The European Commission has published the latest proposal in its EU Digital Single Market strategy: a regulation to ensure the free flow of non-personal data within the EU. The regulation will ban national rules that require data to be held locally, except where justified by public security. These ‘data localisation’ rules currently exist in some EU member states, in sectors like financial services and healthcare. 

Why is the EU suggesting this?

The Commission says that data localisation rules cause legal uncertainty and a lack of trust in the market. It believes that removing these rules could add €8bn per year to EU GDP and help the EU data economy grow up to €739bn by 2020 (4% of EU GDP). 

Andrus Ansip, Vice-President for the Digital Single Market, said, “The free flow of data will make it easier for SMEs and startups to develop new innovative services and to enter new markets.” And Mariya Gabriel, Commissioner for the Digital Economy and Society, said, “Citizens and businesses will benefit from better products and services as more and more data becomes available for data-driven innovation. Removing obstacles to cross-border data flows is essential for a competitive European data economy.”

The regulation complements the EU General Data Protection Regulation, which provides for the free flow of personal data in the EU.

What are the main changes? 

The proposed regulation provides for:

  • the free flow of non-personal data across borders: member states will no longer be able to oblige businesses to store or process data within their borders, unless justified for reasons of public security. Member states will have to notify the Commission of any new or existing data localisation rules, and repeal any inconsistent laws within a year of the regulation taking effect;
  • data availability for regulatory control: tax and other authorities will still be able to exercise their rights to access data wherever it’s stored or processed in the EU; and
  • self-regulatory codes of conduct: these will remove obstacles to switching between cloud storage providers. 


Will this benefit business? 

The Commission is confident that the proposal will help produce a competitive and reliable EU data storage and processing sector. It aims to increase legal certainty and inter-market trust, allowing businesses to use more cloud services and feel reassured when entering new national markets. Businesses should be able to operate across borders without having to duplicate IT systems or to save the same data in different places. They could also choose the most cost-effective locations for IT resources and switch between service-providers more conveniently and cheaply. 

However, the proposal could change, as it still needs to be reviewed by the EU Parliament and Council. It’s also unclear how a post-Brexit UK will interact with the EU Digital Single Market.

What is the Digital Single Market?

The proposal is just one part of the EU’s strategy for a borderless digital market – in the last few weeks, we’ve also seen proposals on combatting online piracy and taxation of the digital economy. And we expect to see a parliamentary vote on the proposed e-Privacy Regulation soon. 

We’re following the DSM changes closely and are in regular contact with the decision-makers in Brussels. If you’d like us to represent your interests in our discussions with them – or if you’d like to receive regular DSM updates - please contact us.


Authors: Giles Pratt and Lottie Sandberg