A summary of the policy debate is now available.
Telecommunications Council – 4 December 2017
Free flow of data
– View related documents and the next stage of the procedure in the Policy Pipeline
The Estonian Presidency made the following remarks
- the issue had been discussed in formal and informal talks for over 2 years;
- the European Council had asked the co-legislators to reach an agreement on the proposal by June 2018.
Commissioner for the Digital Economy and Society, Mariya Gabriel made the following remarks
- she stressed the need to reach an agreement with the Parliament by June 2018 and she also welcomed the Presidency’s ambition to make considerable progress on the file;
- the data economy was developing at a “mind-boggling rate” and according to forecasts the volume of data generated worldwide would be 18 times larger in 2025 than it was in 2015. It would be the Internet of Things (IoT) that would generate most of the data;
- all actors in the data value chain would need highly effective technologies in order to process and store large amounts of data;
- the proposal was an important of the Digital Single Market (DSM). Together with the General Data Protection Regulation (GDPR), personal and non-personal data would be able to circulate freely throughout the EU;
- she was convinced that the Commission’s proposal “protected” the role of Member States (MS) in the data economy;
- it was important to understand the “bigger picture” from the MS regarding the national plans for storage infrastructure and data processing in the public sector;
- the Commission was also interested to hear national views on cross-border access to data for legitimate monitoring purposes.
The Estonian Presidency
- she asked the following questions for the debate:
- Keeping in mind the current data revolution and the need to boost trust in data storage and processing across the Single Market, how could it best be assured that your public administration benefits as much as possible from the Proposal (through a more competitive and open market for data storage and processing services)?
- How would you propose to build on existing cooperation mechanisms at European and national level to facilitate prompt and efficient data exchange for regulatory control?
- Would you agree that the Proposal is proportionate and appropriate regarding definitions and exemptions (public security) to achieve the desired level of impact? Do you foresee specific situations in which data localisation restrictions are necessary and proportionate, but not possible under the Proposal at the moment?
- the Presidency believed that quick progress could be made on the file. Reaching a “speedy compromise” would show that Europewas open to the digital revolution.
- he thanked the Presidency for their work in bringing the digital agenda to the highest political level. He had never seen so many Ministers around the table during a Telecommunications Council meeting;
- he was “sick of hearing” about the DSM, and wanted to finally do it;
- developing the European economy would be based on data;
- it was important to send a strong signal to economic operators to in Europe;
- personal and non-personal data should not be mixed up;
- localisation requirements needed to be eliminated;
- justifying the exceptions would be the “cornerstone” of making the proposal a success. It was crucial to avoid lengthening the list of exceptions;
- any access to data needed to be done in conformity with the existing national legislation;
- there would be a problem of credibility if national administrations were excluded from the rules;
- he stated that Luxembourg fully supported the file.
- free data flows were a crucial component on a well-functioning digital economy. On non-personal data it was important to show swift EU-level action;
- all unjustified restrictions on data localisations needed to be removed;
- Denmark was ready to constructively address any concerns in the proposed text with a view to an efficient conclusions of negotiations;
- he underlined that the main Danish concerns were with the impact of the proposal on European enterprises;
- European enterprises needed to be able to provide data services across the EU. They needed the freedom to organise their businesses in the most efficient way possible;
- Denmark believed that free data flows would encourage the increase competition for data services, and public administrations would benefit from this;
- it was a Danish priority to ensure that public authorities continued to have access to data for their work;
- the cooperation mechanisms in the proposal should ensure that the procedures were flexible and effective;
- geographical data localisation restrictions hindered European businesses. They should only be used in very limited and justified circumstances.
- the free flow of data was one of the most important principles for boosting the data economy in the EU;
- the proposal needed to be examined with a view to boosting innovation and providing better services to European citizens. The EU’s only contribution to the data economy could not be data storage;
- Europe’s competitors were working hard to enable new business models and better services. Platforms were a core part of the digital economy and she stated that the EU was “way behind” on this;
- the exemptions needed to be clarified, and the scope needed to include the public sector;
- Finland favoured the approach of existing governance and cooperation mechanisms;
- she urged the Commission to publish guidelines on data use, including data usage rights, open interfaces, interoperability and data protection by default;
- to promote data sharing, she proposed that data usage rights should be viewed from a new angle. Sharing needed to be seen as a “continuum” and not as a yes or no answer;
- the Commission’s efforts were important. Europe needed to be ambitious in the promotion of free flow of data in all its aspects.
- data was the fastest growing sector in the EU, and its protection was essential;
- the DSM was based on the principles of efficiency, economies of scale and digital development;
- data localisation requirement exceptions should be based on public security, public policy and health;
- he referred to personal data.
