By Joseph Menn | Reuters
SAN FRANCISCO – Facebook Inc will shift all its users in the United Kingdom into user agreements with the corporate headquarters in California, moving them out of their current relationship with Facebook’s Irish unit and out of reach of Europe’s privacy laws.
The change takes effect next year and follows a similar move announced in February by Google https://www.reuters.com/article/us-google-privacy-eu-exclusive-idUSKBN20D2M3. Those companies and others have European head offices in Dublin, and the UK’s exit from the EU will change its legal relationship with Ireland, which remains in the Union.
Initially, sources briefed on the matter told Reuters about the move. Facebook later confirmed it.
“Like other companies, Facebook has had to make changes to respond to Brexit and will be transferring legal responsibilities and obligations for UK users from Facebook Ireland to Facebook Inc. There will be no change to the privacy controls or the services Facebook offers to people in the UK,” the company’s UK arm said.
Facebook’s UK users will remain subject to UK privacy law, which for now tracks the European Union’s General Data Protection Regulation (GDPR). Facebook is making the change partly because the EU privacy regime is among the world’s strictest, according to people familiar with the company. The EU rules give granular control to users over data about them.
In addition, the U.S. Cloud Act, passed in 2018, set a way for the UK and United States to more easily exchange data about cloud computing users.
Privacy advocates fear the UK may move to an even looser data privacy regime, especially as it pursues a trade deal with the United States, which offers far fewer protections. Some also worry that UK Facebook users could more easily be subject to surveillance by U.S. intelligence agencies or data requests from law enforcement.
“The bigger the company, the more personal data they hold, the more they are likely to be subject to surveillance duties or requirements to hand over data to the U.S. government,” said Jim Killock, executive director of the UK-based nonprofit Open Rights Group. U.S. courts have held that constitutional protections against unreasonable searches do not apply to non-citizens overseas.
UK information industry regulators said they had been in touch with Facebook along with companies keeping European headquarters as Brexit nears. “We are aware of Facebook’s plans and will continue to engage with the company in the new year,” said a spokeswoman at the Information Commissioner’s Office.
A Twitter spokesman said its UK users will continue to be handled by the company’s Dublin office.
Facebook will inform users of the shift in the next six months, a spokesman said, giving them the option to stop using the world’s largest social network and its Instagram and WhatsApp services.
Facebook’s decision comes at a time when the UK is escalating efforts to ban strong encryption, which Facebook is moving to implement on all its products. The UK, like the European Union, is also pressuring Facebook on a number of other fronts, including hate speech and terrorism policies.
The United States may also pursue new laws on privacy and social media content, and federal and state prosecutors recently launched antitrust lawsuits against both Facebook and Alphabet Inc’s Google. Still, tech lobbyists expect that U.S. tech regulations will remain more industry-friendly than those in the UK.