And What Of This Digital Border You Speak Of?
And suddenly, we’re facing one of the most consequential elections in generations.
It is astounding to consider that as close as Tuesday, 18 April, we’ve seen policies for incremental, society-defining areas, (such as the NHS, police personnel, taxation of the elderly...) manifest themselves within a short political season, to be reduced to a joke or be championed by a volatile public.
And indeed, Northern Ireland has become the flavour of the month once again in the UK’s political conversation - tales of public meetings with paramilitaries removed from context to stoke conjecture, the country’s sovereign status apparently up for grabs and of course the mixture of hushed and raised tones over the prospect of a customs border with the Republic of Ireland.
It can be easy to entertain the image of the return to the good aul’ lads making covert smugglers runs with all sorts of old-school contraband goods, despite all the assurances of no returns to an Irish land border and instead something new, tech-drive and seamless.
But if we’re truly moving away from borders of the past, what kind of new, digital border awaits us?
The context is this: data protection, of your data specifically.
You may have heard talk of the Great Repeal Bill - a new piece of legislation proposed by the UK government to convert current EU law to UK domestic law once the UK officially exits the EU, thus ensuring that there are no shocks to any parts of society through sudden changes in law. Only much later, once all aspects of society have acclimatised, will parliament then look at amending or changing these laws as it sees fit, with full control and without the scrutiny of the European Court of Justice.
So regarding data protection - what’s the connection?
Next May, when the UK is still likely to be within the EU, the General Data Protection Regulation will come into play across the European Union. This is a big and important piece of legislation which determines how companies and states must treat your personal data across the jurisdiction of the EU. It defines a clear communication structure for citizens who wish to complain about potential breaches in their data protection by 3rd parties, such as data protection authorities in EU member states, data protection officers within companies and fines on revenue of culpable companies. This law will ideally act as a modern safeguard for citizen data which is more frequently being retained by companies, big and small, within the digital sector.
So the potential issue I’m getting to here, has already been illustrated - in 2015, the European Court of Justice ruled in favour of Max Schrems, a twenty-something Austrian lawyer who successfully took his case against Facebook to court. The case was due to the Snowden revelations - that the US’s NSA had forcing US data-reliant companies like Facebook and others to provide them with data of their users, from different jurisdictions around the world, from EU citizens like Max. The Court’s ruling rendered the Safe Harbour agreement, a US-EU data agreement for exchanging citizen data between the two jurisdictions, void.
It is now replaced by an updated agreement, Privacy Shield, but even that has potential legislative flaws for the future - this is down to the fact that the EU laws protecting EU citizen data, both currently and under the future GDPR, don’t extend into the jurisdiction of the US. It’s trying to reconcile two different systems of law - like using a hurling sliotar as a cricket ball, it’s just not going to fly.
This level of legislative separation over data is where the UK can potentially go based on the current direction of its government. A UK outside of the EU may have near parallel rules on data protection initially, but who can say that it won’t be amended, even drastically so? And as with the US, a deal ensuring free flows of personal data between the bloc and the kingdom may be required.
So, what’s at the crux of having the island of Ireland split into more diverging data jurisdictions?
Two main areas come to mind:
Business, Trade and Commerce
There’s no going back from the digital economy and digital commerce is crucial for growth for many different companies. According to a report from the technology lobby TechCityUK, the digital sector had a turnover of £150bn in 2015 and is growing twice as fast as the wider UK economy.
The future of Northern Ireland’s and the Republic of Ireland’s economic growth is very much tied to their investment into the digital economy and data flows with other countries. Tech companies currently operating across the island of Ireland with user-data can do so under the auspices of EU law, but how will cross-border data flows be affected should future UK data laws make a substantial shift away from EU standards?
Thus far, the UK government is keeping mum, as a TechCrunch interview with UK Digital Minister Matt Hancock proved in February; asked if the UK government would mirror changes to GDPR in the future, the minister replied “We’ll have to make that decision at the time according to what the changes are”.
As the digital sector develops further and companies across all of Ireland, from local SMEs to future corporations, integrate themselves into it, how will a post-Brexit data flows between Northern Ireland and the Republic work? Will a potential deal face the same legislative threats the current EU-US privacy shield does?
Your online liberties and your security
This is ultimately the grave situation that we could be facing with a Tory government shaping the UK’s path outside of the rules of the EU. Theresa May has been giving clear signs of her scepticism of the UK’s agreement to the European Convention of Human Rights for years, not just as PM but during her tenure as Home Secretary also. Personal data is the new currency in the digital world, which is why the EU’s new data protection regulation is so robust.
The 2017 Conservative Manifesto does confirm that the UK will remain in the ECHR, but at the same time mentions how British soldiers “will in future be subject to the law of Armed conflict...not the European Court of Human Rights”, which technically speaking is a contradiction but is a clear indication of this Government’s intentions of greater control over laws which determine our liberties, like our personal data.
The manifesto also makes explicit that the UK government wants more influence with online companies who are responsible for users’ private data, and this is reinforced by Theresa May’s latest stance, pushing for new controls over encryption.
The encryption tough-talk isn’t anything new. Theresa May is the latest politico to receive this buck and many different techies have written at creative lengths as to why giving governments a back-door into encrypted technologies, like communications apps such as WhatsApp, is just a feet-shooting exercise. Here’s a personal favourite summary, “any politician caught spouting off about back doors is unfit for office anywhere but Hogwarts, which is also the only educational institution whose computer science department believes in “golden keys” that only let the right sort of people break your encryption” Giving anyone or any group golden keys to encrypted data effectively means that the data isn’t encrypted any more and has an exploitable flaw, thus compromising your cyber security, rather than enhancing it. It is a crucial example of how digital companies may have to fundamentally alter their practices when operating within the UK, in comparison to the rest of the EU or further afield.
Unfortunately the UK isn’t alone in this doomed conversation. However as an NI citizen now moving beyond the frontier of EU law under an ideologue leader in a right wing government you’ll have an idea about where my anxieties lie.
As a 25-year-old Belfast bred guy I’ve had the good fortune growing up with the benefits of the peace process in the 90s and the Good-Friday/Belfast agreement atmosphere, so the idea of any kind of Irish border is a novel concept to me, yet everyone seems to jump to older ideas when considering how that would actually work. Talking not just from this perspective, but also from a tech-enthusiast perspective, I worry that, as with any election, a lot of the real and future challenges we face aren’t given the PR buzz they deserve.
And when it comes to Northern Ireland, that goes double.
Customs checkpoints are certainly a vivid scene, but, for me, voting today for people, parties and policies which can secure, or at the very least, lobby, for a post-Brexit special status for Northern Ireland to remain within the EU’s data protection regulation, or at least for NI domestic legislation to maintain in parallel with the EU’s legislation, to secure a future for the digital economies of Northern Ireland and the Republic, which may become interdependent market places, as has been the case with agriculture, is one of the earnest issues driving me to the booth.