“A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty”. Winston Churchill
I spent last week doing a mini-tour of European cities, organised (and excellently) by AccessData. The theme was the collision between data transfer requirements and data privacy restrictions, and the cities were London, Amsterdam and Frankfurt. I was the moderator and US Magistrate Judge Andrew Peck was a panel member at all three events, supplemented in each city by local experts in different aspects of our subject.
I will write about that separately. My theme here is the Brexit storm which broke upon us while we were in Frankfurt – a city likely to benefit from the dishonesty and uninformed ignorance which led to the UK’s Brexit referendum.
I am no good at writing on the move, and spent the weekend before we left writing enough articles to be able to publish one per day. Even that relatively light task proved inconsistent with the other requirements of the trip and I actually published none of them; at least I now have a stock of things to publish this week – just as well, given the Brexit distractions.
In between sessions there was the opportunity to see something of the host cities.
London on the longest day, unconscious of what was about to come
An Amsterdam canal – the calm before the Brexit storm
We awoke on Friday morning in Frankfurt to discover that the UK had apparently voted itself out of the EU. Sitting in the airport lounge at Frankfurt, we could not distinctly hear Boris Johnson and Michael Gove at their press conference on Friday morning, but it was clear from their demeanour that the outcome for which they had campaigned was not one for which they had prepared. They looked like Leo Bloom and Max Bialystock in The Producers at the moment when they discovered to their dismay that Springtime for Hitler was an unexpected hit.
Instead of spending the weekend catching up, I spent it gaping at the newsfeeds and at Twitter, appalled at what we had done to ourselves. This is a car crash at a crossroads where constitutional law, political infighting and economic turbulence all meet in a tangle whose only outcome, now and for the foreseeable future, is uncertainty.
One expects politics and global economics to be subject to unpredictable doubts, but even the law is causing disagreement: there are disputes as to the precise status of this referendum (advisory rather than binding is the consensus, whatever its political significance may be); EU officials insist that the UK must initiate departure at once (they can’t make us); is it for the Government or Parliament to press the Article 50 button which initiates the withdrawal? (we have a very learned difference of opinion on that contest); Scotland claimed to be able to block Brexit (then accepted that it can’t); the egregious Boris Johnson claims that we can demand access to EU markets without conceding freedom of movement (we can’t, even if we hadn’t pissed the EU off so much that concessions are unlikely).
Meanwhile, UK politics descends to farce: the Prime Minister is said to have resigned (he has not, merely stated his intention to do so, leaving him a lame duck without a mandate or an acceptable successor); senior Conservatives seem to have abandoned the business of government to its fate while they jockey for position between themselves; and most of the Shadow Cabinet has resigned in a procession of people we had never heard of which would be comical if it were not so serious.
There is a lot of uninformed comment around at the moment, not least from the politicians who got us into this mess. Anyone who claims to know where we will be by this time tomorrow, by the end of next month, by the end of next year, by the end of the decade is fooling themselves and you.
I don’t intend to add to it here save only in relation to the small corner of the business world which is my special interest. What will Brexit mean for those whose business involves eDiscovery and its related subjects of privacy, data protection and the rest?
Apart from the overriding fear that today’s (27 June) plunge in worldwide markets is the precursor to a general recession or worse, resulting in withdrawal of investment and consequent reduction in business of all kinds, I am not sure that the eDiscovery market will be adversely affected by all this; on the contrary, I see opportunities.
Sure, we could see the decline of heavy litigation which supports much of the UK eDiscovery industry, but I have been predicting that anyway thanks to high costs, civil procedure rules which are not fit for purpose, a wet (and disgruntled) judiciary, and a wholly ineffective, not to say deliberately destructive, attitude on the part of the government and the Ministry of Justice. If the promised government money for court infrastructure gets slashed as a result of Brexit (or the fear of Brexit), well, I have always assumed that most of it would be un-promised anyway and that the MoJ will make such a pig’s ear of implementing change that the money would be wasted. Big London litigation will not die, but nor is it likely to grow as a major source of new work.
What about privacy and data protection? Some observers seemed to think that Brexit will free us with one bound from European data protection restrictions and, specifically, the effects of the pending General Data Protection Regulation. This is nonsense.
Leaving aside the fact that we have not yet left the EU and may not, failure to comply with the GDPR will relegate us to the same status, more or less, as the US as a “Third Country” deemed unfit to handle European data unless we can prove that we offer protections equivalent to those within the EU. It is certain that we will aspire to this.
If we wish to continue to be a hub through which data flows, we will have to comply with most of the terms of the GDPR, while losing the opportunity to influence it.
If we don’t, then Ireland will happily take up the slack as an English-speaking EU country which will be subject to the GDPR. There are immediate signs that Ireland intends to capitalise on the UK’s referendum outcome, with investment announced this morning for the recruitment of IT skills and the encouragement of IT investment. There has been a run on Irish passport application forms, and applicants will have to wait for a new printing.
Two other significant matters relating to privacy have emerged today: we seem to have moved a step closer towards agreeing the terms of the so-called Privacy Shield between the EU and the US, with new commitments from the White House about bulk collection of data sent from the EU to the US. As this BBC report says, a post-Brexit UK “may have to adopt EU data protection rules” (I would say “would have to…”).
The other new development is that the US Supreme Court has ruled that US laws cannot apply overseas unless Congress clearly says so – see this article. The case reported here is not the so-called Microsoft Dublin case, which is still going through the appeals process. It is, however, a significant pointer towards the outcome of that appeal, and one which offers more opportunities for companies to host and manage data US data in the EU.
As Greg Bufithis of Project Counsel has noted in his article Brexit, data protection and regulation, there are potentially rich rewards for those who offer data services capable of being ring-fenced between jurisdictions. His subject was infrastructure and the day-to-day matter of running businesses with feet in different jurisdictions, but much the same applies to those with experience of managing data subject to cross-border flows for discovery and regulation purposes.
Clearly there is a possibility of global financial melt-down and the consequent stifling of transactions, and disputes about transactions. If that is how you bet, then you might as well retire and keep sheep. My guess is that the separation of the UK from the EU will generate work for those with cross-border skills. The winners will be those who simultaneously have feet and skills in the US, London and the EU, but just the US and EU will be enough as long as they have access to London or London-trained skills. My visit to the Netherlands and Germany shows what was pretty obvious anyway – that eDiscovery skills are in short supply there.
It is not difficult to travel around Europe – our flight from Frankfurt took 90 minutes. Yes, there will be some additional border formalities, but those of us who travel to the US are used to that, and it seems likely that the EU will want to make cross-border travel as easy as security considerations allow.
And you never know, perhaps the Brexiteers will be proved right, and the UK will move to sunny uplands of free world trade, diminished regulation and continued dealings with the EU but on our own terms. So far, everything the Brexiteers have promised has proved dishonest at worst and ignorant wishful thinking at best, and our politicians of all parties seem interested only in their own advancement. Our cultural consensus is shot to pieces with damaging fault lines between classes, between economic groups, between regions and between races. Good things may, however, ultimately come in world commercial terms.
Meanwhile, business life goes on, US demands for data are unlikely to diminish, and there are potential prizes for those who can manage the already complex process of collecting, reviewing and exporting EU data.
Chris Dale (pictured on the home page) is founder of the eDisclosure Information Project and a frequent speaker on the topic of electronic disclosure and eDiscovery matters. You can read his other blog posts on his website https://chrisdale.wordpress.com/