- the removal of unjustified data localisation requirements was of fundamental importance for European start-ups and SMEs;
- any delays in the adoption of the proposal would continue to hinder European business growth;
- the IoT was “exploding” and devices were increasingly becoming connected;
- without the free flow of data, the EU could not deliver the digital society or connected cards, devices and smart cities;
- he stated that it was key to not water down the proposal as it would hinder Europe’s ambition to be “the global leader in digital transformation”;
- he stated tat a principles-based approach to the proposal was the right one. The free flow of data should be default;
- Ireland did not see any benefits in extending the exemptions beyond public security reasons. Adding any further exemptions would lessen the impact of the proposal;
- a necessary level of transparency was ensured by the notification procedure for any new localisation requirements;
- Ireland was fully supportive of the cooperation mechanism;
- there were huge benefits to public administration as they would have access to high quality data processing services;
- he stated that the guidance on data portability was welcome. Businesses now had their role to play in offering interoperable data storage and software services;
- he stated that the industry needed to be trusted to innovate within the guidelines presented to them;
- free flows should also increase European competitiveness globally.
- free data flows would result in data driven growth and innovation in the EU;
- public administrations would benefit from an increased freedom of choice regarding data-driven service providers. Public administrations themselves were not allowed to create any unjustified data localisation requirements when they used data services from private parties;
- MS public administrations should lead by example in order to stimulate the free flow of data in the EU;
- the Netherlands considered access to data by the competent authorities important. Competent authorities could not be refused access to data simply because it was stored in another MS;
- well functioning cooperation mechanisms already existed between national authorities for data access on justice, taxation and police issues;
- she was therefore “hesitant” about the establishment of a new and general cooperation mechanism regarding data access;
- the proposal offered and preserved the freedom for consumers and businesses to choose the best providers for data processing and storage;
- she considered public security as a justified exemption, and she was not aware of any situations that required more exemptions. Any additions needed to be necessary and proportionate.
- building the data economy in Europe required a clear legal framework that considered of data flows, portability, access and standards;
- simple and broad rules were necessary in order to make the free flow of non-personal data a success. Exemptions to the rule needed to be limited and Poland supported the current wording on public security reasons;
- the definition of non-personal data needed to be made clear;
- the self-regulatory proposal on data portability needed to be extended to include open standards, interoperability and mutual recognition of cloud services certification;
- the proposal did not clearly define data portability rights, and the text needed to be improved in this regard;
- he stated that Poland would continue to support the proposal and he hoped that the debate would prove the necessary guidelines for the Presidency to make progress;
- Poland awaited further proposals on data availability and data re-use.
- Germany welcomed the proposal to digitise the European economy. It was key for future European competitiveness;
- there were different views that would need to be balanced. There was innovation on one hand and the rule of law on the other;
- potentially large data monopolies would not help public opinion;
- competitiveness was not automatically ensured;
- data storage and processing by public authorities was not a question of the internal market. It was about the “ability of the state” and the rule of law;
- he stated that it was important that the scope of the Regulation was clearly defined with respect to personal and non-personal data. “Un-beaurcratic ways” of separating the two in more complex situations was necessary;
- he stressed the need to make sure that the proposal did not create any misunderstandings with other legislation regarding data.
- both personal and non-personal data would have to be addressed in order to make the European digital economy a reality;
- interoperability with the obligation to produce results was necessary;
- he congratulated the Estonian Presidency for making this proposal a priority;
- public acceptance and confidence, and maintaining European security objectives were crucial to making the proposal a success;
- the success of free flow of data in the EU would create a “digital revolution” and discussions on what was non-personal data and what was not was a waste of time;
- overall, France was very positive about the proposal.
- in order to make the proposal a success, it was important to examine issues such as data access and transfer of non-personal machine generated data, interoperability, data liability and the consistency with the cybersecurity package;
- it was important for the competent authorities to exercise their rights to access to data, regardless of where it was stored or processed. There needed to be common understanding between the MS on this issue;
- Romania hoped that that the file could be concluded as soon as possible, and would continue to work constructively on the proposal.
- Austria welcomed the transparent approach on the preparation of the work on the proposal;
- legal certainty must be ensured. Additional burdens and red tape needed to be avoided;
- the issues of the appropriate legal basis and national competences needed to be resolved;
- the distinction between personal and non-personal data was “all important”.
- the proposal was crucial for European SMEs that wanted to expand into other countries;
- he stated that the proposal was supported by Czech consumer associations. A competitive data storage market would bring more diverse and competitive goods and services to consumers;
- he stated that it data access was important for judicial, police and administrative bodies when carrying out their duties;
- the new cooperation mechanism needed fulfil its purpose. Overlaps with existing cooperation mechanisms and excessive administrative burdens should be avoided. National jurisdictions had to be respected;
- he stated that the definitions in the proposal “used the right language” but the Czech Republic had a few concrete suggestions on improving their clarity. A negative definition of non-personal data was the best option, and providing examples of non-personal data could avoid diverging national interpretations;
- it was fundamental that any exemptions were proportionate and clearly defined, in order to avoid their misuse.
