Cross-border data flow in the digital single market: study on data location restrictions (SMART 2015/0054) Austrian and Belgian reports explicitly mention the role of cooperation agreements between regulators, and the Dutch regulator publishes and maintains a ‘whitelist’ of service providers which have been found on the basis of prior examination and dialogue to be permissible for financial data. Expanding this approach to cover Member States equally and to incorporate other industries – legal services, health care, accounting, gambling, etc. – would be a key way to implement this recommendation on the basis of existing good practices.
5.4 Summary – key requirements and recommendations Summarising the recommendations above, two key steps should be taken in order to eliminate unjustified restrictions to data location. The first step is scoping the free movement of data, by outlining clearly where the free movement of data applies and where it does not. Materially, this should be done by only permitting the Member States to implement legal requirements in relation to services (as defined in the Treaty and the Services Directive) that affect the free flow of data to the extent that these requirements are objectively justified by an overriding reason relating to the public interest, and that they are proportional in the light of this public interest objective This can be done in several ways:
Policy option 1 is to establish the free movement of data purely through the strict application of the Treaties, Services Directive and e-Commerce Directive. This implies no new legal instrument, but requires that Member States are reminded of the impact of the present legal framework on their data location requirements. The effectiveness of this measure is however dependent on the infringement process, which is relatively time consuming and resource intensive. Policy option 2 is the creation of a new horizontal legal instrument, such as a Directive or a Regulation, establishing the free movement of data as a principle, and outlining the requirements and process for Member States to implement exceptions. This allows a more tailored and homogeneous approach, since the scoping and principles set out above can be integrated directly, rather than depending on an interpretation of the existing rules; for this reason, it is the favoured option of the study team, which also seemed to be favoured by a majority of the participants in the project workshop. Policy option 3 is the non-regulatory scoping of the free movement of data through policy recommendations and best-practices based coordination between the Member States. While this option is conducive to encouraging communication, it may be seen as too weak to make quick progress, and may not have the same impact on the market as a regulatory statement of the principle of free movement of data.
The second step is then of course the implementation of the free movement of data. As described above – and irrespective of the chosen policy option – this must be done through three sub steps:
115
Member States must screen their legislation to identify any requirements that might run afoul of the free movement of data (which can of course build on the findings of the present Study); Simplify any identified requirements by translating them into functional requirements;
