Google to shift UK user data to the US post-Brexit

The decision is driven by fears the UK may step out-of-sync with the EU's data protection laws

Google plans to migrate UK user accounts from Ireland to the US following Britain’s withdrawal from the EU. 

The sensitive data of tens of millions of users could be shifted away from Ireland, where it currently resides, according to Reuters. That's believed to be amid concerns from Google that the UK will loosen its data protection laws and fail to agree on a data-sharing agreement with EU, potentially making it difficult to transfer data between Ireland and the UK. 

The migration will involve asking UK users to agree to new terms of service, which includes consent to holding their data under the new jurisdiction. 

The move could mean UK authorities are better able to recover data for criminal investigations, thanks to the CLOUD Act that has made cross-border data transfers much easier. However, it raises concerns as the US has much weaker data protection laws than across the EU. While the Californian Consumer Privacy Act (CCPA), outlines some protections, there is no national federal data protection law with sufficient provisions akin to GDPR or the UK's Data Protection Act 2018.

According to the firm’s former global privacy technology lead, Lea Kissner, Google fears that the UK water will water down its data protection laws enough that it fails to reach an adequacy agreement with the EU. Without that agreement, data sharing will become more complex, and potentially require company by company contracts.  

"There’s a bunch of noise about the UK government possibly trading away enough data protection to lose adequacy under GDPR, at which point having them in Google Ireland’s scope sounds super-messy,” Kissner told Reuters. "Never discount the desire of tech companies not be caught in between two different governments."

Legal director with UK law firm TLT, Ed Hayes, told IT Pro that it's no surprise Google is looking at ways to move UK user data away from the EU, given that GDPR limits the ways companies can monetise data. "Google’s plans seem to assume the UK will water down its data protection standards once the Brexit transition ends," he said. "But that would contradict UK Regulations passed in 2019 to incorporate GDPR into UK law after transition, and government statements to date about continuing GDPR compliance.

"It could be that Google is betting the UK’s need for a quick US trade deal will see those commitments dropped, and is seeking to boost its bottom line by moving UK users’ personal data under US law," he adds. "However, if Google gets that wrong, and simply changes the location of UK users’ personal data while GDPR-equivalent laws still apply, it’s unlikely to achieve the goal of taking itself outside GDPR – GDPR’s reach is controlled by user location not just by data storage location."

Related Resource

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

The question of data flow post-Brexit has been the source of much confusion for businesses. During the current transition period, which will expire January 2021, the Information Commissioner’s Office (ICO) has made assurances that data flow between the UK and the EU will continue as normal.

The terms of the UK’s future relationship with the EU will determine whether critical business information can continue to flow seamlessly. The suggestions that a future trade agreement between the UK and the US could weaken data protection laws are partially reinforced by leaked documents released last year. According to preliminary trade discussions, the US is currently lobbying for an agreement to ease international data transfers underlined by a set of common standards, but not to the extent that domestic laws are harmonised.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

Tech giants lobby US to fund chip production
Hardware

Tech giants lobby US to fund chip production

11 May 2021
Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
Google’s about to push everyone into two-factor authentication
Security

Google’s about to push everyone into two-factor authentication

6 May 2021
Peloton security bug could expose user data
data protection

Peloton security bug could expose user data

6 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell XPS 17 (2021) review: A big laptop for big jobs
Laptops

Dell XPS 17 (2021) review: A big laptop for big jobs

10 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021