Not only UK citizens see their country leaving the EU, but they are also about to see their data moving too. Now that the UK exits EU, Google needs to change the authority of data collection to its UK users. The US jurisdiction will possibly take further control, which means the loss of European privacy regulators.
Amid Brexit uncertainty
Back in 2019, the official data controller for UK users became Google’s Irish subsidiary, its European headquarters. The shift is prompted by Brexit. It means that UK netizens will no longer fall under the jurisdiction of the EU and Ireland. As a result, depending on future UK legislation, personal information of tens of millions of UK users could lose the strong privacy protections of GDPR, as Reuters reports. Instead, it will possibly fall under the US rules, which are far looser and less privacy-oriented.
“Like many companies, we have to prepare for Brexit,” Google says in a statement. “Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information. The protections of the UK GDPR will still apply to these users.”
The essence of GDPR
GDPR is one of the most aggressive data protection set of rules. Its introduction completely changed the regulations for companies that aggregate, store, or process data on netizens of the EU. The collection of rules requires companies to be more transparent and open about what data they collect and with whom they share it. GDPR, otherwise known as the ‘gold standard’, already led to $126 million in fines over data privacy.
However, GDPR still regulates the UK’s privacy protection laws during the current Brexit transitional period. Information Commissioner’s Office is the UK’s data privacy watchdog. It is taking a keen interest in how new regulations affect the data belonging to UK netizens.
“Our role is to make sure the privacy rights of people in the UK are protected, and we are in contact with Google over this issue,” a spokeswoman for the ICO said. “Any organization dealing with UK users’ personal data should do so in line with the UK Data Protection Act 2018 and the GDPR which will continue to be the law unless otherwise stated by UK Government.”
New privacy rules to come
In the end, it’s not entirely within Google’s power to decide how to aggregate users’ data lawfully. Boris Johnson, the prime minister of the UK, wrote a statement to the House of Commons, which confirms that the government is planning to ‘develop separate and independent policies’ for the citizens. Even though the UK no longer falls under GDPR in the future, hopefully, netizens will get back their digital rights with equally aggressive data privacy rules.
Terms in plain language
Alongside with upcoming changes of UK data privacy controls, Google is releasing a new update for its Terms of Service. It’s the first significant revision since 2012. Google presentation is for users around the world to understand these global changes better. New Terms of Service will take effect at the end of March. Google will notify users via email, their webpage, or notifications in its app. All this, to make sure the news wouldn’t be left unseen.