The second element of the plans announced by the European Commission as part of its review of the Digital Single Market strategy is the proposed Regulation on the Free Flow of Non-Personal Data.
The core objective of the Regulation is to establish free movement of data as a 5th freedom of the European single market (in addition to the freedom of movement of goods, services, capital and persons) within a legal framework that is consistent across Europe. This new measure is intended to complement the General Data Protection Regulation (GDPR) regime dealing with personal data.
The Commission wants to create what it calls “a common European data space.” An ability for organisations to move and use data across borders is seen as an important element of the Digital Single Market strategy which is currently held back by data localisation requirements.
Many Member States currently limit the mobility of non-personal data across borders in the single market by localisation restrictions. Mainly established for security and confidentially reasons, such localisation restrictions are also sometimes regarded as a means of protectionism.
Removing localisation should “drive down the costs of data services, provide companies greater flexibility in organising their data management and data analytics, while expanding their use and choice of providers,” according to the Commission.
In June 2017, 17 Member States called explicitly for a ‘free flow of data’ principle in European law to tackle unjustified localisation restrictions and remove remaining obstacles within the Single Market. Exemptions will remain in the Directive when it comes to public order and law enforcement, but the Commission will be vigilant to avoid any risk of hidden protectionism.
The proposal has now been submitted to the European Parliament and the Council for review. There is a long debate to expect within the various European Parliament committees, especially to narrow down the scope of what Member States can do with law enforcement and security exemptions.