Anna Maria Corazza Bildt, Rapporteur. – Mr President, the digital revolution is changing all parts of our lives, and we are still only at the beginning of this exciting development. Movement of data will grow in volume and importance, and my vision is for an open, safe and global internet for all. With this regulation we will remove barriers, borders and burdens impeding the free flow of non-personal data. We have, de facto, established the fifth freedom in the internal market – data – next to freedom of movement of people, goods, services and capital. It is a game changer for the digital economy.

The Free Flow of Data (FFoD) Regulation is a regulation to deregulate. We are removing national data localisation requirements and facilitating portability of cloud service providers. Step by step, we are creating a legal framework for the future digital economy. We are creating a level playing field for companies to compete globally. With the USA and China moving fast – as you always point out, Vice-President Ansip – and with much more data available than in Europe, access to data for companies and especially for SMEs is crucial. FFoD has the potential to create efficiency throughout the value chain, to enable economies of scale and to boost innovation, paving the way for artificial intelligence, cloud computing and big data analysis. It is a good example of better regulation, with the clear added value of a Europe that delivers concrete results. The estimated associated GDP growth is EUR 8 billion per year – equal to the two free-trade agreements between the European Union and South Korea and Canada.

So what have we achieved? With the new rules, any data that is non-personal can be stored and processed anywhere in the EU – sales data, revenues, profits, stock prices, balance sheets, product design, price lists – to name but a few. We have succeeded in keeping just one exception: in the case of a threat to public security, the Member States may still allow restriction of data localisation. Companies and public administration will have the possibility to outsource data processes anywhere in the EU, but it is not an obligation. We have clarified that this applies at all levels of government – national, regional and local. Also, public administrations which run in-house cloud service systems, like the Bundescloud in Germany, will be able to use them, and we have succeeded in ensuring that the public procurement of cloud services by Member States will be open to operators from throughout the European Union.

We have also facilitated portability of cloud service providers. It has to be as simple for companies, especially for SMEs, to move, for example, from iCloud to Tieto as it is to change telephone operators from Vodafone to Telia. The market players, which are the ones best suited, will have 18 months to develop and implement codes of conduct to ensure easy switching between cloud service providers.

The new law will not affect citizens’ privacy. The General Data Protection Regulation (GDPR) will remain untouched. In cases where personal and non-personal data are inextricably linked in a mixed data set, FFoD will not prejudge GDPR. We have clarified the concept and added safeguards to ensure that the rules afford legal certainty and are up to date and fit for purpose, including in the future. We have asked the Commission to present guidelines on how the regulation will apply to mixed data sets, before its entry into force, and we have shortened the review time to four years.

Lastly, competent authorities with a legitimate reason can access company data stored in another Member State via a simplified procedure and a point of single contact. I am proud that we can deliver rules that are simple, net neutral and easy to apply in real life. The time has come to stand up against the data protectionism that is threatening our digital economy and society. And in this case, if I may dare to say so: mission accomplished!

(Applause)