(BRUSSELS) – A draft proposal to allow non-personal data to move freely across borders, removing unjustified restrictions on the geographical location for storing and processing data, was agreed Wednesday by EU states.
Member states’ ambassadors agreed the mandate for Council talks with the European Parliament on the new rules, which will in essence create a single market for data storage and processing services, such as cloud computing.
Eliminating data localisation measures is expected to drive down the costs of data services, give companies greater flexibility in organising their data management and data analytics, and expand their choice of providers. A company operating in several member states will be able to avoid the costs of duplication of IT infrastructure. Removing data localisation restrictions is considered a key factor for the data economy to reach its full potential and double its value to 4% of European GDP in 2020.
“Seamless data mobility saves costs for businesses, especially for start-ups and SMEs, and is essential for many next-generation digital services,” said Estonia’s Entrepreneurship and IT minister Urve Palo, for the EU presidency.
The Council text allows member states to impose data localisation requirements only when these are justified on grounds of public security. To ensure the effective application of the principle of free movement of data, member states must notify their data localisation requirements to the Commission. The text is also designed to ensure that member states are not prevented from insourcing the provision of services involving data processing.
Member states’ competent authorities will continue to have access to data even when it is stored or processed in another country. An additional cooperation mechanism will be created to make sure such access is not hampered.
If a data set contains both personal and non-personal data, the general data protection regulation will apply to the personal data part of the set, while the non-personal data will be covered by the free flow of data regulation.
The draft regulation also encourages the development of codes of conduct to make it easier for users of data processing services to switch service providers and to port their data from one service provider to another or back to their own IT systems.
Both Council and Parliament now have to agree on the text before it can enter into force. The Parliament yet to adopt its position.
The European Council in October called for co-legislators to reach an agreement on this priority dossier by June 2018.
Draft regulation on the free flow of non-personal data in the EU Full text of Council mandate