Even if you never know for sure, it looks as if the UK will leave the European Union on 1 November 2019. Larger companies, with supply chains, UK staff and many other relationships with the UK, have been making logistical and legal arrangements for a slow deal if an unregulated Brexit is to happen. Really know exactly what will happen in the next 3 weeks or so, no one can, and if you consider how extensive and complicated the possible withdrawal treaty was/is, a complete overview of all legal challenges is likely to be hundreds of pages if this is possible at all, because of unresolved legal issues.
But also typical mandates, which I look after as an IT lawyer, such as smaller software developers, app providers, streamers, influencers and much more should adapt so slowly that it could become legally “uncomfortable”.
In the context of a disorderly Brexit, it is likely to be completely unclear what the status is with current legal proceedings in the UK. Enforcing potential claims in the UK after 31 October 2019 is likely to be very difficult after a disorderly Brexit. However, even if you don’t have this situation, and of course this applies to service providers in the UK, payment providers and many other contractors, from whom you as an EU company may have to get money after an unregulated Brexit, you should look forward to further prepare aspects.
An important aspect of this is data protection. Thus, at least according to the current assessment, the United Kingdom will be considered a third country next month and European primary and secondary law will no longer apply when it leaves, and there will be no automatic adequacy decision. As a result, from next month it will be – at least – highly problematic to transfer data from customers or visitors to their own website to the UK. This applies to payment providers such as “Paypro” and other companies, but also analytics services at mobile apps, marketing companies and much more. At least in this case, an absolutely explicit consent of the users will be required and other GDPR facts – probably – can no longer be used for data processing and data transfer. It may also be possible to consider appropriate guarantees from the undertakings concerned under Article 46 GDPR. However, the existence of such guarantees should be taken into account and, in case of doubt, the person who transmits the data is liable. It will probably be safer to rely entirely on European payment processors, hosters, marketing companies and the like. Otherwise, there could be serious fines.
Online retailers should be careful that from next month, and after an unregulated Brexit, it could be problematic to sell products from the UK if they may no longer have CE marks or if other license plates and/or safety standards are can no longer be guaranteed. Of course, like the one said above, one should also take care that it can sometimes be difficult to enforce things like warranty claims, etc., as with products from any third country.
Companies that operate services that already include UK customers, from forums, online games, apps to online shops, need to look at how they will deal with UK customers in the future in terms of data exchange, payment methods, competition law, Copyright: Content that publishes it on your own platforms or games and many other questions. The multitude of possible problems should not be underestimated here.
Incidentally, I wrote something about the subject of a British Ltd. in Germany in this article. I will address a few more topics with my own articles in the next few days. This article was mainly intended to raise awareness of the possibility of looking for new service providers.