- the free flow of data was just as important for manufacturing as it was for the technology sector;
- public administrations needed to take steps towards minimising their data localisation requirements;
- the UK government had implemented a ‘cloud first’ policy, in which public authorities were required to examine potential cloud storage solutions first before considering other options when updating or procuring IT-solutions;
- cloud computing had transformed the way people and organisations used technology. Cloud services could transform services in both the public and private sectors, as well as deliver better security;
- the UK believed that cooperation mechanisms should be developed on existing practices at the EU-level and ensure minimum administrative burdens. She stated that the necessary “architecture” for this was already in place;
- the proposal was sufficient in terms of scope. The UK would warn against attempts to narrow down the definition of ‘data localisation practices’ or to introduce additional exemptions;
- the discussions on this proposal should continue as a top priority.
- a majority of companies, regardless of the sector, were dependent on data for their activities;
- Sweden supported the removal of unjustified data localisation requirements;
- Sweden also welcomed the possibility of certain exemptions. Data localisation requirements for public security reasons were justified;
- matters of national competence should not be covered by the Regulation.
- the key issue was not where the data was stored, but how;
- Slovenia strongly believed that the distinction between personal and non-personal data had to be clarified;
- he also suggested the creation of a monitoring body for the implementation of the Regulation;
- a step-by-step approach would be necessary;
- Slovenia was a leader in the use of big data, and it also had very strict legislation on the protection of public data.
- Lithuania strongly agreed that geographical data localisation requirements were often applied without justification and needed to be eliminated;
- freedom to choose where to store and process data would decrease costs and have a positive impact on the data economy;
- administrative burdens and costs for national cooperation schemes should be kept at a minimum. Lithuania saw a lot of potential for the simplification and clarifying the role of the single points of contact;
- public security should remain as an exemption.
- the more exemptions for the free flow of data were created, the trust of the public would be diminished. He urged for not more exceptions. Legislation should be built on trust;
- he saw no reason for the public sector exemption. This was an opportunity for creating a nationally protected sub-market. If there was no free flow of data, there should also be no free movement of persons, i.e. civil servants;
- regarding the first question, it should be based on the regulation, as simple as possible;
- the accessibility of data for regulatory purposes was crucial. There were enough cooperation agreements to find solutions if it was necessary;
- the transparency rule was important and it should allow for maximum legal certainty which was important for start ups;
- he thought the discussions was about freedom of movement, it existed for goods, persons, services and capitals. It should also exist for data. If exemptions were created now, it would also create exceptions for the other freedom.
- strongly supported the Commission proposal on the free flow of data. The challenge was to create a uniform system across the EU with regard to personal data. The GDPR already offered sufficient guarantees;
- regarding the level of services, a set of parameters should be identified based on which the minimum level of service which each European administration had to demand from its supplier could be measured regardless of the country of establishment;
- if every administration in relations with their providers adopted uniform conditions the only resistance to the cross-border flow of data could remain cultural in nature;
- regarding the definitions and exemptions, Italy believed that public security was too generic. Once the necessary guarantees had been achieved with regard to processing and identifying the appropriate level of service, it was difficult to identify an area whereby requirements of public security could suggest exemptions to the rule;
- it should be limited to the scenario where there were confidentiality of data reasons, or where the data was important in emergencies and had to be directly available.
- it welcomed the proposal and agreed with the reasons and aims;
- the proposal had a beneficial impact for the effective operation of public administration by ensuring fast access to reliable data originating from other MS, i.e. an administration would not pay anymore for data localisation reasons;
- regarding the 2nd question, the articles on the right to access of data located in the territory of another member states had to be looked into. The current jurisdiction should be taken into consideration;
- it was important that the current administrative cooperation scheme via the single contact point be applied. Hungary accepted the procedure where there was a formal request by the competence authority;
- Hungary emphasised the fact that non-personal data could be reclassified as classified data when it is linked to personal data.
- the removal of barriers for the free flow of data was fundamental for the creation of a fully-functioning DSM;
- public administration would have access to data both at local and at pan-European level;
- the removal of such abrriers should respect the principles of subsidiarity. MS should have the necessary access to data stored in other jurisdictions, but this should not entail granting them more rights;
- the best way of ensuring the improvement of cooperation mechanisms at EU level was using regulations and the legislative context aimed at providing common definitions of the terms used in contractual agreements that must be in place to regulate the data flows. Further clarification was needed;
- the exercise of EU powers should be limited to what is required to achieve the objective of the proposal which was to provide unhindered data flows between MS;
- allowing different interpretations would jeopardise the effectiveness of the proposal. It was imperative that both the GDPR and this proposal had the same tools of enforcement.
