Google plans to move UK users' accounts to U.S. jurisdiction where privacy laws are weak

Google is planning to move its British users’ accounts out of the control of European Union privacy regulators, placing them under U.S. jurisdiction instead, the company confirmed late on Wednesday. Reuters had earlier reported the plans, citing people familiar with them.

The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of tens of millions with less protection and within easier reach of British law enforcement.

Alphabet Inc’s Google intends to require its British users to acknowledge new terms of service including the new jurisdiction, according to people familiar with the plans.

“Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information,” Google said in an emailed statement. “The protections of the UK GDPR will still apply to these users.”

A spokesman declined Reuters requests to answer questions.

Ireland, where Google and other U.S. tech companies have their European headquarters, is staying in the EU, which has one of the world’s most aggressive data protection rules, the General Data Protection Regulation.

Google has decided to move its British users out of Irish jurisdiction because it is unclear whether Britain will follow GDPR or adopt other rules that could affect the handling of user data.

If British Google users have their data kept in Ireland, it would be more difficult for British authorities to recover it in criminal investigations.

The recent Cloud Act in the United States, however, is expected to make it easier for British authorities to obtain data from U.S. companies.

Beyond that, the United States has among the weakest privacy protections of any major economy, with no broad law despite years of advocacy by consumer protection groups.

Google has amassed one of the largest stores of information about people on the planet, using the data to tailor services and sell advertising.

Google could also have had British accounts answer to a British subsidiary, but has opted not to, the people said.

Lea Kissner, Google’s former lead for global privacy technology, said she would have been surprised if the company had kept British accounts controlled in an EU country with the United Kingdom no longer a member.

"There’s a bunch of noise about the U.K. government possibly trading away enough data protection to lose adequacy under GDPR, at which point having them in Google Ireland’s scope sounds super-messy,” Kissner said.

“Never discount the desire of tech companies not be caught in between two different governments.”

Image: Shutterstock

Follow EU Today on Social media:

EUToday Correspondents

EUToday Correspondents

Our team of independent correspondents, based across Europe and beyond, are at the centre of geopolitical dynamics. We are united by our commitment to free and unbiased journalism, and our devotion to the concept of true and unfettered democracy. We take our job very seriously!

Related posts