PURPOSE: to create a framework for the free flow of
non-personal data in the European Union and the foundation for
developing the data economy and enhancing the competitiveness of
European industry.
PROPOSED ACT: Regulation of the European Parliament
and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European
Parliament decides in accordance with the ordinary legislative
procedure and on an equal footing with the Council.
BACKGROUND: currently, data localisation restrictions
by Member States' public authorities and obstacles to the movement
of data across IT systems prevent business and organisations in the
EU from capturing economic, social and business opportunities.
Legal uncertainty and lack of trust cause additional barriers to
the free flow of non-personal data.
In practice, this means a business may not be or feel
free to make full use of cloud services, choose the most
cost-effective locations for IT resources, switch between service
providers or port its data back to their own IT systems.
With the principle of free flow of non-personal data,
businesses can avoid duplication of data at several locations, may
feel more confident to enter new markets, and scale up their
activities more easily.
The Mid-Term
Review on the implementation of the Digital Single Market
Strategy (DSM Strategy) announced a legislative proposal on an EU
free flow of data cooperation framework.
IMPACT ASSESSMENT: the preferred option chosen allows
for the assessment of a combination of legislation establishing the
free flow of data framework and the single points of contact and an
expert group as well as self-regulatory measures addressing data
porting. This option would ensure the effective removal of
existing unjustified localisation restrictions and would
effectively prevent the future ones, as a result of a clear legal
principle combined with the review, notification and transparency,
while at the same time enhancing legal certainty and trust in the
market. The burden on Member States' public authorities would be
modest, leading to approximately EUR 33 000 annually in terms of
human resources cost to sustain the single points of contact as
well as a yearly cost of between EUR 385 and EUR 1925 for the
preparation of notifications
CONTENT: the proposed Regulation seeks to ensure the
free movement of data other than personal data within the Union by
laying down rules relating to data localisation requirements, the
availability of data to competent authorities and data porting for
professional users.
It shall apply to the storage or other processing
of electronic data other than personal data in the Union, which
is (a) provided as a service to users residing or having an
establishment in the Union, regardless of whether the provider is
established or not in the Union or (b) carried out by a natural or
legal person residing or having an establishment in the Union for
its own needs.
The proposal:
- establishes the principle of free movement of
non-personal data in the Union. This principle prohibits
any data localisation requirement, unless it is justified on
grounds of public security. Furthermore, it provides for the review
of existing requirements, notification of remaining or new
requirements to the Commission and transparency
measures;
- ensures data availability for regulatory
control by competent authorities. To this effect, users may not
refuse to provide access to data to competent authorities on the
basis that data is stored or otherwise processed in another Member
State. Where a competent authority has exhausted all applicable
means to obtain access to the data, that competent authority may
request the assistance of an authority in another Member State,
if no specific cooperation mechanism exists;
- states that the Commission shall encourage service
providers and professional users to develop and implement codes
of conduct detailing the information on data porting conditions
(including technical and operational requirements) that providers
should make available to their professional users in a sufficiently
detailed, clear and transparent manner before a contract is
concluded. The Commission will review the development and effective
implementation of such codes within two years after the start of
application of this Regulation;
- stipulates that each Member State shall designate a
single point of contact who shall liaise with the points of
contact of other Member States and the Commission regarding the
application of this Regulation;
- provides for procedural conditions applicable
to the assistance between competent authorities;
- states that the Commission shall be assisted by the
Free Flow of Data Committee within the meaning of Regulation
(EU) No 182/2011;
- calls for a review within five years after the
start of application of the Regulation and that the Regulation will
start to apply six months after the day of its
publication.
BUDGETARY IMPLICATIONS: a moderate administrative
burden for Member States' public authorities will emerge, caused by
the allocation of human resources for the cooperation between
Member States through the 'single points of contact', and for
complying with the notification, review and transparency
provisions.