Google has insisted UK user data will remain safe despite plans to move millions of accounts to the US, where there is weaker oversight.
The tech giant said it will shift control of UK data from Google Ireland – where it is under tough EU regulation – to its American parent Google LLC as a result of Brexit.
EU-wide GDPR rules which require firms to protect people’s data and privacy are among the strictest in the world, but the US has no equivalent.
Despite the move, the same data protection standards will remain in place for UK users, including GDPR, Google said.
The firm claims the decision will not change the way it processes users’ data, and will there be no change to privacy settings and the way it treats people’s information.
“Like many companies, we have to prepare for Brexit,” a spokesman said.
“Nothing about our services or our approach to privacy will change, including how we collect or process data, and how we respond to law enforcement demands for users’ information.
“The protections of the UK GDPR will still apply to these users.”
But data privacy campaigners said the move risks making protection rights “more fragile”.
“Moving people’s personal information to the USA makes it easier for mass surveillance programmes to access it,” said Jim Killock, executive director of Open Rights Group.
“We have no reason to trust a Donald Trump government with information about UK citizens.
“The possibilities for abuse are enormous, from US immigration programmes through to attempts to politically and racially profile people for alleged extremist links.
“Google’s decision should worry everyone who think tech companies are too powerful and know too much about us.
“The UK must commit to European data protection standards, or we are likely to see our rights being swiftly undermined by ‘anything goes’ US privacy practices.”
Google’s step could be a signal of how other global tech giants might react. Facebook has its EU headquarters in Ireland but is yet to announce its plan.
A spokesman for UK data watchdog the Information Commissioner’s Office (ICO) said: “Our role is to make sure the privacy rights of people in the UK are protected and we are in contact with Google over this issue.
“Any organisation dealing with UK users’ personal data should do so in line with the UK Data Protection Act 2018 and the GDPR which will continue to be the law unless otherwise stated by UK Government.”