After the UK leaves, the country will likely have to create its own set of privacy regulations, potentially driving up compliance costs associated with moving consumer information across borders and complicating the operation of data centers.
That could influence consumer data collection used in advertising on Alphabet's Google search engine and Facebook's social media pages, the shipment of a book ordered from a retailer on Amazon.com Inc's site in Germany to a shopper in the UK, or the management of data centers that power Microsoft's cloud computing services.
Take the EU's new General Data Protection Regulation, a sweeping legal framework approved in April and set to take effect in May 2018.
When the UK leaves, GDPR will no longer apply to the country.
Experts expect the UK to adopt similar rules to GDPR in its stead, though a separate set of rules-no matter how similar-will cause headaches for US tech companies seeking simplicity as they operate across Europe.
"They want one law, one framework, one consistent approach," said Eduardo Ustaran, a London-based lawyer at Hogan Lovells specializing in privacy law. "The lack of harmonization makes more cost than regulation itself."
Ustaran said he's been trying to calm business clients down since the vote. "There is very much a sense of panic or at least concern," he said.
If the UK wants to take part in the free flow of data across European borders after leaving the Union, it will have to adopt data-protection standards that the EU deems "adequate" in meeting the same standards as GDPR.
That will shift the balance of power more towards countries where the state plays a bigger role.
The UK Information Commissioner's Office, which oversees the country's data processing, said Friday that "international consistency around data protection laws and rights is crucial, both to businesses and organisations, and to consumers and citizens."
Unless the UK harmonizes with the new EU rules, US companies will lose the ability to process European consumer data in the UK, said Jane Finlayson-Brown, a partner at the law firm Allen & Overy in London. This could impact companies that want to use data centers in the UK-even as backups if their data centers in other EU countries go down.
Cloud-computing businesses, such as Amazon Web Services and Microsoft Azure, are particularly vulnerable to the complications of a split regulatory region. Cloud companies function more efficiently when they can easily shift loads from one data center to another. Restricting the types of data that can be stored in specific locations hampers that flexibility.
"A lot of companies are saying, 'Help. We don't know what to do. We're completely dependent on free flow of data,'" said Todd Ruback, chief privacy officer at Ghostery, which helps companies navigate privacy laws.
However, Brexit could be an opportunity for the UK to position itself as an alternative to the rest of Europe, especially since GDPR is "very complicated, with a ton of legalese," said Dana Simberkoff, chief compliance officer at compliance and governance software company AvePoint.
If the UK adopts its own regulations that meet GDPR standards but make compliance simpler, the country "could have an amazing opportunity" to be more business-friendly. "What businesses want is clarity, and to a certain extent, that is not what the GDPR delivers," Simberkoff said.
The question mark is 15 to 20 years from now: Has London been unseated as the financial and startup center for Europe?
Brexit is less worrying, or the specific impact is so far unknown, when it comes to other Europe issues close to US technology companies' hearts, such as antitrust enforcement, a tax crackdown and the quest for engineering talent across the region.
But one thing is clear: The UK has been more favorable to US technology interests, and without that influence, nations like France and Germany, which are less aligned with the US, are likely to take greater control of EU policy.
"That will shift the balance of power more towards countries where the state plays a bigger role," said James Waterworth, European vice president for the CCIA, which lobbies for Amazon, Google, Facebook, Microsoft and other U.S. tech companies. "That is not the ideal approach for fast-moving sectors like the high-technology and internet sectors."
Google will be especially hard-hit, said Gary Reback, a Silicon Valley attorney who has represented Google rivals that have complained about the company to EU antitrust authorities.
Google has invested heavily in UK operations and tried to build relationships with the government of out-going UK Prime Minister David Cameron to increase its political clout in the region, he noted. "Their ploy to control the European Union through influence in Britain has been wiped out," Reback said.
Google declined to comment on the impact of Brexit, as did Facebook, Microsoft and Amazon.
Google recently constructed a new London headquarters, in part because of the British capital's status as a hub for ambitious professionals from across Europe.
When the UK leaves the free trade bloc, companies may lose the ability to move employees freely around the region without separate visas. "That would harm firms that need to move talent around if it came to pass," Waterworth said, while noting it's too early to tell how harmful this will be.
For now, Google's biggest advertising clients continue to have a major presence in London, which supports the need for the search giant's presence there, said Andy McLoughlin, a partner at SoftTech VC in California, who is originally from Leicester, England.
"The question mark is 15 to 20 years from now: Has London been unseated as the financial and startup center for Europe?" he said.
- Bloomberg.