All over Europe organisations of all sizes are currently scrabbling desperately to get their house in order for 25 May 2018. What happens then? Only the biggest shake-up to Europe’s data protection laws in nearly a generation. The implications are immense, both in terms of the scope of the new regulation and the companies who will now be held liable.
There’s just one problem. The UK’s Snoopers’ Charter, or Investigatory Powers Act. Its enshrining into law of mass surveillance powers could create major problems down the line, possibly putting UK firms at a competitive disadvantage precisely at a time when they need the digital economy most.
What’s the problem?
Let’s start at the beginning. UK firms will have to comply with GDPR, even with Brexit looming. That’s because the extrication of the country from the EU will take at least two years from whenever Article 50 is triggered – presumably in March – and probably much, much longer. And even beyond that, the UK government has said in its Brexit white paper:
“The European Commission is able to recognise data protection standards in third countries as being essentially equivalent to those in the EU, meaning that EU companies are able to transfer data to those countries freely.
As we leave the EU, we will seek to maintain the stability of data transfer between EU Member States and the UK.”
This implies that the UK will broadly speaking harmonise its laws with the GDPR. But the bulk data collection powers granted by the IPA mean the regime is certainly not equivocal to that in Europe. Emily Taylor, CEO of Oxford Innovation Labs and associate fellow of Chatham House, told me that the European Court of Justice (CJEU) shows no signs on shifting its stance on bulk data collection – having recently ruled against the forerunner to the Snoopers’ Charter, DRIPA.
“Other elements of the judgment are likely to cause problems with the Investigatory Powers Act: the CJEU says that targeted data retention may be allowable, but must be restricted solely to fighting serious crime; warrants must be signed off by a court, not a minister; and the data concerned must be retained within the EU. All these will potentially conflict with core elements of the IP Act,” she told me.
If its kept as is, the Act could therefore impact the legality of data transfers between Europe and a newly independent UK, which will be bad news for most firms reliant on a thriving digital economy.
“The impact of conflicts between the GDPR and our Investigatory Powers Act may be to hamper the competitiveness of UK tech, particularly as the GDPR seeks to protect EU citizens’ data wherever it will be processed,” she argued.
Not great for America
This is a hot button issue for Europe In fact it’s the reason why data transfers to the US were put under threat after Safe Harbour was torn down because of fears of US authorities snooping on Europeans’ data. Despite a new agreement – Privacy Shield – being put in place, there could still be bumps in the road ahead.
“Transatlantic data flows will not be legal unless there is a robust framework in place to offer EU citizens’ data equivalent protection to what is enjoyed in the EU,” said Taylor.
“President Trump’s ‘America First’ policy is likely to renew tensions over Privacy Shield – a shaky compromise which was hurriedly reached following the CJEU’s obliteration of its predecessor ‘Safe Harbour’.”
KPMG’s globa privacy advisory lead, Mark Thompson, told me that firms outside of Europe that need to comply with the GDPR are better off keeping data on European citizens inside the EU so as not to fall foul of any changes to data transfer agreements.
“Despite the USA and EU having some cultural alignment, there is potential for significant culture clash between the EU’s view of a fundamental human right to privacy and the US view on what constitutes privacy, which is significantly different,” he added.
We’ll have to wait a while to see what the fallout of all this is. But with the UK government unlikely to countenance any changes to the IPA, there could be some potentially bad news for the country’s digital economy in the next few years if nothing changes.
We’re currently working our way through three of the four stages of industry evolution mapped out by Gartner. It claimed in a December report that efforts to integrate mobile and cloud-based apps into the car are almost complete – that’s one stage down. Then, up until 2024 it’ll be all about “digital lifestyle convergence”.
The report explained:
“This convergence means that consumers want to be able to communicate with friends and family members, remain productive to their workplace, and to be entertained with the content that they also access outside of the automobile. Users will also expect an automotive connectivity experience that is similar to other device experiences they are increasingly accustomed to, such as remote, over-the-air software updates and content/services upgrades.”
Microsoft has a good chance to capitalise on this shifting focus, with its new Connected Vehicle Platform. One of the five main pillars outlined by EVP of business development, Peggy Johnson, at CES, is “improved in-car productivity” via tools like Cortana, Dynamics, Office 365, Power BI and Skype for Business.
“For instance, imagine that Cortana seamlessly connects you whether you’re at home or in your car,” she explained. “Let’s say you’re on your phone at home and tell Cortana to set up a meeting for you and your colleague the next morning at a coffee shop. The next time you get in your car, Cortana reminds you of the morning meeting and starts navigation to get you to that coffee shop.”
With its heritage in the office productivity space, Microsoft obviously has an edge in these scenarios over connected car rivals like Apple, Google and Amazon, although its Azure-powered platform will also cover predictive maintenance, advanced navigation, customer insights and autonomous capabilities.
The platform’s open, partnership-based approach could also play well with consumers who are sick of many current systems, according to Quocirca analyst Clive Longbottom.
“Users are increasingly frustrated with in-car technology,” he told me. “Even new models tend to be based on old, proprietary technology; technology that is impossible to swap out and replace with something more up to date and flexible.”
The Redmond giant knows the industry better than most, continued IHS Markit principal analyst Egil Juliussen.
“The auto industry is among those global industries which adds numerous requirements for how connected cars are treated (i.e. privacy, data storage locations, etc.),” he told me via email. “All of these complexities make it expensive and time-consuming for any auto manufacturer (even the largest) to develop, update and maintain cloud and software platforms to manage their network of connected cars.”
Partners on board
And therein lies the opportunity for Microsoft and others. The firm has also announced partnerships with Volvo, Daimler, Nissan-Renault, BMW and Toyota which will see each use its cloud-based tech to create their own unique platforms. This ability to customise is another obvious benefit of its platform for carmakers.
So where are we headed? Well, autonomous vehicles of course. Gartner reckons that by 2030 self-driving tech might even have created a new car ownership model – where we simply “hire” on-demand driverless cars for our journeys rather than own a vehicle outright. Already a third of Americans the analyst surveyed said they’d forgo purchasing a new vehicle if they could pay for such a service.
Apple CarPlay and Google’s Android Auto are certainly major contenders for the connected car crown, especially in terms of integrating the car into the whole mobile experience. But Microsoft’s cloud-based approach, which is flexible enough to incorporate new technologies as it goes, has a decent chance of winning more carmaker minds and driver hearts.