EU Regulation regarding Free Movement of Non-Personal Data
In the context of data economy and data flow across borders, the new Regulation of the European Parliament and of the Council, acknowledges the importance of the latest information and communication technology, including AI and Machine Learning, Internet of Things, 5G, Value Chains, and all the technology which makes use of electronic data in the implementing process. When the considered data fall within the meaning defined in point 1 Article 4 of EU Regulation 2016/679 (GDPR), then the GDPR will apply. By contrast, if data don’t fall within that meaning, they will be treated as “non-personal data”, to which the new brief Regulation (a framework comprising nine articles) will apply.
From a substantial point of view, the regulation follows three main directions:
(i Principle of Free Movement) Liberalizing movement of non-personal data within the Union by repealing rules which lay down data localisation requirement or other rules which have an equivalent effect (except when justified by public security reasons);
(ii Availability) Maintaining the power of competent authorities «to request, or obtain, access to data for the performance of their official duties in accordance with Union or national law»;
(iii Porting) Facilitating competition in the market of data processing services, by enhancing easier data porting as well as the development of self-regulatory codes of conduct of companies providing data processing services, as to let professional users (i.e. business players, private or public) make informed choices.
From a procedural point of view, the Regulation introduces a procedure for the cooperation between authorities of all member States. Finally, it’s stated the monitoring power of the Commission which comprises the future issuing of an informative guidance, regarding the flow of electronic data within the EU.