X

UK Google users to lose EU data protection due to Brexit

The tech giant is transferring control of UK Google accounts to the US and out of the jurisdiction of EU privacy regulators. But the GDPR will still apply.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
See full bio
Katie Collins
3 min read
gettyimages-1190315385

Google users in the UK are about to see their data leave the EU.

 Aytac Unal/Anadolu Agency/Getty Images

The accounts of Google users in the UK will be controlled out of the US now that the country has left the European Union, according to Reuters. This means that the data belonging to British citizens will no longer fall under the control of European privacy regulation, even though they are still protected by the GDPR .

Google accounts of European citizens are controlled through Ireland, the site of the tech giant's regional headquarters. Now, ownership of UK data will switch from Ireland to the US. 

The move was prompted by Brexit, the UK's departure from the EU, which took place at the end of January. According to Reuters, Google intends to make the move clear to UK users by asking them to acknowledge new terms of service, Reuters reported Wednesday.

Google didn't respond to a request for comment.

In Europe, the privacy of internet users is protected by a far-reaching piece of legislation that went into effect in 2018 called the General Data Protection Regulation, or the GDPR. Its introduction changed the rules for companies that collect, store or process information on residents of the EU, requiring more openness about what data they have and who they share it with. Currently the US has no equivalent to the GDPR, which is viewed by many as the gold standard in data protection. 

Even though the UK has left the EU, the GDPR still continues to apply in the country under British law. It is enforced by the UK data protection watchdog known as the Information Commissioner's Office, which will likely take a keen interest in where data belonging to UK citizens is moved following Brexit.

"Our role is to make sure the privacy rights of people in the UK are protected and we are in contact with Google over this issue," a spokeswoman for the ICO said in a statement. "Any organisation dealing with UK users' personal data should do so in line with the UK Data Protection Act 2018 and the GDPR which will continue to be the law unless otherwise stated by UK Government."

The move by Google has come under fire from privacy groups, which believe that moving the data of UK citizens to the US leaves it open to abuse. Jim Killock, executive director of Open Rights Groups, suggested that the data would now be vulnerable to being swept up in mass surveillance programs or being used for profiling in immigration cases.

"Google's decision should worry everyone who think tech companies are too powerful and know too much about us," Killock said in a statement. "The UK must commit to European data protection standards, or we are likely to see our rights being swiftly undermined by 'anything goes' US privacy practices."

By moving data to the US, UK law enforcement would have an easier time gaining access to it under the recent US Cloud Act. A future trade deal between the US and UK could potentially see the latter back away from GDPR, in which case privacy protections for UK citizens would undergo a significant shift.