View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
February 21, 2020updated 24 Feb 2020 9:41am

Google Confirms Plans to Move Briton’s Data to US

"If you don’t agree to the new terms, you should remove your content and stop using the services"

By CBR Staff Writer

Google has confirmed that its US business will be the controller of UK users’ data from next month, instead of Google Ireland Ltd.

The news confirms Reuters reports earlier this week.

Google cited Brexit uncertainty for the move, in a statement that was greeted with some confusion by the legal community.

The move will arguably mean the personal information of tens of millions of the UK’s Google users faces less robust privacy protections.

“Because the UK is leaving the EU, we’ve updated our Terms so that a United States based company, Google LLC, is now your service provider instead of Google Ireland Limited”, it said in updated terms today.

The company added: “We’ve also changed our Privacy Policy to make Google LLC the data controller responsible for your information and for complying with applicable privacy laws. We’re making similar changes to the terms of service for YouTube, YouTube Paid Services, and Google Play.”

(Google is adding Google Chrome, Google Chrome OS and Google Drive to the updated privacy Terms as well, standardising them across services).

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

What Data is This, Anyway?

When you’re not signed in to a Google Account, Google stores the information it collects with unique identifiers tied to the browser, application, or device you’re using. When you’re signed in, it also collects information that it stores with your Google Account, “which we treat as personal information.”

This includes your precise location, referrer URL of your request, browser type, IP address,  telephony log information.

As Google notes: “We use various technologies to collect and store information, including cookiespixel tags, local storage, such as browser web storage or application data caches, databases, and server logs.”

(There is no blanket ban on European user’s data leaving the EU under GDPR, however the individuals whose PII data potentially leaves the EU need to be informed and allowed to opt out, controls need to be in place to ensure their data is tracked, secured, and protected by everyone in the chain who may process the data, and if their data is potentially disclosed then they need to be informed of it”. Many take this as short-hand for EU PII data staying put!)

Business Users

For business users based in the UK, “then the Terms don’t affect the rights you may have as a business user under the EU Platform-to-Business Regulation” Google added, referring to a set of rules introduced last summer intended to create a “fair, transparent and predictable business environment for smaller businesses and traders on online platforms.”

Google said in an FAQ that those unhappy with the change have a simple solution to deal with it: “If you don’t agree to the new terms, you should remove your content and stop using the services. You can also end your relationship with us at any time by deleting your Google Account.”

Toni Vitale, partner and head of data protection, JMW Solicitors, told Computer Business Review that he found the move puzzling.

He said: “I find it strange that there’s [considered to be] a data protection law rationale for this. [In the UK] we have replicated GDPR word-for-word. Google may not want different regime in UK and EU. But lots of companies are living with that. I can see that Google may want to have one single entity operating as Data Controller for all of its different products and part of the move today looks like a step towards that. But under GDPR it will still need to have a representative office in the EU. It doesn’t make a lot of logical sense.”

Editors note: Those with a more cynical bent suspect that Google sees the UK struggling (or intentional declining) to gain so-called “adequacy” with the EU under which local data protections broadly align with GDPR.

It seems unlikely, with a government intent on as much market liberalisation as possible, that the UK will end up with a policy regime stronger than GDPR. Having UK user’s data outside Europe, as a result, could significantly weaken privacy and commercial protections and allow both law enforcement and businesses improved access to a significant dataset in future.

See also: Microsoft Cloud Terms Updated Under European Pressure

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.