Free flow of non-personal data in the European Union

Briefing 13-02-2018

This note seeks to provide an initial analysis of the strengths and weaknesses of the European Commission's impact assessment (IA) accompanying the above Commission proposal (the proposal), submitted on 13 September 2017 and referred to Parliament's Committee on Internal Market and Consumer Protection (IMCO). The creation of a connected digital single market is one of the ten priorities identified by Commission President Jean-Claude Juncker in his political guidelines for the Commission at the start of his mandate. In its digital single market strategy (DSM), the Commission stated that 'Any unnecessary restrictions regarding the location of data within the EU should both be removed and prevented' and committed to proposing an initiative to tackle restrictions on the free movement of data and unjustified restrictions on the location of data for storage or processing purposes. The challenges to the data economy are also specifically discussed in the 2017 communication on building a European data economy, which recognises that 'unjustified restrictions on the free movement of data are likely to constrain the development of the EU data economy [and] impair the freedom to provide services and the freedom of establishment stipulated in the Treaty'. The aim of the proposal is to remove geographical restrictions on the storage of non-personal data in the internal market and to facilitate switching between cloud service providers and the porting of data. It is meant to complement the 2016 General Data Protection Regulation (GDPR) which provides a single set of rules for the protection of personal data and provides the basis for the free flow of such data. Thus, for the purposes of the proposal, data is defined as 'data other than personal data as referred to in' the GDPR. The Commission seeks to build upon the existing applicable legal framework that regulates the internal market for data services (E commerce Directive, Services Directive, Transparency Directive), and pursues a high level of cybersecurity in the EU (NIS Directive), while at the same time remaining consistent with the existing provisions.