been published in the so-called Archiefregeling. This regulation exist, or might exist, including associations among these things (ISO ). (Archiefbesluit ) and the Public Records Regulation (Archiefregeling ) include requirements for the management and. retention. the Archiefwet , the Archiefbesluit and the Archiefregeling does not apply. That is important to notice because these laws state.
|Published (Last):||19 September 2004|
|PDF File Size:||13.52 Mb|
|ePub File Size:||20.29 Mb|
|Price:||Free* [*Free Regsitration Required]|
Proposal for a Regulation of the European Parliament and of the Council. Baseline scenario – no EU policy change. Non-legislative initiatives to promote trustworthy free flow of data across borders and facilitate switching and porting data between archierregeling and IT systems. Principles-based legislative initiative and cooperation framework to ensure trustworthy free flow of data across borders and facilitate switching and porting data between providers and IT systems.
Detailed legislative initiative to ensure trustworthy free flow of data across borders and facilitate switching and porting data between providers and IT systems.
Non-legislative initiative — guidelines, strengthening enforcement of existing EU rules and enhancing transparency. The political support for an EU free flow of data initiative is very strong, placing it at the centre of the development of digital technologies and services across the EU, rendering it a key element in achieving the Digital Single Market: A majority of Member States support free flow of data in the EU: The European Parliament is also a strong supporter of free flow of data: The Estonian Presidency of the Council has identified the free movement of data as a central priority and a key theme of the upcoming September Tallinn Digital Summit of the Heads of State and government.
Over the last year, the Commission services have carried out further detailed assessment in order to collect archiefregelimg much as possible data and stakeholder’s feedback to grasp those elements that represent an obstacle to the correct functioning of Digital single archiefregelijg in the area of free flow of data, through the following key actions: These combined inputs have not only provided new evidence on the obstacles to data flows in the EU, but have allowed the scope of the options and of the proposed initiative to be refined in order to better target the problem and its different drivers.
New digital technologies, such as cloud computing, big data, artificial intelligence and the Internet of Things IoTare transforming our society and economy and are opening up new opportunities for European citizens, businesses and public administrations.
EUR-Lex Access to European Union law
These technologies are designed to gather, manage, distribute and analyse data archieffegeling order to maximise efficiency, enable economies of scale and develop new services. They offer benefits to users, such as agility, productivity, speed of deployment and autonomy, e. For instance, the new generation of data storage and processing services combine cloud and artificial intelligence software. The ability to move data easily to and between these systems – even if they are located in different Member States – is a necessary pre-condition for making full use of their potential.
Unlocking this potential requires action, in the short term, on the following issues: Resolving these issues will facilitate the movement of data across borders, across data storage and processing cloud services CSPs 2 as aechiefregeling as between CSPs and in-house IT systems 3.
It will create the foundation upon which future cross-cutting e. Further economic and technological context is provided in Annex 9 to this Impact Assessment. Data is at the heart of all new technologies, and the data market i. Inthe value of the EU data market was estimated at almost EUR 60 billion, showing a growth of 9.
EUR-Lex – SC – EN – EUR-Lex
It could potentially amount to more than EUR billion in 6. The January Communication “Building a European Data Economy” 7 set out several issues, the resolution or clarification of which would contribute to a clear framework for data. This would facilitate the rapid evolution of technology, the emergence of data as a key factor of production as well as a competitive differentiator, and create the right conditions for investment and innovation in Europe.
Although all these issues are important, it makes sense to address the free flow of data in first instance. The speed with which the market is embracing new technologies is a strong reason to remove immediately the remaining barriers to the movement of data within the EU and thereby ensuring effective and efficient functioning of data storage and processing, which is at the fundament of any data economy.
The resulting legal certainty in the market would stimulate innovation and improve Europe’s global competitiveness. Moreover, the market maturity and opportunities for intervening are different for the different issues.
For the barriers to the movement of data, the cause is relatively simple – they spring from the forced storage or processing of certain types of data in electronic format within a geographical zone or IT archiwfregeling 8. Other data issues arise from disruptive business models emerging from the digital transformation of the industry, technological advances and a fast-evolving data market, and their implications are still far from clear and need further assessment.
