Can I move my data to the EU before Google shifts it to the US?

Post-Brexit, Sean wants to keep his data protected by the EU’s GDPR rather than laxer US privacy laws

Given Google’s recent announcement about moving UK users’ data to US jurisdiction, what’s the best way to migrate to EU-based services? Can you download+upload or crossload your Gmail to another service? And are we in for the same treatment by Facebook, Twitter, WhatsApp, Instagram et al? Sean

Last week Google notified users that “because the UK is leaving the EU, we’ve updated our terms so that a United States-based company, Google LLC, is now your service provider instead of Google Ireland Limited. We’ve also changed our privacy policy to make Google LLC the data controller responsible for your information and for complying with applicable privacy laws.”

This makes sense. There is no reason why two countries that are not in the EU should store data in an EU country. It would be much better, of course, if Google stored UK data in the UK. However, now we are just one of dozens of small countries, it may be hard to justify the cost.

Other online service providers may well make the same decision, after weighing the financial, commercial and legal costs of storing UK users’ data locally.

At the moment, it should be a moot point. UK data is covered by the Data Protection Act 2018, which is the UK’s version of the EU’s GDPR (General Data Protection Regulation). One problem is that the UK may lower its data protection and privacy standards to US levels, along with our food and other standards, as part of a US trade deal. Another problem is that even if we maintain EU-level regulations, there is no guarantee that the US will observe them. Given Trump’s actions since taking the US presidency, it is hard to imagine that the situation has improved since Edward Snowden shocked us with his revelations.

Where is your data?

Until recently, Google stored UK user data in its Irish data centres such as this one in the Grange Castle business park just outside Dublin.
Until recently, Google stored UK user data in its Irish data centres such as this one in the Grange Castle business park just outside Dublin. Photograph: Patrick Bolger/The Guardian

It is hard to be sure where your data is stored because service providers can and do rent space in other people’s hyperscale data centres. However, as far as I know, only Amazon (AWS) and Microsoft have their own server farms in the UK. Google’s are in Dublin, Belgium, Denmark and Finland. Facebook’s are in Dublin and Denmark. Microsoft has a site in Dublin, of course, but it also has data centres in London, Durham and Cardiff.

As traffic grows, the major online service providers keep opening new data centres to be closer to their customers. However, outside the US and the EU, coverage can be sparse. Google, for example, has only three data centres – in Chile, Singapore and Taiwan – south of New Orleans. It doesn’t have any in Africa, or in Brazil, China, India, Russia or Japan.

At the moment, Microsoft is the only major service provider to host UK data in the UK. Presumably, this is a commercial decision based on selling Office 365 and Azure cloud services to the British government and businesses that actually care where their data is stored. However, some less popular Office services are served from overseas. Yammer, Planner and Forms, for example, are still served from Ireland and the Netherlands.

Consumers who use Microsoft’s webmail do not have any control over where their data is stored. As a matter of principle, Microsoft stores it for best performance. Local storage is therefore the most likely option but that could depend on network speeds and whether there is enough local storage available.

Again, it should be a moot point. Microsoft has been pushing for higher data protection standards in the US, and it responded to the GDPR by “levelling up”. That is to say, it applies GDPR standards for all users in all countries, even if the local regulations allow lower standards.

Switching mail services

GMX is a German email service that is free and can send encrypted emails.
GMX is a German email service that is free and can send encrypted emails. Photograph: Jack Schofield/The Guardian

If you are determined to switch away from Gmail, then Microsoft’s is an option. Both services offer 15GB of free storage and both will import your old emails, which makes for an easy transition. (Microsoft also offers an extra 5GB of storage in OneDrive, which Google doesn’t.) Both services let you reply from your “old” email address if necessary.

However, getting everyone to use a new address takes time and I find’s infinite scrolling pages and broken search/move routine a horrible experience in a browser. If you get a significant amount of email, I would only recommend it with a decent mail program such as Microsoft Outlook (the Office program), eM Client, Mailbird or whatever. Fortunately, the smartphone and Windows 10 apps, which provide a different view of your webmail, are fine.

You could also consider, the English-language version of the German email service, (from Global Mail eXchange). It is a free service that can send encrypted emails and it includes three somewhat primitive office apps. GMX used to have a very limited amount of storage but now offers 65GB – space for “about half a million emails”, the company says. The idea is to use GMX’s Mail Collector to pick up mail from your other accounts and consolidate it in one place.

It is a couple of decades since I last used GMX but it was very easy to open an account and it sent emails without any problems.

