Welcome to EURACTIV’s Digital Brief, your weekly update on all things digital in the EU. You can subscribe to the newsletter here.
“This is the first time ever a nascent industry has been pulled out of the only legal framework it has ever known, against its will.”
– Heather Burns, Creator of AfterBrexit.tech, Tuesday 22 October.
With all the Brexit drama, I thought it was high time to take a measured look at how the UK’s withdrawal from the European Union will affect various parts of the tech sector. This week, I’ve been catching up with experts and insiders in order to dig deeper and find out what could be in store for the digital world post-Brexit.
DATA PROTECTION AND TRANSFERS: This is an area where there could be problems. The EU carries out adequacy agreements for the safe transfer of data between the bloc and third countries, such as the EU-US Privacy Shield agreement, the third annual review of which we covered yesterday. There are two contentious issues with regards to the future EU UK relationship on data protection.
Firstly, the Commission says that it will begin evaluating the UK’s data protection standards with a view to securing an adequacy agreement “by the end of 2020.” However, the Commission cannot, in fact, commence an evaluation of UK data protection standards until the country has left the Union entirely, because of course the UK would still be bound by EU law during the transition period, which, under the current agreement runs until the end of 2020. If the Commission was to carry out an evaluation during this period, it would only be reviewing the UK’s standards under EU law, which makes little sense. In my opinion, this timeline should be scrapped.
Secondly, even when such an evaluation takes place, there could be serious bumps in the road, especially when taking into account the UK’s previous ‘questionable’ track record in mass surveillance programs and the fact that the ECHR ruled in September 2018 that the U.K. had breached human rights in its mass surveillance program.
Heather Burns, a tech policy specialist and creator of the Afterbrext.tech website, told me the UK’s history in conducting widespread surveillance programs would “no doubt” play into the Commission’s evaluation of the UK’s data protection standards, alongside the fact that the country has been “barely compliant with regards to GDPR,” since last year’s implementation.
The Commission are staying tight-lipped for now on how they will approach the evaluation procedure for post-Brexit UK data protection standards. A spokesperson for the Brexit taskforce told EURACTIV that they did not have anything to add to what is stated in the political declaration for now.
Though the UK is expected to maintain the legal framework of the GDPR when it withdraws from the EU entirely, it will still be subject to the EU’s evaluation process for data transfers. The two most challenging aspects in this regard are the timeline currently on the table and the UK’s history on conducting mass scale surveillance programs.
“The position of the UK government is that they want to take and use personal data,” Burns told me. “The previous prime minister was desperate to get out of the ECHR because of the fact it enshrines data protection as a right.” Indeed, Article 8 of the European Convention on Human Rights provides for the “the right to respect for private and family life, home and correspondence” and the capturing and storing of personal data, particularly on a mass scale would no doubt conflict with this protection.
A concluding point on data protection: Last week, the UK Information Commissioner’s Office released ‘crucial‘ guidance on data protection after Brexit, imploring businesses to “to act now to ensure that data flow can lawfully continue.”
ONLINE HARMS PAPER (UK) / DIGITAL SERVICES ACT (EU): In 2020, the Commission is to present sweeping reforms to age-old eCommerce rules, dubbed the Digital Services Act – a far-reaching and ambitious regulatory framework that seeks to govern the online ecosystem. Meanwhile, in the UK, the Online Harms White Paper sets out the government’s plans for a package of measures to keep UK users safe online. A consultation on the White Paper was completed in July. A DCMS spokesperson informed EURACTIV that the government will be publishing its findings over the next few months.
However, the two approaches are likely to be distinct from one another, Heather Burns told me. “The online harms paper will be founded on a subjective interpretation of what harms are and a regulatory body will be responsible for establishing the harms themselves, they won’t be decided by Parliament.”
“On the contrary,” Burns continued, “the EU will work within a legal framework, while the UK will be implementing a morality-based model outside of the rule of law.”
.EU DOMAINS. We reported earlier this year that plans had been in place for the Commission to revoke all .eu domain name registrations belonging to British registrants after the UK’s withdrawal from the European Union. Well, after some substantial back and forth, last week the Commission announced that they plan to extend the right to register a .eu domain name to citizens of the European Union, no matter where they are residing in the world (including the UK).
However, it’s not all good news. Earlier this week, I spoke to Search Engine Optimisation Expert Francesco Baldini to get his take on how Brexit could affect the domain name trade. “Due to the potential uncertainties, I expect to see more and more firms migrating to neutral or .com domains,” he said, adding that as a result, the EU could potentially lose out on millions in revenue from domain name registration fees as well as other associated costs. Baldini has produced a more detailed breakdown of the figures here.
UK / EU TECH COMPETITION: EU leaders have already started to ramp up the ante with regards to the UK becoming a potential competitor to the EU in the digital world. Speaking after the European Council summit last week, German Chancellor Angela Merkel said the UK will be an “economic competitor” once it leaves the EU.
She also questioned how rapidly the UK will be able to build up its tech clout after leaving the bloc: “In terms of speed, for example, how quickly certain data standards can be regulated, how quickly any kind of platform can be created, how quickly the digital world can be brought into the country, people will look: How successful is Great Britain and how successful are the EU27?”
CONSUMER PROTECTION. So, will UK consumers be convinced that their consumer rights will be protected as robustly outside the EU, as they had been inside the bloc’s legal regime? In order to big a little deeper, I spoke to Howard Dobson, author of the recently published guide, How to rebuild customer relationship after Brexit.
