No Brexit Deal? Then Its ‘Digital Dover’

When just 89 lorries turned up in early January for a traffic management rehearsal, staged to understand the impact of the UK crashing out of the EU with no deal, Transport Minister Chris Grayling was roundly mocked for seeming so woefully under-prepared. But it at least showed an awareness that the sudden loss of freedom of trade will quickly lead to 20,000 vehicles a day needing to be parked in Kent until they can clear burdensome new customs checks.

Margot James, Minister of State for Digital at the Department for Culture Media and Sport (DCMS), should not even expect that level of understanding. With the Government regularly highlighting the contribution of digital industries to the economy - £118.4 billion annually or 7% of total GDP - you might expect a contingency plan to be in place for a hard Brexit.

But when did DCMS start to reach out to the industry to discuss what no deal might mean? Monday 18th January. That’s right, with just 12 weeks to go until our 29th March departure, the state decided it was time to look into a sector which is so complicated that even the European Commission has been unable to figure out how it works, effectively parking the planned ePrivacy Regulation as a result. 

Of course, James and DCMS are hostages to Theresa May’s strategy of insisting there is only one possible deal and refusing to allow for any other options to be considered. As the recent thumping defeat in Parliament revealed, it is not a view shared by two-thirds of MPs. So what will happen to UK digital activities - from search and display advertising through to online publishing and e-commerce - if we end up with no deal? 

In all likelihood, virtually the entire industry will carry on as usual, but it will be breaking the law and could face serious consequences as and when regulators in both the UK and the EU decide to act. 

There are two reasons why digital will become an outlaw in this way:  

Firstly, it will take years for the EU to recognise the UK’s data protection laws through an adequacy ruling. Even though our Data Protection Act maps directly onto GDPR, there is a bureaucratic process to go through which could be every bit as grueling as those customs checks at Dover. Until the UK is considered adequate as a third country, however, any data transfers from the EU to the UK would be illegal, unless the parties have put standard contractual clauses in place. But these will be necessary for every partner across the digital eco-system, meaning thousands of new contracts to be negotiated and signed-off.

That’s not work that can be done in a bare three months. (You will still be able to send data from the UK to the EU, by the way, but you won’t be able to get it back.)

One company that will not suffer as a result is Google - it has the US-EU approved Privacy Shield to allow it to continue with data transfers. But only where these stay within its own estate. So advertisers and publishers will yield even more power and money to this virtual monopoly.

Secondly, the digital industry has been clutching at the IAB’s transparency and consent framework (TCF) to keep it on the right side of both GDPR and PECR. 

Unfortunately, a ruling in November 2018 by the French data protection authority CNIL against a geo-location targeting firm Vectaury blew a hole in TCF (although IAB argues this is not the case.)

With no compliant framework for the ad tech sector to operate within and no adequacy ruling in place, legal departments in UK publishers and advertisers may well feel their exposure is too great and order a halt to activities. The result could be a “digital Dover” with consumer demand piled up outside eco-systems that are in shutdown until some legal clarity emerges.

Just as with Brexit itself, many digital marketers will no doubt want to shrug this off and assume either that it will get worked out in a hurry or that regulators will decide to turn a blind eye. Both of those are possible, but not probable. Without fast-tracking of new contracts and swift action by stakeholders across the digital eco-system, 29/3/19 might turn out to have the impact that was forecast for Y2K.

DataIQ:

You Might Also Read: 

UK Cyber Attacks Will ‘Get Worse’ Post-Brexit:

 

« AI In Business: 2019 Trends & Predictions
The Biter Bit: Secret Russian Files Are Leaked »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

Usenix

Usenix

Usenix brings together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of computing.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

Novastor

Novastor

NovaStor® is an award-winning, international data backup and recovery software company with solutions supporting physical, virtual and cloud environments.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

Rausch Advisory Services

Rausch Advisory Services

Rausch delivers solutions that address compliance, enterprise risk, information technology and human resource capital.

Gilsbar

Gilsbar

For more than half a century, Gilsbar has offered insurance service solutions and support for businesses and their employees.

Intracis

Intracis

Intracis is a 'Made in India' cyber incident management solution aimed at ‘Making Security Simple’ by simplifying cyber incident management for CERTS and CSIRTS.

Lightpoint Global

Lightpoint Global

Lightpoint Global is a bespoke software development company. We also provide a spectrum of services such as IT consulting, business analysis, QA and testing, and DevOps services.

Adili Group

Adili Group

Adili Group is a leading pan-African corporate advisory firm. We deliver tailored solutions in regulation and compliance, risk management, and improving business efficiency.

Crisis24

Crisis24

Crisis24 is a leading integrated risk management, crisis response, consulting, and global protective solutions firm.

Securitribe

Securitribe

Securitribe provides cybersecurity and compliance solutions, including vCISO services, ISO27001, and ASD Essential 8 advisory, helping businesses and government strengthen security & compliance.

DeepSurface Security

DeepSurface Security

DeepSurface is the first risk-based vulnerability management platform that allows cybersecurity teams to automate the process of analyzing and prioritizing vulnerabilities.