The public consultation confirmed that these other data issues, such as data access, transfer and liability, are more difficult topics and less mature topics that deserve further assessment. Indeed, when it comes to potential actions to make more data available for re-use across businesses, most stakeholders call for prudence.
They argue that data value chains and business models building on data are of great variety making it difficult to conceive one-size-fits-all solutions.
Regarding liability, the need for further assessment taking into account arcuiefregeling findings gathered so far also emerges from the public consultation. Businesses and public sector entities processing personal data must comply with these rules.
The GDPR will enable people to better control their personal data. At the same time its modernised and unified rules will allow businesses to make the most of the opportunities of the Archiefregellng Single Market by cutting red tape and benefiting from reinforced consumer trust.
To the extent that this initiative deals with mixed data sets that include personal archieregeling, the applicable provisions of the GDPR must be fully complied with in respect to the personal data archiefregelibg of the set.
The policy initiative covered by the present Impact Assessment should be seen in the light of the priority given by the Juncker Commission to creating a connected Digital Single Market DSM 11which aims at maximising the growth potential of the economy, not least by removing the remaining barriers to a competitive data-driven economy in Europe. The Communication “Building a European Data Economy” stated that in order to ” realise the full potential of the European data economy, any Member State action affecting data storage or processing should archiefregeliing guided by a ” arcniefregeling of free movement of data within the EU “, as a corollary of their obligations under the free movement of services and the archierregeling establishment provisions of the Treaty and relevant secondary legislation “.
The recent mid-term review of the Digital Single Market strategy 13which assessed the progress towards the implementation of the Digital Single Market, re-iterated the importance of archiefrwgeling European data economy framework and urged political action, concluding that the Commission will: The policy intervention also builds upon the Digitising European Industry DEI policy package that included the European Cloud initiative 14 aiming to deploy a high capacity cloud solution for storing, sharing and re-using scientific data.
The free flow of data will contribute to an effective functioning of this open environment. Furthermore, the initiative builds upon the revision of the European Interoperability Framework 15which aims to improve digital collaboration between public administrations in Europe and will benefit directly from the free flow of data. It contributes to the EU’s commitment to an open Internet The initiative concerns data storage and processing in its broadest sense, encompassing usage of all types of IT-systems, whether located on the premises of the data controller or outsourced to cloud service providers The initiative also covers data processing of different levels of intensityfrom mere data ‘storage’ Infrastructure-as-a-Service IaaS in cloud terminology to the processing of data on platforms or in applications of different kinds or, in the jargon, respectively Platform-as-a-Service PaaS and Software-as-a-Service SaaS.
The scope of this initiative is limited in order to avoid duplication and to ensure consistency with existing legal instruments and other Commission initiatives.
It will be synergetic with the planned initiatives on the EU ICT security certification framework, online platforms and digital innovation in health and care.
It takes into account the forthcoming solutions, including legislative ones, to improve access to e-evidence in criminal matters by law enforcement authorities.
It does not address data localisation restrictions put in place by the countries outside the EU or movement of data outside of the EU This Impact Assessment acknowledges the importance of the international dynamic and of current developments around global data flows, their impacts on EU competitiveness and the importance of protecting fundamental rights The initiative does not concern the processing of personal data 21 and the free movement of such data as governed by the GDPR and the proposed ePrivacy Regulation.
Specifically, since the GDPR prohibits restrictions on the free movement of personal data within the Union where these are based on reasons connected with the protection of personal data, the initiative deals with data flow restrictions imposed by Member States based on reasons other than the protection of personal data e. For instance, company laws can require local storage of certain corporate information and documents e. Those often include personal data, e.
As the GDPR does not address such restrictions, the present initiative will address them. The initiative also addresses the issue of porting data from one IT environment to another, to the extent that it constitutes a barrier to the movement of data within the EU and the ability to switch cloud service providers or move data back in-house. The initiative will take into account Article 20 of the GDPR, which gives the right to the data subject to receive the personal data concerning him or her from a data controller and the right to transmit those data to another controller.
