Google will to move its British users’ accounts out of the control of European Union privacy regulators, placing them under U.S. jurisdiction instead, the company said.
The shift, prompted by Britain’s exit from the EU, will leave the sensitive personal information of millions with less protection and within easier reach of British law enforcement.
“Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information,” Google said. “The protections of the UK GDPR will still apply to these users.”
Ireland, where Google and other U.S. tech companies have their European headquarters, is staying in the EU, which has one of the world’s most aggressive data protection rules, the General Data Protection Regulation.
Google seems to have decided to move its British users out of Irish jurisdiction because it is unclear whether Britain will follow GDPR or adopt other rules that could affect the handling of user data.
In addition, the United States has among the weakest privacy protections of any major economy, with no broad law despite years of advocacy by consumer protection groups.
Google has amassed one of the largest stores of information about people on the planet, using the data to tailor services and sell advertising.