Brexit
August 2016

You might think that leaving the EU will have little or no effect on the digital life of Britons.  After all the internet knows nothing of national boundaries, it laughs at border posts, import tariffs and sanctions, doesn’t it?  Well, up to a point.  I don’t say that leaving the EU is the wrong course to follow (too late now, anyway), but it does present some major challenges to the digital industries.

One such challenge is the future security of data that is stored on computers; this includes the financial details that banks, stock brokers, or building societies keep, not to mention your medical records, emails and so on.  Data is valuable and the people who look after it need to be bound by the same sort of stringent rules that banks are, while they are looking after our money.

The very nature of the internet is that it allows businesses and services to operate across borders without much hindrance; they can store data in different countries, often more than one.  Data costs nothing to move (no lorries are needed) and so there is a thriving industry across the world that provides data storage.  It has led to a huge growth in the building of datacentres everywhere; these are faceless buildings that house the acres of computers that form “the cloud”; they are the landlords of the internet.

This means that you can move your data around to the cheapest or most secure service at the drop of a hat, but that can only work if there is some consistency in the laws that protect what happens to the information. 

One of the successes of the EU (in my view) has been the harmonisation and strengthening of data protection rules, coupled with some very significant fines for breaching those rules.  This in turn has greatly sharpened up the way in which businesses behave.  We are finally reaching the point when senior Board figures appreciate the importance of what is going on in their computers; partly it is the passage of time, as people who only discovered computers and the internet whilst in their late forties (and never understood either) fade away from senior management, but it also has a lot to do with this toughening of the rules.

At present, an EU based company and its clients can be confident that provided its data resides somewhere in the EU, it is protected by the same rules.  However, a major EU-wide revision of those laws, almost universally welcomed, is due to come into force in 2018.  If we are out by then, it would not apply to the UK, but we would be mad not to make sure that our own rules at the time are at least up to the same standard.  

If we don’t, which European company would be prepared to use a UK data centre?  Not many, if any, I think.  USA data centres have already seen a huge exodus of overseas customers who do not want their data being subject to gratuitous examination by the FBI following a change in American laws; these things matter.

There is also a rather intriguing alternative, which draws on the fact that we will be independent of the EU by then.  We could impose even tougher data rules than Europe and become a trusted “cyber haven” where data is safer than most.  Switzerland and Canada, of all places, have already achieved this, and consequently many organisations who value the privacy of their client’s data store it in those countries.

The important point is that we must do one or the other: align with EU or be tougher still.  To do otherwise will see a huge flight of data, all the healthy storage fees that go with it, and an erosion of our international digital reputation.