At Workday, we advocate for a regulatory environment that allows our customers to take full advantage of the power of cloud computing. To that end, we applaud efforts in the European Union (EU) to enact legislation prohibiting restrictions on the free flow of data throughout the region.
To promote the free flow of data, on May 30, Workday co-hosted a roundtable in Brussels with MEP (Member of the European Parliament) Dita Charanzova. Joining us were Pearse O’Donahue, acting director for Future Networks, European Commission; representatives from the governments of Estonia, Belgium, and Ireland; and representatives from European technology, manufacturing, and financial services companies.
The roundtable focused on the European Commission’s paper, Building a European Data Economy, published in January as part of its larger Digital Single Market strategy. That paper aimed to dispel misperceptions among EU Member States about the effects of data localization and proposed taking steps to address restrictions on the flow of data. As the Commission described the issue:
“Sometimes restrictions are imposed by Member States in the belief that supervisory authorities can more easily scrutinise locally stored data. Localisation is also used as a proxy for assurances in terms of privacy, audit, and law enforcement, as well as the security of data. However, in practice, these measures rarely contribute to the objectives they are intended to achieve.”
Our position is that national or other jurisdictions’ data localization requirements are a well-meaning but ineffective means to ensuring data privacy and security. Robust cybersecurity—which we embrace fully—stems from the policies and procedures a controller or processor uses in the storage and processing of data, not the legal jurisdiction where data is stored. While regulators often need to access data to fulfill their responsibilities, access can be assured through arrangements with regulated entities. The mere fact the data might be located in a different country shouldn’t, and doesn’t, impede regulator access. Of course, we understand that data may need to be kept locally in some narrow cases—for sensitive national security information, for example, but those requirements ought to be imposed narrowly.
Participants at the roundtable agreed on the importance of establishing the free flow of data as a single market principle alongside the free movement of goods, services, people, and capital. This would help ensure that data can flow in a vibrant digital economy, dispel the perception among some market participants that data must be kept in any particular jurisdiction, and obligate Member States imposing arbitrary restrictions on data location to justify them on public interest grounds.
There was good discussion about how to address the factors often cited as motivators of data localization. These include continuing work to enhance cybersecurity standards, implementation of the Directive on Security of Network and Information Systems (NIS Directive), and consistent implementation of the new General Data Protection Regulation, as well as a cooperative process to ensure and facilitate regulator access to data held in a different country.
Workday’s applications give customers real-time insights into their organizations, allowing them to make decisions based on data rather than guesswork. Being in the cloud also means that customers have access to their financial and workforce data whenever and wherever they need it, on any device. For employers, this translates to an ability to better manage the business, and for employees, it simplifies many daily transactions and democratizes access to critical data. These features require analysis and computation across a customer’s employee base, which is often global in reach.
We shared our views with the European Commission earlier this year, as did others. A cross-party group of 29 MEPs led by Ms. Charanzova also called for legislation to remove data localization restrictions across the EU. Ms. Charanzova summed up the stakes involved: “The lifeblood of [the] digital revolution is data, both personal and commercial. The free flow of data is what makes the digital economy function and has been vital for growth. If Europe is to achieve its full potential, this data flow should not be obstructed by local or national measures.”
Based on the feedback it received, the Commission indicated in its Communication on the Digital Single Market that it would propose legislation to promote the free flow of data in the second half of the year.
As the Commission’s own numbers show, with the right regulatory framework, the value of the European data economy will increase to €739 billion by 2020, representing four percent of the overall EU GDP. Free flow of data is important to achieving this growth, for both large enterprises and small and medium-size businesses eager to expand across national borders. We are encouraged by the Commission’s latest thinking on this issue, as well as the support by MEPs and Member States for strong legislation in this area, and look forward to continuing engagement with stakeholders and advocacy on behalf of our customers.