Facebook was under fire today after its plans to move all UK customers into US user agreements with its California headquarters after Brexit were revealed.
The social network’s US team will take control of legal responsibilities for UK users from next year, shifting away from current EU-based user agreements.
But privacy experts have raised fears that the change could expose users to surveillance by US intelligence agencies or data requests from law enforcement.
There are concerns the UK may move to a looser data privacy regime post-Brexit, especially as it pursues a trade deal with the US, which offers fewer protections.
Tory MP Damian Collins, former chairman of the Culture, Media and Sport Select Committee, told MailOnline that British Facebook users should have grave concerns about moving their data to California.
He said: ‘We should have big concerns about this decision from Facebook. Although the legal protections for UK citizens, how easy will they be to enforce when it is being processed in the USA.
‘For years Facebook has gathered as much data about people as it can, with as little transparency as possible, to maximise its profits.Can we trust it now when our data is transferred to their California headquarters?’
Facebook’s decision comes as the UK is escalating efforts to ban strong encryption, which the American firm is moving to implement on all its products.
The UK, like the EU, is also pressuring Facebook and its founder Mark Zuckerberg on a number of other fronts, including hate speech and terrorism policies.
Facebook’s team in the US will take control of legal responsibilities for UK users from next year
Jim Killock, boss of the UK-based non-profit Open Rights Group, said: ‘The bigger the company, the more personal data they hold, the more they are likely to be subject to surveillance duties or requirements to hand over data to the US government.
‘Moving data out of the EU makes it harder to enforce your privacy rights. It means European actions to limit the power of the tech giants will not apply to UK citizens.
Q&A on Facebook’s plans to move user agreements to the US
What is the current situation?
The user agreements of Facebook users in the UK are currently overseen by Facebook Ireland as part of the EU-based user agreements.
What will change?
The social network’s US team will take control of legal responsibilities for UK users from next year.
Why are they doing it now?
It’s in response to Brexit which will change the UK’s legal relationship with Ireland, which remains in the EU.
Will there be any change to privacy controls?
Facebook says there will be ‘no change to the privacy controls or the services Facebook offers to people in the UK’.
Are EU privacy rules stricter than in the US?
Yes. EU-wide General Data Protection Regulation rules requiring firms to protect people’s data and privacy are among the strictest in the world.
Have Google done the same?
Yes. Google confirmed in February that it would be moving its British users out of Irish jurisdiction and placing them under US jurisdiction instead.
Is Twitter also doing the same?
No. A Twitter spokesman said its UK users will continue to be handled by the company’s Dublin office.
‘It means the UK Information Commissioner’s Office will need to be pushed to make the same decisions when companies break the law.
‘And it means those tech giants can lobby for weaker UK rules to ensure they can get away with things in the UK that they cannot in the EU.’
UK users are currently overseen by Facebook Ireland as part of the EU but this will switch to Facebook Inc in California once the Brexit transition period is over.
EU-wide General Data Protection Regulation (GDPR) rules which require firms to protect people’s data and privacy are among the strictest in the world.
Facebook said it will follow UK GDPR from 2021 and there will be no change to the privacy controls or services it currently offers.
The change – initially revealed to Reuters by sources briefed on the matter before Facebook confirmed it – follows a similar move announced in February by Google.
The two firms both currently have European head offices in Dublin, but Brexit will change the UK’s legal relationship with Ireland, which remains in the EU.
A spokesman for Facebook’s UK arm said: ‘Like other companies, Facebook has had to make changes to respond to Brexit and will be transferring legal responsibilities and obligations for UK users from Facebook Ireland to Facebook.
‘There will be no change to the privacy controls or the services Facebook offers to people in the UK.’
Facebook is making the change partly because the EU privacy regime is among the world’s strictest, according to people familiar with the company.
The EU rules give users granular control over the use of their personal data.
The US Cloud Act, passed in 2018, set a way for the UK and US to more easily exchange data about cloud computing users.
US courts have held that constitutional protections against unreasonable searches do not apply to non-citizens overseas.
Facebook will shift all its users in the UK into user agreements with the California headquarters
UK information industry regulators said they had been in touch with Facebook along with companies keeping European headquarters as Brexit nears.
A spokesman at the Information Commissioner’s Office: ‘We are aware of Facebook’s plans and will continue to engage with the company in the new year.’
Facebook will inform its users of the shift in the next six months, a spokesman said, giving them the option to stop using the world’s largest social network and its Instagram and WhatsApp services.
The United States may also pursue new laws on privacy and social media content, and federal and state prosecutors recently launched antitrust lawsuits against both Facebook and Alphabet Inc’s Google.
Still, tech lobbyists expect that US tech regulations will remain more industry-friendly than those in the UK.
A Twitter spokesman said its UK users will continue to be handled by the company’s Dublin office.