“The real issue is what happens to UK consumer standards when EU regulations are improved, redefined or updated,” Dobson told me. “This is the point at which UK standards could be seen as inferior if they don’t move at the same pace – and areas such as digital services move fast with consumer protection and tough cybersecurity paramount.”
Dobson went on to say that there may, of course, be the chance that the UK, in various sectors, could “market a new mark of quality that becomes recognised around the world,” but that it’s “not just how standards change, it’s how they are perceived to have changed within the ‘chaos’ of Brexit.”
“Customer relationships are built slowly and easily damaged,” he added. “When the UK leaves the EU, perceptions or misperceptions of a UK company’s offering and relative competitiveness will filter through to customers potentially based on certain types of bias that customers hold.”
CYBERSECURITY: The UK Government recently issued a proposal regarding the application of the UK Network and Information Systems Regulations 2018 to non-UK “digital service providers” when Brexit happens. The above regulations implement the 2016 EU NIS Directive and the UK Government has confirmed that the NIS Regulations will continue to apply in the UK following the UK’s departure from the EU. More broadly, cybersecurity is an area in which cooperation between the two parties is likely to continue.
However, the relationship is being tested on one issue in particular: Huawei. In July, UK representatives were disinvited from attending an EU cybersecurity meeting on Huawei, which UK delegates weren’t best pleased about. Meanwhile, the UK will decide this autumn whether to grant Huawei involvement in the country’s future 5G infrastructure, according to Digital Secretary Nicky Morgan. Huawei’s founder Ren Zhengfei told EURACTIV earlier this year that it is “very likely” Huawei equipment will be used in core aspects of the UK’s future 5G network infrastructure.
Despite Zhengfei’s claims and considering the renewed ties that the UK will seek to make with the US, the UK is likely to be under pressure to adopt the US stance on Huawei. Generally speaking, this run contrary to the position that the UK have taken so far: Ciaran Martin, head of Britain’s National Cyber Security Centre (NCSC), said in February the UK has not seen any evidence of malicious activity by the company so far.
ONLINE CAMPAIGNING: News emerged yesterday that Sean Topham and Ben Guerin have been recruited to assist with the Conservative party’s online campaigning, ahead of a potential UK general election. The pair had previously assisted in the operation of a large Facebook propaganda network.
DISINFORMATION: And, as part of a general election, the Conservatives are under no illusions about the potential misuse of social media by opposition parties, too. Chair of the UK’s Digital, Culture, Media and Sport Parliamentary Committee, MP Damian Collins, wrote to Facebook’s VP for Global Affairs, Nick Clegg, on Tuesday this week. Collins pressed Clegg on a number of points and one interesting takeaway was the fact that the former believes there to be ‘heavy constraints’ on Facebook’s ‘ability to combat online disinformation in the run-up to elections around the world.’
STARTUPS: On the startup front, this week, the co-founder and CMO of the stockbroker startup Freetrade, Viktor Nebehaj, said publicly that one of the biggest challenges to the UK’s startup scene will be in the hiring process. “The brand of the UK changed, and EU candidates that would have happily moved here might choose Berlin, Amsterdam, or even Dublin now,” Nebehaj said.
BROADBAND: Earlier this year, Prime Minister Boris Johnson set an ambitious target – providing full-fibre broadband to every home in the UK by 2025. Chancellor Sajid Javid has pledged the funds to make it happen: “We are setting out plans to invest £5bn to support the rollout of full-fibre, 5G and other gigabit-capable networks to the hardest-to-reach 20% of the country,” said a government press release from September’s Tory party conference.
The European Commission has called for a number of ‘concrete steps’ to be made in order to improve the EU’s data transfer accord with the US, the Privacy Shield. Meanwhile, the data protection group Access Now has come out in criticism of the agreement and called for it to be suspended.
French media are set to report Google to the country’s competition regulator over its refusal to pay news companies for displaying their content in defiance of the Copyright directive.
ENISA’s new chief, Estonian Juhan Lepassaar told us that there is a ‘political need’ for 5G cybsersecurity certification.
Microsoft’s contracts with European Union institutions do not fully protect data in line with EU law, the European Data Protection Supervisor (EDPS) said in initial findings published on Monday (21 October).
‘Smart villages’ comprising highly digitised local infrastructure could help slow down the problem of rural depopulation in Europe, EPP’s MEP Franc Bogovič has told EURACTIV.
European industry must be sensitive to the concerns of citizens regarding the widespread use of facial recognition technologies and its possible impact on privacy, Huawei’s European chief has told EURACTIV.
On my radar.
Well, Brexit is still supposed to be happening…next week.
What else I’m reading this week:
- Belgium making significant strides in the area of cybersecurity (The Brussels Times)
- Europe has more developers than the US: So why doesn’t it have more startups, too? (ZDNet)
- US Democrats torch Zuckerberg for 5 hours (Politico)
Cybersecurity represents one of the greatest challenges that companies, individuals, national governments and supranational organisations currently face. The technological devices that citizens use daily could be at risk of potential cyber-threats due to insufficient built-in security safeguards. EURACTIV invites you to a high-level stakeholder Forum on December 10 to discuss the EU’s progress on cybersecurity, the possible future mandatory nature of the Act, and the challenges the new Commission will face.