The accounts of Google users in the UK will be controlled out of the US now that the country has left the European Union, according to Reuters. This means that the data belonging to British citizens will no longer fall under the control of European privacy regulation, even though they are still protected by the GDPR.
Google accounts of European citizens are controlled through Ireland, the site of the tech giant's regional headquarters. Now, ownership of UK data will switch from Ireland to the US.
The move was prompted by Brexit, the UK's departure from the EU, which took place at the end of January. According to Reuters, Google intends to make the move clear to UK users by asking them to acknowledge new terms of service, Reuters reported Wednesday.
Google didn't respond to a request for comment.
In Europe, the privacy of internet users is protected by a far-reaching piece of legislation that went into effect in 2018 called the General Data Protection Regulation, or the GDPR. Its introduction changed the rules for companies that collect, store or process information on residents of the EU, requiring more openness about what data they have and who they share it with. Currently the US has no equivalent to the GDPR, which is viewed by many as the in data protection.
Even though the UK has left the EU, the GDPR still continues to apply in the country under British law. It is enforced by the UK data protection watchdog known as the Information Commissioner's Office, which will likely take a keen interest in where data belonging to UK citizens is moved following Brexit.
"Our role is to make sure the privacy rights of people in the UK are protected and we are in contact with Google over this issue," a spokeswoman for the ICO said in a statement. "Any organisation dealing with UK users' personal data should do so in line with the UK Data Protection Act 2018 and the GDPR which will continue to be the law unless otherwise stated by UK Government."
The move by Google has come under fire from privacy groups, which believe that moving the data of UK citizens to the US leaves it open to abuse. Jim Killock, executive director of Open Rights Groups, suggested that the data would now be vulnerable to being swept up in mass surveillance programs or being used for profiling in immigration cases.
"Google's decision should worry everyone who think tech companies are too powerful and know too much about us," Killock said in a statement. "The UK must commit to European data protection standards, or we are likely to see our rights being swiftly undermined by 'anything goes' US privacy practices."
By moving data to the US, UK law enforcement would have an easier time gaining access to it. A future trade deal between the US and UK could potentially see the latter back away from GDPR, in which case privacy protections for UK citizens would undergo a significant shift.