Perhaps the British will soon have to get used to the change that will result from their departure from the European Union. Google wants to use new country status, which will move its UK users data to the US, reports Reuters. This will not be protected by the strict European General Data Protection Regulation (GDPR).
In reality, this means that British government authorities will have easier access to the data, as US law does not protect personal data by far as strictly as the European Union.
Like most global technology companies, Google has its European headquarters in Ireland. It is still a member of the EU. When data is within its territory, GDPR rules apply to it. As most European countries are also EU members, companies do not usually have to deal with the legal differences between Ireland and the rest of Europe.
But Britain is no longer a member of the EU, and its Google users’ data is in a territory with a valid GDPR, so it is actually more protected than it would have to be. Obviously, Google found it easier to escape this confusion. Reuters says the company thought about creating a British subsidiary, but ultimately did not choose this option.
The Guardian points out that the move is beneficial to the British government, for which it will be easier to request data from the US in criminal investigations than if it had to negotiate with the EU and its tough rules. In addition, the British are negotiating a new trade agreement with America, which can make data transfers even easier.
“Moving people’s personal data to the US gives tracking systems better access to data. There is virtually no protection for non-Americans, ”said Jim Killock of the Open Rights Group. “Google’s move should be of worry to all who think technology companies know too much about us and are too powerful,” he added.
The company, however, claims that the British will not lose protection. He said he would treat the data as if it were still protected by GDPR. And Britain itself is still deciding what approach to data protection it will take. It can set rules equivalent to the European regulation, but also not. So far, GDPR follows, but has not given a definite opinion.