Teal blue header image

Regulation on framework for free flow of non-personal data in EU published

The European Commission (Commission) has issued a proposed Regulation for establishing the framework for the free flow of non-personal data within the EU.

The free flow of non-personal data is one of the sixteen intended actions in the Commission’s Digital Single Market Strategy. In this context, obstacles to data mobility have been identified as a key problem to building a competitive data economy.


It its communication on the proposal the Commission notes that our economy is relying increasingly heavily on data. As a result, data can add significant value to existing services and form the basis of new innovative business models. Research suggests that removing obstacles to data mobility could generate additional growth. The Commission notes that “to fully unleash the data economy benefits we need to ensure the free flow of data, allowing companies and public administrators to store and process non-personal data wherever they choose in the EU.”

The aim of the proposal is to achieve a more competitive and integrated EU market for data storage and processing activities by removing the main barriers to the free flow of data, identified as:

  • Unjustified data localisation restrictions by Member States' public authorities;
  • Legal uncertainty about legislation applicable to cross-border data storage and processing;
  • A lack of trust in cross-border data storage and processing linked to concerns amongst Member States' authorities about the availability of data for regulatory scrutiny purposes; and
  • Difficulties in switching service providers (such as cloud) due to vendor lock-in practices.

The proposal

Key articles of the Regulation seek to:

  • Establish a system for the free movement of non-personal data across borders with any organisation able to store and process data anywhere within the EU. In this context, member states are required incompatible localisation requirements and notify any new requirements (Article 4);
  • Ensure the availability of data to national authorities for regulatory purposes, including when that data is located in another member state or stored /processed in the cloud (Article 5); and
  • Promote easier porting of data. In this regard the Commission proposes encouraging cloud service providers to develop self-regulatory codes under which professional users can easily switch between cloud service providers and back to their own IT environments (Article 6).

The final draft of the Regulation is scheduled to come into force six months after its publication in the Official Journal.


The General Data Protection Regulation (GDPR) sets out the approach to the free movement of personal data within the European Union. It is hoped that, together, the GDPR and this Regulation will form a clear and comprehensive approach to the free movement data, which will balance the right level of protection with the freedom to enable businesses to thrive.

Contributor: Jenai Nissim

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at November 2017. Specific advice should be sought for specific cases. For more information see our terms & conditions.

Insights & events View all