Brexit prompts firm to move data and user accounts of British users from EU to US
Google is to move the data and user accounts of its British users from the EU to the US, placing them outside the strong privacy protections offered by European regulators.
The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of tens of millions not covered by Europe’s world-leading General Data Protection Regulation (GDPR) and therefore with less protection and within easier reach of British law enforcement.
Google intends to require its British users to acknowledge new terms of service including the new jurisdiction, according to people familiar with the plans.
“Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information,” Google said in a statement. “The protections of the UK GDPR will still apply to these users.”
Ireland, where Google and other US tech companies have their European headquarters, is staying in the EU, which has one of the world’s most aggressive data protection rules, the GDPR.
It is understood that Google decided to move its British users out of Irish jurisdiction because it is unclear whether Britain will follow GDPR or adopt other rules that could affect the handling of user data.
If British Google users have their data kept in Ireland, it would be more difficult for British authorities to recover it in criminal investigations.