Data management organizations for altruistic purposes
El Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 It establishes, among others, a framework for voluntary registration in a register of entities that collect and process data ceded for altruistic purposes.
An altruistic transfer of data means any voluntary exchange of data based on the consent of the data subjects to have their personal data processed, or on the permission of the data subjects to have their non-personal data used, without the intention of obtaining or receiving a bonus that exceeds a compensation relating to the costs incurred in providing their data, for purposes of general interest as provided for in national law.
Recognised data management organisations for altruistic purposes
Entities that collect and process data ceded for altruistic purposes and comply with the requirements of Article 18 of Regulation (EU) 2022/868, may, voluntarily, request their registration in a national register of recognized data management organizations for altruistic purposes.
In order to be registered in the register of recognised data management organisations for altruistic purposes it will be necessary for the entity to accredit compliance with the essential requirements defined in Article 18 of Regulation (EU) 2022/868, including compliance with the regulatory code referred to in Article 22, when this has been adopted by the Commission.
The registration will enable the entity to use, in its oral and written communications, the name of “data management organization for altruistic purposes recognized in the Union”, as well as a common logo to be developed by the Commission.
Recognised organisations entered in the registers of recognised data management organisations for altruistic purposes shall be subject to the control and supervision of the competent authority concerned, having to comply, both with the general requirements of Article 18 of the Regulation and the regulatory code of Article 22, and with the obligation to notify changes of information of Article 19, the transparency requirements of Article 20, the specific requirements to protect the rights and interests of data subjects and data subjects as regards their data of Article 21, and the requirements in relation to international accesses and transfers of Article 31.