Read more.Sources say that UK user accounts will be moved to U.S jurisdiction instead.
Read more.Sources say that UK user accounts will be moved to U.S jurisdiction instead.
Sounds like a bit of fear-mongering to me. The default position post-Brexit is to incorporate EU laws into UK law, in other words unless the government explicitly choose to roll back these regulations, everything will remain the same. And as far as I'm aware, the UK government have said they intend to keep this part of legislation.
Facts straight from the horse's mouth rather than third-party speculation: https://ico.org.uk/for-organisations...ked-questions/
Iota (20-02-2020),Jonj1611 (20-02-2020),Saracen999 (21-02-2020)
equally the Tories only listen to big business who don't want the burden. As does the current US administrartion. It (the handling and transfer of data to US servers) will almost certainly be part of a trade deal and IIRC trump has already said as much.
It came from a tweet I can't readily find but several newspapers reported on it, including the Guardian as here: https://www.theguardian.com/business...-summit-brexit
Originally Posted by The Guardian
Last edited by ik9000; 20-02-2020 at 01:31 PM.
The US isn't the only country we want to form trade relations with, and as I said, the UK government have already shown intent to keep things pretty much as-is.
A lot of the assumptions, including the one you linked, are around a no-deal Brexit i.e. a worst-case scenario that wouldn't be beneficial for either side.
As above, EU directives are already part of UK law - this is how it works. We would have to actively repeal it and then you'd end up with some kind of replacement likely being put in before repealing the old stuff. GDPR is a nightmare in terms of compliance and it's why EU states can't access some websites - the companies can't afford the cost of compliance and so block all EU IPs.
This report is almost certainly part of "we're going to lobby the UK to give up GDPR and then see if we can put them under the same TOS as the US users". As a course of action, it is and will be illegal for them to operate in this manner without change to UK law.
This isn't the site for this but they have torn up loads of promises already. The idea that everything will stay the same as long as we don't have no deal is long dead. A better rule: whatever can get Boris's nose further up trump's backside, that is what he will do. Of course we know we need trade deals with other contries, Boris would clearly disagree. Boris's whole strategy is that we can replace Europe with the US, we can't anymore than Canada could do the reverse. As a consumer the EU data regulations are better and getting rid of them is not being done in my interest.
Pleiades (20-02-2020)
I see you haven't been paying much attention to the media lately then, regarding Boris and Trump having a tiff and Boris cancelling a trip to the USA?
No-one claimed 'everything will stay the same', but to claim we're just going to align everything with the USA whilst ignoring EU relations is preposterous.
Thats not true, as if you would brake any of the laws, EU wont come and help. This will be up to useless GB government to ensure they are applied, which they wont be.
We are talking about multi billion $ corporations here, not some corner shops selling polish cigs. They clearly won't give any thought about abusing their position as GB is too small to fight them alone. And American laws? Everyone knows the corporations have written them themselves. I thought Brits wanted to make their own laws?
btw, this is not report, as about 5min ago I recieved email from googleThis is like the big middle finger to GB and EUWe’re improving our Terms of Service and making them easier for you to understand. The changes will take effect on 31 March 2020, and they won’t impact the way that you use Google services. And, because the United Kingdom (UK) is leaving the European Union (EU), Google LLC will now be the service provider and the data controller responsible for your information and for complying with applicable privacy laws for UK consumer users.
Last edited by aniilv; 20-02-2020 at 03:35 PM.
No, they will be UK laws by default. In fact to be pedantic about it, GDPR is already implemented under UK law as required by the way EU laws are actually implemented by individual countries. So to make a change would require an active decision by the UK government. Just to be clear again, by default nothing changes.
As we are still in the transition period, no laws are changing in March. Google (and other companies) will need to make changes as the UK will not be a part of the EU, and so there could be legal problems with storing data overseas upon leaving the EU. Try not to read too much into things.
I do fear this thread is about to descend into the usual EU bunfight any time anything relating to the subject is mentioned...
Things are changing. This is necessary. People hate change. Nuance will be ignored on the grounds of "Boris must be [insert preference]" "Orange Man [insert preference]" "EU [insert preference]".
This kind of stuff is deep, technical, legal stuff which most of us don't have a chance of understanding. Whinging and whining about it will serve nothing. Saying it's a "middle finger" serves nothing when you aren't stating what the differences or the problems are, just a general vague feeling about the differences in the legal stances between countries.
They have a specific set of TOS for EU nations. We are leaving the EU. Therefore that has got to change. If you have a specific problem with how they're changing it, please take the time to find it rather than feet stomping as that just leads to a flame war. And myself, I'm alllll outa patience with EU related flame wars.
Well i hope for a even better "UKPR" for my friends on the isle.
Something that tell the likes of oogle and facetwitt to get in line or go frack them self,,,,, and i hope we Danes can get in on that too.
I love changes, bur rarely when they are forced upon me with no alternative, but in general i have no problems with technology moving along and so "force" me to deal with that, but i of course have to filter out stupid things like social media - selfies - vloggin and so on.
I don't think people as such hate change, if they did the world would not be what it is now.
