Cross-border data flow in the digital single market: study on data location restrictions (SMART 2015/0054) Drivers behind the barriers and potential solutions The overview above showed that the barriers are indirect, and relatively universally serve to benefit the authenticity and integrity of the data. The table below illustrates how this objective could be supported at EU level without needlessly impairing the free flow of data. Figure 10 – Drivers behind the barrier observed and potential solution (Citizen data and company records)
Nature of the barrier
Objective / driver behind the barrier
Potential solution?
Designation of a specific legal entity that manages an official database
Ensuring sufficient security/confidentiality and authoritative nature of the data
Clarification from national lawmakers that the requirement can be met if the data remains under the exclusive control of the designated legal entity.
A specific mandate under law or from a specific body is required to access or use the data
Ensuring security/confidentiality, and supporting accountability and supervision
If authorisation is deemed a requirement, there should be EU level recognition so that country-to-country authorisations are avoided. EU level whitelisting of acceptable service providers can similarly be considered.
Prohibition against third party access and/or disclosure
Ensuring sufficient security/confidentiality
Clarification from national regulators, supervisors and lawmakers of the necessary information security requirements to restrict access and editing rights in order to satisfactorily meet this obligation, e.g. offsite storage should not necessarily be considered as constituting third party access and disclosure.
Requirement for the data to be destroyed under certain circumstances
Ensuring control over the data, avoiding breaches of confidentiality
Use of security/cryptographic controls that impede third party access and ensure that data can be made inaccessible.
Joint management or updating of the data is foreseen to maintain the data, i.e. there is cooperation with specific organisations such as municipal or supervisory authorities
Ensuring the completeness and accuracy of the data
Use of appropriate role / authorisation management tools to enable remote storage without eliminating joint management.
Besides the designation of a local entity to manage authoritative data, another principal barrier that is difficult to address is the ability to ensure the destructibility of data. Encryption ensures that, even if the data is not literally destroyed, it is at least unusable to an attacker. However, the ability of encryption schemes to withstand cryptographic attacks devolves over time. Therefore, encryption can only provide limited relief on this front and it is by no means a conclusive answer. Cryptography may not be sufficient to ensure conclusively that a third party will not be able to access or retain data over a longer period of time. Therefore, alternative approaches should be considered as outlined by the European Network and Information Security Agency (ENISA). 2.3.4 Judicial data and privileged data Overview and subtypes of data Continuing the examination of particularly sensitive types of data for which barriers would conceivably exist, the correspondents were asked to look into: 40
