Brexit Unintended Consequences: Internet Edition
Britain voted to leave the European Union on June 23, 2016. Before the vote, various experts warned of unintended consequences. Professor Michael Dougan warned of legal complexity. Bertie Aherne, former Irish Taoiseach, warned that Brexit may result in new borders. And unintended consequences will also affect both the UK and the EU’s IT industry, and the way UK citizens use the internet.
Right now, the EU consists of 28 countries. Businesses in EU countries benefit from free movement of people, and synced-up laws and regulations. These are both beneficial for tech companies, because they can work easily across borders. When the UK leaves the EU in 2019, nobody knows what will happen to these arrangements.
It is unlikely that the UK will continue to retain all EU law. To do that, it would need to exactly replicate its existing arrangement with the EU, which pro-Brexit campaigners would be unlikely to accept. At the same time, the UK will need to comply with EU laws if it wants to trade with EU countries. This suggests that the two legal systems will gradually go out of sync, and IT businesses will need to deal with the consequences.
Nine Unexpected Consequences
The UK’s IT industry will be affected by Brexit in many ways that we haven’t yet identified. But we do know that these nine consequences could result in positive and negative outcomes for the country.
1. Some Domain Names May Be Unavailable in the UK
A business’ domain name is not just a convenient shortcut to its website. The domain carries connotations about the way the business portrays itself to its market. In some cases, the domain itself is part of the business’ branding strategy. So a change in the availability of certain domains could be a problem for UK businesses after Brexit.
Right now, some ccTLD domain names are only available to businesses with a presence in the EU. The most obvious is, of course, the .eu domain (and the Cyrillic equivalent). These two domains can only be registered by businesses or individuals “within the EU, Norway, Iceland, or Liechtenstein.” After Brexit, the UK will no longer fall into this group.
So far, nobody seems to have made any decisions about the 300,000+ (PDF) .eu domains that are already registered to UK businesses. Eurid, the domain name registry for .eu domains, says no action will be taken until the European Commission has had its say.
Other ccTLDs — including .fr and .bg — can only be registered by companies in the EU. The .it domain is sometimes used by businesses that want an “IT”-related domain, or a domain ending with the English word “it.” But .it domains can only be purchased by businesses in the EEA, which the UK plans to leave in 2019. There’s no word on what will happen with domains with these extensions that are already owned by UK companies.
There is another potential twist. If Scotland eventually gets a second referendum on independence from the UK, Scottish businesses may wish to drop their .uk ccTLDs. But right now, the .scot domain is only available to a limited number of Scottish or UK governmental organizations. Plans for a second referendum are on ice right now, but if Scotland does break away, the domain name rules would need to adapt quickly.
2. Data Protection for EU Citizens
The EU has strict laws about EU citizens’ personal data, and it enforces them with vigor. Post-Brexit, the UK could find itself in a difficult position.
From next year, all 28 EU countries will share the same data protection laws — the General Data Protection Regulation (GDPR). This will simplify data handling for the companies that serve EU citizens, and will make compliance straightforward. According to research, 69% of UK businesses want to keep the GDPR after Brexit.
The UK will initially adopt the GDPR, and it will retain those laws for a while, thanks to the Repeal Bill. Later, the UK will decide which EU laws to drop. So over time, data protection laws between the UK and the 27 EU states may slip out of sync, even if they are aligned on the day of exit.
Of course, there is a chance that the UK will opt to keep all of its data protection laws in sync with the EU forever. But people who voted to leave the EU’s legal framework would likely object.
Change Britain says that there will be a “new relationship,” and the GDPR will still apply to EU citizens’ data, regardless of the UK’s legal position. Experts believe this may result in UK businesses having to comply with two sets of different laws at the same time if they want to attract EU customers.
3. Cookie Pop-Ups
The cookie pop-up is a much maligned outcome of the EU’s strict position on covert online tracking. Every website in the EU that places cookie’s on a user’s computer is required to notify that user when they visit the site.
This law has never been particularly well-received, and is not consistently implemented either. The EU itself has shown signs of slackening its cookie laws in recognition of both points.
But for UK businesses, Brexit could mean that — eventually — the requirement for a cookie notification statement may vanish. This is unlikely to happen straight away, but some businesses will probably be relieved if it’s abolished.
4. The Cloud and Compliance
After 9/11, the United States introduced the Patriot Act, which led many EU companies to adopt a policy of keeping their data in the EU. After further investigation, it became clear that EU data could be accessed under the Patriot Act anyway, but many EU businesses still felt that EU datacenters would be a safer choice for compliance reasons.
Post-Brexit, this issue will become a talking point again, and it comes down to the fact that EU and UK law will almost certainly differ eventually. In the meantime, UK businesses will need to muddle through, which may mean choosing cloud services and datacenters close to their customers.
