Google to shift UK user data to the US post-Brexit

The decision is driven by fears the UK may step out-of-sync with the EU's data protection laws

Google plans to migrate UK user accounts from Ireland to the US following Britain’s withdrawal from the EU. 

The sensitive data of tens of millions of users could be shifted away from Ireland, where it currently resides, according to Reuters. That's believed to be amid concerns from Google that the UK will loosen its data protection laws and fail to agree on a data-sharing agreement with EU, potentially making it difficult to transfer data between Ireland and the UK. 

The migration will involve asking UK users to agree to new terms of service, which includes consent to holding their data under the new jurisdiction. 

The move could mean UK authorities are better able to recover data for criminal investigations, thanks to the CLOUD Act that has made cross-border data transfers much easier. However, it raises concerns as the US has much weaker data protection laws than across the EU. While the Californian Consumer Privacy Act (CCPA), outlines some protections, there is no national federal data protection law with sufficient provisions akin to GDPR or the UK's Data Protection Act 2018.

According to the firm’s former global privacy technology lead, Lea Kissner, Google fears that the UK water will water down its data protection laws enough that it fails to reach an adequacy agreement with the EU. Without that agreement, data sharing will become more complex, and potentially require company by company contracts.  

"There’s a bunch of noise about the UK government possibly trading away enough data protection to lose adequacy under GDPR, at which point having them in Google Ireland’s scope sounds super-messy,” Kissner told Reuters. "Never discount the desire of tech companies not be caught in between two different governments."

Legal director with UK law firm TLT, Ed Hayes, told IT Pro that it's no surprise Google is looking at ways to move UK user data away from the EU, given that GDPR limits the ways companies can monetise data. "Google’s plans seem to assume the UK will water down its data protection standards once the Brexit transition ends," he said. "But that would contradict UK Regulations passed in 2019 to incorporate GDPR into UK law after transition, and government statements to date about continuing GDPR compliance.

"It could be that Google is betting the UK’s need for a quick US trade deal will see those commitments dropped, and is seeking to boost its bottom line by moving UK users’ personal data under US law," he adds. "However, if Google gets that wrong, and simply changes the location of UK users’ personal data while GDPR-equivalent laws still apply, it’s unlikely to achieve the goal of taking itself outside GDPR – GDPR’s reach is controlled by user location not just by data storage location."

Related Resource

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

The question of data flow post-Brexit has been the source of much confusion for businesses. During the current transition period, which will expire January 2021, the Information Commissioner’s Office (ICO) has made assurances that data flow between the UK and the EU will continue as normal.

The terms of the UK’s future relationship with the EU will determine whether critical business information can continue to flow seamlessly. The suggestions that a future trade agreement between the UK and the US could weaken data protection laws are partially reinforced by leaked documents released last year. According to preliminary trade discussions, the US is currently lobbying for an agreement to ease international data transfers underlined by a set of common standards, but not to the extent that domestic laws are harmonised.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Hey Google, navigate where there's no COVID-19
Google Android

Hey Google, navigate where there's no COVID-19

24 Sep 2020
COVID-19 and Brexit are rendering AI models redundant
Data & insights

COVID-19 and Brexit are rendering AI models redundant

23 Sep 2020
Google takes on Zoom with launch of Meet hardware
video conferencing

Google takes on Zoom with launch of Meet hardware

16 Sep 2020
Federation of small businesses says tech vouchers needed to survive Brexit transition
SMB

Federation of small businesses says tech vouchers needed to survive Brexit transition

8 Sep 2020

Most Popular

Microsoft hints at stand-alone successor to Office 2019 suite
Microsoft Office

Microsoft hints at stand-alone successor to Office 2019 suite

24 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020