European Parliament rapporteur Anna Maria Corazza Bildt (EPP, Sweden) does not agree with exempting public authorities from the EU Regulation on the free circulation of data, as demanded by the Council of the EU in its general approach (negotiating position) (see EUROPE 11930), as is shown in her draft report published in early March.
The draft regulation unveiled in September 2017 aims to facilitate the free circulation of non-personal data and foresees that the location of such data for storage or processing must not be restricted to a single member state except for reasons of public security.
At a workshop on 20 February, Anna Maria Corazza Bildt expressed great interest in the proposal, saying she was a fervent supporter of the proposal because it was a regulation on deregulation.
‘Pressing’ public security issues
Her draft report thus backs the proposal’s overview and the way it restricts derogations to free circulation to ‘pressing’ public security issues. She explains that the concept of pressing public security assumes a particularly high threat to public security. In such situations, the member states may maintain or introduce location requirements. The rapporteur says the member states must communicate (rather than notify) all measures in this category, whereas the Commission may issue decisions asking the member states to amend or withdraw them.
Reacting to the Council’s political agreement, Anna Maria Corazza Bildt is careful to note that public authorities and bodies should be covered by the regulation (the member states foresee simple exclusion, which would mean that no communication or notification would need to be sent to the Commission if localisation requirements are set). She explains that moving data around within the EU is a voluntary matter rather than a requirement and all parts of society should be able to benefit from this option, including the public sector. She justifies her concerns by a desire to prevent non-personal data getting stuck in national storage sites.
Mixed data and follow-up
For mixed data (containing both personal and non-personal information), she says that the rules on non-personal data should apply to the non-personal data, and where it isn’t possible to separate the two, the non-personal data rules should apply to the entire batch. She therefore invites the Commission to publish guidelines on this issue before the regulation comes into force.
When it comes to access, the rapporteur backs the publication of a code of conduct to facilitate the circulation of data, but explains that the Commission should not only encourage and facilitate the creation and effectiveness of such a code of conduct, but should also ensure it is applied. She says the Commission should assess the new regulation after three and a half years (rather than five years) of application because technical developments emerge at such a rapid rate. The report can be accessed here: http://bit.ly/2IaLq49 (Original version in French by Sophie Petitjean)