Estonia wants to seal an agreement next week between member states that would allow data to move easily across the EU, a priority file that the Baltic country pushed for throughout its six-month role leading legal negotiations.
The so-called free flow of data proposal has had an especially fast path through national governments’ negotiations: the European Commission only proposed the regulation in September.
Negotiators’ quick pace to close a deal on the data rules is a sharp contrast to other pending digital single market legislation. Over the last few months, the Commission has increased pressure on national governments and the European Parliament to speed up their discussions: out of a total of 24 new legal changes that the EU executive has proposed on tech files since 2015, 13 are still up in the air.
Diplomats are only just getting started in negotiations over a major cybersecurity overhaul that the Commission proposed on the same day as the free flow of data bill.
But Estonia made the data proposal a centrepiece of its presidency of the rotating Council of the EU, which finishes at the end of this month. When it took over the leadership role in July, Prime Minister Jüri Ratas called for rules to create the free flow of data across Europe. That was months before the Commission even published its proposal.
Now, Estonian diplomats want to mark the end of the country’s digital-focused run chairing Council meetings by wrapping up member states’ talks over the file. Estonia has touted itself as a digital powerhouse throughout its presidency.
“This kind of tempo is rather unusual for Brussels,” a spokeswoman for the Estonian Council presidency said.
She described the negotiations as an “intense process” and said Estonian diplomats overseeing the talks have drafted three new versions of the law just within the last week.
At a meeting next Wednesday (20 December), Estonia wants ambassadors from member states to sign off on the rules. It would be a fast breakthrough. MEPs have not even started discussing the bill. On other digital files, negotiations between member states often lag behind the Parliament.
Anna Corazza Bildt, the Swedish centre-right MEP authoring the Parliament’s version of the legislation, told EURACTIV “I am committed to remove national borders and barriers to access, process and store non-personal data across Europe.”
The law can only go into effect after it is agreed in three-way negotiations between member states, MEPs and the Commission.
Estonia’s push to broker a fast agreement on data flows was originally backed by a group of around 15 countries that have called for the rules since last year, arguing that a ban on data localisation requirements will open up new business opportunities and give firms more choices to store data wherever they want in the EU.
A broad group of member states now support the idea, although some have pushed for tougher security safeguards and exceptions so that companies could still be required to store certain kinds of data on domestic servers.
The Commission estimated that lower business costs could add up to €8 billion per year to the EU GDP.
The draft rules would get rid of data localisation within the EU by knocking down national laws that require data to be stored only in a certain country.
“When our people, goods, services and capital move freely across borders, information cannot be left behind,” the Estonian spokeswoman added.
Estonian legal experts sent out their latest draft to diplomats on Thursday (14 December), including new rules outlining when a country can require data to be stored domestically.
The new version allows data storage restrictions for “public policy” reasons, which “covers the protection against a genuine and sufficiently serious threat affecting one of the fundamental interests of society”, including “issues relating to human dignity, the protection of minors and vulnerable adults”.
France has pushed for exceptions to be added to the law that would give countries more options to continue requiring data to be stored within national borders.
At a conference on Thursday (14 December) in Brussels, France’s negotiator on the data flows bill said that the law needs more safeguards, including to protect public health and safety.
— Laura Kayali (@LauKaya) December 14, 2017
Estonia’s new proposal is a last-ditch effort to win over France and a small handful of other hesitant countries.
Telecoms ministers debated the proposal earlier this month at a meeting in Brussels. The French, German and Spanish ministers all expressed reservations about the proposal, suggesting that it needed more exceptions to allow for forced data localisation in certain situations.
But some other ministers said the negotiations should push ahead without those exceptions.
“If everyone wants to add exceptions, there will be no progress,” Xavier Bettel, Luxembourg’s prime minister and telecoms minister, warned at the 4 December meeting.
The free flow of data proposal has also received enthusiastic support from tech companies. But when the new Estonian draft surfaced on Thursday, some in the industry warned that the new exceptions would water down the plan to get rid of data restrictions.
CCIA, a lobby group that represents firms including Amazon, Cloudfare and Facebook, tweeted, “Efforts by a few, big member states to add new exceptions, namely the very broad term ‘public policy’ and any ‘public sector data’, would encourage more data localisation in the EU and render the proposal meaningless.”
Efforts by a few, big Member States to add new exceptions, namely the very broad term “public policy” and any "public sector data", would encourage more data localisation in the EU and render the proposal meaningless.
— CCIAEurope (@CCIAEurope) December 14, 2017