Google is reportedly planning to move accounts of its British users to a US jurisdiction, opening up the sensitive information of tens of millions of Brits to UK authorities.
Reuters cites three people familiar with the plans, reporting that British accounts would be removed from their current holding under the control of EU privacy regulators since the UK is no longer a member of the bloc.
The European Union is known for having some of the world’s strictest data protection laws with General Data Protection Regulation (GDPR), whereas the US has some of the weakest for a major economy.
The US has also recently introduced the Cloud Act, which could eventually make it easier for UK authorities to access data of British users for criminal investigations.
Reuters understands that Google intends to make users acknowledge the terms of the changes.
The move was prompted by Britain’s departure from the European Union ahead of negotiations between the UK and the EU on the movement of information across borders.
In addition, Google is taking the opportunity to bundle any data collected via its Chrome browser, Chrome OS and Google Drive into the same set of terms and conditions, Reuters reports.
Just two weeks ago Google warned shareholders that Britain’s departure from the European Union may hamper its revenue and subject the company to new regulatory fines and technical challenges relating to the transfer of personal data between the two countries.
A Google spokesman said: “Like many companies, we have to prepare for Brexit. Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information. The protections of the UK General Data Protection Regulation will still apply to these users.”
An end to consumer protection?
Jim Killock, the executive director of the digital rights organisation Open Rights Group, said: “Moving people’s personal information to the USA makes it easier for mass surveillance programmes to access it. There is nearly no privacy protection for non-US citizens. Google’s decision should worry everyone who thinks tech companies are too powerful and know too much about us. The UK must commit to European data protection standards or we are likely to see our rights being swiftly undermined by ‘anything goes’ US privacy practices.”
Politicians are already expressing serious concerns about what this means. “This is a serious issue, and one at the heart of what ‘regulations’ mean. GDPR protects people’s rights, governs who can access what type of data, and how data can be used. It’s a world-class standard, and miles stronger than anything in the US”, Ed Davey, the leader of the UK’s Liberal Democrat party told us.
“What Google appears to be doing is ditching the whole regulatory framework in favour of weak US laws that give them and other companies freedom to do much more with your data. And that data is everything you’ve searched for, every YouTube film clip you’ve watched, every advert you’ve seen on their massive network of sites. We may be ending our role Europe, it doesn’t mean we need to end consumer protection”.
