Google to shift UK user data to the US post-Brexit

The decision is driven by fears the UK may step out-of-sync with the EU's data protection laws

Google plans to migrate UK user accounts from Ireland to the US following Britain’s withdrawal from the EU. 

The sensitive data of tens of millions of users could be shifted away from Ireland, where it currently resides, according to Reuters. That's believed to be amid concerns from Google that the UK will loosen its data protection laws and fail to agree on a data-sharing agreement with EU, potentially making it difficult to transfer data between Ireland and the UK. 

Advertisement - Article continues below

The migration will involve asking UK users to agree to new terms of service, which includes consent to holding their data under the new jurisdiction. 

The move could mean UK authorities are better able to recover data for criminal investigations, thanks to the CLOUD Act that has made cross-border data transfers much easier. However, it raises concerns as the US has much weaker data protection laws than across the EU. While the Californian Consumer Privacy Act (CCPA), outlines some protections, there is no national federal data protection law with sufficient provisions akin to GDPR or the UK's Data Protection Act 2018.

According to the firm’s former global privacy technology lead, Lea Kissner, Google fears that the UK water will water down its data protection laws enough that it fails to reach an adequacy agreement with the EU. Without that agreement, data sharing will become more complex, and potentially require company by company contracts.  

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"There’s a bunch of noise about the UK government possibly trading away enough data protection to lose adequacy under GDPR, at which point having them in Google Ireland’s scope sounds super-messy,” Kissner told Reuters. "Never discount the desire of tech companies not be caught in between two different governments."

Legal director with UK law firm TLT, Ed Hayes, told IT Pro that it's no surprise Google is looking at ways to move UK user data away from the EU, given that GDPR limits the ways companies can monetise data. "Google’s plans seem to assume the UK will water down its data protection standards once the Brexit transition ends," he said. "But that would contradict UK Regulations passed in 2019 to incorporate GDPR into UK law after transition, and government statements to date about continuing GDPR compliance.

"It could be that Google is betting the UK’s need for a quick US trade deal will see those commitments dropped, and is seeking to boost its bottom line by moving UK users’ personal data under US law," he adds. "However, if Google gets that wrong, and simply changes the location of UK users’ personal data while GDPR-equivalent laws still apply, it’s unlikely to achieve the goal of taking itself outside GDPR – GDPR’s reach is controlled by user location not just by data storage location."

Related Resource

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

The question of data flow post-Brexit has been the source of much confusion for businesses. During the current transition period, which will expire January 2021, the Information Commissioner’s Office (ICO) has made assurances that data flow between the UK and the EU will continue as normal.

Advertisement - Article continues below

The terms of the UK’s future relationship with the EU will determine whether critical business information can continue to flow seamlessly. The suggestions that a future trade agreement between the UK and the US could weaken data protection laws are partially reinforced by leaked documents released last year. According to preliminary trade discussions, the US is currently lobbying for an agreement to ease international data transfers underlined by a set of common standards, but not to the extent that domestic laws are harmonised.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/mobile/google-android/356398/google-maps-is-testing-traffic-lights
Google Android

Google Maps is testing traffic lights

9 Jul 2020
Visit/network-internet/email-providers/356388/how-to-share-your-google-calendar
email providers

How to share your Google Calendar

8 Jul 2020
Visit/network-internet/web-browser/356359/google-chrome-86-update-could-add-28-to-your-battery-life
web browser

Google Chrome 86 update could add 28% to your battery life

6 Jul 2020
Visit/security/privacy/356320/privacy-groups-warn-against-googles-acquisition-of-fitbit
privacy

Privacy groups warn against Google's acquisition of Fitbit

2 Jul 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020