The framework proposes:
- The principle of free flow of non-personal data across borders: Member States can no longer oblige organisations to locate the storage or processing of data within their borders. Restrictions will only be justified for reasons of public security. Member States will have to notify the Commission of new or existing data localisation requirements. The free flow of non-personal data will make it easier and cheaper for businesses to operate across borders without having to duplicate IT systems or to save the same data in different places.
- The principle of data availability for regulatory control: Competent authorities will be able to exercise their rights of access to data wherever it is stored or processed in the EU. The free flow of non-personal data will not affect the obligations for businesses and other organisations to provide certain data for regulatory control purposes.
- The development of EU codes of conduct to remove obstacles to switching between service providers of cloud storage and to porting data back to users’ own IT systems…. (Full press release and all documents related to the package)”