The Regulation on the free flow of data will de facto create the fifth freedom on the internal market, next to the freedom of movement of people, goods, services and capital. According to the new rules, any other data that is not related to an identifiable person can be stored and processed anywhere in the EU. The only exception is in the case of a public security threat, where restrictions to data localisation may still be allowed.
“This new law, making it possible to freely move non-personal data within the EU, will bring about €8 billion per year in estimated GDP growth, equal to the trade agreement with Canada and South Korea. This will be an enormous boost for our businesses and public authorities. It will pave the way for artificial intelligence, cloud computing and big data analysis”, said Anna Maria Corazza Bildt MEP, who led the negotiations on behalf of the European Parliament.
The new law will not affect citizens’ privacy, as the General Data Protection Regulation (GDPR) will remain untouched. In the case that personal and non-personal data are linked together, the GDPR will apply to the personal data part of the set, and the free flow of non-personal data principle will apply to the non-personal part.
The Regulation facilitates portability by tasking the market players to produce and implement Codes of Conduct to ensure that business users can easily switch their data between cloud service providers. It also establishes a single point of contact per Member State that gives easy access to the competent authorities in cases where data is stored in another Member State.
“It’s time to put an end to the data protectionism that is threatening our digital economy”, Corazza Bildt underlined. “We want an open, free and safe internet for all.”