No Brexit Deal? Then Its ‘Digital Dover’

When just 89 lorries turned up in early January for a traffic management rehearsal, staged to understand the impact of the UK crashing out of the EU with no deal, Transport Minister Chris Grayling was roundly mocked for seeming so woefully under-prepared. But it at least showed an awareness that the sudden loss of freedom of trade will quickly lead to 20,000 vehicles a day needing to be parked in Kent until they can clear burdensome new customs checks.

Margot James, Minister of State for Digital at the Department for Culture Media and Sport (DCMS), should not even expect that level of understanding. With the Government regularly highlighting the contribution of digital industries to the economy - £118.4 billion annually or 7% of total GDP - you might expect a contingency plan to be in place for a hard Brexit.

But when did DCMS start to reach out to the industry to discuss what no deal might mean? Monday 18th January. That’s right, with just 12 weeks to go until our 29th March departure, the state decided it was time to look into a sector which is so complicated that even the European Commission has been unable to figure out how it works, effectively parking the planned ePrivacy Regulation as a result. 

Of course, James and DCMS are hostages to Theresa May’s strategy of insisting there is only one possible deal and refusing to allow for any other options to be considered. As the recent thumping defeat in Parliament revealed, it is not a view shared by two-thirds of MPs. So what will happen to UK digital activities - from search and display advertising through to online publishing and e-commerce - if we end up with no deal? 

In all likelihood, virtually the entire industry will carry on as usual, but it will be breaking the law and could face serious consequences as and when regulators in both the UK and the EU decide to act. 

There are two reasons why digital will become an outlaw in this way:  

Firstly, it will take years for the EU to recognise the UK’s data protection laws through an adequacy ruling. Even though our Data Protection Act maps directly onto GDPR, there is a bureaucratic process to go through which could be every bit as grueling as those customs checks at Dover. Until the UK is considered adequate as a third country, however, any data transfers from the EU to the UK would be illegal, unless the parties have put standard contractual clauses in place. But these will be necessary for every partner across the digital eco-system, meaning thousands of new contracts to be negotiated and signed-off.

That’s not work that can be done in a bare three months. (You will still be able to send data from the UK to the EU, by the way, but you won’t be able to get it back.)

One company that will not suffer as a result is Google - it has the US-EU approved Privacy Shield to allow it to continue with data transfers. But only where these stay within its own estate. So advertisers and publishers will yield even more power and money to this virtual monopoly.

Secondly, the digital industry has been clutching at the IAB’s transparency and consent framework (TCF) to keep it on the right side of both GDPR and PECR. 

Unfortunately, a ruling in November 2018 by the French data protection authority CNIL against a geo-location targeting firm Vectaury blew a hole in TCF (although IAB argues this is not the case.)

With no compliant framework for the ad tech sector to operate within and no adequacy ruling in place, legal departments in UK publishers and advertisers may well feel their exposure is too great and order a halt to activities. The result could be a “digital Dover” with consumer demand piled up outside eco-systems that are in shutdown until some legal clarity emerges.

Just as with Brexit itself, many digital marketers will no doubt want to shrug this off and assume either that it will get worked out in a hurry or that regulators will decide to turn a blind eye. Both of those are possible, but not probable. Without fast-tracking of new contracts and swift action by stakeholders across the digital eco-system, 29/3/19 might turn out to have the impact that was forecast for Y2K.

DataIQ:

You Might Also Read: 

UK Cyber Attacks Will ‘Get Worse’ Post-Brexit:

 

« AI In Business: 2019 Trends & Predictions
The Biter Bit: Secret Russian Files Are Leaked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

Leviathan Security Group

Leviathan Security Group

Leviathan provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting.

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

Nameshield Group

Nameshield Group

Nameshield is one of most experienced domain name registrars, trademark protection specialists and managers of online reputational risk in the world today.

Clario Tech

Clario Tech

Clario is a simple, comprehensive, personalized protection app. It comes with a full suite of intelligent security software and intelligent people to help you live a better, safer digital life.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

Uptycs

Uptycs

Uptycs combines the open source universal agent, osquery, with a scalable security analytics platform for fleet visibility, intrusion detection, vulnerability monitoring and compliance.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

Saporo

Saporo

Saporo helps organizations increase their cyber-resistance. Continuously map your attack surface and get the recommendations you need to make your organization more resistant to attacks.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.

ViCyber

ViCyber

ViCyber is an Australian based company whose mission is to simplify and strengthen cybersecurity for all businesses, irrespective of size.

UltraViolet Cyber

UltraViolet Cyber

UltraViolet is an industry leading tech-enabled managed security services company.