Connect with us


#DigitalSingleMarket - Commission publishes guidance on free flow of non-personal data



The European Commission has published a new guidance on the interaction of free flow of non-personal data with the EU data protection rules.

As part of the Digital Single Market strategy, the new Regulation on the free flow of non-personal data, which has started to apply in the member states, will allow data to be stored and processed everywhere in the EU without unjustified restrictions. The guidance aims to help users – in particular small and medium-sized enterprises – understand the interaction between these new rules and the General Data Protection Regulation (GDPR) - especially when datasets are composed of both personal and non-personal data.

Digital Single Market Vice President Andrus Ansip said: “By 2025 the data economy of the EU-27 is likely to provide 5.4% of its GDP, equivalent to €544 billion. However, that huge potential is limited if data cannot move freely. By removing forced data localization restrictions, we give more people and businesses the chance to make the most out of data and its opportunities. This guidance will now give full clarity on how free-flow of non-personal data interacts with our strong personal data protection rules.”

Digital Economy and Society Commissioner Mariya Gabriel said: “Our economy is increasingly driven by data. With the regulation on the free flow of non-personal data and the General Data Protection Regulation, we have a comprehensive framework for a common European data space and the free movement of all data within the European Union. The guidance that we are publishing today will help businesses, especially small and medium-sized enterprises, to understand the interaction between the two regulations.”

Together with the General Data Protection Regulation (GDPR), which started to apply one year ago, the new Regulation on the free flow of non-personal data provides for a stable legal and business environment on data processing. The new Regulation prevents EU countries from putting laws in place that unjustifiably force data to be held solely inside national territory. It is the first of its kind in the world. The new rules increase legal certainty and trust for businesses and make it easier for SMEs and start-ups to develop new innovative services, to make use of the best offers of data processing services in the internal market, and to expand business across borders.

Today's guidance gives practical examples on how the rules should be applied when a business is processing datasets composed of both personal and non-personal data. It also explains the concepts of personal and non-personal data, including mixed datasets; lists the principles of free movement of data and the prevention of data localisation requirements under both, the GDPR and the free flow of non-personal data Regulation; and covers the notion of data portability under the Regulation on the free flow of non-personal data. The guidance also includes the self-regulatory requirements set out in the two Regulations.


The Commission presented the framework for the free flow of non-personal data in September 2017 as part of President Jean-Claude Juncker's State of the Union address to unlock the full potential of the European Data Economy and the Digital Single Market strategy. The new Regulation applies since yesterday 28 May. As part of the new rules, the Commission was required to publish guidance on the interaction between this Regulation and the General Data Protection Regulation (GDPR), especially as regards datasets composed of both personal and non-personal data.

The free flow of non-personal data rules are in line with existing rules for the free movement and portability of personal data in the EU. They:

  • Ensure the free flow of data across borders: The new rules set a framework for data storing and processing across the EU, preventing data localisation restrictions. Member States will have to communicate any remaining or planned data localisation restrictions to the Commission, which in turn will assess if they are justifiable. The two Regulations will function together to enable the free flow of any data – personal and non-personal – thus creating a common European space for data. In the case of a mixed dataset, the GDPR provision guaranteeing free flow of personal data will apply to the personal data part of the set, and the free flow of non-personal data principle will apply to the non-personal part.
  • Ensure data availability for regulatory control: Public authorities will be able to access data for scrutiny and supervisory control wherever it is stored or processed in the EU. Member States may sanction users that do not provide upon request by a competent authority access to data stored in another Member State.
  • Encourage the development of codes of conduct for cloud services to facilitate switching between cloud service providers by the end of November 2019. This will make the market for cloud services more flexible and the data services in the EU more affordable.

More information

Commission publishes guidance on free flow of non-personal data - Questions and Answers

Guidance on the Regulation on the free flow of non-personal data

Free flow of non-personal data - Factsheet

A framework for the free flow of non-personal data in the EU – Questions and Answers

Regulation on the free flow of non-personal data

General Data Protection Regulation: one year on

Cloud stakeholder working groups on cloud switching and cloud security certification

Practical information about free flow of data on Your Europe portal


Despite talk of digital sovereignty, Europe sleepwalks into Chinese dominance on drones



In her State of the European Union speech, European Commission President Ursula von der Leyen delivered a clear-eyed assessment of the European Union’s position within the global digital economy. Alongside predictions of a European “digital decade” shaped by initiatives such as GaiaX, von der Leyen admitted Europe had lost the race on defining the parameters of personalized data, leaving Europeans “dependent on others”, writes Louis Auge.

