On 13 September 2017, the EU Parliament and Council have issued a proposal for a regulation on a framework for the free flow of non-personal data in the EU. Other than the GDPR (General Data Protection Regulation 2016/679), this regulation aims to offer a uniform legal framework for the flow of data other than personal data. This regulatory development is a welcome initiative for our digital and “big data”-driven economy, where electronic data, whether personal or not, are at the heart of.
The proposal pursues a triple objective: (i) improving the mobility of non-personal data across borders, (ii) ensuring the availability of data to competent authorities for regulatory control purposes and (iii) facilitating the switching of providers and the porting of data for professional users of data processing services. The proposal has a broad scope of application and encompasses all types of data processing services and the usage of all types of IT systems, whether located on-site or outsourced to a service provider. Territorially, the regulation applies to processing provided as a service to users residing or established in the Union or processing carried out by a natural or legal person residing or established in the Union for its own needs.
The proposal lays down rules on data localization requirements (article 4), data availability for competent authorities (article 5), and data porting for professional users (article 6) and includes a SPOC-mechanism for cooperation between the Member States (article 7).