Removing barriers to free flow of data – Council agrees its position

20 December 2017

The EU is developing new rules to allow non-personal data to move freely and easily across country borders.

Member states' ambassadors (Permanent Representatives Committee) today agreed on a mandate for the presidency to launch negotiations with the European Parliament on the proposal, which aims to boost the EU data economy by removing any unjustified restrictions on the geographical location for storing or processing data. At the same time, the new law would ensure that authorities have access to data stored or processed in another member state so that they can carry out their duties.

In essence, the new rules will create a single market for data storage and processing services, such as cloud computing. They will provide legal certainty and increase trust in the use of these services. Together, this draft regulation and the general data protection regulation adopted last year will provide a coherent set of rules that cater for free movement of different types of data.

Eliminating data localisation measures is expected to drive down the costs of data services, give companies greater flexibility in organising their data management and data analytics, and expand their choice of providers. A company operating in several member states will be able to avoid the costs of duplication of IT infrastructure. Removing data localisation restrictions is considered a key factor for the data economy to reach its full potential and double its value to 4% of European GDP in 2020.

"Data is at the heart of all modern economies and societies and can generate immense value. Seamless data mobility saves costs for businesses, especially for start-ups and SMEs, and is essential for many next-generation digital services. This proposal has been a top priority for the Estonian presidency, so I am very pleased that we now have a mandate ready for the Bulgarian presidency to kick off talks with the European Parliament as soon as the Parliament is ready," said Urve Palo, Estonian Minister for Entrepreneurship and Information Technology.

The Council text allows member states to impose data localisation requirements only when these are justified on grounds of public security. To ensure the effective application of the principle of free movement of data, member states must notify their data localisation requirements to the Commission. The text is also designed to ensure that member states are not prevented from insourcing the provision of services involving data processing. 

Member states’ competent authorities will continue to have access to data even when it is stored or processed in another country. An additional cooperation mechanism will be created to make sure such access is not hampered.

If a data set contains both personal and non-personal data, the general data protection regulation will apply to the personal data part of the set, while the non-personal data will be covered by the free flow of data regulation.

The draft regulation also encourages the development of codes of conduct to make it easier for users of data processing services to switch service providers and to port their data from one service provider to another or back to their own IT systems. [...]

Draft regulation on the free flow of non-personal data in the EU – Full text of Council mandate


© European Council