Hey Google on the Las Vegas monorail at CES 2018

Google to move UK user data out of the EU, opening up police access

Image credit: Getty Images

Google is planning to move the accounts of British users out of EU jurisdiction, which could reduce the amount of data protection afforded to tens of millions of users.

Reuters reports that the shift is being made after the UK left the EU last month and it could allow British law enforcement greater access to the data.

It is currently unclear whether Britain intends to stick to GDPR rules, which EU states must adhere to, resulting in confusion over how Google will need to handle user data in the future.

“Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information,” Google said in an emailed statement. “The protections of the UK GDPR will still apply to these users.”

It intends to require its British users to acknowledge new terms of service including the new jurisdiction, according to people familiar with the plans.

While the UK left the EU on 31 January, it is currently in the Brexit transition period which will mean laws such as GDPR will be “business as usual” until the end of the year.

Britain implemented a new Data Protection Act in 2018 which enshrined the principles of GDPR in UK law so domestic users should be protected even beyond 2020. But from that point parliament will have the option to make alterations, or even scrap it altogether as they will not be beholden to EU jurisdiction.

Prime Minister Boris Johnson has said the UK will look to “develop separate and independent policies” on many areas including data protection, but the reality is that deviating too far from GDPR would make it difficult for UK firms to do business on the continent.

The recent Cloud Act in the US is expected to make it easier for British authorities to obtain data from US companies. Britain and the US are also on track to negotiate a broader trade agreement.

Beyond that, the US has among the weakest privacy protections of any major economy, with no broad law despite years of advocacy by consumer protection groups.

Google has amassed one of the largest stores of information about people on the planet, using the data to tailor services and sell advertising.

Lea Kissner, Google’s former lead for global privacy technology told Reuters that she would have been surprised if the company had kept British accounts controlled in an EU country with the UK no longer a member.

“There’s a bunch of noise about the UK government possibly trading away enough data protection to lose adequacy under GDPR, at which point having them in Google Ireland’s scope sounds super-messy,” Kissner said.

“Never discount the desire of tech companies not be caught in between two different governments.”

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles