Public Security Exception in the Area of non-personal Data in the European Union, Briefing Requested by the IMCO committee Policy, European Parliament, Brussels, April 2018

Mid-September last year the European Commission presented a proposal for a new regulation on the free flow of non-personal data in the European Union. The free movement of data in the digital single market has been called the fifth freedom complementing the existing freedoms on movement of goods, services, capital and people. The proposed regulation seeks to remove unjustified data localisation measures that fall in the scope of EU law. Often this will amount to cutting bureaucratic red tape in the private sector, such as for example removing a domestic obligation to maintain a full copy of bookkeeping on premise of an organisation in a given Member State. Member States can justify an activity that contravenes this proposal on grounds of public security - an exception this briefing is tasked with analyzing. The briefing concludes that the fifth freedom would have a moderate impact for the European data economy. The author offers concrete guidance to the EU legislator how to improve the draft regulation in order to preserve the freedom of contract. The public security exception foreseen could be too narrow because it precludes member states to take measures that can be justified on grounds of public policy or the protection of health and life of humans, animals or plants. Drawing on the analogy with fire safety regulations in the member states it would be too early to preclude that in the future we will need local mirrors and handles. Locality continues to matter for example in the Internet of Things environment because as individuals we live in a physical place.