No Brexit Deal? Then Its ‘Digital Dover’

Uploaded on 2019-02-07 in FREE TO VIEW, BUSINESS-Services-Law, NEWS-Cybersecurity News

When just 89 lorries turned up in early January for a traffic management rehearsal, staged to understand the impact of the UK crashing out of the EU with no deal, Transport Minister Chris Grayling was roundly mocked for seeming so woefully under-prepared. But it at least showed an awareness that the sudden loss of freedom of trade will quickly lead to 20,000 vehicles a day needing to be parked in Kent until they can clear burdensome new customs checks.

Margot James, Minister of State for Digital at the Department for Culture Media and Sport (DCMS), should not even expect that level of understanding. With the Government regularly highlighting the contribution of digital industries to the economy - £118.4 billion annually or 7% of total GDP - you might expect a contingency plan to be in place for a hard Brexit.

But when did DCMS start to reach out to the industry to discuss what no deal might mean? Monday 18th January. That’s right, with just 12 weeks to go until our 29th March departure, the state decided it was time to look into a sector which is so complicated that even the European Commission has been unable to figure out how it works, effectively parking the planned ePrivacy Regulation as a result. 

Of course, James and DCMS are hostages to Theresa May’s strategy of insisting there is only one possible deal and refusing to allow for any other options to be considered. As the recent thumping defeat in Parliament revealed, it is not a view shared by two-thirds of MPs. So what will happen to UK digital activities - from search and display advertising through to online publishing and e-commerce - if we end up with no deal? 

In all likelihood, virtually the entire industry will carry on as usual, but it will be breaking the law and could face serious consequences as and when regulators in both the UK and the EU decide to act. 

There are two reasons why digital will become an outlaw in this way:  

Firstly, it will take years for the EU to recognise the UK’s data protection laws through an adequacy ruling. Even though our Data Protection Act maps directly onto GDPR, there is a bureaucratic process to go through which could be every bit as grueling as those customs checks at Dover. Until the UK is considered adequate as a third country, however, any data transfers from the EU to the UK would be illegal, unless the parties have put standard contractual clauses in place. But these will be necessary for every partner across the digital eco-system, meaning thousands of new contracts to be negotiated and signed-off.

That’s not work that can be done in a bare three months. (You will still be able to send data from the UK to the EU, by the way, but you won’t be able to get it back.)

One company that will not suffer as a result is Google - it has the US-EU approved Privacy Shield to allow it to continue with data transfers. But only where these stay within its own estate. So advertisers and publishers will yield even more power and money to this virtual monopoly.

Secondly, the digital industry has been clutching at the IAB’s transparency and consent framework (TCF) to keep it on the right side of both GDPR and PECR. 

Unfortunately, a ruling in November 2018 by the French data protection authority CNIL against a geo-location targeting firm Vectaury blew a hole in TCF (although IAB argues this is not the case.)

With no compliant framework for the ad tech sector to operate within and no adequacy ruling in place, legal departments in UK publishers and advertisers may well feel their exposure is too great and order a halt to activities. The result could be a “digital Dover” with consumer demand piled up outside eco-systems that are in shutdown until some legal clarity emerges.

Just as with Brexit itself, many digital marketers will no doubt want to shrug this off and assume either that it will get worked out in a hurry or that regulators will decide to turn a blind eye. Both of those are possible, but not probable. Without fast-tracking of new contracts and swift action by stakeholders across the digital eco-system, 29/3/19 might turn out to have the impact that was forecast for Y2K.

DataIQ:

You Might Also Read: 

UK Cyber Attacks Will ‘Get Worse’ Post-Brexit:

 

« AI In Business: 2019 Trends & Predictions
The Biter Bit: Secret Russian Files Are Leaked »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Paraben

Paraben

Paraben provides digital forensics solutions for mobile devices, smartphones, email, hard drives, and gaming system.

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

Brainwave GRC

Brainwave GRC

Brainwave GRC is a leading European software provider focused on Identity Analytics and intelligence to strengthen IT security and compliance.

Quadrant Information Security

Quadrant Information Security

Quadrant Information Security is a consulting firm committed to supporting organizations in all vertical markets and protecting their sensitive data.

Subex

Subex

Subex leverages its award-winning telecom analytics solutions in areas such as Revenue Assurance, Fraud Management, Asset Assurance and Partner Management, and IoT Security.

National Cybersecurity Student Association (NCSA) - USA

National Cybersecurity Student Association (NCSA) - USA

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Sevco Security

Sevco Security

Sevco Delivers Real-time Asset Intelligence to Identify and Close Unknown Security Gaps.

Getronics

Getronics

Getronics guides customers through their own transformation journeys, leveraging an integrated and secure-by-design IT portfolio.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

Guardsman Cyber Intelligence (GCI)

Guardsman Cyber Intelligence (GCI)

GCI provides proven cyber intelligence solutions to protect your business against ever present physical and digital threats shadowing your online business.

at-yet (@-yet)

at-yet (@-yet)

at-yet are an interdisciplinary team of experts. We are all about achieving results, whatever the situation – an acute incident, risk minimisation, safeguarding or data protection.