Despite Brexit, the UK is not free from the GDPR obligations and data privacy framework. Brexit affected all businesses operating in the European and the UK ever since its initial discussion. Does this mean that citizens of the UK are free from their legal obligations? No. The GDPR framework is applicable to all organisations within the EU and the UK. However, if the UK is not deemed fit for a receipt of EU protected data after the transition period, contracts nationwide will need to be altered.
Google, on the other hand, is preparing itself for changes. Google is changing the data controller for its United Kingdom user data from Dublin to Google LLC, its United States headquarters. This is an alleged attempt to take the protections outside of the GDPR’s scope. Moving the British user accounts out of the EU will reduce the jurisdiction and influence the UK authorities.
Irish Data Protection, French and Australian data Protection authorities have fined Google for its malpractices and failure to provide sufficient privacy based on the legal guidelines. The data privacy situation and legal climate relating to the law for data security is among the weakest in the world. The Irish Times claims that the data will be much more prone to risk in the US as compared to the UK.
Another fact stemming from the vulnerability of data in the US is that “If British Google users have their data kept in Ireland, it would be more difficult for British authorities to recover it in criminal investigations,” according to the Irish Times.
Google’s new administrative change, will ensure that the EU privacy rights will continue to be protected as per the GDPR guidelines according to them. The EU GDPR and the UK version in the Data Protection Act 2018 will continue to apply to Google regardless of where their data centre is located. The search and advertising giant understands this obligation.
In future, UK law enforcement offices will still be able to take action against Google. But without intervention from the Dublin classification, in this case, Google’s movement of the UK data will not be penalized.
This transition period of Brexit ends with the end of 2020. The Information Commissioner’s Office (ICO) clarified that all rules on GDPR will continue to apply in the UK. According to the data security powerhouse, it will be “business as usual for data protection” because the UK’s privacy rules are predicated on the GDPR principles.
Data protection in the UK is based on the 2018 Data Protection Act. In addition to this, the UK government also introduced the Data Protection, Privacy and Electronic Communications (EU Exit) Regulations 2019.
The GDPR allows the data of citizens of the EU to be transferred cross-border to “third countries” where the transfer will comply with the requirements mentioned in Chapter 5 of the GDPR. A “third country” means any country other than the twenty-eight Member States of the EU, Norway, Iceland and Liechtenstein, three countries that are a part of the European Economic Area. There are no restrictions on transfer to adequate countries. Google is still answerable to the ICO anyway.