EESC says Commission's proposal on free flow of non-personal data in the EU lacks ambition

The European Commission's proposal is overdue, and lacks ambition, consistency, and convincing mechanisms for its effective implementation.

In its opinion on the free flow of non-personal data in the EU, drafted by Jorge Pegado Liz of the Section for Transport, Energy, Infrastructure and the Information Society (TEN) and approved at the plenary session on 15 February 2018, the EESC takes a stand against the approach adopted by the European Commission.

The Committee points out that a legislative initiative in the field of the free flow of non-personal data is essential in order to achieve the objectives of the Digital Agenda and complete the Digital Single Market.

However, the EESC is of the view that the Commission does not really address the three most important objectives, and it therefore cannot endorse the current text. "This proposal will not contribute towards achieving the basic objectives", noted Mr Pegado Liz. "It needs to be part of a more global approach; it must be the first step in the future development of a more ambitious way of genuinely securing free movement of non-personal data in the European Union's digital market."

• Data localisation requirements

Objective 1: Improve the cross-border mobility of non-personal data in the single market.

With reference to the first objective, the Commission has deemed it sufficient, in the initial phase, to require Member States to notify it of "any draft act which introduces a new data localisation requirement or makes changes to an existing data localisation requirement".

Not until 12 months after the regulation enters into force – which is not to occur before the end of 2018 – will Member States be obliged to "ensure that any data localisation requirement that is not in compliance" with the rule on the non-prohibition or non-restriction of free flow of the data concerned "is repealed", except where they consider it to be warranted for reasons of public security.

The EESC does not consider it sufficient to merely require Member States to notify the Commission, and finds it unacceptable that no specific procedure is being put in place for cases where Member States do not comply.

• Data availability for competent authorities

Objective 2: Ensure that the powers of competent authorities to request and receive access to data for regulatory control purposes, such as for inspection and audit, remain unaffected.

In this respect, the EESC regrets that the Commission's proposal is limited to a cooperation procedure between competent authorities in each Member State, with a specially created network of single contact points that will liaise with the single contact points in other Member States and the Commission.

• Data porting for professional users

Objective 3: Make it easier for professional users of data storage or other processing services to switch service providers and to port data.

In this regard, the EESC does not agree with the Commission's decision to limit itself to undertaking to "encourage and facilitate the development of self-regulatory codes of conduct at Union level", without even considering drafting "guidelines", and argues that, in this field, only legislative measures should be considered.