Free flow of non-personal data is a pre-requisite for a competitive data economy within the Digital Single Market. To fully unleash the data economy benefits we need to ensure a free flow of data, allowing companies and public administrations to store and process non-personal data wherever they choose in the EU.

Our economy depends more and more on data: data can create significantly added value to existing services and facilitate entirely new business models.

As estimated by one of the support studies, taking away obstacles to data mobility is expected to generate an additional growth of up to 4% GDP by 2020 (Deloitte). That is why the Commission has proposed to remove all disproportionate restrictions to the movement of data across Member States and IT systems in Europe.

Obstacles to free flow of data

Today, the main obstacles that proclude the free flow of data in the Digital Single Market are:

  • Unjustified data localisation restrictions by Member States' public authorities,
  • Legal uncertainty about legislation applicable to cross-border data storage and processing,
  • A lack of trust in cross-border data storage and processing linked to concerns amongst Member States' authorities about the availability of data for regulatory scrutiny purposes
  • Difficulties in switching service providers (such as cloud) due to vendor lock-in practices.

The Regulation on the free flow of non-personal data

The Regulation aims at removing obstacles to the free movement of non-personal data. It was formally signed by the European Parliament and the Council on 14 November 2018 and will start to apply in May 2019.

The General Data Protection Regulation (GDPR) already provides for the free movement of personal data within the Union, next to its primary goal of protecting personal data. Together with the GDPR, this Regulation will therefore ensure a comprehensive and coherent approach to the free movement of all data in the EU.

The new Regulation ensures:

  • Free movement of non-personal data across borders: every organisation should be able to store and process data anywhere in the European Union,
  • The availability of data for regulatory control: public authorities will retain access to data, also when it is located in another Member State or when it is stored or processed in the cloud,
  • Easier switching of cloud service providers for professional users. The Commission has started facilitating self-regulation in this area, encouraging providers to develop codes of conduct regarding the conditions under which users can port data between cloud service providers and back into their own IT environments,
  • Full consistency and synergies with the cybersecurity package, and clarification that any security requirements that already apply to businesses storing and processing data will continue to do so when they store or process data across borders in the EU or in the cloud.


The Commission's work on free flow of data was announced in the context of actions to enhance the data economy - see Communication "Building a European Data Economy" (10 January 2017), in a more targeted context, in the Communication "DSM mid-term review" (10 May 2017). The Regulation on the free flow of non-personal data is one of the sixteen intended actions listed in the Digital Single Market strategy of May 2015.

Since the Communication on the European Data Economy was adopted in January 2017, the Commission has run a public online consultation, it organised structured dialogues with the Member States and has undertaken several workshops with different stakeholders. These evidence-gathering initiatives have led to the publication of an impact assessment (see 'background documents').

In November 2018 the negotiations on this Regulation ended successfully. The Commission is now preparing implementation of the Regulation. By May 2019, the Commission will publish informative guidance for businesses on the implementation of the Regulation. Also the Commission is closely monitoring the work done by the DSM self-regulatory cloud stakeholder groups, inter alia on on codes of conduct for easier switching of cloud providers and a European cloud security certification scheme.

Useful links

Press and communication

Visual material

  • Factsheet explaining free flow of non-personal data

Background documents