New Regulation Favors Free Flow of Non-Personal Data in the EU

Jones Day
Contact

Jones Day

With this new legislative act, the European legislature aims to remove existing data localization requirements and enable storage of data in multiple locations across the EU.

On November 14, 2018, the European Parliament and the Council of the EU approved a legislative reform banning data localization restrictions. The new Regulation (EU) 2018/1807 ("regulation"), published in the Official Journal of the European Union on November 28, 2018 and therefore applicable in all EU Member States as of May 2019, creates a framework for the free flow of electronic non-personal data in the EU and promotes the idea of a data economy and enhanced competitiveness of the EU industry.

Prohibition of data localization: This new framework forms part of the EU's digital single market strategy and responds to the need for removing obstacles to data mobility and the internal single market which affect trade and distort competition. In particular, the new regulation prohibits data localization requirements put in place by EU Member States regarding the storing or processing of non-personal data. An exception to the general prohibition applies where data localization restrictions are justified on grounds of public security.

Enabling new technologies: From a business perspective, the regulation enables the rapid development of the data economy and emerging technologies, such as artificial intelligence, Internet of things products and services, autonomous systems, and 5G, as all these technologies are based on data and require the free flow of data within the European Union in order to achieve data-driven economic growth and innovation.

Practical implications: Specific examples of non-personal data include aggregate and anonymized data sets used for big data analytics, data on precision farming that can help to monitor and optimize the use of pesticides and water, or data on maintenance needs for industrial machines. Companies with business models involving non-personal data should assess to what extent they may benefit from the new regulation. Those companies currently using personal data may want to explore the possibility of applying anonymization techniques to their data sets.

Self-regulation: Focusing on vendor lock-in practices in the private sector, the new regulation promotes market player self-regulation through the development of codes of conduct which allow users to switch between service providers without hindrance.

The European Commission is expected to publish guidance on how to handle data sets composed of both personal and non-personal data to allow companies to better understand the interaction between the new regulation and the General Data Protection Regulation.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jones Day | Attorney Advertising

Written by:

Jones Day
Contact
more
less

Jones Day on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.