European cloud infrastructure providers welcome the proposed Regulation on the ‘Free Flow of Data’ in the EU

Sep 15, 2017 | Press release

Brussels, 15/09/2017 CISPE, the voice of cloud infrastructure providers in Europe, has described the European Commission’s proposed regulation for the free flow of non-personal data as “a major step forward for Europe’s cloud industry” – adding that additional focus is still required in key areas including data security, self-regulation, data portability and protections for SMEs.

The 20-page proposal covering a framework for the Free Flow of non-personal Data in the European Union was adopted by the Commission on 13th September 2017. CISPE is the trade association of cloud computing infrastructure companies in Europe, operating data centers in more than 15 European countries. CISPE member companies serve millions of business customers across all European countries.

“The proposed Regulation gives a major boost to EU plans to create a fully integrated Digital Single Market,” said Alban Schmutz, Chairman of CISPE. “Removing restrictions on the flow of data cross-border will drive business growth and job creation, giving companies in EU Member States access to an internal market on the same scale as their US or Chinese counterparts. There are still questions to be answered, however. Most notably, it’s essential for exceptions to the principle of free flow on ground of ‘public security’ to be narrowly defined and for data classification to be harmonised across the EU. Security is an essential corollary to promoting the free flow of data. CISPE is also calling for a harmonised approach that fosters greater trust in cloud services by properly protecting businesses and their data – an approach consistent with the European Secure Cloud initiative actively supported by countries such as France and Germany.”

Schmutz added that the proposed Regulation acknowledged the value of self-regulation, in the area of data portability. Industry self-regulation is a mechanism which is very much at the roots of CISPE: “CISPE has had the experience of developing a Data Protection Code of Conduct, helping cloud providers and their customers to anticipate their GDPR compliance in relation to so qualified personal data. We applaud the Commission for taking this innovative approach on self-regulation compared to other more heavy-handed policy choices, and for acknowledging the need to manage, at an EU level, a public register of all restrictions on non-personal data flows across EU.”

As the dialogue on the proposed Regulation is starting, CISPE encourages the European Institutions to ensure that a SME-friendly approach is pursued. For instance, as for data portability, it is important to analyse what the cost of the requirements would have for SMEs, including new guaranties in case of bankruptcy. “We need to ensure that the free flow of non-personal data helps European SMEs rather than creating additional burden for them”, concludes Schmutz.

“The CISPE community stands ready to assist European policymakers and institutions, drawing on its considerable expertise and experience to address these critical issues,” Schmutz said.

About CISPE –
CISPE is an association of cloud infrastructure services providers operating in Europe. The association is open to all companies, no matter where they are headquartered, provided they declare that at least one of their cloud infrastructure services meets the requirements of the CISPE Data Protection Code of Conduct.

Media contact: For all questions please contact:
Alban Schmutz,, +33 7 88 43 08 08
Francisco Mingorance,, +32 (0)2 513 55 09