To complicate matters, the Investigatory Powers Act allows the UK government to demand a backdoor into any UK encrypted service. Will UK businesses feel secure using UK cloud services, knowing that the law allows encryption to be bypassed in secret?
The EU is built on the unshakable concept of four freedoms; the freedom of movement for people, goods, and capital, plus the freedom to provide services. The prime minister of Estonia — which runs an innovative e-residency scheme — would like free movement of data to be added to the list, but the UK will almost certainly have left the bloc before any progress is made.
5. Exiting the Digital Single Market
After Brexit, the UK will miss out on the benefits promised by the European Cloud Initiative, and the Digital Single Market. The latter has various goals, including EU-wide standards for connected devices.
This brings the concept of international standards compliance to the Internet of Things, as well as creating standards in e-commerce, copyright, consumer rights, and cyber security. Once the UK is no longer a part of this arrangement, it could have a huge impact on the ability of UK businesses to compete with EU neighbors unless it adopts exactly the same standards.
The Culture, Media, and Sport Committee is looking into the impact of the UK’s exit from the Digital Single Market. But like most government initiatives, it will not reach any conclusions until the UK is close to its exit date.
6. Datacenters Could Be in Jeopardy
London currently houses one-third of the datacenter space in the UK. Additionally, one-third of London’s datacenter space is used by financial institutions.
But London’s future as the financial center of the EU is in jeopardy as a result of Brexit, as it stands to lose its passporting rights. If London’s financial companies cannot provide EU financial services, demand for datacenters will drop. Financial data may be shifted from the UK to the EU, following the financial providers that make the same move.
Companies like IBM are still investing in UK datacenters, because they believe that UK businesses will want to keep their data in the UK regardless. But if London’s financial industry moves its data to the EU, that would likely dwarf any positive gains.
Again, the Investigatory Powers Act might make UK datacenters unattractive to businesses in certain sectors. And the nature of datacenters themselves could change. The UK has ratified the Paris Agreement, but it has already dropped its own Department for Energy Efficiency and Climate Change. If energy efficiency is not seen as a priority post-Brexit, this could hamper the drive towards green datacenter facilities in the UK.
7. Price Increases
As of March 2017, the pound sterling had fallen around 18% against the dollar since the EU referendum result. The effects of the devaluation of the pound had become obvious shortly after votes were counted, and tech buyers were hit hard almost immediately.
Apple’s 2016 MacBook Pro was criticized globally for being expensive; in the UK, Apple compounded the high price tag with an increase of almost 25% on the ticket price of all of its goods. Likewise, Microsoft increased prices to UK clients for Office 365 and Azure. And businesses that pay for web hosting in euros or dollars noticed that their package cost more in pounds almost overnight.
These price increases are compounded by a potential loss of low-cost EU data roaming, which will make it more expensive for businesses to use mobile phones overseas. The UK government may have to strike a deal to avoid UK tech companies being exposed to the same massive roaming charges that Swiss mobile users currently pay.
8. Talent Movement
When the UK leaves the EU, 63 million people will lose EU citizenship overnight. But the fintech industry has benefitted greatly from EU freedom of movement. Sixty thousand people working in the UK’s financial services sector are currently EU migrants, and a high proportion are “highly-skilled.”
Already, there are serious questions about the position of EU workers employed by UK tech companies, including their residency rights. Likewise, companies in the 27 other EU countries may lose the UK staff they have invested in, either because those staff are not permitted to stay in the EU, or because the costs and paperwork make their employment unaffordable.
For tech staff, there are issues around healthcare. Many workers on short-term contracts use the European Health Insurance Card (EHIC) scheme, which the UK may not be party to from the date of exit. The EHIC issue will be part of the ongoing negotiations.
While a stagnant talent pool may increase UK tech salaries, there may be a corresponding negative impact on UK businesses.
9. UK Websites May Be Liable for Comments
If you own a UK website, and comments are open on your blog, Brexit may mean that you are legally liable for the content of those comments. Again, this depends on whether the UK decides to keep UK and EU law in sync after Brexit, and whether the UK government tweaks the laws it adopts.
Right now, the EU’s E-Commerce Directive protects website owners against legal action when someone posts defamatory content in blog comments. This protection exists as long as you don’t pre-moderate comments, and you take down comments if you receive a complaint.
The Repeal Bill means that the E-Commerce Directive will initially be integrated into UK law. But then, all bets are off. All of the comments on your blog could potentially be actionable if that legal protection changes. UK websites will need to pre-moderate all comments, or switch commenting off completely.
Research suggests that 85% of the UK’s tech leaders favoured a Remain outcome in the EU referendum. While there may be benefits to the UK’s exit, there is certainly going to be significant disruption; the simple process of renewing a domain name could be one unexpected consequence.
Even the most fervent anti-EU observer cannot deny the massive upheaval of Brexit, and the knock-on effect that will have on UK and EU businesses.