What Google moving UK data means for you
Digital rights campaigners say tech giant’s decision ‘should worry everyone’
Google is moving the data it holds on tens of millions of UK web users from its European headquarters in Ireland to the US in preparation for Brexit.
The shift will mean the sensitive personal information of users is no longer covered by Europe’s world-leading General Data Protection Regulation (GDPR).
Google will soon require its British users to acknowledge changing terms of service including the new jurisdiction, a source familiar with the plans told Reuters.
The company has amassed one of the largest collections of information about people in the world, and uses this data to tailor services and target advertising.
Why is Google moving the data?
The technology giant is making the move to ensure ownership of the data returns to California, enabling it to avoid any legal disputes between the UK and EU if they fail to reach a Brexit deal that covers data sharing.
If the UK cannot secure a deal with the EU, it would be illegal to transfer data between the UK and EU countries.
Google’s former lead for global privacy technology, Lea Kissner, said it would have been surprising if the company had kept British account data in an EU country once the UK had left the bloc.
“There’s a bunch of noise about the UK government possibly trading away enough data protection to lose adequacy under GDPR, at which point having them in Google Ireland’s scope sounds super-messy,” Kissner said.
“Never discount the desire of tech companies not to be caught in between two different governments.”
What does the move mean for users?
Privacy campaigners and the Labour Party have expressed concern that UK users’ data may not benefit from the same protections under US law as under the EU’s strict privacy laws.
Chi Onwurah, Labour’s shadow digital minister, said: “With this announcement, Google will be moving swathes of private information out of the UK without, apparently, consulting British people or their representatives.”
Moving the data out of the EU means it will therefore have less protection and sit within easier reach of British law enforcement, says The Guardian. If British Google users’ data is kept in Ireland, British authorities would find it harder to recover it in criminal investigations.
The recent Cloud Act in the US is expected to make it easier for British authorities to obtain data from US companies, and this could get easier still if the UK and US negotiate a trade agreement. Data privacy protections in the US are among the weakest of any major economy, despite years of advocacy by consumer protection groups.
–––––––––––––––––––––––––––––––For a round-up of the most important stories from around the world - and a concise, refreshing and balanced take on the week’s news agenda - try The Week magazine. Start your trial subscription today –––––––––––––––––––––––––––––––
Jim Killock, executive director of the digital rights organisation Open Rights Group, said: “Moving people’s personal information to the USA makes it easier for mass surveillance programmes to access it. There is nearly no privacy protection for non-US citizens.
“Google’s decision should worry everyone who thinks tech companies are too powerful and know too much about us. The UK must commit to European data protection standards or we are likely to see our rights being swiftly undermined by ‘anything goes’ US privacy practices.”
But data protection lawyers say there will be little change in how Google’s UK user data is protected, if the UK continues to implement GDPR, says The Times. The UK took GDPR into its own law when the EU brought it in, meaning GDPR protections may not be affected by Brexit.
Google has denied that its approach to privacy will change. A spokesperson said: “Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information. The protections of the UK GDPR will still apply to these users.”