New rules aimed at removing obstacles to the free movement of non-personal data within the EU for companies and public authorities were adopted by MEPs.

This EU law, already provisionally agreed with the Council, will prohibit national rules requiring that data be stored or processed in a specific member state.

Non-personal data includes, for instance, machine-generated data or commercial data. Specific examples are aggregated datasets used for big data analytics, data on precision farming that can help to monitor and optimise the use of pesticides and water, or data on maintenance needs for industrial machines.

Restrictions on the location of data will only be allowed on grounds of public security, as defined in the Treaties and as interpreted by the EU Court of Justice. Any remaining data localisation requirements will have to be communicated to the European Commission and published online, in order to ensure compliance and transparency.

Access to and porting of data

The rules ensure that competent authorities will have access to data processed in another member state for regulatory control purposes, such as for inspection and audit.

They also foresee the creation of codes of conduct by market players, to make it easier for professional users to switch cloud-service providers and transfer data back to their own IT systems. The Commission will monitor the development and the effective implementation of these codes of conduct within specific deadlines.

Data sets composed of both personal and non-personal data

In the case of data sets composed of both personal and non-personal data, the free flow regulation will apply to the non-personal data part of the set. Where personal and non-personal data are inextricably linked, this regulation shall not prejudice the application of the new EU data protection rules (GDPR), applicable since 25 May 2018. Thus, the two regulations do not overlap, but will complement each other.

Quote

Anna Maria Corazza Bildt (EPP, SE), who steered this legislation through Parliament, said: “This regulation de facto establishes data as the fifth freedom on the EU Single Market. By removing borders, burdens and barriers such as data localisation rules, we enable a level playing field for European companies to compete globally. This legislation is truly a game changer, potentially providing enormous efficiency gains for both companies and public authorities. It will reduce data protectionism, which is threatening the digital economy, and pave the way for artificial intelligence, cloud computing and big data analysis".

Next steps

The new law, approved in plenary by 520 votes to 81, with six abstentions, is due to be approved by the EU Council of Ministers on 6 November. It will apply six months after its publication in the EU Official Journal.