Google will shift control of UK data from Google Ireland – where it is protected by tough EU protection – to its American parent Google LLC, where this is weaker oversight.
The tech giant insisted the same data protection standards will apply in place for UK users despite the EU’s tough rules no longer applying.
The firm claims the decision will not change the way it processes users’ data, and will there be no change to privacy settings and the way it treats people’s information.
“Like many companies, we have to prepare for Brexit,” a spokesman said.
“Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information.
“The protections of the UK GDPR will still apply to these users.”
But data privacy campaigners said the move risks making protection rights “more fragile”.
“Moving people’s personal information to the USA makes it easier for mass surveillance programmes to access it,” said Jim Killock, executive director of Open Rights Group.
“We have no reason to trust a Donald Trump government with information about UK citizens.
“The possibilities for abuse are enormous, from US immigration programmes through to attempts to politically and racially profile people for alleged extremist links.
“Google’s decision should worry everyone who think tech companies are too powerful and know too much about us.
“The UK must commit to European data protection standards, or we are likely to see our rights being swiftly undermined by ‘anything goes’ US privacy practices.”
Google’s step could be a signal of how other global tech giants might react to Brexit. Facebook has its EU headquarters in Ireland but is yet to announce its plan.
A spokesman for UK data watchdog the Information Commissioner’s Office (ICO) said: “Our role is to make sure the privacy rights of people in the UK are protected and we are in contact with Google over this issue.
“Any organisation dealing with UK users’ personal data should do so in line with the UK Data Protection Act 2018 and the GDPR which will continue to be the law unless otherwise stated by UK government.”