Data can create significant added value to existing services and facilitate entirely new business models. To fully unleash the data economy benefits it is crucial to ensure a free flow of data allowing companies and public administration to store and process data. According to studies taking away obstacles to data, mobility is expected to generate additional business growth.
Free flow of data has been impeded by data localization requirements which constitutes a restriction on the flow of data from one country to another and raise the cost of conducting business across borders. These restrictions are prompted by the perception that data are more secure when stored within a country's border. But in reality data security depends on the specific security measures used to store the data rather than on the location where the data is stored. Cloud service providers are particularly affected with this data localization requirement as they prevent providers from accessing markets where they do not have a data center or by preventing users themselves from using cloud services provided from another state. Thus data localization requirements limit the access of public bodies and business sectors operating in multiple countries to contract excess data storage and processing capabilities.
The proposal for a Regulation on the free flow of non-personal data in the European Union (EU) makes up the legal framework applicable to personal data. It comprises key provisions including a general prohibition of data localization requirements in EU, a double obligation for member states as regards any existing data localization requirements, the availability of data for authorities to perform of their duties, and no hard and fast obligations imposed on the topic of data porting. From a business perspective, the free flow regulation enables rapid development of data economy and advancing technologies including artificial intelligence, IoT products and services, 5G and other technologies based on data.
The Free Flow Regulation will apply to all processing of electronic data other than personal which gives rise to some uncertainty as to what data will fall within the scope of the Free Flow Regulation. A combined dataset of personal and non-personal data involves a further challenge—particularly in the context of big data—which may include large amounts of unstructured data of various natures raising practical concerns.
Despite the challenges mentioned above, the Free Flow Regulation remains a significant milestone in the elimination of restrictions to cross-border data flows and their negative impact on business. With the free flow data regulation, companies expect cost reductions particularly significant for start-ups and SMEs.