Proposed Regulation on the Free Flow of Non-personal Data in the EU

Data is a resource for digital business and we can expect more and more rules regulating this vital resource. In addition to the GDPR and the proposed ePrivacy regulation, the European Commission has proposed another regulation (COM(2017)495) within the regulatory framework of the European data economy.

In short, the proposed regulation concerns data that is not covered in the GDPR. In other words, it is concerned with non-personal data comprising e.g. ordinary business or industrial data, raw machine data, and such information. The proposed regulation will not impose burdens on enterprises as the GDPR does, but will instead seek to facilitate the free movement of non-personal data in the European Union.

Background of the proposal

To understand what the free flow of non-personal data is, one must remember that one of the objectives for the European Union is to remove all obstacles and barriers to trade between Member States, thus creating a single market where goods and services, workers and capital can move freely across borders.

With the digitalisation of the world, this means that also data should flow freely between Member States of the EU. This has been recognised as a key step in enabling the European Digital Single Market.

If disproportionate restrictions to the movement of data across Member States and IT systems are abolished, it has been estimated that an economic growth of 4 % will be stimulated as an effect.

The main obstacles in the way for a free flow of data in the European Union today have been identified as being:

  • unjustified data localisation restrictions by Member States’ public authorities;
  • legal uncertainty about which legislation that is applicable to cross-border data storage and processing;
  • a lack of confidence that authorities of a Member State will be able to enforce its powers on data stored in other Member States; and
  • difficulties in switching cloud service providers due to vendor lock-in practices.

The proposal and its impact

The proposal mainly imposes obligations for Member States to abolish data localisation rules that restrict the free flow of data and to establish procedures to facilitate requests for official cross-border data access requests made by authorities.

Thus, the proposal is not imposing a regulatory burden on business practitioners in general. However, for enterprises operating in the infrastructure sector of the data ecosystems (such as cloud storage providers), it is worthwhile to know that self-regulatory codes of conduct may be introduced, with the objective of avoiding vendor lock-in and ensuring that users are given clear and transparent information before a contract is entered into. This information would include aspects such as:

  • the technical requirements, timeframes and charges that apply if a professional user wants to switch to another service provider, or port data back to its own IT systems;
  • information about processes and location of any back-up data;
  • the available data formats and supports, required IT configuration, and more.

The European Commission considers that the proposed regulation, complementing the personal data protection rules, is an additional step towards a truly functional common European data space.

For further information, please contact Ida Häggström, Vencel Hodák or Niels Dahl-Nielsen.

News and Insights
Blog Posts

ANONYMISATION AND PSEUDONYMISATION OF PERSONAL DATA

29/11/2019

This blog post is written by Erik Myrberg, lawyer at Synch Recital 26 of the GDPR clarifies that the principles of data protection should not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject […]

Press release

Synch has acted as legal advisor to Zington AB

22/11/2019

Synch has acted as legal advisor to Claremont AB (under name change to Zington AB) with trademark strategy work in connection with its expansion plans to becoming a global brand.

Blog Posts

ABOUT THE NEW PROPOSITION ON GENERAL ADVICE FOR CONSUMER CREDITS

14/11/2019

The rules on how consumer credits can be granted and marketed are spread out in several different acts and regulations.

Blog Posts

Strong customer authentication – about the new rules on electronic payments

08/11/2019

Strong customer authentication (SCA) means that a customer must verify his/her identity with two from each other independent factors when using electronic payment methods, for example when using a credit card. The rules, which are based on EU legislation, aims to increase the security of electronic payments and combat fraud. Generally speaking, the legislation does […]

Press release

3 SYNCH LAWYERS RANKED IN Who’s Who Legal

08/11/2019

Since 1996 Who’s Who Legal has identified the foremost legal practitioners in 34 areas of business law. Over 16,000 of the world’s leading private practice lawyers in over 100 countries are featured

Press release

SYNCH HAS ACTED LEGAL ADVISOR TO SKALL STUDIO IN CONNECTION WITH THE TRANSACTION

22/10/2019

Synch has assisted SKALL STUDIO with the transaction. Tobias Kisum has led the transaction.