Documents considered by the Committee on 12 September 2018 Contents

28Free flow of non-personal data

Committee’s assessment

Politically important

Committee’s decision

Cleared from scrutiny

Document details

Proposal for a Regulation of the European Parliament and of the Council on a framework for the free flow of non-personal data in the European Union.

Legal base

Article 114 TFEU; ordinary legislative procedure; QMV


Culture, Media and Sport

Document Number

(39028), 12244/17 + ADDs 1–3, COM(17) 495

Summary and Committee’s conclusions

28.1Trilogue negotiations have concluded on the European Commission’s draft Free Flow of Data Regulation (12244/17), which will prohibit Member States from introducing rules which require data processors to conduct data processing, and locate associated infrastructure, on national territory (“data localisation requirements”), and require them to repeal existing ones. Prohibiting these requirements will facilitate intra-EU trade, further integrate the Single Market in digital services, and reduce business costs for data processing businesses as well as the extremely wide range of businesses which purchase these services.

28.2In its most recent report on this proposal,319 the Committee sought further information from the Government on the informal negotiating mandate agreed in COREPER. The Minister responded in a letter320 which included an Annex321 which provided detailed responses to the Committee’s questions, the principal points of which are summarised below:

28.3On 9 July 2018 the Minister (Margot James MP) provided the Committee with a further update, 322 noting that the second informal trilogue occurred on 19 June and concluded with an informal political agreement on the text, and that the draft final text presented to COREPER on 29th June, where Member States indicated there was sufficient support in principle for the Regulation to proceed to formal adoption.

28.4The Minister explained that the European Parliament’s position was close to the Council’s text, and that the Presidency succeeded in blocking aspects of the European Parliament’s text to which the Member States particularly objected, including a proposal to restrict data localisation restrictions to a higher level (“imperative grounds”) of public security, and proposals for the Commission to take decisions requiring Member States to amend or withdraw localisation measures (in the final text, it can only issue non-binding opinions in the final text).

28.5An Annex323 attached to the Minister’s letter provided a more detailed account of a number of the key provisions in the final text. Additional points include:

28.6The Minister anticipates that final adoption will take place at a Council in October or November 2018. The Government intends to vote to support the final Regulation “as it meets our policy objectives of removing barriers to the free flow of non-personal data”, and because the key ambiguities in the Commission’s proposal have been resolved. On this basis, the Minister requests that the Committee lift the scrutiny reserve.

28.7We have taken note of the informal political agreement reached between the institutions on the proposal for a Free Flow of Data regulation. We welcome the greatly improved standard of information in recent correspondence regarding this file including the detailed annexes on specific negotiating points provided by the Minister and additional clarifications provided by officials.

28.8The Minister emphasises that the UK is a “strong supporter of action in this area”, that the proposal meets UK objectives, and that the Government therefore seeks scrutiny clearance to vote in support of the text in Council.

28.9In its final form, the Regulation will further integrate the single market for data flows by supplementing the existing fully harmonised regulatory regime for personal data—whereby any firm can process personal data anywhere within the Union subject to the General Data Protection Regulation (2016/679)—with prohibitions on the imposition at Member State level of restrictions on non-personal data flows, which will mean that Member States will not be able to require businesses operating within the Union to locate and process non-personal data on their territory. The Government supports the exemption where localisation is justified on grounds of public security. The European Parliament has also succeeded in somewhat scaling back the carve out proposed for public sector data, a development which is also in line with the Government’s position (which was not reflected in the mandate issued by the Member States).

28.10With respect to EU exit, we note that the Government has made it clear that it does not seek to continue to participate directly in the EU Digital Single Market and that it will not therefore participate in the free flow of non-personal data Regulation.

28.11On this basis, when the UK leaves the EU (and any implementation period during which EU law continues to apply in the UK comes to an end), we observe that:

28.12Our assessment is that the issue of personal data flows is considerably more important in the context of EU exit than that of non-personal data flows. This is because the GDPR governs all transfers of personal data from the Union to a third country, and directly applies to the economic activity of businesses: therefore, failure to secure a legal basis for personal data flows could have significant repercussions for a wide range of businesses. In contrast, the proposed regulation on the free flow of non-personal data does not apply directly to businesses, but instead restricts the ability of Member States to impose intra-EU data localisation requirements. While this is undoubtedly beneficial, such data localisation requirements appear to be relatively limited to date, and any negative effects for UK data processors would be confined to the individual Member States which had imposed such requirements with respect to third countries.

28.13Nonetheless, given the negative effects which data localisation requirements could have on UK operators when the UK assumes third country status, which could potentially increase in the future, we suggest that the Government may wish to explore how, when the more important issue of UK-EU personal data flows has been resolved, it might supplement this arrangement with flanking reciprocal commitments from the EU27 or individual Member States on non-personal data flows.

28.14We now clear the proposal from scrutiny.

Full details of the documents

Proposal for a Regulation of the European Parliament and of the Council on a framework for the free flow of non-personal data in the European Union: (39028), 12244/17 + ADDs 1–3, COM(17) 495.

Previous Committee Reports

Fourteenth Report HC 301-xiv (2017—19) chapter three (21 February 2018); Seventh Report HC 301–vii (2017–19), chapter 6 (19 December 2017); Second Report HC 301–ii (2017–19), chapter 4 (29 November 2017).

319 Fourteenth Report HC 301-xiv (2017—19) chapter three (21 February 2018).

320 Letter from the Minister to the Chairman of the European Scrutiny Committee (28 March 2018).

321 Annex to the Minister’s letter (28 March 2018).

322 Letter from the Minister to the Chair of the European Scrutiny Committee (9 July 2018).

323 Letter from the Minister to the Chair of the European Scrutiny Committee (9 July 2018).

Published: 18 September 2018