No Brexit Deal? Then Its ‘Digital Dover’

Uploaded on 2019-02-07 in FREE TO VIEW, BUSINESS-Services-Law, NEWS-Cybersecurity News

When just 89 lorries turned up in early January for a traffic management rehearsal, staged to understand the impact of the UK crashing out of the EU with no deal, Transport Minister Chris Grayling was roundly mocked for seeming so woefully under-prepared. But it at least showed an awareness that the sudden loss of freedom of trade will quickly lead to 20,000 vehicles a day needing to be parked in Kent until they can clear burdensome new customs checks.

Margot James, Minister of State for Digital at the Department for Culture Media and Sport (DCMS), should not even expect that level of understanding. With the Government regularly highlighting the contribution of digital industries to the economy - £118.4 billion annually or 7% of total GDP - you might expect a contingency plan to be in place for a hard Brexit.

But when did DCMS start to reach out to the industry to discuss what no deal might mean? Monday 18th January. That’s right, with just 12 weeks to go until our 29th March departure, the state decided it was time to look into a sector which is so complicated that even the European Commission has been unable to figure out how it works, effectively parking the planned ePrivacy Regulation as a result. 

Of course, James and DCMS are hostages to Theresa May’s strategy of insisting there is only one possible deal and refusing to allow for any other options to be considered. As the recent thumping defeat in Parliament revealed, it is not a view shared by two-thirds of MPs. So what will happen to UK digital activities - from search and display advertising through to online publishing and e-commerce - if we end up with no deal? 

In all likelihood, virtually the entire industry will carry on as usual, but it will be breaking the law and could face serious consequences as and when regulators in both the UK and the EU decide to act. 

There are two reasons why digital will become an outlaw in this way:  

Firstly, it will take years for the EU to recognise the UK’s data protection laws through an adequacy ruling. Even though our Data Protection Act maps directly onto GDPR, there is a bureaucratic process to go through which could be every bit as grueling as those customs checks at Dover. Until the UK is considered adequate as a third country, however, any data transfers from the EU to the UK would be illegal, unless the parties have put standard contractual clauses in place. But these will be necessary for every partner across the digital eco-system, meaning thousands of new contracts to be negotiated and signed-off.

That’s not work that can be done in a bare three months. (You will still be able to send data from the UK to the EU, by the way, but you won’t be able to get it back.)

One company that will not suffer as a result is Google - it has the US-EU approved Privacy Shield to allow it to continue with data transfers. But only where these stay within its own estate. So advertisers and publishers will yield even more power and money to this virtual monopoly.

Secondly, the digital industry has been clutching at the IAB’s transparency and consent framework (TCF) to keep it on the right side of both GDPR and PECR. 

Unfortunately, a ruling in November 2018 by the French data protection authority CNIL against a geo-location targeting firm Vectaury blew a hole in TCF (although IAB argues this is not the case.)

With no compliant framework for the ad tech sector to operate within and no adequacy ruling in place, legal departments in UK publishers and advertisers may well feel their exposure is too great and order a halt to activities. The result could be a “digital Dover” with consumer demand piled up outside eco-systems that are in shutdown until some legal clarity emerges.

Just as with Brexit itself, many digital marketers will no doubt want to shrug this off and assume either that it will get worked out in a hurry or that regulators will decide to turn a blind eye. Both of those are possible, but not probable. Without fast-tracking of new contracts and swift action by stakeholders across the digital eco-system, 29/3/19 might turn out to have the impact that was forecast for Y2K.

DataIQ:

You Might Also Read: 

UK Cyber Attacks Will ‘Get Worse’ Post-Brexit:

 

« AI In Business: 2019 Trends & Predictions
The Biter Bit: Secret Russian Files Are Leaked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

HackerOne

HackerOne

HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer.

CyberArrow

CyberArrow

CyberArrow (formerly EBDAA) is a consultancy company providing high quality consultancy services in Risk & Compliance and Awareness & Education.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

Sopher Networks

Sopher Networks

Sopher is a secure communication and collaboration platform for business and personal use.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

Pelta Cyber Security

Pelta Cyber Security

Pelta Cyber Security is the cyber security consulting and solutions division of Softworld Inc. We provide staffing and recruitment services as well as consulting and solutions for outsourced projects.

UST

UST

UST is a global provider of digital technology and transformation, IT services and solutions including managed security services.

BlackFog

BlackFog

BlackFog is a leader in device data privacy, data security and ransomware prevention. Our behavioral analysis and anti data exfiltration technology stops hackers before they even get started.

Automation Workz

Automation Workz

Automation Workz has been ranked as a top 10 Cybersecurity Bootcamp in the US by Career Karma.

CloudScale365

CloudScale365

CloudScale365 offers state-of-the-art managed IT services and cloud, hosting, security, and business continuity solutions.

EPIQ Infotech

EPIQ Infotech

EPIQ Infotech is a trusted consulting and implementation partner for Oracle JD Edwards and Amazon Web Services (AWS).

Spec

Spec

Spec is the only no-code orchestration platform that protects enterprise fraud defenses from being blocked, bypassed, and manipulated by modern attack tactics.

Liquid C2

Liquid C2

Liquid C2 offers leading solutions to streamline workplace operations, secure cloud storage, rapid data recovery, and scale growth.

Motive Managed Services

Motive Managed Services

Motive Managed Services take the complexity out of IT, Cybersecurity, and Network Operations, so you can focus on growing your business.