December 16, 2017

December 15, 2017

Subscribe to Latest Legal News and Analysis

December 14, 2017

Subscribe to Latest Legal News and Analysis

December 13, 2017

Subscribe to Latest Legal News and Analysis

Brexit: IoT to the rescue?

For retailers, speed and efficiency in supply chains are paramount. With the possibility of a "hard" or "no deal" Brexit, retailers must adapt to a new operating environment. The UK government is exploring the potential for highly streamlined technology-based procedures to preserve frictionless borders. The Internet of Things (IoT) could play an important role, but also comes with a range of legal implications. 

Getting into the blue lane?

Theresa May has acknowledged the possibility of a "no deal" Brexit and confirmed that the government is making contingency plans in case of this outcome. Of particular concern is the movement of goods entering or leaving the UK through Roll-on-Roll-off ports or terminals due to limited holding space and pressures stemming from up to 130,000 businesses trading with Europe having to grapple for the first time with border checks. 

The UK could learn a lot from Singapore's technology-based "single window" import system, allowing customs declarations and other regulatory or security requirements to be dealt with through one portal, rather than having to navigate different systems or departmental websites. However, that would not in itself speed commercial traffic through border checks. Physical checks, and therefore delays, would remain a feature of border procedures. Consequently, there is a pressing need to explore further layers of technology-based support to achieve something closer to "frictionless" borders.

Any viable solution requires a combination of technologies. In the containers themselves, optical number plate recognition systems might confirm the identity and origin of tractor units. IoT tags and GPS data could confirm that container units are tracked and that they are associated with the correct tractor unit. The container's contents might also be tagged to confirm provenance together with other key data points such as the relevant product code for customs purposes. IoT-connected temperature gauges and CO2 detectors might be added to provide data relating not only to the condition of perishable goods, but also to alert border officials to any need to check for illegal immigrants. Once checked at its point of origin or at the first border crossed, real-time data transfers confirming that nothing has changed would allow authorised traders to speed unimpeded through a border control "blue lane".

Mobile and fixed sensors at the UK port could test for contraband, disease, weapons and other undesirable contents as containers are offloaded from trucks and ships. Port authority analysis may begin to forgo opening vehicles for faster external scans using IoT equipment. Deeper analytics will allow the port master to make more accurate predictions of theft, smuggling, and damage with minimal stoppage of flow.
Any such system would, of course, involve cost and require either a compelling business case or strong regulatory drivers. One possible avenue would be to include participation as a component of Approved Economic Operator (AEO) status, qualifying a business for "blue lane" access. Given that it stems from the World Trade Organisation "trusted trader" concept, and has both customs and security aspects, AEO status will remain crucial whatever the outcome of Brexit negotiations. 

Data and cyber security

Security and data law compliance are key areas of concern, both for retailers and in relation to any government decision to implement or tap into technological solutions to overcome trade barriers. 

The proliferation of IoT devices presents risk. Inadequately-secured IoT devices may be hijacked for their valuable commercial data and even combined to launch large-scale distributed denial of service attacks. Discussions about liability for such attacks remain speculative. Lawyers are actively discussing whether negligence-based liability might land on the owner or operator of insecure equipment in addition to the criminal instigators of such attacks.

The General Data Protection Regulation (GDPR) comes into operation on 25 May 2018. Its key features will be replicated post-Brexit by the UK's Data Protection Bill. The legislation sits uneasily with the blockchain and distributed ledger technology likely to underpin any IoT-connected border solution. In particular, distributed ledger involves replicating data to each node (or participating computer) within the network, creating multiple avenues for data exposure and a significant risk of breach. Those concerns mean that any solution adopted by the UK government could require a "permissioned" or access-controlled blockchain.

Retailers would also have to be confident about security in any such system. Incidents such as the "DAO hack" of June 2016 demonstrate that coding vulnerabilities can be exploited for fraudulent purposes. Committing commercially sensitive information, such as contract terms or product volumes, to a distributed ledger requires a high degree of security assurance, bringing administrative burdens which potentially limit its ability to cope with the anticipated scale of post-Brexit customs, security and compliance checks.

The UK government had a headstart in relation to blockchain and distributed ledger. In January 2016 Chief Scientific Adviser Sir Mark Walport's report flagged the technology's potential to reduce fraud, error and the cost of paper intensive processes. Since then, UK government attention has been diverted by Brexit. Other jurisdictions are pulling ahead. Singapore aims to deploy the technology to secure its position as a global trading hub, while in the US States such as Delaware have legislated to encourage blockchain, distributed ledger and IoT as key enabling technologies for business. The UK has some catching up to do. 

Brexit may yet be deferred for a transition period. However, the clock is ticking and any technology-based solution to border issues may be deployed soon. To meet the challenges identified in the BRC Customs Roadmap, retailers should consider the risks and engage in the process of implementing a technology-based system capable of meeting the post-Brexit challenge.

Malcolm Dowden contributed to this article. 

Copyright © 2017 Womble Bond Dickinson (US) LLP All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

Theodore Claypoole, Intellectual Property Attorney, Womble Carlyle, private sector lawyer, data breach legal counsel, software development law
Senior Partner

As a Partner of the Firm’s Intellectual Property Practice Group, Ted leads the firm’s IP Transaction Team, as well as data breach incident response teams in the public and private sectors. Ted addressed information security risk management, and cross-border data transfer issue, including those involving the European Union and the Data Protection Safe Harbor. He also negotiates and prepares business process outsourcing, distribution, branding, software development, hosted application and electronic commerce agreements for all types of companies.

...

704-331-4910