Google plans to move all its UK users’ account data from the EU to the US, a move which would see UK Google users lose the benefits of the General Data Protection Regulation (GDPR). The move is said to be thanks to Brexit and will technically leave British citizen’s Google accounts more susceptible to the reach of law enforcement (via Retuers).
The report says Google plans to require UK Google users to acknowledge the changes via a new terms of service agreement. It says Google has made the decision to move UK users’ data under US jurisdiction as it is unclear post-Brexit whether Britain will continue to follow GDPR.
In a statement run in the Guardian, Google said:
“Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information. The protections of the UK GDPR will still apply to these users.”
Google feels moving the data to the US will allow the company to have better control over its fair use, according to Reuters’ sources.
“Wherever the data is held, it is subject to the data laws of that jurisdiction. US privacy protections are far weaker than those afforded to the EU, meaning Google are likely just the first of the big tech giants to move UK consumer data Stateside,” said Tom Chivers, Digital Privacy Advocate at ProPrivacy.
“Once based in the US it is out from under the close watch of GDPR legislation. This means we could well be about to see UK GDPR protections used as a bargaining chip when it comes to negotiating a trade deal with the US.”
Google could have had UK accounts answer to a British subsidiary, but has chosen this course of action instead, according to sources.
The news is indicative of the growing influence Google has when it comes to personal data. GDPR was seen as a landmark, largely positive ruling for the customer in the EU. With Google legally opting to move UK users’ data out of its protection, it could leave the UK and US open to negotiate ways for the UK authorities to easier access civilian data.
Even though authorities’ reasons for this could be legitimate, the move still raises ethical questions about the storing of personal data by large corporations and where the law should intervene to protect individual privacy rights.