All issues > Volume 13 > Issue 2 > Brexit: “You don’t know what you’ve got till it’s gone”

On 23 June 2016 a slim majority of UK voters decided we should leave the EU in one of the great political upsets of British political history. On 24 June, the next day, CREATe,[1] the RCUK copyright and business models centre which I have helped run since 2012, ran a one-day festival at the Royal Society of the Arts in London. This was designed to be a showcase and celebration of four years of working at the cutting edge of copyright and how it either helps or hinders the creative industries and arts. Hundreds of academics signed up to show and see, including the Director of CREATe, Martin Kretschmer of Glasgow University, from Germany by birth, and many others from all over Europe and beyond. It was a classic international IT/intellectual property event: analysing laws made throughout the world to regulate globalised cultural markets, transnational data and product flows, disruptive technologies that disregard borders, and audiences as likely to listen to music made in Brazil via decentralised P2P networks, as watch Netflix series made in the US, or use smartphones made in Japan to watch Hindi pop videos on YouTube.

In the event, the CREATe Festival became more of a wake. Reportedly, experienced academics, who thought themselves hardened to trauma by years of bombardment from REF, TEF and NSS, were almost in tears at the first session. This writer, derelict of duty, was not there to corroborate, still staring like a rabbit in the headlights at the TV in a hotel bedroom in Docklands, where the dominant tech, business and financial workers were almost equally in shock.

So, Brexit. As the dust not so much settles as temporarily accumulates while we work out what on earth happens next, what are the implications for IT law and UK academe? Are they really as bad as they seemed that morning?

Most IT/IP academics reading this editorial will know how heavily harmonised our chosen disciplines are within the European Single Market.  The objective of guaranteeing and promoting a single market for goods and services, free movement of people and of data within Europe, have driven the creation of a raft of directives and regulations which have become the backbone of copyright, data protection and e-commerce laws in the UK. I teach my students from the E-Commerce Directive, the Data Protection Directive, the Infosoc Directive and the EU Charter of Fundamental Rights (as well as the Council of Europe ECHR), and increasingly refer to UK laws and cases only as passing peculiarities,  except where entire separate jurisprudences have emerged  (the transition of breach of confidence into a common law of privacy, and the web blocking case law on s 97A of the Copyright Design and Patents Act stand out as recent examples.)

Why? Not only does harmonised law have enormous advantages for industry – ask any multinational digital business selling into (or out of) Europe and they will tell you they almost do not care what the laws are, as long as they are roughly the same in 28 countries – but also for consumers and citizens: your rights exist across Europe and can be predicted and protected by your local lawyer or advice bureau, even if you bought goods on eBay from Berlin or had spam sent to you from, or your card scammed in, Slovenia. In a globalised, dematerialised, cross-border world, the post Internet world we all inhabit, harmonised laws make overwhelming, head-desking common sense which only a committed Little Englander (or Scotlander, except we voted to Remain, nyeh) could deny. In an ideal world, as often pleaded for in student essays, laws relating to Internet commerce, copyright, privacy, jurisdiction, cybercrime and telecoms would all be globally harmonised and not just on a European scale. While progress on this has been made, notably in relation to IP, it shall probably remain out of reach forever, especially in hardline domestic law areas such as contract and criminal law, and stymied by American exceptionalism (think of s 230(c) of the Communications Decency Act) and Chinese protectionism and politics.  But until now, we had the next best thing: a system of harmonised laws and adjudicative interpretation across the UK’s biggest trading partner and nearest cultural collaborators. Overnight we may have torn that up.

Or not. Fortunately, it seems increasingly unlikely that the ever more dazed-sounding phalanx of Brexit civil servants will fail to note the advantages of maintaining our laws for IP, DP et al in harmony with the EU, unless there are very good reasons to veer off in the direction of uniquely UK legislation.[2] The Information Commissioner’s Office (ICO) has already come out firmly in favour of implementing the newly concluded General Data Protection Regulation (GDPR) as planned (amusingly, the Regulation comes into force throughout the EU anyway in May 2018, a few months before any possible Brexit).[3] In copyright, heavily harmonised on a global as well as an EU level, this sentiment is likely to be even stronger. As Eleanor Rosati recently declared, EU law has created a harmonised space which is infinitely better for both UK rights holders and users than the fragmented space of even 20-25 years ago.[4] The injunctions against infringing websites under s 97A CDPA, for example, though instigated to fulfil an EU directive, have been seized on happily by the UK music, film and video industries in their eternal fights against piracy.

