Google To Move Post-Brexit UK Data To US

UK Google users are set to lose the protections afforded to them from the General Data Protection Regulation (GDPR), now that the country is embarking on its exit from the EU, according to CPO Magazine.

Prompted by Brexit, the tech giant Google has announced plans to shift all its British data to the United States. The move will mean that the data of tens of millions of Brits will be no longer covered by the EU’s GDPR, one of the world’s most comprehensive data protection legislation.

Google said UK users will still be covered by the EU’s General Data Protection Regulation (GDPR), which has been in effect since May 2018, and that nothing would change in terms of privacy management.

“Like many companies, we have to prepare for Brexit,” said a Google spokesperson in a statement. ”Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information. The protections of the UK GDPR will still apply to these users.”

The move has caused concern about the loss of privacy for UK Google users, especially around the shift from the EU’s legal jurisdiction on privacy protection over to that of the US—which is notably laxer in nature, leaving their data more susceptible to misuse.

The so-called CLOUD Act, for example, which was signed into law by the US Congress in 2018, allows US and UK authorities to more easily access personal data stored by US companies.

The move will mark the biggest major revision to Google’s Terms and Conditions for UK Google users since 2012, with Google already in the process of updating its T&Cs in response to litigation from EU privacy groups.

German consumer rights organisations took the tech giant to court last year, over its use of “overly vague” terms. Google has since been forced to realign its terms in response to mounting pressure from the GDPR.

The Data Protection Act 2018, which currently supplements the GDPR within the UK, will continue to apply — and the GDPR is set to be incorporated into UK law alongside this Act.

If you need Data protection (BS10012 ISO27701), Information Security (ISO/IEC27001, ISO2230, Cyber Essentials) and Business continuity (ISO22301) consultancy services, then get in contact today.

Our Team