Free flow of non-personal data

08 ottobre 2018

New rules aimed at removing obstacles to the free movement of non-personal data within the EU for companies and public authorities were adopted by MEPs. Parliament approves EU’s fifth freedom 

 

This EU law, already provisionally agreed with the Council, will prohibit national rules requiring that data be stored or processed in a specific member state. Non-personal data includes, for instance, machine-generated data or commercial data. Specific examples are aggregated datasets used for big data analytics, data on precision farming that can help to monitor and optimise the use of pesticides and water, or data on maintenance needs for industrial machines. Restrictions on the location of data will only be allowed on grounds of public security, as defined in the Treaties and as interpreted by the EU Court of Justice. Any remaining data localisation requirements will have to be communicated to the European Commission and published online, in order to ensure compliance and transparency. Access to and porting of data The rules ensure that competent authorities will have access to data processed in another member state for regulatory control purposes, such as for inspection and audit. They also foresee the creation of codes of conduct by market players, to make it easier for professional users to switch cloud-service providers and transfer data back to their own IT systems. The Commission will monitor the development and the effective implementation of these codes of conduct within specific deadlines. Data sets composed of both personal and non-personal data In the case of data sets composed of both personal and non-personal data, the free flow regulation will apply to the non-personal data part of the set. Where personal and non-personal data are inextricably linked, this regulation shall not prejudice the application of the new EU data protection rules (GDPR), applicable since 25 May 2018. Thus, the two regulations do not overlap, but will complement each other.

This EU law, already provisionally agreed with the Council, will prohibit national rules requiring that data be stored or processed in a specific member state. Non-personal data includes, for instance, machine-generated data or commercial data. Specific examples are aggregated datasets used for big data analytics, data on precision farming that can help to monitor and optimise the use of pesticides and water, or data on maintenance needs for industrial machines. Restrictions on the location of data will only be allowed on grounds of public security, as defined in the Treaties and as interpreted by the EU Court of Justice. Any remaining data localisation requirements will have to be communicated to the European Commission and published online, in order to ensure compliance and transparency. Access to and porting of data The rules ensure that competent authorities will have access to data processed in another member state for regulatory control purposes, such as for inspection and audit. They also foresee the creation of codes of conduct by market players, to make it easier for professional users to switch cloud-service providers and transfer data back to their own IT systems. The Commission will monitor the development and the effective implementation of these codes of conduct within specific deadlines. Data sets composed of both personal and non-personal data In the case of data sets composed of both personal and non-personal data, the free flow regulation will apply to the non-personal data part of the set. Where personal and non-personal data are inextricably linked, this regulation shall not prejudice the application of the new EU data protection rules (GDPR), applicable since 25 May 2018. Thus, the two regulations do not overlap, but will complement each other.

Archivio news

 

News dello studio

mar19

19/03/2024

GARANTE PER LA PROTEZIONE DEI DATI PERSONALI COMUNICATO Avviso pubblico di avvio della consultazione sul termine di conservazione dei metadati generati e raccolti automaticamente dai protocolli di trasmissione e smistamento della posta el

Il Garante per la protezione dei dati personali, con provvedimento del 22 febbraio 2024, n. 127, pubblicato sul sito web istituzionale (www.garanteprivacy.it), ha deliberato l'avvio di una procedura

mar14

14/03/2024

The Italian Competition Authority sanctioned TikTok

Today, the Italian Competition Authority  has sanctioned TikTok imposing a fine of EUR 10 million for unfair commercial practice. According to the Italian Authority, the company has failed

mar14

14/03/2024

Agcm sanziona TikTok per pratica commerciale scorretta

Per l'Agcm sono inadeguati i controlli della società sui contenuti che circolano sulla piattaforma, in particolare quelli che possono minacciare la sicurezza di soggetti minori e vulnerabili.

News Giuridiche

mar19

19/03/2024

Carta di inclusione: al via il decreto sull’utilizzo

Vietati acquisti on-line, di beni velleitari

mar19

19/03/2024

Avvocati: una frase enfatica non è illecito deontologico

Non possono esistere apprezzamenti denigratori

mar19

19/03/2024

Stress da lavoro? Risponde il datore di lavoro anche se non c’è mobbing

Non occorre provare l'intento vessatorio,