EU Com­mis­si­on: Pro­po­sal for a Regu­la­ti­on on the free flow of non-per­so­nal data

To com­ple­te the “com­mon Euro­pean data space”, the Euro­pean Com­mis­si­on has deve­lo­ped a Pro­po­sal pre­sen­ted for a regu­la­ti­on on the free flow of non-per­so­nal data (PDF, Eng­lish). In it, the Com­mis­si­on pro­po­ses to estab­lish a new prin­ci­ple to anchor, accor­ding to which So-cal­led data loca­lizati­on requi­re­ments abo­lished and the com­pe­tent aut­ho­ri­ties “Access rights to regu­la­to­ry con­trol” are to be granted.

By the “data loca­lizati­ons” to be com­ba­ted, the Com­mis­si­on means regu­la­ti­ons that direct­ly or indi­rect­ly limit data mobi­li­ty. It cites the fol­lo­wing examples:

• Regu­la­tors advi­se finan­cial ser­vice pro­vi­ders to store their data domestically.
• Con­fi­den­tia­li­ty regu­la­ti­ons (e.g.., in the heal­th­ca­re sec­tor) requi­re local data sto­rage and processing.
• Under com­pre­hen­si­ve regu­la­ti­ons, infor­ma­ti­on gene­ra­ted by the public sec­tor – regard­less of its con­fi­den­tia­li­ty – must be stored domestically.

In addi­ti­on, de fac­to bar­riers to data mobi­li­ty in the form of the “shall be remo­ved. – The Com­mis­si­on pres­ents this as follows:

At the same time, aut­ho­ri­ties should con­ti­n­ue to have access to data they need to per­form their duties – in other words, loca­li­zing data abroad should not be used as a pre­text to deny natio­nal regu­la­tors access to data.