5 minute read
1. Introduction
The current document comprises the fifth and final deliverable (Final Report – D5) to be produced under the contract between the European Commission and the Study Team, consisting of time.lex, Spark and T4i2, under the project ‘Cross-border data flow in the digital single market: study on data location restrictions study on data location restrictions’ (SMART 2015/0054).
This study is organised against the backdrop of that Digital Single Market Strategy DSM Strategy), which was adopted by the Commission in May 2015. The Commission’s Communication on A Digital Single Market Strategy for Europe explicitly noted that:
Advertisement
“[t]o benefit fully from the potential of digital and data technologies, we will need to remove a series of technical and legislative barriers. Restrictions, such as those related to data location (i.e. Member States requirements to keep data inside their territory) force service providers to build expensive local infrastructures (data centres) in each region or country. […] Any unnecessary restrictions regarding the location of data within the EU should both be removed and prevented.” In order to achieve this objective, the Communication announced the Commission’s plans to propose a European ‘Free flow of data’ initiative that would “tackle restrictions on the free movement of data for reasons other than the protection of personal data within the EU and unjustified restrictions on the location of data for storage or processing purposes.” Both the Commission’s earlier cloud policies and the current Digital Single Market strategy are therefore aligned on the need to identify and address unjustified data location restrictions. A much more delicate question is the identification of these restrictions, and above all the assessment of whether or not they are justified. It is precisely these questions that the present study aims to address: the identification of examples of barriers that hinder the free flow of data across the European Union, including the quantification of their impacts, and the definition of methodologies and frameworks that allow their accurate description, with a view of assessing their necessity, and thus their justification, in a Digital Single Market.
Thus the main objectives of this study are to:
a) Identify and analyse legal and non-legal barriers in Member States practices that hinder the free flow of data within the European Union, in order to contribute to the sustainable development of a Digital Single Market, and
b) Quantify the impact of these barriers for private and public sector uses, as well as suppliers of cloud computing services by conducting a cost benefit analysis3 .
The Study Team has aimed to achieve these objectives through a step-by-step approach, undertaking the following tasks:
Task 1: Elaborate a methodology to review and map compliance obligations in the 28 EU
Member states
3 During the execution of this study, the Commission continued their work in the area, publishing amongst others its’ Communication on "Building a European data economy", Brussels, 10.1.2017, COM(2017) 9 final, accompanied by Commission staff working document on the free flow of data and emerging issues of the European data economy, Brussels, 10.1.2017, SWD(2017) 2 final.
Task 2: Provide an analytical framework allowing for the definition of various concepts of barriers to the free flow of data within the EU
Task 3: Complement the analytical framework with examples from EU MS
Task 4: Examine a common understanding of data requirements in EU MS
Task 5: Quantitative estimate of barriers (providing list of economic indicators and a Cost
Benefit Analysis)
Task 6 and 7: Recommendations (concerning a) functional requirements, which could replace formal requirements and b) on future policy concepts to facilitate cross border data flow).
In addition, the study had an Inception Phase resulting in an Inception Report, which upon approval by the Commission served as a guiding document throughout our study. At the end of the project, we had a Consultation and Finalisation Phase, which included a Workshop with stakeholders and which will end with a final meeting with the Commission, the finalisation of this final report.
This Final Report brings together our results from each of the above-mentioned tasks. It also captures and takes into account the results of our stakeholder Workshop called “How to facilitate cross border dataflow in the digital single market?”, which took place in Brussels on 20th March 2017. The purpose of the workshop was to present the provisional results of this study and to facilitate a discussion on these results, providing an opportunity for stakeholders to contribute to the legal and policy discussion in the field. In particular stakeholder feedback was sought on the formulation of recommendations on how to scope the free flow of data, and how to implement those. Over 65 stakeholders participated in the Workshop, many of whom shared their experiences and views on the above-mentioned issues.
This report will consequently include the following sections:
- Section 2 includes the full results of the investigation on mapping compliance obligations set out in various levels in the selected 20 Member States (tasks 1 and 2) and an analytical framework that allows for the definition of various concepts of barriers to the free flow of data in Member States, defining a common understanding of data requirements in the EU
Member States (task 4). - Section 3 provides a list of examples of the barriers which complement the analytical framework and the results of the survey and in-depth interviews with stakeholders (tasks 2 and 3); - Section 4 provides the results on the economic analysis for the costs of formal requirements and on the cost and benefits due to the transition from formal to functional requirements (task 5); - Section 5 includes our draft recommendations for a list of functional requirements and future policy concepts in order to facilitate cross border data flow within the EU (tasks 6 and 7). - Section 6 includes the following Annexes:
o Annex I: Table of legal compliance obligations4 o Annex II: Workshop Report
4 Which includes a list of external legal experts who contributed to collect the national legal compliance obligations.