I have mentioned some other alternatives – FastMail and ProtonMail – before. FastMail is a good, independent email service with 24/7 support at reasonable prices: $3 (£2.30) per month with 2GB of storage and $5 per month with 30GB. While the company is Australian, its servers are in Amsterdam and New York, so your data should be inside the EU. Fastmail encrypts the email on its servers and it supports YubiKey access for extra security.

ProtonMail is an encrypted GDPR-compliant privacy-focused email service based in Switzerland, which has high data protection standards. Its free service only offers 0.5GB of storage, which isn’t viable for many users. Its Plus plan with 5GB of storage costs €5 (£4.18) per month or €48 per year.

Other data

Deleting the app off your phone isn’t enough, you have to delete your account, too.
Deleting the app off your phone isn’t enough, you have to delete your account, too. Photograph: Samuel Gibbs/The Guardian

You cannot do anything about where Facebook, Twitter, WhatsApp, Instagram et al store your data. These are all proprietary services and they can do whatever they like. If you do not want them to store your data in the US, you will have to download whatever you need (if that’s possible) then delete your accounts.

The same thing is true of most business services until they have grown big enough to start opening data centres overseas, such as Adobe.

However, you do have a choice of online storage services or “cloud drives”, where the technologies are basically interchangeable. I covered some of these services in an earlier answer: Where’s the cheapest place to store 500GB of data online?

If you fancy the Swiss option, pCloud will store 500GB of data for £47.88 per year or 2TB for £95.88 per year. It will also store 2TB for a lifetime for a one-off payment of £350. The assumption is that disk space will keep getting cheaper until the cost of storing 2TB is irrelevant.

When I got my first 10MB hard drive in the early 1980s, disk space cost about $500,000 per gigabyte, so 2TB would have cost a cool $1bn. Today, you can buy 2TB for £50. Sobering thought.

Have you got a question? Email it to

  • This article was amended on 28 February to correct a geographical error that placed Taiwan in the southern hemisphere


Jack Schofield

The GuardianTramp

Related Content

Article image
WhatsApp, Facebook and Google face tough new privacy rules under EC proposal
European ePrivacy directive revision looks to protect communication confidentiality, block nonconsensual tracking and lessen cookie warnings

Samuel Gibbs and agencies

10, Jan, 2017 @3:54 PM

Article image
Facebook and Google targeted as first GDPR complaints filed
Users have been forced into agreeing new terms of service, says EU consumer rights body

Alex Hern

25, May, 2018 @12:57 PM

Article image
EU agrees draft text of pan-European data privacy rules
New rules will strengthen European citizens’ privacy protections, while a controversial proposal to raise ‘age of digital consent’ to 16 was devolved to member states

Samuel Gibbs and agencies

16, Dec, 2015 @11:30 AM

Article image
EU: data-harvesting tech firms are 'sweatshops of connected world'
Data protection supervisor lambasts companies’ deluge of ‘take it or leave it’ privacy emails ahead of GDPR

Samuel Gibbs

02, May, 2018 @10:04 AM

Article image
GDPR: how can I email data securely to comply with the new regulations?
Robert is often required to email sensitive data. Is there a secure way of doing so in view of the new data protection laws?

Jack Schofield

29, Mar, 2018 @11:06 AM

Article image
European parliament approves tougher data privacy rules
‘Groundbreaking’ changes strengthen EU privacy protections, enshrine right to be forgotten and give regulators wide-reaching powers

Samuel Gibbs

14, Apr, 2016 @12:22 PM

Article image
At last, the data giants have been humbled | Carly Nyst
Everyone who uses the internet should rejoice at the passing of this legal milestone, which will hurt the likes of Facebook and Google

Carly Nyst

07, Oct, 2015 @6:00 AM

Article image
WhatsApp sharing user data with Facebook would be illegal, rules ICO
Data protection watchdog forces firm to sign an undertaking declaring it will not share user data with parent company before GDPR

Samuel Gibbs

14, Mar, 2018 @1:33 PM

Article image
EU data watchdog raises concerns over Facebook integration
Irish commission that regulates site requests urgent briefing on platforms merger

Alex Hern

28, Jan, 2019 @5:40 PM

Article image
WhatsApp raises minimum age to 16 for Europeans ahead of GDPR
Facebook-owned messaging service will demand users confirm they are old enough to use app after raising age limit from 13

Samuel Gibbs

25, Apr, 2018 @9:02 AM