I wonder if this is an issue with Andrea's Google account. Maybe it's some setting that makes Google think he's from the UK. The text of the same paragraph, just as I received it from Google:<p>"We’re improving our Terms of Service and making them easier for you to understand. The changes will take effect on March 31, 2020, and they won’t impact the way you use Google services."<p>No mention of Google LLC. And, surprise! I'm an Italian citizen living in Italy.
UPDATE #2: after clicking here and there, I was able to find this <a href="https://pay.google.com/gp/w/u/1/home/settings" rel="nofollow">https://pay.google.com/gp/w/u/1/home/settings</a>
it looks like I had set a UK address once and completely forgot about it (I don't have any Android devices since 2014, that's why I forgot). Let's see if this will change anything.
There is obviously some ambiguity in the rules when people move around, and misclassifications can happen when, say, a Brasilian working for a US company in Switzerland picks up the neighbouring French wireless signal to log into their Asian VPN.<p>But it's really a non-issue. Google will make a good effort reducing such errors, and there aren't going to be legal consequences, nor wild leaving-Europe-for-good-drama as envisioned by some in this threat.
I (German citizen) also got a update them of service mail _which does not mention the UK_.<p>I take this as a strong indicator, that Google believes you are a UK citizen.
Note: if anyone thinks I should at least re-phrase the title and the article, I'm more than happy to do that.<p>My concern is: why do they mention UK leaving EU if I'm not UK citizen? And why there is no way to appeal/complain directly with them?<p>Mistakes can happen from anyone, but if they don't let me contact them I have no way of fixing this.
UPDATE: I've updated the article removing the "illegal" words. Since it doesn't seem to be clear if this is legal or not from their side, I think it's right to give it the benefit of the doubt.
(give CloudFlare a few minutes to update the cache, please)
They were doing the same thing with the data of citizens of Ireland. Google is flirting with a massive fine here, in spite of all their PR efforts in and around Brussels. Have you seen Brussels airport lately? It is wall-to-wall 'Google is pro privacy' PR.
Goto <a href="https://myaccount.google.com/data-and-personalization" rel="nofollow">https://myaccount.google.com/data-and-personalization</a>
Change Language to English(Ireland)
It is not illegal at all.<p>At all.<p>Firstly lets establish the rules using the ICO's (the UK's Data Authority) handy FAQ [1], a site providing a copy of the GDPR [2], the EU Commissions adequacy decisions page [3], the EU's privacy shield page [4], and the dedicated site for the privacy shield's Google LLC page [5]:<p>In short (yes, this is my idea of short):<p>* We, the UK, are currently in the transition period where EU rules still apply [1 - "What happens now that the UK has a withdrawal agreement?"]. This lasts until Jan 1st 2021 [6]<p>* We, the UK, are currently on track to have pretty much the same rules (cynicism allowed) [1 - "Will the GDPR still apply when we leave the EU"]<p>* So Brexit shouldn't change the legality (more cynicism allowed)<p>So are Google breaking the law?<p>* The GDPR has a provision allowing third countries and international organisations to process data presuming. It is Article 45 [2]<p>* The USA has been approved for this [3]. Years ago [4].<p>* Google LLC is approved under Privacy Shield [5]<p>So, there is no indication of anything illegal going on. Yes they are segmenting the data incorrectly and messaging an italian as though they are a brit. However the change would be perfectly legal was it to be done to the whole of the EU.<p>I don't like it, but it is legal.<p>[1] <a href="https://ico.org.uk/for-organisations/data-protection-and-brexit/information-rights-and-brexit-frequently-asked-questions/" rel="nofollow">https://ico.org.uk/for-organisations/data-protection-and-bre...</a><p>[2] <a href="https://gdpr.eu/article-45-adequacy-decision-personal-data-transfer/" rel="nofollow">https://gdpr.eu/article-45-adequacy-decision-personal-data-t...</a><p>[3] <a href="https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en" rel="nofollow">https://ec.europa.eu/info/law/law-topic/data-protection/inte...</a><p>[4] <a href="https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en" rel="nofollow">https://ec.europa.eu/info/law/law-topic/data-protection/inte...</a><p>[5] <a href="https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI" rel="nofollow">https://www.privacyshield.gov/participant?id=a2zt000000001L5...</a><p>[6] <a href="https://www.gov.uk/transition" rel="nofollow">https://www.gov.uk/transition</a>
So, question here: If I move from outside EU to a country that is part of the block, does that mean that my Google Account will change the terms and mention something about GDPR?
How exactly is this illegal?<p>AFAIK, it's not illegal (per GDPR) to process EU citizen data in data controllers <i>if</i> the individual is no longer in the EU.<p>_Edit_: Yes, I read the article. It looks like this person got this email notification because they had activity in London (per their resume on their website). That doesn't make the email illegal nor does it mean their activity in Italy is going to be on a non-EU controller.<p>The email implicitly states that it's for the UK only.
The simple suggestion would be that Google needs to ask for your citizenship status and go from there. Not sure else how to solve that. If I am an American living in the EU for a few years does the GDPR apply to me when I live there? I am going to the EU next week for 10 days. When I access my gmail from the EU what law applies?
> I'm an Italian citizen, living in Italy [...] and I'm fully entitled to GDPR protection and to have my data owned by a European data controller.<p>I don't think the latter part is true. AFAIK GDPR does not give you the <i>right</i> do have your data owned or processed by an EU entity. GDPR does not say that.<p>It doesn't matter where your data is stored or processed, Google must still follow GDPR rules for data about EU residents. The first part of the comment is correct.<p>I'm not actually completely sure why some companies do this whole EU data controller seperate company thing. I guess for organisational or legal simplicity?<p>(Edit: I reworded to hopefully remove ambiguity)
kinda clickbait
[edit for clarity]
Please cite where [your] data is now stored and how you found that information. Cause I'm US based and I got the same email! WTF Google?