Free flow of non-personal data

08 ottobre 2018

New rules aimed at removing obstacles to the free movement of non-personal data within the EU for companies and public authorities were adopted by MEPs. Parliament approves EU’s fifth freedom 

 

This EU law, already provisionally agreed with the Council, will prohibit national rules requiring that data be stored or processed in a specific member state. Non-personal data includes, for instance, machine-generated data or commercial data. Specific examples are aggregated datasets used for big data analytics, data on precision farming that can help to monitor and optimise the use of pesticides and water, or data on maintenance needs for industrial machines. Restrictions on the location of data will only be allowed on grounds of public security, as defined in the Treaties and as interpreted by the EU Court of Justice. Any remaining data localisation requirements will have to be communicated to the European Commission and published online, in order to ensure compliance and transparency. Access to and porting of data The rules ensure that competent authorities will have access to data processed in another member state for regulatory control purposes, such as for inspection and audit. They also foresee the creation of codes of conduct by market players, to make it easier for professional users to switch cloud-service providers and transfer data back to their own IT systems. The Commission will monitor the development and the effective implementation of these codes of conduct within specific deadlines. Data sets composed of both personal and non-personal data In the case of data sets composed of both personal and non-personal data, the free flow regulation will apply to the non-personal data part of the set. Where personal and non-personal data are inextricably linked, this regulation shall not prejudice the application of the new EU data protection rules (GDPR), applicable since 25 May 2018. Thus, the two regulations do not overlap, but will complement each other.

This EU law, already provisionally agreed with the Council, will prohibit national rules requiring that data be stored or processed in a specific member state. Non-personal data includes, for instance, machine-generated data or commercial data. Specific examples are aggregated datasets used for big data analytics, data on precision farming that can help to monitor and optimise the use of pesticides and water, or data on maintenance needs for industrial machines. Restrictions on the location of data will only be allowed on grounds of public security, as defined in the Treaties and as interpreted by the EU Court of Justice. Any remaining data localisation requirements will have to be communicated to the European Commission and published online, in order to ensure compliance and transparency. Access to and porting of data The rules ensure that competent authorities will have access to data processed in another member state for regulatory control purposes, such as for inspection and audit. They also foresee the creation of codes of conduct by market players, to make it easier for professional users to switch cloud-service providers and transfer data back to their own IT systems. The Commission will monitor the development and the effective implementation of these codes of conduct within specific deadlines. Data sets composed of both personal and non-personal data In the case of data sets composed of both personal and non-personal data, the free flow regulation will apply to the non-personal data part of the set. Where personal and non-personal data are inextricably linked, this regulation shall not prejudice the application of the new EU data protection rules (GDPR), applicable since 25 May 2018. Thus, the two regulations do not overlap, but will complement each other.

Archivio news

 

News dello studio

lug13

13/07/2026

Google Android: the Court of Justice upholds Google’s fine of around €4.1 billion

Judgment of the Court of Justice of the EU in Case C-738/22 P | Google and Alphabet v Commission The appeal brought by Google and its parent company Alphabet against the judgment of the General Court

lug13

13/07/2026

Judgment of the General Court in Joined Cases T-1079/23, T-1080/23 | Apple v Commission and T-214/24 Apple and Apple Distribution International v Commission

Digital services: the General Court of the EU dismisses Apple’s actions regarding its designation as a gatekeeper in relation to the App Store and iOS The General Court also rules that

lug13

13/07/2026

Opinion of the Advocate General in Cases C-535/25 | Amazon Italia Logistica, C-536/25 | Amazon Italia Services and C-537/25 | Amazon Italia Transport

According to Advocate General Campos Sánchez-Bordona of the Court of Justice of the European Union, companies in the Amazon group provide postal services in Italy Consequently, the requirement

News Giuridiche

lug14

14/07/2026

Autovelox, il Decreto atteso da 32 anni: cosa cambia per multe e ricorsi

Per i verbali futuri le contestazioni saranno

lug14

14/07/2026

La salute mentale dedotta dai dati della didattica online

Dal dato comportamentale al dato sulla

lug14

14/07/2026

L’abusivo esercizio dell’attività di intermediazione finanziaria è illecito deontologico

Sanzionato l'avvocato che si è fatto consegnare