However, this provision cannot be invoked by businesses or public sector entities in B2B data porting scenarios involving personal data, e.
For instance, a cloud service provider specialising in managing application processes for universities accumulates both personal and non-personal data from the universities using its service its customer and stores the data with a major cloud provider its subcontractor. At some point in time the data service provider wants to switch to another cloud service provider and port all the data it has accumulated to a new subcontractor. This data porting scenario will not fall under Article 20 of the GDPR so that specific issue will be addressed by the initiative.
In this regard the scope of the initiative also differs from the planned online platforms initiative. It would seek to make it easier for businesses offering products or services through platforms to obtain access to the data held by the platform, which has been provided to the platform by the customers of the business concerned while using the platform.
In an increasingly data-driven economy, data flows are at the core of business processes in companies of all sizes and in all sectors: In the public online consultation “European data economy”a large number of respondents indicated that they process data in multiple Member States mainly for operational reasons, namely the cross-border character of their activities, the location of subsidiary companies and the satisfaction of consumer expectations in terms of proximity see further in Annex 2.
This is equally true for public administrations, not least in supporting data-informed policies and public services delivery within and across borders. Therefore, data is increasingly ubiquitous, supporting all sectors of industry, economy and society.
The nature and role of data in the economy is complex, however. Inherently, data ‘travels’ across cross-border value chains, where it is generated, collected, curated, processed and analysed, transferred and stored. Its value can increase exponentially when it is aggregated, analysed, or used in innovative ways. Data can become a competitive differentiator and an enabler for innovation and creation of new business models, for example in the fields of data analytics, text and data mining and app development.
However, in the European Union the possibility to build a data economy and to benefit from new technologies which rely on data 22 is undermined by a series of barriers to data mobility, impacting business behaviour in the Single Market.
A high degree of data mobility is important for realising a European data economy to its full extent, since it is required for core activities of such an economy, for instance data collection, analysis and re-use. Making use of the Better Regulation toolbox 23the Commission services conducted an extensive analysis of the core problem and its drivers. On the basis of evidence supplied by the public online consultation, the structured dialogues with the Member States and other stakeholders, dedicated support studies, external studies and available data 24the Commission services have verified the existence of four underlying problems that cause obstacles to data mobility.
Obstacles to the movement of data across borders within the EU. Member States’ legislative and administrative restrictions. Obstacles to the movement of data across IT-systems. Obstacles to data mobility may lead to a large number of negative consequences for European society and economy, hindering the EU’s policy objective of creating of a Digital Single Market. Following analysis, the consequences of these obstacles have been divided into four main categories.
Loss of operational efficiency. Inefficiencies in the data centres sector. For a visual mapping of the problem analysis, see Figure 1: In the remainder of this section, the individual problems and consequences will be briefly described, elucidating the many interrelations between them.
For the full problem analysis, comprehensive explanations, examples and extensive references to evidence, the reader is referred to Annex 5.
Member States’ legislative and administrative restrictions form the starting point of the problem analysis, because they represent the most tangible obstacles to data mobility in the EU. To a varying degree, Member States have put in place so-called ‘data localisation restrictions’. These are rules that either oblige citizens and businesses to process and store certain categories of data within the territory of the country, or have an equivalent effect.
Data localisation restrictions come in many forms, ranging from ‘hard law’ to ‘soft law’ measures and administrative practices. National governments are not the only type of actor capable of raising them.
Regulatory or supervisory authorities or other sector-level institutions can also do this. The number of data localisation restrictions has been growing as a response to the digitisation of the economy as a whole and the strong development of the data economy; according to some sources, the number has at least doubled since Member States’ reasons for data localisation restrictions.
Data localisation measures are adopted by Member States for different reasons, which are prominently data security in a wide sense, which encompasses concerns like confidentiality, integrity, continuity and accessibility for the controller of the dataand the availability of data for supervisory and regulatory authorities of the Member States. A study raised that security is a common driver behind data location restrictions imposed by Member States and is often used as “convenient shorthand” for national security, national sovereignty and for security as a public policy task or as a protection of private interests.