Three weeks after the UK formally left the European Union, it has emerged that Google plans to move the accounts of its British users to a US jurisdiction and intends to require them to acknowledge these new terms of service.
That is according to three people said to be familiar with the development who told Reuters that UK accounts would be moved from their current data status, which for now is covered by the EU’s General Data Protection Regulation (GDPR), one of the strictest data privacy regimes in the world.
Google’s European headquarters is based in the Republic of Ireland, which is staying in the EU, and it is understood the tech giant has decided to move its British users out of Irish jurisdiction because it is unclear whether the UK will follow GDPR or adopt other rules that could affect the handling of user data.
If confirmed that British users will move to data laws covered by a US jurisdiction, it would leave the personal information of tens of millions of people with less protection – the US has some of the weakest privacy protections of any major economy – and make it easier for the data to be accessed by UK authorities, Reuters reported.
According to its sources, Google could have decided to have its British accounts answer to a British subsidiary but chose not to proceed with that option.
Lea Kissner, Google’s former lead for global privacy technology, said she would be surprised if the company kept its British accounts under EU jurisdiction with the UK no longer a member.
“There’s a bunch of noise about the UK government possibly trading away enough data protection to lose adequacy under GDPR, at which point having them in Google Ireland’s scope sounds super-messy,” she said. “Never discount the desire of tech companies not be caught in-between two different governments.”
However, Google said in a statement: “Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information. The protections of the UK GDPR will still apply to these users.”
Sourced from Reuters; additional content by WARC staff