The Free Flow of Data initiative is a wider strategy which would ban member states from requiring that businesses must physically locate data storage within their own national borders. It also includes initiatives on data ownership, free flow of data between cloud providers, and a European cloud initiative.
The Free Flow of Data initiative is part of the Digital Single Market strategy.
Progress and developments:
This is important. TechUK has drawn attention to the fact that after Brexit, when the UK is no longer part of the EU or the DSM, data localisation rules could be applied in a punitive manner against UK tech businesses. (And, to be frank, why not?) As was stated in a House of Lords hearing:
Baroness Noakes: Could I ask what in particular are you thinking of in terms of interests that could work against the UK?
Antony Walker of TechUK: Data protection and the free flow of data, which is being debated at European level, could set out and require certain kinds of data and activities to be hosted within the European Union. It would mean that therefore there are services that could not be made available to the rest of the European market from here in the UK. If you wanted to attract digital businesses away from the UK and require them to locate within the EU, that would be a mechanism by which do it.
The EU Committee of the House of Lords noted free flow of data issues in March 2017.
Also in March 2017 the European Scrutiny Committee of the House of Commons asked Government to clarify the following questions on data localisation:
- How reliant does the Government believe the UK economy is on cross-border flows of non-personal data between the UK and EU Member States? Which sectors are most reliant?
- techUK has raised concerns that EU action on data localisation could, while liberalising the flow of data within the EU, simultaneously introduce EU-level data localisation requirements for service providers from third countries, in order to require digital businesses to relocate part of their operations to the EU. Given that the focus throughout the Communication is on ensuring the free flow of data “within the EU”, what is the Minister’s assessment of this risk? Does the Communication dispel these concerns, or not?
- Given the current timescales for the adoption of legislative measures for the data economy, does the Government believe it will have ample opportunity, pre-exit, to influence any proposals this Communication may lead to? Is the Government concerned that the Commission may have delayed bringing forward concrete measures in order to limit the UK’s opportunity to influence them? and
- In relation to EU-third country data flows, the Communication states that “the Commission will seek to use EU trade agreements to set rules for e-commerce and cross-border data flows and tackle new forms of digital protectionism in full compliance with and without prejudice to the EU’s data protection rules”. This suggests that it will seek to ensure that the UK complies with EU rules with regard to the digital economy. Does the Minister have a preliminary view as to whether it will seek a close approximation of UK domestic law with the EU acquis in the longer term in order to maximise market scale and minimise barriers to trade, or whether it believes that a more laissez-faire regulatory approach would offer the UK a competitive advantage, nothwithstanding the increased barriers to trade that would arise through regulatory divergence?
The Committee requested responses to the above questions by 6 April.
In their 25 April meeting, the Committee continued their scrutiny of the UK implementation of the Initiative, noting that
the Government intends to submit a response to the European Commission’s consultation on “Building the European Data Economy” by 26 April, and will provide the Committee with a copy of this response;
the Digital Catapult has been engaged with the Government in the development of its thinking in relation to this issue and how to promote the growth of the digital economy in the UK; and
the current regulatory landscape for the free movement of data is “patchy”, with at least four applicable legislative instruments and a number of sectoral exemptions.
Regarding the Brexit-related implications of the file, the Minister states that:
the Commission’s Communication does not completely dispel nor confirm techUK’s concerns that EU action on data localisation could, while liberalising the flow of data within the EU, simultaneously introduce EU-level data localisation requirements for service providers from third countries in order to require digital businesses to relocate part of their operations to the EU;
the Government will continue to press the EU to bring forward concrete measures on data localisation, while the UK remains an EU Member State; and
the Government will seek to maintain unhindered data transfers between EU Member States and the UK, and the full implementation of the General Data Protection Regulation will be the first step in maintaining the stability of cross-border data transfers in the short term.