|
This freedom to choose a data service provider anywhere in Europe is expected to lead to more innovative data-driven services and more competitive prices for businesses, consumers and public administrations. Member states' ambassadors endorsed the new rules today, following a provisional agreement with the European Parliament on 19 June.
The reform will remove any restrictions imposed by member states' public authorities on the geographical location for storing or processing non-personal data, unless such restrictions are justified on grounds of public security. Important sources of non-personal data include the rapidly expanding Internet of Things, artificial intelligence and machine learning. Current uses of aggregate and anonymised sets of non-personal data include for example big data analytics and precision farming.
To ensure that the rules will work in practice, member states must either repeal their data localisation requirements or notify those that are permitted to the Commission. The text clarifies that member states' public administrations are not prevented from insourcing the provision of services involving data processing.
If a data set contains both personal and non-personal data, the general data protection regulation will apply to the personal data part of the set, while the non-personal data will be covered by the free flow of data regulation.
Member states' competent authorities will continue to have access to data even when it is stored or processed in another country. This may be necessary for example for the purposes of regulatory or supervisory control.
The draft regulation also encourages the development of codes of conduct to make it easier for users of data processing services to switch service providers or to port their data back to their own IT systems. [...]