“Never discount the desire of tech companies not [to] be caught in between two different governments,” - Lea Kissner
Reports are emerging that Google is putting together a plan to move the accounts of its UK users out of the European Union’s jurisdiction, meaning the company would not be obligated to meet the demands of privacy regulators and theoretically, even general data protection regulation.
The move is a sign of things to come for a number of technology companies in the aftermath of Brexit, whilst dealing with pressure from the EU to adhere to the GDPR.
The news comes via Reuters citing people familiar with Google’s plans. “The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of tens of millions with less protection and within easier reach of British law enforcement,” they write.
Google, like a number of other U.S. technology companies has its headquarters in Ireland, which falls under some of the world’s most stringent consumer protection data laws in existence. The plan now, according to reports, is to move that headquarters outside of the EU’s jurisdiction because “it is unclear whether Britain will follow GDPR or adopt other rules that could affect the handling of user data,” the report states.
“If British Google users have their data kept in Ireland, it would be more difficult for British authorities to recover it in criminal investigations,” Reuters is reporting.
That is in contrast to the recently-enacted Cloud Act in the U.S., which is anticipated to make it more accessible for British authorities to obtain data from U.S. companies; currently, the U.S. and Britain are negotiating a wide-sprawling trade deal, and the accessibility of data could eventually become a bargaining chip.
Google has said in a statement that “nothing about our services or our approach to privacy will change, including how we collect our process data, and how we respond to law enforcement demands for users’ information.”
“The protections of the UK GDPR will still apply to these users,” the company added.
According to Reuters, “the United States has among the weakest privacy protections of any major economy, with no broad law despite years of advocacy by consumer protection groups. Google has amassed one of the largest stores of information about people on the planet, using the data to tailor services and sell advertising.”
Lea Kissner, formerly Google’s lead for global privacy technology told Reuters that it would come as a surprise if Google had elected to keep its accounts, controlled in a European-Union country with the United Kingdom officially out of the union.
“There’s a bunch of noise about the U.K. government possibly trading away enough data protection to lose adequacy under GDPR, at which point having them in Google Ireland’s scope sounds super-messy,” she said.
“Never discount the desire of tech companies not [to] be caught in between two different governments,” Kissner added.