The European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB) recommend improvements to better align the Data Governance Act with privacy rules (see EUROPE 12594/9). In a joint opinion adopted on Wednesday 10 March, they suggest, among other things, a better definition of the notion of general interest for the altruism of data.
“With ‘big data’ come big responsibilities. This is why appropriate data protection safeguards must be put in place”, said the European Supervisor, Wojciech Wiewiórowski.
For her part, Andrea Jelinek insists on the importance of complying with the General Data Protection Regulation (GDPR) as regards in particular the competence of the supervisory authorities, the roles of the different actors involved, the legal basis for the processing of personal data, the necessary safeguards and the exercise of the rights of the data subjects.
Both bodies insist on a clear and unambiguous statement that this act will not affect the level of protection of personal data and will not alter any rights or obligations laid down in EU law.
The paper points out that the registration regime of the entities responsible for data processing does not include a sufficient verification procedure. And they express a preference for the use of a code of conduct or a certification mechanism.
On the altruism of data, the two bodies call for a better definition of the purposes linked to the general interest. “The altruistic nature of data must be organised in such a way as to allow individuals to easily give, but also to withdraw their consent”, the statement said. (Original version in French by Sophie Petitjean)