It seems likely instead that the eventual outcome of Brexit will be some kind of EEA membership – which is not, as often presented, a happy cost-free ending incidentally, but what has been described by frustrated Norwegians as “EU law by post” – forced to implement EU laws as now, but without a say at the table on how they are made.

With or without EEA membership, however, a Brexit UK has serious problems coming in the field of privacy. EU law demands that the personal data of EU citizens be exported only to countries whose privacy laws are “adequate” to protect them. Famously, in the wake of the Snowden revelations of covert NSA collection of EU data, and US laws validating such, the Court of Justice of the EU (CJEU) struck down in 2015 the exceptional “safe harbor” arrangement which allowed data exports to the US, even though by the normal tests their privacy laws were not “adequate” (Schrems v Data Protection Commissioner of Ireland Case C-362/14).[5]

A future UK which is not a member of the EU, or which fails to adopt the GDPR as part of the EEA, will ceases to get a free pass for “adequacy”. This is not a trivial matter – almost every trade with the EU will involve data exports: think customer mailing lists, follow up advertising, supplier data, et al. Exclusion from EU “adequacy” rules means exclusion from most trade with the EU (while still, note, leaving UK firms which do monitor or target EU nationals open to fines for breach of DP laws). The UK has always veered on the “business friendly” side of implementing EU DP law, with EU Commission action for non-compliant transposition threatened more than once, but the key threat right now comes from outside the main circle of influence of the ICO, in the shape of the Investigatory Powers (IP) Bill. This Bill is now cruising with surprising ease through Commons and Lords scrutiny, and seems unlikely to be derailed, given it has been the pet project and goal of the new PM, Theresa May, for many years.  Experts and courts (see notably the CJEU decision to strike down the UK-sponsored Data Protection Directive[6] and the recent AG Opinion on the legality of the interim UK Data Retention and Investigatory Powers Act, DRIPA)[7] are near unanimous in thinking the IP Bill will not pass the benchmark of EU privacy standards without substantial changes. Some key problems involve Internet Connection Records (ICRs), bulk powers of collection and retention, and lack of restriction of these powers to serious crimes.  As a leading commentator, Amberhawk puts it: “If bulk personal datasets continue to be hoovered up without regard to data protection compliance then there is a risk that… transfers to the UK could well be deemed to be a breach of the GDPR”.[8]

Gung-ho Brexiters may say that if an exceptional solution can be found for the US, then it can be found for the UK too, but this rather overestimates the respective trading importance of the UK and the US, as well as underestimating the degree of resentment currently felt in Brussels towards the UK and their historical corner-cutting attitude to privacy rights and demand for special privileges from the EU. Even the “special solution” thought up for the US in the wake of Schrems, the rebranded “Privacy Shield” is, in the eyes of the privacy expert community, more than likely to be struck down in its turn by the CJEU. It is surprising this possibly disastrous consequence has not been highlighted more in the parliamentary IP Bill debates since Brexit (although perhaps given the pre-Brexit Goveian rejection of “experts”[9] as unnecessary killjoys, it is not so surprising after all.)

But “my” academic community’s misery at Brexit – misery not I think too strong a word to describe the pervading depression and sense of futility that enveloped campuses through the summer – cannot all be reduced to worries about legal consequences. (Not even for those of us who had been waiting four years for the GDPR to be settled so we could finish our long delayed books, and then a few weeks later found we were smack back again in the land of perpetual uncertainty.) We have too much personal grief to worry about. Much has been written elsewhere about how economically disastrous Brexit may be for already cash-starved UK universities (especially for Scottish universities, where unlike in England, undergraduates do not pay £9000 annual fees). Early indications are that EU students may choose to come in smaller numbers and UK students may cease to benefit from Erasmus links; that UK academics may be shunned as partners for vital European Horizon 2020 research grants; that overseas non-EU postgraduates coming to study EU law in areas like IP and DP, while at the same time hoping to improve their English, the international language of commerce, may think again about their preferred destination. While global financial hubs like London are unlikely to suffer noticeably, the regions will feel the pinch: my own Masters programme in Internet law and Policy at Strathclyde fears, as I write, a significant downturn in arrivals, long before Brexit has even happened.

