DIGITALEUROPE’s Initial Views on Building the European Data Economy Communication

Free Flow of Data

The European economy is undergoing a transformation to a data driven economy, which heavily relies on cross-border data flows. The success of this transformation directly depends on companies’ ability to transfer personal and non-personal data, across borders in order to develop their business models, provide services to consumers and create cross-industry partnerships. However, existing direct and indirect restrictions to the free flow of data across the EU’s Member States, including in the area of national public procurement, undermine the competitiveness and growth of companies in Europe.

As the Commission notes in the Communication, data localisation measures effectively reintroduce digital border controls which constrain the development of the EU data economy. Such protectionist measures prevent companies, including European SMEs, from scaling-up and entering new markets in the EU. As a consequence, customers’ access to state-of-the art technologies or cheaper services is limited, with a direct and negative impact on the uptake of cloud computing in Europe.

We must also address the damaging misconceptions about data localisation, which are sometimes wrongfully justified as necessary assurances of stronger privacy and security. What matters in terms of security is how the data is stored, not where: the combination of state-of-the-art cloud computing together with modern cybersecurity tools and practices is the real enabler of secure storage and processing, rather than data localisation. Data localisation measures actually weaken security protections as they make centralised data easier to target thus more vulnerable to attacks. Also, data localisation can endanger the security of organisations and institutions which operate crossborder, as they rely on global information systems and cybersecurity tools and teams. In a nutshell, data localisation can actually weaken security and brings nothing but higher costs and fewer services to businesses and public administrations which need to store and process data in the Union.

As the Commission rightfully mentions in its Staff Working Document accompanying the Communication, the trend in Europe is towards more, not less data localisation (+100% in 10 years), which may also explain the general misconception among administrations and businesses that there actually is a legal obligation to store data.

Considering the significant obstacles localisation measures create for the European data economy, and their obvious incompatibility with the principles of the Single Market, we strongly regret that the European Commission has failed to introduce a legal instrument establishing the principle of free movement of data. This comes despite strong cross-sectoral industry desire for legislation and support from a majority of Member States.

The vague and ineffective measures that are being proposed instead will not solve the problem: infringement proceedings against Member States are highly political and when launched take years to complete. The Commission indicates it “may also take further initiatives on the free flow of data”, but without further details.

With data localisation measures being allowed to proliferate, building a European data economy and a (Digital) Single Market is simply impossible. We therefore renew our call for the European Commission to put forward a Regulation to establish the general principle of the free movement of data and to remove data location restrictions across the EU. The exceptional introduction of data localisation requirements by Member States should be pre-determined by a narrow range of acceptable justifications and subject to prior notification to allow for verification of their compatibility with EU law, including in the area of public procurement.