Google is planning to move its UK user’s accounts out of the control of the EU’s privacy regulator and into the jurisdiction of US authorities. Google’s move was prompted by Britain’s departure from the European Union, a move that would make sensitive personal information for tens of millions of Google users less protected and more accessible to UK law enforcement.
Three sources familiar with the changes were revealed to Reuters, saying Google plans to require its UK users to recognize new terms of service, including new jurisdictions.
Ireland, a member of the European Union, is home to the European headquarters of Google and other US technology companies, and the EU has one of the world’s most aggressive data protection rules, the General Data Protection Regulation (GDPR). People familiar with the matter said Google had decided to move its UK users out of Ireland because it was unclear whether the UK would comply with general data protection regulations or adopt other rules that could affect users’ data processing.
If Google keeps data from UK users in Ireland, it will be more difficult for British authorities to recover it in criminal investigations. But the recent Cloud Act, introduced by US authorities, is expected to make it easier for British authorities to obtain data from US companies. The UK and the US will also negotiate a broader trade deal. On top of that, the United States has one of the weakest privacy protections of any major economy. Although consumer protection groups have been advocating for privacy for years, U.S. authorities have yet to enact a wide range of laws.
A Google spokesman declined to comment on the news.
For now, at least, the UK’s privacy rules are still subject to general data protection regulations. Britain’s privacy rules will continue to apply to the government’s request for data access to Google’s US headquarters, according to a Google employee familiar with the matter. Google owns one of the world’s largest databases of personal information, using it to customize services and sell advertising.
Google could have chosen to let a BRITISH subsidiary take charge of the uk user’s account, but the company has chosen not to do so, according to people familiar with the matter.
Lea Kissner, a former head of global privacy technology at Google, said the UK was no longer a member of the EU and would be surprised if Google let stake an EU country control the accounts of UK users. “A lot of people say that under the general data protection regulations, the UK government may give up enough data protection to deprive users of adequate protection, so putting data within Google Ireland’s control can create a huge mess.” Kisner said. “Never underestimate the desire of technology companies not to be sandwiched between two different governments. “
Other U.S. technology companies will have to make similar choices in the coming months, according to other sources familiar with the matter.
Facebook’s privacy protections are similar to Google’s, which has not responded to a request for comment.