Bremain or Brexit? This isn’t a political blog, but it’s worth reminding ourselves of June 23rd’s implications for IT & cyber-security.
Privacy and personal data
Even if we leave the EU, we’ll still have to implement the General Data Protection Regulation, only to have to re-invent it later. If we want to trade with the EU, we’ll still be bound by it. If we choose not to adopt it in full, we’ll have to negotiate something like Privacy Shield to allow UK companies to process EU citizen data. And let’s remember that negotiating Privacy Shield – as a replacement for Safe Harbour – has hardly been a walk in the park so far.
There’s a big question behind this – is it the EU or the US who have the right fundamental attitude to personal data? The US has little interest in data privacy, and appears – although it’s still a matter for debate – to think that the government can access whatever it likes, whenever it likes. On the other hand, the US has a much better track record than we, or the EU, on holding private companies to account when they breach consumer’s personal data.
The EU (particularly the French and the Germans) take a much firmer line on privacy – making it harder to do the kind of big-data-driven innovation that’s all the rage on the web at the moment – but have only recently begin to implement proper supervision and penalties for breach.
Are we – the Brits – more like the Americans: happy to trade our private data for free services, but expecting the other side of the trade to take care of our data; or are we like the French: prepared in principle to pay for privacy?
If we stay in the EU, we’ll probably end up bound by EU decisions on encryption. At the moment, the Europeans are – not unanimously, and not coherently – broadly against weakening consumer protection by requiring back doors into all encryption. The US, and the UK government, have proposed various – completely impractical – laws that would effectively either ruin the utility of encryption or prevent its use entirely.
Of course, since the majority of mainstream web services originate in the US, whatever the new US administration does will affect us anyway. But I can’t help feeling that anything that threatens to weaken our most effective defence against cyber-crime is a bad thing.
Exports, imports and access to innovation
The EU is a major export market for UK technology skills, services and products. We’re also a significant exporter of the same to the US, taking advantage of existing US/EU trade agreements (never mind the now potentially-doomed TTIP). Of course we import rather more than we export; at the moment these imports, coming mainly from the US and China, are governed by EU tariff structures. Our pricing tends to follow Euro-zone prices, too, with some volatility since our currency floats freely against both Euro and Dollar.
If we leave, we have the freedom to negotiate our own tariffs – which could make imports cheaper, boosting UK access to technology; but we lose the negotiating muscle that comes with being part of the largest single free-trade area – this could instead mean higher prices, or barriers to trade for UK sector champions like ARM (the processor in your phone) and CSR (the Bluetooth chip in, well, everything). Of course CSR were sold to the US Qualcomm Inc, so I guess they’d just relocate the business to somewhere with lower tariffs…
We also cease to be part of a single regulatory framework. If we actually make use of that freedom – which is, I suppose, the point of leaving the EU in the first place, then product and service companies outside the UK will have to make sure their products conform to our standards separately to their development for the EU. We’re the fifth- or sixth-largest economy in the world, so you’d hope they’d still think we’re worth it, but we’re only 32 million daily active users, for instance – about 2.9% of Facebook – so how important are we really, in a global context? Will we lose our early access to the best of new technology?
By the same token, UK companies will have to develop EU-compliance separately to their domestic market compliance. That might make UK-market innovation less expensive, assuming we simplify the red tape, but (see above) we’re not a very large market by tech standards, so the associated increase in overall compliance costs could be a drag on UK exports.
Skills & employment
This is the big Kahuna. Whatever we may feel about immigration as a general topic, we know that the UK has an IT skills shortage. TechUK forecast the sector needing an additional 500,000 workers by 2020, but we’re not training anything like enough of them domestically. Sure, given time, we can try to fix that by improving indigenous education and skills, but in the meantime having access to the whole of the EU as a skills resource can only help us – and let’s remember that the more recent EU accession states in Central and Eastern European have become very significant exporters of low-cost, high-quality IT staff and people-based services like offshore development and support.
This isn’t really just an EU issue, since the biggest producer of new IT graduates is India, and we’ve already made it a lot harder recently to bring staff over from there. If we modelled the work permit programme for EU citizens on the sponsored skilled visa system we use for everyone else, it will hit small UK startups hardest, as they will struggle with the paperwork and the additional costs, but the whole UK tech sector will suffer. Or move.
Collaboration on cyber-crime
The hackers are organised and well-funded; the global response to them is fragmentary, partisan, underfunded and frequently inept. At least Europe, for all its inefficiency, is trying to formulate a co-ordinated response – both legislative and practical. We don’t hear enough about EC3 (Europol’s European Cybercrime Centre), and it doesn’t do enough, but given that a good deal of the crime originates outside the UK – and indeed outside the EU – the more we work together, the better our response.
Of course it seems likely that if we wanted to carry on as part of the Europe-wide response, no-one would gainsay us; but that would of course involve adopting the relevant European regulations. Maintaining access to innovation from outside, and maintaining our access to export markets, means adopting common regulations on products and services. Keeping the door open for necessary skills means accepting bilateral freedom of movement. Staying price-competitive means negotiating effective tariff programmes to replace the effective tariff programmes we already have as part of the EU. And so on.
It’s very hard to see Brexit as a good thing from a tech and cyber perspective. You may, of course, find the other arguments about national self-determination, the relative lack of democracy in the current EU administration, and the issues of unskilled migration more compelling, but as I said in the beginning, this isn’t a political blog.