Digital Health Legal
Back to Contents

Volume: 4 Issue: 10
(October 2017)

proposed eu regulation free flow non-personal data impact data storage processing services european commission proposed 19 september 2017 regulation

EU Europe

Share This Page

Proposed EU regulation on free flow of non-personal data to impact on data storage and processing services

The European Commission proposed on 19 September 2017 a regulation on the free flow of non-personal data in the EU, with the intention of contributing to a ‘more competitive and integrated EU market for data storage and data processing services,’ by addressing concerns around data localisation and removing obstacles to cross-border data flows; the proposed Regulation will exclude data concerning health on the grounds that it is personal data under the EU General Data Protection Regulation (‘GDPR’), but will apply to anonymised health data, being non-personal data.

Among the measures put forward in the proposed framework is that Member States will not be able to restrict organisations either to only store or process data within that Member State or to prohibit it from being processed/stored in another Member State, unless there is a ‘public security’ reason as to why data localisation is required; Member States with data localisation requirements or seeking to implement them must inform the European Commission of these.

Mónica Oliveira Costa, Partner at Coelho Ribeiro e Associados, believes that “this Regulation will have an impact on data storage and processing services providers as far as anonymised health data is concerned, particularly in regard to data porting, as providers shall be required to provide professional users - defined in Article 3.8 as a ‘natural or legal person, including a public sector entity, using or requesting a data storage or other processing service for purposes related to its trade, business, craft, profession or task’ - in a clear and transparent way with detailed information and operational requirements to ensure data porting before a contract for data storage and processing is concluded.”

Costa also draws attention to the coming into effect of the GDPR on 25 May 2018 as a development with major implications for the digital health sector, while highlighting a reply by Vice-President Andrus Ansip to questions in the European Parliament on 18 August 2017, in which Ansip mentioned that the European Commission “intends to adopt a communication in 2017 addressing the need and scope for further measures in the area of digital health and care, in line with the GDPR and legislation on patient rights and e-identification.” “Thus,” says Costa, “the digital health sector needs to follow closely all [relevant] developments as we can expect before the end of the current year and during 2018 several developments with relevant implications for this sector.”

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to digital health legal
Subscribe to digital health legal
Register for a Free Trial to digital health legal
digital health legal Pricing

Social Media

Follow digital health legal on TwitterView digital health legal LinkedIn Profiledigital health legal RSS Feed