New rules aimed at removing obstacles to the free movement of non-personal data within the EU for companies and public authorities were adopted by MEPs. Parliament approves EU’s fifth freedom 

This EU law, already provisionally agreed with the Council, will prohibit national rules requiring that data be stored or processed in a specific member state. Non-personal data includes, for instance, machine-generated data or commercial data. Specific examples are aggregated datasets used for big data analytics, data on precision farming that can help to monitor and optimise the use of pesticides and water, or data on maintenance needs for industrial machines. Restrictions on the location of data will only be allowed on grounds of public security, as defined in the Treaties and as interpreted by the EU Court of Justice. Any remaining data localisation requirements will have to be communicated to the European Commission and published online, in order to ensure compliance and transparency. Access to and porting of data The rules ensure that competent authorities will have access to data processed in another member state for regulatory control purposes, such as for inspection and audit. They also foresee the creation of codes of conduct by market players, to make it easier for professional users to switch cloud-service providers and transfer data back to their own IT systems. The Commission will monitor the development and the effective implementation of these codes of conduct within specific deadlines. Data sets composed of both personal and non-personal data In the case of data sets composed of both personal and non-personal data, the free flow regulation will apply to the non-personal data part of the set. Where personal and non-personal data are inextricably linked, this regulation shall not prejudice the application of the new EU data protection rules (GDPR), applicable since 25 May 2018. Thus, the two regulations do not overlap, but will complement each other.

This EU law, already provisionally agreed with the Council, will prohibit national rules requiring that data be stored or processed in a specific member state. Non-personal data includes, for instance, machine-generated data or commercial data. Specific examples are aggregated datasets used for big data analytics, data on precision farming that can help to monitor and optimise the use of pesticides and water, or data on maintenance needs for industrial machines. Restrictions on the location of data will only be allowed on grounds of public security, as defined in the Treaties and as interpreted by the EU Court of Justice. Any remaining data localisation requirements will have to be communicated to the European Commission and published online, in order to ensure compliance and transparency. Access to and porting of data The rules ensure that competent authorities will have access to data processed in another member state for regulatory control purposes, such as for inspection and audit. They also foresee the creation of codes of conduct by market players, to make it easier for professional users to switch cloud-service providers and transfer data back to their own IT systems. The Commission will monitor the development and the effective implementation of these codes of conduct within specific deadlines. Data sets composed of both personal and non-personal data In the case of data sets composed of both personal and non-personal data, the free flow regulation will apply to the non-personal data part of the set. Where personal and non-personal data are inextricably linked, this regulation shall not prejudice the application of the new EU data protection rules (GDPR), applicable since 25 May 2018. Thus, the two regulations do not overlap, but will complement each other.

Archivio news