Data Backup Digest

The introduction of the General Data Protection Regulation (GDPR) was a landmark moment for the digital rights of European citizens. Broadly, it allowed citizens to know exactly what data was being stored about them and to be able to request their deletion of their data at any time.

However, now that the United Kingdom have finalised their exit from the European Union, there are concerns over the rights that their citizens will continue to hold.

That concern seems well placed, as Google have announced that they are going to move the data and accounts of its British users out of the EU and into the US. This would mean that British Google users will now have their data stored outside of the strong protection of GDPR. This move comes as a direct result of the UK leaving the EU.

“Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information,” said Google in a statement. “The protections of the UK GDPR will still apply to these users.”

However, Google now requires British users to agree to new terms of service and accept the change in jurisdiction. The company could have decided to move these accounts to a British subsidiary, but they didn’t.

Google and many US technology companies have their European headquarters in Ireland, which is staying in the EU. It’s believed that Google moved British user’s data out of Ireland because it’s unknown whether Britain will comply with GDPR or adopt other rules.

This causes complications for many global businesses when it comes to the transfer of user information, since wherever the data is held it needs to comply by that country’s law.

Keeping British user data in Ireland would have meant it would be more difficult to British authorities to collect data during criminal investigations. The US, however, recently introduced the Cloud Act, which will make it easier for British authorities to get data from the US companies. The two countries are also soon to negotiate a trade agreement that should account for this.

This new regulation still puts the US far off any other major economy, though. Despite constant advocacy by consumer protection groups for many years, the country still has no broad laws that protect their citizen’s digital rights.

“There’s a bunch of noise about the UK government possibly trading away enough data protection to lose adequacy under GDPR, at which point having them in Google Ireland’s scope sounds super-messy,” said Lea Kissner, Google’s former head of global privacy technology. “Never discount the desire of tech companies not be caught in between two different governments.”

Ultimately, moving data to the US makes it easier for mass surveillance programs to access it. Google store huge amounts of data about us, especially if you use all their services like search, email, maps, and so on.

The Guardian contacted Facebook for comment, since they are an equally large technology firm with a similar location setup to Google, but they didn’t respond for comment. It’s likely, however, that they will follow suit.