By Monika Ermert for Intellectual Property Watch
The European Parliament, Council and European Commission on 19 June cut a deal on a new regulation on the free flow of non-personal data. The regulation, which is expected to pass the final votes in Parliament and Council without further issue, is a European answer to concerns over potential data localization obligations, which came into some demand following the Snowden revelations about intelligence services hoovering data from netizens.
“Data localization restrictions are signs of protectionism for which there is no place in a single market,” EU Vice-President Andrus Ansip said after the agreement.
His colleague, Mariya Gabriel, Commissioner for Digital Economy and Society, added: “Data is the backbone of today’s digital economy and this proposal will help to build a common European data space.”
Any restrictions on the movement of data between EU member states must be justified by public security, according to the draft regulation. Potential data localization requirements have to be notified.
At the same time governments retain the right to access the non-personal data in other member states. This is an attempt to help public authorities investigate and exercise oversight rights in the cloud. A network of single points of contact for the member states is set up to assist in that.
Finally, companies are tasked with allowing for data portability and transparency over the relevant procedures to switch from one data provider to another, across borders.
The agreement on the data flow protection was welcomed by the Computer & Communications Industry Association. The industry group, which has been a supporter of free data flow provisions, in a press release quoted their Vice-President, Christian Borggreen, as saying that this is a major step towards achieving a European Digital Single market with increased competition for cloud services. Some criticism had come from national parliaments. The German Bundesrat in an April recommendation expressed concerns over the treatment of mixed data sets, containing both non-personal and personal data and expressed the need to retain the right for public authorities to keep sensitive data restricted to their own territories via respective procurement contracts.