altruistic organizations and donors under the European Union’s General Data Protection Regulation (GDPR).
Veil’s paper thus suggests ways in which the EU could have lifted GDPR requirements had it truly wanted to facilitate processing of personal data for altruistic purposes. Instead, the EU’s chosen path has been to use the Data Governance Act to introduce even more obligations for altruistic organizations — which promises to quash any enthusiasm for altruism in practice.
“So long as the anti-processing straitjacket of the GDPR is not loosened even a little for altruistic purposes, there will be little hope for data innovations from Europe,” writes Veil. “In any case, the EU’s bureaucratic ideas threaten to stifle any altruism.”
An earlier version of this paper was originally published in German at https://www.cr-online.de/blog/2021/10/28/data-governance-act-iii-datenaltruismus/
To see the list of obligations for data altruism organizations under the Data Governance Act, visit https://dataprotection-landscape.com/law/data-altruism