|Practice area:||Competition & Antitrust | Productivity, Innovation and New Economy | Public Policy|
|Client:||EC DG Connect|
|Published:||10 January, 2017|
|Keywords:||qualitative analysis quantitative analysis stakeholder surveys and consultations|
Unnecessary requirements to maintain control over the location where data and documents physically reside are an obstacle to the free flow of data within the Single Market.
LE investigated the restrictions to the free flow of data across borders within the European Union, concentrating on 8 member states.
The study found that legal restrictions of intra-EU data transfers exist mainly in the form of access regulation and notification requirements (e.g. by regulators, tax authorities) for specific types of information. Evidence was found of internal company policies that are at least as restrictive as the legislation in place. Some businesses have strict ‘data residency’ requirements that are not based on any formal legal restrictions.
Location is seen by many market participants as a proxy for substantial assurances in terms of data access, privacy, audit, data integrity and law enforcement, despite the fact that technical security is not enhanced by local data storage.
However, functional requirements for data storage and processing within national boundaries arise from legitimate concerns about illegal access; accessibility of services and support (including language barriers); and latency and bandwidth. These cannot be dismissed and may justify location preferences.
An important finding is the widespread misinterpretation of the existing legal framework. Many market participants assume data storage and processing within national boundaries is mandatory or advised where it in fact is not.