Time to drag up this thread (again) on what a no-deal #Brexit means for digital trade, worth mega-bucks to both UK & EU.

Somethings have changed since I wrote this 18 months ago, somethings haven't.

Let's unpack it.

<<cue mini thread>> https://twitter.com/markscott82/status/1155754165458690048

First, what's changed (it's a smaller list, tbh). But in case things go South on Brexit by Sunday's deadline, UK-EU data negotiators are considering "interim measures" to keep the information taps on while a long-term deal is worked out (HT: @vmanancourt) https://www.politico.eu/article/eu-uk-brexit-personal-data-privacy-no-deal/

It's also fair to say that almost all (big/medium) sized companies should be ok in the short term. Why? They'll use so-called standard contractual clauses to keep moving data between EU-UK. That's OK in short term, but that plan is already under legal uncertainty

And here's why. Europe's highest court made a ruling in October that sets a higher burden for EU data to be moved to third-party countries like UK over concerns that EU data will be misused by national security agencies https://www.politico.eu/article/brexit-court-ruling-threatens-eu-u-k-data-flows-surveillance-investigatory-powers-act/

The Brits say that they're GDPR compliant now, so it's not a big deal. But it is. After Jan. 1, UK's national security agencies fall under the legal remit of the Commission's data regulators -- something that doesn't exist currently b/c nat security is a national EU competence

So yeah, that October ruling (plus the now-famous #SchremsII case from July that invalidated the EU-US Privacy Shield data agreement) has made it more difficult for the Brits to claim GDPR compliance and just keep doing what they're doing

There's an intricate UK-EU-US data negotiation going on, with all three sides both working with each other and playing each other off. What's going on? Well, we've got you covered there, too https://www.politico.eu/article/uk-eu-us-privacy-data-protection-negotiations/

But let's talk figures. If a EU-UK data deal isn't done by Dec 31, UK businesses are likely to have to fork out £1.6 BILLION in additional legal costs (fwiw, UK fisheries industry generates <£1 billion in revenues)

I know that fisheries figure is a yearly number, and the data compliance costs (mostly) is a one-off, but I want to make this clear: fisheries, a small part of UK & EU economies, is central to Brexit talks. Data has not been (despite our repeated articles). But hey, you do you.

Soz, should have linked to the report where the 1.6 billion figure came from. It's here, it's good and you should read it https://neweconomics.org/uploads/files/NEF_DATA-INADEQUACY.pdf

It's very easy to get lost in the complexities of this issue. I mean, what is "data" anyway? Why should you care?

Here's why Northern Ireland. The Republic & the North share many health services (kinda important right now), and the sharing of that very important data *could* get turned off if something isn't done now. https://www.politico.eu/article/ireland-northern-no-deal-brexit-patients-data-medical-records-privac

So pls save me the "UK is GDPR compliant" talking points that I've heard from all sides of UK political spectrum. To be frank, you don't know what you're talking about. (Looking at you, too, civil servants)

I'm not saying the EU is right in how it's approaching the negotiations (it was guarantees that UK won't ship EU data elsewhere & specific limits to how UK national security agencies access EU data)

But we are living in a GDPR-dominated world, and the EU - like it or not - runs that show. Reminder: 75% of UK digital information that leaves the country goes to the EU. And sure, London has said those data flows can continue post Dec. 31

And sure, many large/medium companies will be using standard contractual clauses to keep moving EU data back to the UK for the time being -- something that will inevitably get tested in courts (just look at @Facebook's upcoming Irish high court hearing next week on its SCCs)

But the fact this issue has not been sorted out, and the fact it's not even been mentioned (really) in the Brexit talks, is, frankly, shocking -- and does a disservice to both UK/EU businesses & citizens

Just like the wider Brexit talks, everyone says they want to get a deal done, but nothing is happening.

All I'm saying is: don't come back to me when things start to go wrong and say you weren't warned

Soz, I'm in a particularly grumpy mood this morning. I need more coffee.

Rant over. Thoughts appreciated.