You may well remember our blog from last year which outlined the Commission’s proposal for a framework in relation to the free flow of non-personal data in September 2017 (you can view our blog here).

On 19 June 2018, the European Parliament, Council and the European Commission reached a political agreement on the rules that will allow data to be stored and processed everywhere in the EU, without unjustified restrictions.

In addition to supporting the creation of a competitive data economy within the Digital Single Market, these new rules will remove barriers which hinder the free flow of data. Predictions suggest that this could boost Europe’s economy by an estimated growth of up to 4 per cent GDP by 2020. You can find more information on the European Commission’s website.

Key objectives

The new rules on the free flow of non-personal data will:

  • Ensure the free flow of data across borders: this will prohibit data localisation restrictions permitting organisations to be able to store data anywhere in the EU. Also, requiring Member States to communicate to the Commission any remaining or planned data localisation restrictions in “limited specific situations of public sector data processing”.
  • Ensure data availability for regulatory control: allowing public authorities to access data – for scrutiny and supervisory control – despite where it is stored and/or processed in the EU. Also, Member States may sanction users that do not provide access to data stored in another Member State.
  • Encourage creation of codes of conduct for cloud services: to facilitate switching between cloud service providers under clear deadlines. The Commission states that this “will make the market for cloud services more flexible and the data services in the EU more affordable”.


The new rules have no impact on the application of the General Data Protection Regulation (GDPR), as they do not cover personal data. However, the two Regulations will function together to enable the free flow of any data and therefore create a single European space for data.

Where there is a mixed dataset, including both personal and non-personal data, the GDPR provision which guarantees the free flow of personal data will be applicable to the personal data, and the free flow of non-personal data principle will apply to the non-personal part.

“Backbone of today’s digital economy”

These new rules will help to build a common European data space and encourage more flexibility in the market for cloud services, particularly around cost.

The Commissioner for Digital Economy and Society highlighted that: “The European data economy can become a powerful driver for growth, create new jobs and open up new business models and innovation opportunities.”

There is now the presumption that with this agreement we are one step closer to completing the Digital Single Market by the end of 2018.