UK Google users to lose EU data protection due to Brexit

The tech giant is reportedly transferring control of UK Google accounts to the US and out of the jurisdiction of EU privacy regulators. But the GDPR will still apply….

gettyimages-1190315385

Google users in the UK are about to see their data leave the EU.

Aytac Unal/Anadolu Agency/Getty Images

Google users in the UK will reportedly have their accounts moved to the US now that the country has left the EU, according to Reuters. It will mean that the data belonging to British citizens will no longer fall under the control of European privacy regulators, even though they are still protected by the GDPR.

Google accounts owned by European citizens are controlled through Ireland, where the tech giant’s regional headquarters is stationed. Now ownership of UK data will switch from Ireland to the US. 

The move was prompted by Brexit, the UK’s departure from the EU, which took place at the end of January. According to Reuters, Google intends to make the move clear to UK users by asking them to acknowledge new terms of service.

Google did not respond to request for comment.

In Europe, the privacy of internet users is protected by a far-reaching piece of legislation introduced in 2018 called the General Data Protection Regulation, or the GDPR. It’s introduction changed the rules for companies that collect, store or process information on residents of the EU, requiring more openness about what data they have and who they share it with. Currently the US has no equivalent to the GDPR, which is viewed by many as the gold standard in data protection. 

Even though the UK has left the EU, the GDPR still continues to apply in the country under British law. It is enforced by UK data protection watchdog, the Information Commissioner’s Office, which will likely take a keen interest in where data belonging to UK citizens is moved to following Brexit.

“Our role is to make sure the privacy rights of people in the UK are protected and we are in contact with Google over this issue,” said a spokeswoman for the ICO in a statement. “Any organisation dealing with UK users’ personal data should do so in line with the UK Data Protection Act 2018 and the GDPR which will continue to be the law unless otherwise stated by UK Government.”

The move by Google has come under fire from privacy organizations, which believe that moving the data of UK citizens to the US leaves it open to abuse. Jim Killock, executive director of Open Rights Groups, suggested that the data would now be vulnerable to being swept up in mass surveillance programs or being used for profiling in immigration cases.

“Google’s decision should worry everyone who think tech companies are too powerful and know too much about us,” said Killock in a statement. “The UK must commit to European data protection standards, or we are likely to see our rights being swiftly undermined by ‘anything goes’ US privacy practices.”

By moving data to the US, UK law enforcement would have an easier time gaining access to it under the recent US Cloud Act. A future trade deal between the US and UK could potentially see the latter back away from GDPR, in which case privacy protections afforded to UK citizens would undergo a significant shift.