UK Edition
Tech industry bosses concerned over challenges in maintaining free flows of data post-Brexit
Tech industry bosses are expressing growing concerns over the “significant challenges” that Britain faces in order to maintain free flows of data between the UK and EU after Brexit.
British ministers met with the leaders of 23 national tech industry associations at a closed-door summit in London on Monday aimed at raising industry concerns over the legal, technical and bureaucratic obstacles thrown up by the UK leaving the EU.
Chief among industry fears is Whitehall has still not grasped the mammoth jurisdictional challenges thrown up Brexit when Britain, as a third country, will have to satisfy EU data privacy concerns afresh.
“There is a big question about what that robust legal basis looks like and there are significant challenges afoot,” said Charlotte Holloway, policy director at Tech UK, the leading industry umbrella group that organised the summit.
The British government has committed to implementing the new EU General Data Protection Regulation (GDPR) which comes into force in May 2018, but this may still not be sufficient for the UK to be given a clean bill of health by the EU after Brexit.
As a third country outside the EU, the UK will need to obtain a ruling from Brussels that its data protection regimes are “essentially equivalent” with the EU, in order to keep data flowing across borders.
As an EU member, Britain’s security and spying apparatus was exempt from that equivalence evaluation, but as a third country it will have to demonstrate that EU citizens rights are adequately protected, despite the UK's more permissive attitude to spying.
Senior EU sources in Brussels privately acknowledge that UK’s 2016 Investigatory Powers Act - popularly known as the ‘Snoopers Charter’ - risks making it far harder for the UK to satisfy European concerns.
“The British have led the way on open data for years, but the Act erases decades of British leadership in this area,” the source said, acknowledging that the UK close links with US intelligence would also be “in the background” of any assessment.
With some an estimated 12% of global data flows passing through the UK according to a Tech UK assessment, the costs of not having a working regime in place on the day of Brexit are potentially massive, according to industry experts.
Matt Hancock, the digital and culture minister, told the Lords last month that the UK were “keen to ensure” that data flows were “unhindered” after Brexit, but declined to provide details of the UK negotiation strategy.
There is growing trepidation in the industry that the UK government has underestimated the difficulties of obtaining an EU equivalence declaration - a process that over-ran by a year in the US Privacy shield negotiations and requires deep cross government co-ordination.
“The importance of planning for Brexit can’t be stressed enough,” said Dean Garfield, head of the Information Technology Industry Council (ITI), the Washington-based global tech lobby group whose members include Apple, Amazon and Google. He added that Britain should actively learn from the US experience which was beset by delays and negotiations breakdowns.
The appointment of an UK ombudsman for EU citizens to raise fears over data privacy, joined up government and bold transparency from the UK intelligence apparatus, would all smooth the path to a deal.
Even a successful determination of equivalence by the EU risk being challenge in courts by well-resourced privacy activists like Max Schrems who successfully challenged the forerunner to Privacy Shield in the European Court of Justice and is mounting fresh challenges to the new agreement.
Other industry experts fear that if the politics of the Brexit negotiation become poisoned then the issue of data flows could be caught in the political cross fire.
“If the talks have gone sour, there is a risk that the EU will not recognise UK data protection rules as convergent, if only for political reasons,” said James Waterworth, vice-president at the CCIA, an EU-based industry organisation. “Everything needs to be done to avoid that happening.”