August 29, 2016

This issue has a special focus on algorithms, government and the law which I hope will awaken an interest in the topic among SCL members. I am very grateful to John Danaher and Rónán Kennedy for their help in producing these articles, which arise from a seminar organised by Galway University. For reasons of space some are to be found only in our epub edition (free to SCL members and eminently readable by downloading Adobe Digital Editions!) or on the SCL website.

While I should devote this editorial to my thoughts on algorithms – and I do have some – I feel I have to get some thoughts on Brexit off my chest. All editorials are personal; this one more than most.

Most of those in the tech law community in the UK will have been extremely disappointed by the result of the referendum. You may have identified different people to blame – David Cameron for the strategic error of insisting on fronting the campaign, Remain mastermind Will Straw for failing to realise that the campaign needed stories as well as facts and most of us Remainers for failing to convince those people we knew to be wavering. I blamed our friends in Derry Hill, Janet and John, but that’s mainly because I haven’t attended a wine-fuelled dinner party with Cameron and Straw post-referendum.

I have bleak expectations for the tech industry in the UK in the immediate future. Not only does the current uncertainty threaten to strangle investment but the numerous collaborative ventures with other EU partners, including some high-level research, is likely to founder. Unless you swallow the claptrap about widening immigration for our Commonwealth cousins, it will be harder to recruit star talent. London is and should have continued to be a centre of excellence in FinTech but the prospects for the financial services industry insofar as it is international are cloudy and that must have a knock-on effect. If I was choosing where to establish my start-up, the UK’s appeal just went down several notches.

While tech lawyers may find short-term rewards from this uncertainty, the renewed interest in ‘mergers’ that our effective devaluation has engendered and even a few moves of base, a shrinking of the UK tech sector cannot be good for tech lawyers in the long term. One option might be to declare that we will aim for a new lax regime that encourages enterprise. That does not much appeal to me – nor do I think it is attainable because of the cross-border nature of IT and ecommerce.

I have another suggestion.

The GDPR is less than two years from obligatory application. On all but the most outlandish assumptions about the pace of Brexit, the GDPR will be in force while we remain a full member of the EU. But it isn’t quite so outlandish to imagine a scenario where we are clear on a Brexit strategy by the time the GDPR is due to come into force and elements within the data industry suggest that, given the limited period for which the GDPR might then have automatic effect, it really isn’t worth bothering with. If some of the ICO’s industry friendly enforcement policies were to be continued, that suggestion might have been seriously considered but one upshot of Brexit is that lax enforcement, both of the current regime and the post-GDPR regime will have to be a thing of the past. If we are out, we will need an unassailable ‘Privacy Shield’ if data rich organisations are to prosper here. And the proposals in the IP Bill won’t make that easy. Plus it is worth remembering that the EU is not the only international body that cares about data protection – there are many governments that will be ready to throw stones if we build a glasshouse, including those with prominent glasshouses of their own.

Whatever the new Commissioner’s preferences and whatever the Brexit strategy, the UK’s data protection supervisor will have to be entirely above suspicion. Elizabeth Denham will not be a part of the European Data Protection Board post-Brexit and may be on the edge of its decision-making processes prior to it. It doesn’t follow that she will be the victim of a gang of schoolyard bullies but you cannot feel sure that she won’t.

Remember that the GDPR is actually in force; it is just that Member States are not yet obliged to apply it. A positive commitment to the GDPR might mean that the UK can take a central, leading role rather than finding itself on the periphery. The radical move to make, trumping any words that can be uttered and showing the most emphatic and most positive commitment, is to bring the GDPR into force in the UK in the next legislative cycle.

That’s not undermining Brexit (even if one might wish it would). It is acknowledging that data protection needs reform and has already waited too long for it, that we have little realistic choice but to follow those parts of the GDPR that are obligatory and that our many tech-related industries need certainty.

Bringing forward such legislation quickly would be demanding. But, ironically, post-Brexit uncertainties might free up the Parliamentary timetable and make speedy passage of a new Bill possible. A fresh Information Commissioner with energy and no baggage might just be able to swing it. Not only would it fulfil her role of upholding information rights in the public interest it will remove uncertainty in a crucial area and send a clear message to the tech industry that the UK can still provide an attractive base from which to operate.