Despite that straightforward admission, the question remains whether European leaders are willing to mount a consistent defence of their citizens’ data privacy, even as they accept reliance on American and Chinese firms. When it comes to challenging American social media or e-commerce giants like Google, Facebook, and Amazon, Europe has no problem seeing itself as the global regulator.

In facing China, however, the European position often seems weaker, with governments only acting to curb the influence of Chinese technology suppliers such as Huawei under intense US pressure. Indeed, in one key area with serious implications for several economic sectors Commission President von der Leyen cited in her speech – unmanned aerial vehicles, otherwise known as drones – Europe is allowing a single Chinese firm, DJI, to corner the market practically unopposed.

A trend accelerated by the pandemic

Shenzhen Dajiang Innovation Technologies Co. (DJI) is the unquestioned leader of a global drone market predicted to skyrocket to $42.8 billion in 2025; by 2018, DJI already controlled 70% of the market in consumer drones. In Europe, DJI has long been the unmanned aerial vehicle (UAV) supplier of choice for military and civilian government clients. The French military uses “commercial off-the-shelf DJI drones” in combat zones like the Sahel, while British police forces uses DJI drones to search for missing persons and manage major events.

The pandemic kicked that trend into high gear. In European cities including Nice and Brussels, DJI drones equipped with loudspeakers admonished citizens about confinement measures and monitored social distancing. DJI representatives have even tried to convince European governments to use their drones to take body temperatures or transport COVID-19 test samples.

This rapid expansion in the use of DJI drones runs counter to decisions being taken by key allies. In the United States, the Departments of Defense (the Pentagon) and the Interior have banned the use of DJI’s drones in their operations, driven by concerns over data security first uncovered by the US Navy in 2017. In the time since, multiple analyses have identified similar flaws in DJI systems.

In May, River Loop Security analyzed DJI’s Mimo app and found the software not only failed to adhere to basic data security protocols, but also that it sent sensitive data “to servers behind the Great Firewall of China.” Another cybersecurity firm, Synacktiv, released an analysis of DJI’s mobile DJI GO 4 application in July, finding the company’s Android software “makes use of the similar anti-analysis techniques as malware,” in addition to forcibly installing updates or software while circumventing Google’s safeguards. Synacktiv’s results were confirmed by GRIMM, which concluded DJI or Weibo (whose software development kit transmitted user data to servers in China) had “created an effective targeting system” for attackers – or the Chinese government, as US officials fear – to exploit.

To address the potential threat, the Pentagon’s Defense Innovation Unit (DIU) has introduced a small Unmanned Aircraft Systems (sUAS) initiative to procure drones from trusted American and allied manufacturers; France’s Parrot is the only European (and, indeed, non-American) firm currently included. Last week, the Department of the Interior announced it would resume purchasing drones through the DIU sUAS program.

DJI’s security flaws have also sparked concern in Australia. In a consultation paper released last month, the Australian transport and infrastructure department flagged weaknesses in Australia’s defenses against “the malicious use of drones,” finding UAVs could potentially be used to attack the country’s infrastructure or other sensitive targets, or otherwise for purposes of “image and signals gathering” and other types of reconnaissance by hostile actors.

In Europe, on the other hand, neither the European Data Protection Board (EDPB), the German Federal Commissioner for Data Protection and Freedom of Information (BfDI), nor the French National Commission on Informatics and Liberty (CNIL) have taken public action on the potential dangers represented by DJI, even after the company’s products were found forcibly installing software and transferring European user data to Chinese servers without allowing consumers to control or object to those actions. Instead, the use of DJI drones by European military and police forces may appear to offer consumers a tacit endorsement of their security.

Despite an opaque ownership structure, links to Chinese state abound

Suspicions of DJI’s motives are not helped by the opacity of its ownership structure. DJI Company Limited, the holding company for the firm via the Hong Kong-based iFlight Technology Co., is based in the British Virgin Islands, which does not disclose shareholders. DJI’s fundraising rounds nonetheless point to a preponderance of Chinese capital, as well as linkages with China’s most prominent administrative bodies.

