Facebook will move UK users' data to the US post-Brexit
The move raises concerns as the US has much weaker data protection laws than across the EU
Facebook is planning to shift its UK-based user accounts to data privacy agreements with its corporate headquarters in California.
User data is currently stored at Facebook’s European head offices in Dublin. However, due to the UK leaving the EU, in which Ireland remains, the legal relationship between the two countries is subject to change.
The move could mean that UK authorities are better able to recover data for criminal investigations, thanks to the CLOUD Act that has made cross-border data transfers much easier.
However, it has raised concerns as the US has much weaker data protection laws than Europe, and sources suggest Facebook is making the change partly because the EU privacy regime is among the world’s strictest.
Jim Killock, executive director of the Open Rights Group, told IT Pro: “Moving data out of the EU makes it harder to enforce your privacy rights. It means European actions to limit the power of the tech giants will not apply to UK citizens.
"It means the UK ICO will need to be pushed to make the same decisions when companies break the law. And it means those tech giants can lobby for weaker UK rules to ensure they can get away with things in the UK that they cannot in the EU."
However, Facebook claims that there will be no changes to the privacy controls or the services offered to UK users.
A Facebook spokesperson told IT Pro the following: “Like other companies, Facebook has had to make changes to respond to Brexit and will be transferring legal responsibilities and obligations for UK users from Facebook Ireland to Facebook Inc.
"There will be no change to the privacy controls or the services Facebook offers to people in the UK, and the protections of UK GDPR will also apply.”
Facebook added that it will not change the ways in which it collects and processes users’ data, but said the decision was made due to ‘remaining uncertainties’ over the Brexit transition.
Facebook’s move mirrors a similar decision made by Google earlier this year. In February, it was reported that the Alphabet subsidiary was planning to migrate the sensitive data of tens of millions of UK users.
Lea Kissner, the company's former global privacy lead, Google feared the UK might water down its own data protection laws to the extent that it fails to reach an adequacy agreement with the EU, making it more difficult for the company to share data with the EU.
According to Claire Hall, a solicitor specialising in data protection at law firm VWV, there’s little the UK government will be able to do to prevent such decisions from organisations, however, she added that UK citizens have little to fear about their data moving to the US.
“It’s important to note that the personal data of people in the UK can still be protected by UK law when it's in the US – just as it's protected by the GDPR at the moment,” says Hall. “The GDPR has territorial provisions that place obligations on organisations outside of the EU in certain circumstances, for example when the organisation is offering goods or services to people in the EU.”