As the UK’s Brexit transition progresses over the coming months, it is inevitable that there will be some surprise obstacles along the way.
One of the most significant unexpected consequences of Brexit emerged last week, with Google’s announcement that it will be moving all the data it holds regarding UK users to a data centre in the United States.
The reasoning is that when the UK’s departure from the European Union is complete, Google could face problems transferring data between the EU and the UK. Google’s European headquarters is in the Republic of Ireland, which will remain part of the EU.
Data security concerns
The move has been met with consternation from the media over fears that confidential and personal data will no longer enjoy the protection of the European GDPR when it is moved to the US. These days, we entrust huge amounts of sensitive personal and financial information to ecommerce businesses and sites that deal with money transactions. These include, but are not limited to the following:
- Banking and financial apps where we can pay household bills, manage investments, even buy and sell shares or trade Forex and cryptocurrency.
- Online sports betting or casino gaming websites that involve a degree of money transaction and that provide everything from live betting on the Premier League to traditional games such as blackjack, roulette and slots.
- Subscription streaming services like Netflix or Now TV. These have transformed the way we watch TV shows, movies and sporting events.
In each of these cases, the amounts transacted in real time amount to billions – no mean feat.
Google UK has been quick to reassure users that data will be as well-protected in the US as it would be if it remained in the UK, stating that “the protections of the UK GDPR” will still be applied to the data when it is held in the US. However, the larger concerns are whether those protections are as rigorous as those of the European Union.
Risks of inadequacy
The UK’s Investigatory Powers Act, which bestows wide-ranging and intrusive surveillance laws has been the subject of extensive EU debate since its introduction in 2016. This has probably been the main incentive behind Google’s decision. It’s entirely possible that when the UK is no longer a member, the UK will not meet the “adequacy” requirements that allow for free flow of data to and from the EU.
If this transpires, the European Court of Justice will rule that the UK does not meet EU data security standards and will therefore block the transfer of personal data between the UK and EU.
Nearly no privacy
Not everyone is convinced by Google’s words of reassurance regarding data security. Jim Killock is the Executive Director of Open Rights Group, which campaigns for digital rights in terms of data protection and free speech. He said that moving data to the US makes it available for scrutiny by intelligence and monitoring agencies on both sides of the Atlantic and there is “nearly no privacy protection for non-US citizens.”
A domino effect?
Google holds personal data for individuals using a range of services, including Gmail, the Play Store, YouTube and various others. However, there are numerous other digital service providers that are facing exactly the same circumstances.
Facebook is an obvious example – the social media giant has around 45 million members in the UK, which is more than three quarters of those aged 14 or above. The company has declined to comment on what, if any, action it will take regarding the personal data belonging to UK users when the Brexit transition period expires. However, Facebook works on an organisational model that mirrors that of Google, so it seems all but certain to be only a matter of time before it is forced to take similar action.