EU to ban data localisation restrictions as ambassadors approve deal on free flow of data
The EU is moving to boost its data economy by creating a single market for data storage and processing services, such as cloud computing. This freedom to choose a data service provider anywhere in Europe is expected to lead to more innovative data-driven services and more competitive prices for businesses, consumers and public administrations. Member states’ ambassadors endorsed the new rules today, following a provisional agreement with the European Parliament on 19 June.
Free movement of data is crucial for unlocking the vast potential of the data economy. This legislation will ensure that data is allowed to flow freely, allowing companies and public administrations to store and process non-personal data wherever they choose in the EU. These rules will provide legal certainty and trust in the increasing use of data-driven innovations for the benefit of all citizens.
Ivaylo Moskovski, Bulgarian Minister for Transport, Information Technology and Communications
The reform will remove any restrictions imposed by member states’ public authorities on the geographical location for storing or processing non-personal data, unless such restrictions are justified on grounds of public security. Important sources of non-personal data include the rapidly expanding Internet of Things, artificial intelligence and machine learning. Current uses of aggregate and anonymised sets of non-personal data include for example big data analytics and precision farming.
To ensure that the rules will work in practice, member states must either repeal their data localisation requirements or notify those that are permitted to the Commission. The text clarifies that member states’ public administrations are not prevented from insourcing the provision of services involving data processing.
If a data set contains both personal and non-personal data, the general data protection regulation will apply to the personal data part of the set, while the non-personal data will be covered by the free flow of data regulation.
Member states’ competent authorities will continue to have access to data even when it is stored or processed in another country. This may be necessary for example for the purposes of regulatory or supervisory control.
The draft regulation also encourages the development of codes of conduct to make it easier for users of data processing services to switch service providers or to port their data back to their own IT systems.
Removing data localisation restrictions is considered a key factor in ensuring that the data economy can achieve its full potential and double its value to 4% of European GDP in 2020.
With this agreement, the Council and the Parliament succeeded in meeting the June 2018 deadline that EU leaders set for this priority dossier in the European Council in October 2017.
How will it become law?
Once the agreed text has undergone legal and linguistic finalisation, it must be formally adopted, first by the Parliament and then by the Council (agreement at first reading). Following adoption, the regulation will be published in the EU’s Official Journal. It will apply six months after publication.