But i don't mind to admit i would like a 1970ties technology car, with just heated seats / steering wheel / windscreen and airbags + modern mileage and build standard.
But all the modern / smart car stuff like ABS - electric windows and so on they can keep and sell me a car 100 KG lighter.
I'll try to provide some clarity to this as the Reuters article gets some things right which are then being misinterpreted on here and other things they themselves have misinterpreted IMO. I have some knowledge as I work in this field as Data Protection Officer for a public body. Obviously you only have my word for that so apply a pinch/shovel of salt to the following as you see fit but I'll try to link to proof where I can.
GDPR entered UK law as the Data Protection Act (2018) which is not far off a cut and paste of the EU legal text with a few local clarifiers. For example the EU text refers to "independant supervisory bodies" enforcing the rules, whereas the DPA states the Information Commisioners Office specifically. Amendments to the law to ensure it still works after the transition period have already been made, mostly in the form of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 which amends certain elements to refer to the UK courts as the arbiter of legal cases rather than EU courts and various similar items. The crucial part for our purposes is around data transfers to outside the UK.
Under GDPR data can be transferred to any other country within the EU without needing any additional safeguards. All other countries are referred to as "third countries" and there are 3 legal methods for transferring to them. We will become a 3rd country to the EU and they become 3rd countries to us the day the transition period ends, and our own laws have been adapted accordingly. 2 of the methods involve rules and clauses being built into individual contracts for any data moved, which is a labourious task. The final method works at a nation to nation level and so makes the overhead for individual organisations disappear. This method is called an adequacy decision.
An adequacy decision (article 45). This means the EU have looked at the data and related laws of a given country and decided that they meet or exceed the standards of GDPR OR they put special legal measures in place for EU data that don't apply to their domestic citizens data. The current list of countries deemed adequate is here, mostly those that border the EU, have trade deals in place or have put special measures in place, in particular the USAs Privacy Shield framework. The UK has compiled its own list of "adequate" countries for after the transition as every other country on earth becomes a 3rd country from our POV. That list contains all those already within the EU, the EEA and the EUs list, including the USA if under Privacy Shield. HOWEVER, the EU will NOT automatically recognise the UK as adequate, we will have to go through their process. This takes time and while our data law is identical to theirs they have long believed that the Investigatory Powers Act (2016) (aka the Snoopers Charter,) does not sufficently protect the rights & freedoms of citizens personal data. While we were a member this was moot but when we're outside it could count against adequacy. This could result in the Uk being free to transfer data to EU countries as we've recognised them, but them unable to do the same to us without contracts and safeguards at least until adequacy is agreed (if it ever is.)
So if you're Google and currently administer UK data from Irish jurastiction, you could face a huge headache trying to do so post transition as you'll have to generate huge swathes of clauses and documents any time you change a service for UK users or implement a new one. This could be a large and ongoing cost depending on how long we're not deemed adequate. Your alternative is to bring UK data under US jurastiction. The UK recognises US adequacy under Privacy Shield in one direction and given US standards on data protection are MUCH lower than ours they aren't going to find our laws lacking. So in this case you do a one off piece of work and the ongoing cost is zero.
This does NOT mean that GPDR/DPA protections will no longer apply to UK data held by Google under US jurastiction. As the Reuters article states:
So under Privacy Shield Google (or any other US based organisation handling UK data this way,) would be legally obliged to handle that data in accordance with the DPA or any future new UK data legislation. We'd lose no protections unless the UK parliment passes laws removing them. All Google is doing is moving the administrative burden to a country that is not going to quibble about whether our data laws are robust enough. I don't doubt that the US will try to use our data laws as a bargaining chip on trade, and make no predictions as to whether we alter them in future, but the above is my read on the current situation.An employee familiar with the planned move said that British privacy rules, which at least for now track GDPR, would continue to apply to that government’s requests for data from Google’s U.S. headquarters.
TL;DR - This move doesn't actually have any impact on the rights of Googles UK customers and is a logical move by Google to minimise the impact of Brexit on the administration of their UK data.
Last edited by spacein_vader; 20-02-2020 at 06:03 PM.
ik9000 (20-02-2020),Iota (20-02-2020),Jonj1611 (20-02-2020),nichomach (21-02-2020),Pleiades (20-02-2020),Saracen999 (21-02-2020),watercooled (20-02-2020),Zhaoman (21-02-2020)
Just received an email from google about the change
Extract below:
Your service provider and data controller is now Google LLC: Because the UK is leaving the EU, we’ve updated our Terms so that a United States-based company, Google LLC, is now your service provider instead of Google Ireland Limited. Google LLC will also become the data controller responsible for your information and complying with applicable privacy laws. We’re making similar changes to the Terms of Service for YouTube, YouTube Paid Services and Google Play. These changes to our Terms and privacy policy don’t affect your privacy settings or the way that we treat your information (see the privacy policy for details). As a reminder, you can always visit your Google Account to review your privacy settings and manage how your data is used.
ik9000 (20-02-2020)
That is NOT the same thing as losing GDPR (or equivalent) privacy protections.
ik9000 (20-02-2020)
There are currently 1 users browsing this thread. (0 members and 1 guests)