Negotiators reach quick agreement on law banning data localisation

Anna Corazza-Bildt called a new law allowing the free flow of non-personal data within the EU "a game changer" that will stop data localisation. [European Parliament]

EU negotiators sealed an agreement to allow non-personal data to move freely across the bloc and ban national laws that require companies to store data within a country’s borders.

The legislation cracks down on data localisation and will open up the market for companies to choose where in the EU they store data. The European Commission has promoted the new rules as a way to make data storage easier and cheaper, and has estimated that they will add 4% to the bloc’s GDP by 2020.

“Data localisation restrictions are signs of protectionism for which there is no place in a single market. After free movement of people, goods, services and capital, we have made the next step with this agreement for a free flow of non-personal data to drive technological innovations and new business models and create a European data space for all types of data,” Commission Vice-President Andrus Ansip said in a statement.

The legislation covers data that contains no personal information and cannot be used to identify people. A separate law, the sweeping data protection regulation known as GDPR, introduced privacy rules that apply to personal data across the bloc. It took effect on 25 May.

Negotiators agreed on the so-called free flow of data bill during a late-night meeting on Tuesday (19 June).

One Commission official described the breakthrough as “historic” because there will no longer be legal restrictions on where in the EU personal and non-personal data is stored.

Estonia seeks deal on data flows to cap tech-focused Council presidency

Estonia wants to seal an agreement next week between member states that would allow data to move easily across the EU, a priority file that the Baltic country pushed for throughout its six-month role leading legal negotiations.

The negotiations wrapped up after less than one week of meetings between MEPs, the Commission and national diplomats—a very short time for Brussels standards. EU legislation frequently drags through discussions for two years or more. The GDPR went through four years of formal negotiations before it was approved.

The Commission proposed the data flows bill in September 2017. MEPs in the European Parliament’s Internal Market Committee (IMCO) approved the draft legislation on 4 June.

Anna Corazza-Bildt, the Swedish centre-right MEP who led the Parliament’s negotiations, called the legislation “a game changer, potentially providing enormous efficiency gains for both companies and public authorities”.

“It will reduce data protectionism, which is threatening the digital economy, and pave the way for artificial intelligence, cloud computing and big data analysis,” she said.

The rules will apply to government offices as well as to private companies. Governments will still be allowed to store data in processing centres they have set up.

Officials working on the file attributed the fast-tracked negotiations to the technology industry’s positive reaction to the bill. Tech companies have praised the Commission bid to prevent restrictive national laws.

“This is not asking the industry to adapt new rules. It’s basically us saying, ‘don’t even think about making these rules’. It’s essentially preemptive,” one EU source said.

Christian Borggreen, vice president of CCIA Europe, a lobby group that represents tech companies including Google and Facebook, called the legislation a “major step towards achieving a European digital single market with increased competition for cloud services and more choice for consumers”.

Member states and tech firms wary of EU 'data flows' plan

Tech companies want the European Commission to propose new legislation in autumn that they hope will bring down data storage costs in some countries. But rumoured changes have worried firms that France could pressure the executive to weaken the rules.

Subscribe to our newsletters