In September 2015, for example, New Horizon Capital – cofounded by Wen Yunsong, son of former premier Wen Jiabao – invested $300 million in DJI. That same month, New China Life Insurance, partly owned by China’s State Council, also invested in the firm. In 2018, DJI may have raised up to $1 billion ahead of a supposed public listing, although the identify of those investors remains a mystery.

DJI’s leadership structure also points to links with China’s military establishment. Co-founder Li Zexiang has studied or taught at a number of universities linked to the military, including the Harbin Institute of Technology – one of the 'Seven Sons of National Defence' controlled by China’s Ministry of Industry and Information Technology – as well as the National University of Defense Technology (NUDT), directly supervised by the Central Military Commission (CMC). Another executive, Zhu Xiaorui, served as DJI’s head of research and development up until 2013 – and now teaches at the Harbin University of Technology.

These links between DJI’s leadership and China’s military would seem to explain DJI’s prominent role in Beijing’s repression of ethnic minority groups. In December 2017, DJI signed a strategic partnership agreement with the Bureau of Public Security of the Autonomous Region of Xinjiang, outfitting Chinese police units in Xinjiang with drones but also developing specialized software to facilitate missions for the “preservation of social stability.” DJI’s complicity in the campaign of “cultural genocide” against the Uighur population of Xinjiang burst into the headlines last year, when a leaked video – shot by a police-controlled DJI drone – documented a mass transfer of interned Uighurs. The company has also signed agreements with authorities in Tibet.

An inevitable crisis?

While DJI has gone to considerable efforts to counteract the findings of Western governments and researchers, even commissioning a study from consultancy FTI that promotes the security of its new “Local Data Mode” while sidestepping existing flaws, the monopolistic control of this emerging sector by a single firm with links to China’s security establishment and direct involvement in systemic human rights abuses could quickly become a problem for regulators in Brussels and the European capitals.

Given how prevalent drones have become across the wider economy, the security of the data they capture and transmit is a question European leaders will have to address – even if they prefer to ignore it.

Continue Reading


No need to rush - This autumn is not the time for premature, short-sighted decisions



Abraham Liu, Huawei Chief Representative to the EU Institutions (pictured).

"Very much like the rest of 2020, this autumn and winter will also be different from normal times. Regrettably, the Coronavirus Pandemic will continue to test our resilience and adaptability for the foreseeable future. As we enter Europe’s cold season, many among us will be anxious about the months ahead. Yet as in every complicated situation, there is also hope" - writes  Abraham Liu, Huawei Chief Representative to the EU Institutions

"Looking at what we have jointly achieved in the earlier part of 2020, I cannot but also be optimistic: progress on vaccines is coming along impressively. We have been able to curb the mortality of the virus. Overall, we now know so much more about this disease than we did in March. Yes, the weeks ahead will be difficult. But I am confident that all over Europe, we will overcome the virus and we will return to normality.

The other day I visited the House of European History in Brussels. History, and Europe’s tumultuous history in particular, teaches us that nothing can be taken for granted. At numerous times in the past, humanity has experienced a loss of knowledge and technology. It then took enormous efforts and a very long time to get back what had been stupidly destroyed. Let me be clear: There exists no automatism that we can retain our current level of technological development. Without stability and predictability, there is no progress. If the Pandemic teaches us something, it is that technology is humankind’s best ally to beat the virus and also to prevent similar viruses threatening us all in the future. We have no other viable option but to invest in technology and to bank on progress!

Whether the United States and China have now entered Graham T. Allison’s famous “Thucydides Trap” is not for me to judge. What I do believe and advocate though is that Europe has a key role and responsibility in ensuring stability in the months ahead. European Commission President Ursula Von der Leyen and European Council President Charles Michel rightly point out that the EU is not an object, but a subject in international relations. International companies such as Huawei need a strong Europe to shape an inclusive tech-world of tomorrow. A world in which Europe leads on tech-regulation and in which new technologies are deployed in line with European values and principles.

The European Union can only be strong if its 27 Member States also stand up to its principles and do not give in to short-term pressures. The EU toolbox on 5G Cybersecurity is an intelligent and encompassing approach which gives EU countries appropriate time to come to their conclusions. This solid European method should not be undermined by third parties ahead of elections. Wherever European governments receive pressure these days to go down the path of potentially discriminatory actions violating EU law, I would like to tell them: take a deep breath. Do take your time. Do not rush into actions you might not have thought through.

