While much of the ‘Brexit’ debate has focused on local and international politics, there are other implications for any decision by the UK to leave the European Union: the EU’s power and influence in terms of data protection, transfer, and security regulations, and its position as a market regulator and antitrust buffer.
A ‘Brexit’ vote would leave the UK’s position on data sovereignty and protection uncertain at best, and at worst in chaos, a legislative mess that might take years to resolve.
Brexit would require the British government to rewrite those parts of UK law and the regulatory environment that have previously come under the EU’s control – indeed, that is the point for Leave campaigners. And as we know, the British government favours the introduction of unparalleled surveillance powers, which are opposed by most IT and communications companies, not to mention by the EU, – in cultural terms, if not in law.
Opponents of the EU’s perceived bureaucratic culture tend to see regulations as an impediment to trade, rather than for what they are: trade enablers on mutually agreed terms, offering consumer, business, and data protections. Post-Brexit, there may be a prolonged period in which it is deeply uncertain whether the UK is a safe place to do digital business in itself, and whether the UK is a safe place for Europe to trade with digitally too.
As previously reported on UCInsight, people are starting to wake up and recognise the sovereign realities of the cloud, not least because of incoming European data regulations, and because of the ongoing war of words between the EU and the US over data regulation. In two years’ time, Europe’s General Data Protection Regulation (GDPR) will come into force, while the US Safe Harbor data transfer agreement ended last year. Most people agree that its replacement, Privacy Shield, isn’t working.
In a recent blog entry, the Wall Street Journal said that these regulatory changes are persuading more and more companies that localised data is “a must”, with one commentator even describing the notion of centralised data in the cloud as “a nightmare”.
If the UK sits outside of both GDPR and Privacy Shield, then the regulatory environment is not only more complex, but there is the obvious potential of it becoming much more expensive for foreign countries to trade with us, and us with them, as rewritten UK laws may demand data centres to be built in the UK.
And whatever happens, there will be a minimum period of two years in which the only people benefiting from a Brexit vote in data protection terms will be expensive corporate lawyers.
But what do UC players think about all this?
At UC EXPO earlier this year, Fuze CEO Steve Kokinos told UCInsight: “We’re a pretty international company. We have 75 people in the UK and a data centre here. From our perspective, whatever externalities happen, we have many customers here and will continue selling here. It’s up to vendors like us to work out the complexity and make it simple for our customers.
“Whatever has to be done in terms of data privacy and the regulatory environment, we just have to make sure that we have architected our infrastructure in such a way that the market will accept it. Whatever happens in the European Union, it’s just up to us to figure out how to make it work for our customers.”
Also at UC EXPO, panellists from Microsoft, Cisco, and Tata trotted out similar “we’ll just wait and see” and “we’ll figure it out” arguments, and were naturally unwilling to be drawn into political arguments.
Larry Augustin, CEO of SugarCRM has a similar perspective: “We don’t see a big impact for us,” he told UCInsight in a recent interview. “We have the ability to run in different data regimes. Potentially, some different data protection and privacy laws may emerge from a Brexit. We would have to see if we still comply with any changes that might result.”
But he added an implicit warning: “But in a broader sense, there is the bigger question of what does it mean for companies in the UK and on the continent of Europe, as you have a common data security and privacy regime, and were that to change…”
IT solutions that run on multiple infrastructures, and via platforms such as Amazon, would be best positioned for a ‘Brexit’, he suggested, and this need to run applications on multiple infrastructures is not only being driven by data security and privacy laws, explained Augustin, but also by the business need to interrogate data:
“The challenge that cloud vendors face is the volumes of data that you have to push off to a remote cloud service through an API call rather than have a high bandwidth connection into your own database. SaaS vendors really have to shift their model to leveraging other cloud infrastructures, because customers increasingly want other capabilities, like analytics on big data or the Internet of Things, and integrating that with other applications.”
But Europe has another function: a market regulator. Recent cases involving Google, Microsoft, Intel, and others, have seen Europe act as an essential multinational brake on antitrust activities and local market dominance. As recently as last month, for example, the EU blocked Three’s takeover of O2. There is no guarantee that the absence of a wider European perspective on UK market manoeuvres would benefit consumers at all.
Indeed, the UK might be tempted to accept monopolistic or market-doninating moves by some companies in a bid to maintain economic activity in the short term, and thus create a narrower, more cutthroat market that favours large, powerful players over new entrants and smaller organisations. It is difficult to see how that would benefit the British taxpayer, or local innovators, in the long run.