mixmagic - stock.adobe.com

EU regulation set to advance single market for non-personal data

The European Union Council and Parliament have approved a regulation, to take effect in six months’ time, to ensure the free movement of non-personal data, such as IoT data, across the bloc

The European Union Council, made up of the heads of government of member states, has rubber-stamped a set of new rules to bring down barriers to the free movement of non-personal data across the EU.

The new rules are said to be, according to an official statement, “designed to boost the data economy and the development of emerging technologies such as cross-border autonomous systems and artificial intelligence”.

Their twin targets are, according to the text of the regulation, to come into effect in 2019. “Data localisation requirements put in place by Member States' authorities and vendor lock-in practices in the private sector,” it said.

By non-personal data, the EU means data including from “the internet of things, artificial intelligence and machine learning. Specific examples of non-personal data include aggregate and anonymised datasets used for big data analytics, data on precision farming that can help to monitor and optimise the use of pesticides and water, or data on maintenance needs for industrial machines.”

Margarete Schramböck, Austrian federal minister for digital and economic affairs and president of the council, said: “Strengthening the data sector will improve Europe’s competitiveness. The free flow of data is key for growth and creating jobs, and will provide more flexibility for our companies. From now on, they will be able to choose the cloud provider that suits them best.”

The new rules will ban “data localisation restrictions imposed by member states on the geographical location for storing or processing non-personal data, unless such restrictions are justified on grounds of public security. Member states’ authorities will continue to have access to data even when it is located in another country.”

The new regulation will also encourage the development of codes of conduct to make it easier for users of “data processing services” to switch providers or to port their data back to their own IT systems.

Read more about EU data flows

  • The European Commission highlight three main areas of focus in its Digital Single Market strategy.
  • European Commission calls for free flow of data after Brexit.
  • Hancock sure UK will obtain and maintain EU data protection adequacy.

The regulation was approved by a vote in the Parliament on 4 October 2018, and a vote in Council on 9 October. It is due to be signed by both institutions during Parliament’s plenary session in mid-November and then published in the EU Official Journal. It will be directly applicable in all member states six months after publication.

At an earlier stage, ambassadors from the Union’s member states endorsed the new regulation, following a provisional agreement with the European Parliament on 19 June.

At that time, the stated aim of the new regulation was to create a single market for data storage and processing services, such as cloud computing.

Ivaylo Moskovski, Bulgarian minister for transport, information technology and communications, said: “Free movement of data is crucial for unlocking the vast potential of the data economy.

“This legislation will ensure data is allowed to flow freely, allowing companies and public administrations to store and process non-personal data wherever they choose in the EU. These rules will provide legal certainty and trust in the increasing use of data-driven innovations for the benefit of all citizens”.

The UK is due to leave the EU on 29 March 2019, but there will be a so-called “transition period” lasting until 31 December 2020, during which time the UK will follow EU rules.

Read more on Privacy and data protection