Britain’s decision to leave the EU will challenge the ability of UK technology companies to innovate and grow. Companies have previously relied on the benefits of EU membership such as the freedom to manage and transfer data across the EU, and free movement of skilled labour to create huge opportunities for creativity and collaboration across the technology sector.
This creates a growing divide between British and European attitudes to data privacy. Recently, the EU demonstrated its commitment to strengthening privacy laws and cyber security regulations with the General Data Protection Regulation (GDPR). The new law aims to improve privacy standards across the EU.
In contrast, the UK Government’s new Investigatory Powers Bill (IPB) has created new provisions for increased monitoring of individuals; causing a rift in the perception of the right to privacy within the different markets. This legal culture clash, coupled with uncertainty from the Brexit decision, has led to people questioning Britain’s role as a hub for innovative companies.
Skills shortages and tech hubs
The technology industry is fuelled by highly-skilled employees and relies on freedom of worker movement. Vital skills such as coding, programming and network integration, are in short supply. This problem intensifies the more niche the technology. Certain tasks, such as creating cyber security tools or communication applications require diverse and experienced teams that must be sourced from across the globe.
Resourcing the tech industry relies on the freedom of travel between countries - to found start-ups or join companies which are expanding. Britain has already acknowledged a skills shortage in the IT and security sectors, an issue which will be aggravated by Brexit. This could also be affected by the incoming IPB, which may deter some technology workers, who are more privacy aware, especially those who have emigrated from countries with strict governments. The skills shortage raises questions about the flow of tech talent and where new businesses will be founded.
The UK commonly benefits from the skills of people from Central and Eastern Europe. If skilled people are prevented from coming to the UK, then start-up hubs will move from London to cities such as Berlin, which have an unthreatened start-up scene, cheap rent and plenty of office space available and an already present vibrant start-up scene.
Transferring data freely across EU borders is one of the strongest contributors to the growth of the European technology sector, one that the UK government should take steps to protect. However, keeping this will come with complications. The current system enables companies anywhere in Europe to operate a digital business and access the data of EU citizens from anywhere within the EU.
Countries outside the EU, however, must sign specific agreements to gain similar access. One of the central guarantees that these deals rely on is the promise that EU citizen Data will be protected from mass surveillance. This creates a challenge for UK technology companies around the future of cross-border operations. If it becomes impossible for UK-based companies to maintain records and data on EU citizens legally, these businesses will be forced to relocate or lose access to a huge market.
Privacy is an important battlefield in a world where the volume of data generated by every consumer continues to grow. The right to access, move, and control that data is vital, both for consumers trying to protect their own privacy, and for companies trying to interact with those consumers and provide a quality customer experience. While neither policy is yet in effect, the GDPR and the IPB each provide a different answer to the question of user privacy, a contradiction that is likely to lead to disagreement in the future.
However, the Information Commissioner’s Office (ICO), the UK’s main privacy regulator, has stated that they will be implementing the GDPR with minimal changes, and are committed to helping companies adjust to the new legislation. This has created a challenge for UK companies, who cannot plan for future compliance, due to the uncertainty, and may find themselves unable to do business in either market if they do not comply with its laws. Issues with data access and compliance may be avoided for UK companies, if by following a precedent set by Norway and Switzerland, the UK chooses to implement EU regulations regardless of their EU membership status.
This would allow businesses to continue to access EU citizens’ data. Not only will this enable the free flow of data to continue but it will also protect people’s right to privacy and therefore is a decision to be embraced. Though the question still remains; how will the UK government balance its need to regulate the digital space, with the pressure for privacy demanded by its EU neighbours?
Regulation of over-the-top providers
Earlier this year the EU unveiled new proposals for regulations on OTT players such as communications providers, and the internet. The new regulations propose that mobile messaging companies will have to follow the same regulations as mobile phone operators such as providing contracts and allowing emergency dialling.
This regulation will also require mobile messaging companies to secure their users’ data and keep servers secure.
The UK government has also stated that it may require OTT players to provide information on user conversations if a warrant is provided, but we have yet to see if this will clash with the EU’s requirement that OTT players keep their servers secure. It is likely that the EU will be unhappy with any UK Government initiatives that weaken encryption or risk the privacy of EU citizens.
An uncertain future
The key challenge for the technology industry posed by Brexit is the uncertainty. Mobile messaging companies are unsure which new regulations they will have to comply with, and all technology companies are worried about recruitment, privacy protection and access to customer data.
This is magnified by the UK government not providing a roadmap or the necessary guidance to guarantee stability. Many employees who have come to the UK that work in tech have still not had their position clarified. This creates tension across the sector, and could encourage moves to countries where this issue does not exist.
The UK government needs to take some large steps to provide the assurances that the technology sector needs. Much of this could be resolved by adopting existing and incoming EU privacy legislation, but given the goals of the government and the introduction of the IPB, the EU and the UK may be on two different paths to privacy.
Alan Duric, co-founder and CTO, Wire
Image source: Shutterstock/JMiks