- data flows were a key component of the global value chain and boosting the EU competitiveness in the digital economy. It was imperative that data could flow unhindered across the EU and was not restricted locally;
- Croatia could develop solutions in environment, transport, energy, waste management, mobility, health and civil actions with data flows;
- it was important to avoid legislative overlaps, ensure consistency with existing instruments and set rules for free flow, analysis and storage of electronic non-personal data;
- free flow of data deserved to be the fifth freedom;
- exemptions on the ban on data localisation restrictions must be well-founded and proportionate. Potential restrictions on the free flow of data must be justified by technical requirements allowing national authorities to maintain the level of security and accessibility;
- enhancing cross-border flow of personal data and exchanging best practices were key;
- a clear definition of “public security” was needed. Regular consistency was a precondition for creating businesses;
- they supported the proposal and considered it adequate and proportional;
- they supported the single data points as well as the online publication of data localisation rules;
- any increase in administrative burden for MS resulting from overlapping legislation would have an adverse impact;
- competent authorities must have adequate supervision;
- at the moment, Croatia did not yet know whether any restrictions on data flows should be applied, but they were still analysing the proposal.
- this proposal was essential to the competitiveness of the European data economy;
- there were different levels of data sensitivity in the public sector. They wanted to go further into the exemptions besides public security;
- the definition of non-personal data had to be examined further, it did not offer sufficient legal certainty;
- for mixed data the GDPR should be applied by way of preference;
- existing cooperation mechanisms in Europe and “one stop-shop” should be used;
- a good balance should be struck.
- there were risks associated with the free flow of data but if there were clearly defined rules then the risks would not be an obstacle;
- it was about security and accountability;
- she could not imagine that sensitive data in the public sector should be processed without the necessary guarantee for quality and safety;
- the corresponding authorities needed to have a reasonable access in time to the data they required;
- the definitions for data owner, data subject or data processor were not sufficient. If there was a discrepancy in the definitions of the terms in the GDPR and in this proposal then legal certainty would be diminished;
- accuracy, consistency, machine-readability and legality of data should be ensured;
- legal rules on liability needed to be defined;
- restrictions should only apply in the interest of public health, order or security.
- generally they supported the free of charge and restrictions access to data;
- it was complex to remove the measures which hindered data access. Latvia had started opening public sector data and services to third countries while observing the legal framework for personal data and private life;
- in order to benefit, there must be an interest from the industry to cooperate and to use the free access to data;
- Latvia signed a cooperation memorandum between the public administration, the industry and the scientific institutions in order to ensure prompt and efficient data exchange. It was crucial that there was a clearly defined cooperation mechanism;
- there should be a possibility to restrict the access to data when it came to national security and defence;
- Latvia required additional investment into budget and resources . The financing models should not result in service fees for creating and processing data. These fees would hinder the wider usage of the data;
- it was also important to ensure the availability of EU financing to support the measures foreseen in the proposal;
- interoperability with third countries should be borne in mind.
- the new proposal aimed to increase the competitiveness of companies, in particular SMEs. This would be useful for economic growth and job creation;
- the proposal had to be coherent with other EU instruments. It needed also to ensure an improvement on the strategy for IoT;
- the GDPR created a satisfactory framework for flexibility;
- some issues had to be clarified that were of interest to the national authorities. It was about a complex topic such as money laundering, and the difference between personal and non-personal data;
- there was a strong connection with the e-transparency and the e-commerce directive. It could get out of control if it was not regulated properly;
- this was something the EU needed and it was a principle for which decisions had to be taken.
- Cyprus believed the free flow of data was an essential element of the DSM;
- data-driven innovation was only possible when data could flow safely and freely across borders;
- they had three main points:
- there was no doubt that a public administration itself would benefit from a more competitive market for data storage and processing services which would result in lower costs;
- it needed to be ensure that the appropriate rules were put in place that ensured adequate security and accessibility of data, as well as more rules that led to fair competition across different countries;
- exemptions beyond public security should be justified and proportionate.
- he stressed that the free flow of information was essential and swift work on the dossier was required.
- the free flow of data was an essential step for the furthering of the digital economy;
- they supported the conclusions of the European Council in October;
- security of data depended on how data was stored not where;
- the administrative and financial burden for administrations and businesses should be reduced;
- the text was proportional and reflected its interests.
Commissioner for the Digital Economy and Society, Mariya Gabriel made the following remarks
- she thanked the representatives for sharing their ideas;
- this was a political success;
- it was fair to say on free flow of data they Council shared the same views as the Commission and it was therefore important to maintain the political ambition;
- the Commission was at their disposal for any future assistance to discuss further.
The Estonian Presidency
- she thanked for the rich and thought-provoking debate. It had provided them with valuable guidance for further steps. A new compromise proposal would be prepared and she hoped that before Christmas agreement would be reached.
Source: One Policy Place