Free flow of non-personal data in the European Union
The European Parliament adopted a new regulation on the free flow of non-personal data in the European Union in October 2018. The regulation aims to facilitate the free and safe movement of non-personal data across the EU by prohibiting national rules requiring the data to be stored or processed in a specific Member State.
According to the European Parliament, this regulation intents to clear any obstacles to the free movement of non-personal data. Non-personal data consist for example machine generated, commercial data or aggregated datasets used for big data analytics. Restrictions on the location of the storage or processing of personal data is only allowed for the reason of public security. The regulation allows to the competent authorities to have access to non-personal data processed in another Member State. In relation to its application, the European Parliament has stated that this regulation has no effect on the application of the General Data Protection Regulation (“GDPR”) as it shall not be applied to personal data, and the two regulations will function together, enabling the free movement of data – including personal and non-personal data- across the EU. In case of a database, where personal and non-personal data are inevitably linked, the application of GDPR shall prevail.
According to the European Parliament, this regulation will not only enable the free flow of non-personal data in the EU, but it will also vitalise the European data economy, by allowing for start-ups and SMEs to create new cross-border services. The European Parliament considers an estimated 4% (or EUR 739 billion) increase of EU GDP due to this new regulation.
According to the communication of the European Parliament, the Council of the EU will adopt the regulation in the coming weeks, before it will enter into force by the end of the year. The Member States will have 6 months to apply the new rules from the date of the formal adoption of the regulation.