Let me be clear: Huawei is deeply committed to Europe. We are here to stay and we will invest heavily in Europe’s ICT ecosystem. In the last 20 years, Huawei has decisively contributed to the successful digital transformation of societies all across Europe. Just look at Poland and Romania: in both countries Huawei has provided secure, fast and affordable telecom networks that are the backbone of the impressive economic growth both Poland and Romania have experienced in recent years. In Warsaw and in Bucharest, Huawei has set up large regional operations employing thousands of people.

Huawei has the know-how and the determination to team up with the European Union as a key partner to deploy global standards on Cybersecurity, to make the European Green Deal a reality and to partner with the continent’s automotive industry to jointly reinvent mobility.

I believe that in the not too distant future we will be looking back on the year 2020 as a moment of accelerated transition where some key players took a longer breath to take the right decisions when history called upon them. Take this deep breath and think for a moment before giving in to short-sighted pressure! "

Continue Reading


Blockchain - Integrating new technologies in smart ways



Recent media reports suggest a new cryptocurrency legislation for safe cryptocurrency exchange could be introduced in the EU countries. By this new legislation, under the new guidelines, Bitcoin and other digital currencies will be named monetary instruments all through Europe. This means legal cryptocurrency exchange will be more transparent than ever. Moreover, it is said that this new legislation will encourage the innovation associated to crypto and blockchains sector.

One area looking to new innovation using the blockchain is the cross-border money movement in multi-commodity trading business, which is very complex. There are a number of stakeholders, intermediaries and banks operating together to make deals happen. The supply chain deals are massive in value and happen very frequently.

“Many traditional banks have recently exited trade finance sector because it's simply too risky for them,” said Ali Amirliravi, CEO of LGR Crypto Bank of Switzerland. “The banks that stay have no incentive to optimize the inefficient processes, that’s because as the companies are working to gather up all the required documentation and address the compliance needs, the banks are sitting back and charging interest - they actually don’t care how long it takes, it’s the trading companies that have to pay the extra fees.

"It gets even worse in what we call the 'Silk Road Countries'- the areas between Europe, Central Asia and China. Here you really see big differences within the supply chains and they also have to deal with large number of different currencies. You’ve got some companies that are using all manual, paper based processes and others that are moving into digital - there’s no standardization and that’s a real problem."

Ali Amirliravi’s LGR Crypto Bank is a member of the Silk Road Chamber of International Commerce - an international association with the aim of increasing trade amongst members and states.

“These issues outlined are brought up frequently at the high-level meetings of the chamber of commerce,” said  Amirliravi . “The influence of my own experience in the industry mixed with the stories of other stakeholders really pushed me to start to create end-to-end digital system. We are building a better way to do things, one that is faster, cheaper and more transparent for all parties involved. “

“It comes down to integrating new technologies in smart ways. Take my company for example, LGR Crypto Bank, when it comes to money movement, we are focused on 3 things: speed, cost & transparency. To address these issues, we use leading technologies such as  blockchain, digital currencies, and general digitization to optimize the existing processes.

It's quite clear the impact that new technologies can have on things like speed and transparency, but when I say it’s important to integrate the technologies in a smart way that’s important because you always have to keep your customer in mind - the last thing we would want to do is introduce a system that actually confuses our users and makes his or her job more complicated. So on one hand, the solution to these problems is found in new technology, but on the other hand, it’s about creating a user experience that is simple to use and interact with and integrates seamlessly into the existing systems. So it’s a bit of a balancing act between technology and user experience, that’s where the solution is going to be created.

When it comes to the broader topic of supply chain finance, what we see is the need for improved digitalization and automation of the processes and mechanisms that exist throughout the product lifecycle. In the multi-commodity trading industry, there are so many different stakeholders, middlemen, banks, etc. and each of them have their own way of doing this - there is an overall lack of standardization, particularly in the Silk Road Area. The lack of standardization leads to confusion in compliance requirements, trade documents, letters of credit, etc., and this means delays and increased costs for all parties. Furthermore, we have the huge issue of fraud, which you have to expect when you are dealing with such disparity in the quality of processes and reporting. The solution here is again to use technology and digitalize and automate as many of these processes as possible - it should be the goal to reduce risks and take human error out of the equation.

And here is the really exciting thing about bringing digitalization and standardization to supply chain finance: not only is this going to make doing business much more straightforward for the companies themselves, this increased transparency and optimization will also make the companies much more attractive to outside investors. It’s a win-win for everyone involved here.”

Continue Reading