But more even than these economic consequences, UK academic depression is about Brexit as a crucial blow to our values.  The UK has benefited immeasurably over the last few decades from becoming, gifted by the luck of an international lingua franca, a global hub for international teachers and international students.  Almost 30% of UK academics are from EU or overseas countries; 16% are from the EU.[10] Half of all doctoral students working in the UK are foreign nationals. In some ways these figures are saddening, because what they show is the gap between the pay expectations of US and Australian academe, UK academe and European academe.  UK academics, by the standards of our English-speaking cousins across the pond, as well as UK professionals of comparable training, are grossly underpaid, and that has lead to an employment gap which is filled by still more underpaid Europeans.[11] (Any UK law academic will have noticed how departments have filled up with inter alia excellent Greeks, Italians and Spaniards in the wake of their own cataclysmic recessions.)

But on the positive side, this has led to an incredible enriching of UK academic culture, a flow of ideas and knowledge and memes across countries and cultures, an internationalisation of subjects like law, which, when I began as a lecturer 30 years ago, were very much trapped in hermetic national niches. In IT law, my closest colleagues include people of German, French, American, Australian, Indian, Costa Rican, and Irish origins and the list goes on. My students come from everywhere from Austria to Zambia. This is immensely good for research, for academe and I think, also for the students, both home and overseas. Brexit feels like a vote not just for legal and economic disaster but for isolationism, xenophobia and regression in a globalised world. As a researcher, as a lawyer, and, above all, as a UK resident and citizen, I hope we can look to a future where this is not the chosen solution of the British people.

[1] RCUK Centre for Copyright and New Business Models in the Creative Economy, http://www.create.ac.uk/ (accessed 24 August 2016)

[2]  J Henley, ‘Brexit means Brexit…but the big question is when?’ (22 August 2016) The Guardian, available at http://www.theguardian.com/politics/2016/aug/22/brexit-means-brexit-when-is-big-question (accessed 24 August 2016)

[3] S Wood, ‘GDPR still relevant for the UK’ (7 July 2016) Information Commissioner’s Office Blog, available at https://iconewsblog.wordpress.com/2016/07/07/gdpr-still-relevant-for-the-uk/ (accessed 24 August 2016)

[4] E Rosati, ‘Brexit and UK copyright: the story of a loss’ (29 June 2016) available at http://ipkitten.blogspot.co.uk/2016/06/brexit-and-uk-copyright-story-of-loss.html (accessed 24 August 2016)

[5] Available at http://curia.europa.eu/juris/document/document.jsf?docid=169195&mode=req&pageIndex=1&dir=&occ=first&part=1&text=&doclang=EN&cid=163560 (accessed 24 August 2016)

[6] Digital Rights Ireland Ltd v Minster for Communications, Marine and Natural Resources and Others (C-293/12) joined with Kärntner Landesregierung and Others (C-595/12) available at http://curia.europa.eu/juris/document/document.jsf?docid=150642&mode=req&pageIndex=1&dir=&occ=first&part=1&text=&doclang=EN&cid=165939 (accessed 24 August 2016)

[7] Available at http://curia.europa.eu/jcms/upload/docs/application/pdf/2016-07/cp160079en.pdf (accessed 24 August 2016)

[8] ‘GDPR and Brexit: what are the options?’ (27 June 2016), available at http://amberhawk.typepad.com/amberhawk/2016/06/gdpr-and-brexit-what-are-the-options.html (accessed 24 August 2016)

[9] H Mance ‘Britain has had enough of experts, says Gove’ (3 June 2016) Financial Times, available at http://www.ft.com/cms/s/0/3be49734-29cb-11e6-83e4-abc22d5d108c.html#axzz4I5yyuXgN (accessed 24 August 2016)

[10] The Royal Society, ‘Snapshot of the UK research workforce’ available at https://royalsociety.org/topics-policy/projects/uk-research-and-european-union/role-of-eu-researcher-collaboration-and-mobility/snapshot-of-the-UK-research-workforce/ (accessed 24 August 2016)

[11] T Devinney, ‘The summer when working in a British university lost its global appeal’ (8 August 2016) available at http://theconversation.com/the-summer-when-working-in-a-british-university-lost-its-global-appeal-63431 (accessed 24 August 2016)