INFORMATION TECHNOLOGY: An Introduction to Northern Ireland

NORTHERN IRELAND: INFORMATION TECHNOLOGY

Rory Campbell, Forde Campbell

It’s probably never been easier to give an overview which distinguishes the current year from the last.

Like all UK regions, Northern Ireland’s tech sector has been hit with the economic effects of COVID-19 and the uncertainty of Brexit at the end of 2020. However, both factors have had consequences which may be particular to local industry – and which have worked their way through to the IT lawyer’s desk.

The context: the region’s traditionally damaged tech economy has over the last decade or so seen significant improvement, thanks partly to the powerful regional development agency InvestNI, and partly to the intensively encouraged co-operation between universities, public sector, start-ups and big tech companies. In the last 10 years the NI digital sector has grown to a GBP 1 billion value, and employs 6% of the country’s workforce.

Owing to its close trade links with the US, its cross-border ICT programs with the Republic of Ireland, and the rapidly increasing number of Foreign Direct Investment companies, NI punches above its weight on the tech scene, with Belfast now ranking number 3 to London and Singapore as a global Fintech city of the future.

2020 has created particular uncertainties for NI. The full economic effect of COVID is unknown, as the furlough scheme comes to an end and the consequences for cash flow are yet to emerge. However, of particular concern for NI is the combination of economic fall-out from COVID with the effect of Brexit at the end of the year. In NI, the EU is never more than 90 minutes’ drive away, and EU businesses have invested heavily in the region (41% of all FDIs). The future of this relationship is unclear, as is the future of the special arrangements for NI agreed in 2019’s Withdrawal Agreement. The final ingredient of uncertainty is political – although sectarian strife has largely disappeared, the political environment is complicated by majority population dissatisfaction with Brexit, a sense of lack of influence over Westminster negotiations with the EU, and differing local reactions to 2021’s centenary of the existence of NI.

Generally, the NI tech sector seems to have weathered 2020 better than perhaps it expected: InvestNI reports that the “ability of the Northern Ireland offices to move seamlessly to remote working, and the resilience of both the local staff and infrastructure, have enhanced NI’s reputation within the global groups”. Local businesses servicing the e-commerce, remote working, and online solution businesses appear to have seen an increase in work.

As a tech law firm, we’ve seen the following reactions to 2020’s uncertainties:

- Increase in compliance and RegTech business We’ve handled increasing amounts of compliance software licensing and reseller agreements, partly as a result of the region’s burgeoning regulatory technology businesses (both start-up and FDI), and maybe partly as a result of the desire of business as a whole to deal with the certainties of MiFID, AIFMD, EMIR, Solvency II and GDPR instead of the uncertainties of COVID-19.

- Cybersecurity
Against a background of the first case-law resulting from GDPR, and an increased customer insistence on high infosec obligations referencing lock-down and increased working from home, we’ve been spending more and more time matching the comprehensive detail of standards such as ISO27001 against the actual needs of the customer and the actual capabilities of the IT service supplier.

- Transfer of data through tech systems
The effect of Schrems II, with its invalidation of the Privacy Shield Scheme, has particularly affected NI’s US FDI client base. Interestingly, the headlong retreat to the use of the Standard Contractual Clauses has created a particular problem for local US-owned data controllers who have adopted the typical NI practice of using hosting services based in Dublin – there’s no model SCC to cover a situation where an EU processor exports personal data to a non-EU controller. Finally, we’ve seen an increasing trend in requests for advice from businesses with offices in both NI and the Republic, as well as local businesses exporting and importing data from and to the EU.

With no certainty as to the UK’s data protection adequacy status post-Brexit, we’ve increasingly been advising clients that they have to assume that the UK will not be recognised as adequate, leading in turn to increased use of binding corporate rules for multinational clients, as well as SCCs generally.

- Privacy by Design
A different reaction to the uncertainty of the UK’s GDPR status has been the attempt by a number of local clients to remove the issue altogether. Privacy has been built into applications at the design stage, in an attempt to anonymise as far as possible the subjects of data transmitted through the app. We’ve seen this particularly in the context of Fintech, and also in RegTech clients seeking advice on how best to minimise personal data while maximising the worth of their KYC products.

- Apps within Apps
We’ve seen a notable increase in clients creating 'apps within apps', such as add-ins or mini-programs for broader third party software applications. For example, an app within an app might allow users of a popular communication application extra functionality, or increased scope to customise the 'host' app. This may well be a consequence of the wider business community’s increased take up of software and internet tools as a means of communication in a lockdown world. We’ve seen this increase manifested in a spike in work advising clients on the API and other integration contracts of the host application provider, as well as their general terms of use, to allow our clients to 'back to back' their promises to their users with obligations owed to the host provider.

- Attention to detail
We’ve noticed a definite trend in contract negotiations focussing more and more on the actual detail of the required transaction. Where local clients were previously happy to sign template contracts on 'standard terms', we’ve seen a growing sophistication to require the contract to tell the story of the deal. In general terms, the popularity of the master framework agreement over the last few years has shifted towards a contract flexible enough to fit different distinct commercial situations.

Specifically, we’ve noticed in particular a significantly greater (and very welcome) appetite for customer and client alike to spend more time on the specification of the product or services required, and on the mechanics of implementation and acceptance testing.

Similarly, where in-contract disputes have arisen (particularly in relation to public sector contracts), we’ve seen an increasing tendency for clients to discuss pragmatic and realistic solutions, rather than retreating to remedies offered by a template contract which are usually inappropriate and frequently ultimately to both parties’ detriment. The reasons for this trend? That’s harder to explain: possibly a consequence of lawyers spending less time commuting, but more likely a growing sophistication on the part of local tech clients.

Just as the events of 2020 could hardly have been predicted in 2019, predictions for 2021 are likely to meet a very different reality. Fundamental economic, legal and social uncertainties continue: however, there are no immediate signs of a material decrease in the NI tech scene, and the importance of multi-jurisdictional licensing and cross-border transfer of data expertise is certain to continue through the year.