Britain's exit from the EU (Brexit) is projected to bring about many changes, some of which may trigger reactions. One of these changes concerns Google, which is about to transfer data and accounts of its UK users from the EU to the US, thus leaving them out of the strong privacy protection offered by European regulators. In other words, the personal data of tens of millions of users will no longer be protected by the Global Data Protection Regulation (GDPR). Google is going to require its UK users to recognize and accept new terms of service, including new jurisdiction.
Google has stated that it will not change anything about its services or its approach to user privacy, including how data is collected or processed and how it meets the requirements of the regulations regarding user information. On the contrary, UK GDPR protections will continue to apply to these users.
Ireland, where Google and other US tech companies have their European headquarters, remains in the EU, which has one of the most stringent data protection rules in the world, GDPR. It is understood that Google has decided to move British users out of Irish jurisdiction, as it is not clear whether Britain will comply with the GDPR or whether it will adopt other rules that could affect the handling of user data. If Google's British users kept their data in Ireland, it would be more difficult for the British authorities to recover it in criminal investigations. However, the recent US law concerning the in cloud will make it easier for the UK authorities to obtain information from US companies. Britain and USA they are also expected to conclude a wider trade agreement.
It is noteworthy that the US, despite being one of the largest economic forces on the planet, has one of the weakest privacy systems, and has no broad law, despite the actions of consumer protection groups.
Google has one of the largest repositories of human information and uses data to tailor services and sell ads.
Η Lea Kissner, a former Google chief of technology confidentiality, said she would be impressed if the company had kept its UK accounts in an EU country, as the United Kingdom is no longer a member of the EU. Jim Killock, executive director of the Open Rights Group for Digital Rights, said the transfer of British citizens' personal data to the US made it easier to access mass surveillance programs. There is virtually no privacy for non-US citizens.
If the United Kingdom decides not to adopt rules that constitute data protection equivalent to that provided by the GDPR, then extensive data exchange agreements may be needed. So, other tech companies might follow the path of Google. By way of example, Facebook, is said to have made a similar decision with Google, but has not made any relevant statements on the matter.