I understand the author's frustration. But until someone finds out how a company that operates globally can satisfy the laws of the countries their customers are located in without associating the accounts with a country, I'm not sure what we can do.
> What I find curious is that it says the services are essentially the same between different countries. So, there is no advantage to me as a consumer for anything to change.
The advantage to the consumer is that they have access to the services at all. Countries have the ability to completely cut off their citizens to a service if they don't follow their laws.
If someone rents an Airbnb for a few months in a new location are they now a resident of that new location? If we aren't talking about residency then changing an association (whatever that means) seems arbitrary.
Probably, yeah. You could say it's temporary residency or whatever, but by the several months point this is clearly more than a mere vacation. If you've been living in one place for several months now you more live there than anywhere else.
Why do you think this is a matter of a few months? All we know is that the author hasn't traveled "recently".
But yes, those kinds of thresholds are common when it comes to residency as an official concept for e.g. taxation. Usually the threshold is around 183 days, but there is no reason why it'd be obviously less arbitrary than other choices.
But most importantly, it's the number that the US government uses on form 8840, the Closer Connection Exception Statement for Aliens: https://www.irs.gov/pub/irs-pdf/f8840.pdf
it's bit more complex than that (I've suffered regarding this)
The Automatic Overseas Test
You would normally be considered a non-UK resident if you meet any one of the following elements of the Automatic Overseas Test:
You were considered as a UK resident in one or more of the previous three tax years, but you spend fewer than 16 days in the UK in the current tax year
You spend fewer than 46 days in the UK in the tax year AND you were non-UK resident in the preceding three tax years
You work full time outside the UK and spend fewer than 91 days in the UK and you work fewer than 31 days in the UK for three hours or less in any given day.
Regardless, google might have to follow privacy laws of countries even if you set foot there for a layover or for only a few hours - google itself isn’t a country and thus other countries can effectively bully them into doing anything if Google wants to stay in business there. Not a problem for random island nations that have few citizens, but you can bet any sizable nation blacklisting them could mean an appreciable loss in revenue (and maybe triggering other countries to make similar demands).
Yes I find it weird that they both resent having local laws apply (when it's Malaysia) but value being covered by GDPR (when it's Germany). I can't really understand what they are wishing for.
Both are german citizens and both are not in the country to which they are now to be assigned.
The latter wasn't even in Thailand at all.
So I guess they just don't want that Google makes some bullshit associations for them which undermie the GDPR.
So you are saying if a German citizen travels to Mexico, they don't need to obey Mexican law because they are German citizens?
Suppose a law in Mexico requires Google to store search queries and make them available to the government for 1 year, or it requires the collection of certain types of personal information, and a law in Germany bans Google from storing search queries or collecting the information. Now a German citizen travels to Mexico, and does a web query in Mexico, do you think Google should apply Germany's Laws or Mexico's laws? It will apply Mexico's laws because that is the jurisdiction in which the query is made. Similarly if a Mexican travels to Germany and makes a query, then Google will not store the results.
Btw, this is the whole point of international VPNs. People want an internet presence in different countries in order to access content that is not available in their own country or to be treated differently than if they were in their own countries. So if you, as the German traveller, don't want your query stored, you'd VPN to a server in Germany and run your queries through that VPN. If you ran your query through the Mexican ISP, you can be sure that the information would be collected.
Thus as much as European governments may want the GDPR to be a type of shield that you can carry with you when you cross over to other jurisdictions, the reality of that portability is limited to the ability of European nations to convince other nations to go along and treat Europeans differently in their own legal system. It may work, it may not, but whether it works is not a question of the GDPR but of the ability of Europe to project power and override laws in other jurisdictions.
You can't go somewhere and expect their laws to not apply to you. You can absolutely go somewhere and still have the laws of your home apply to you, even if they won't be enforced till you get home.
Is there any reason to believe that asking would be remotely reliable? There's a reason that liquor stores don't just ask people whether they're over 21.
In this article, Google wasn't incorrect though - this person just wanted the rules for a country they werent in to apply instead of local rules. Google made a good faith attempt to comply with local rules for this customer based on the (correct) location data they had.
A. They were in Malaysia at the time they attempted to get Google to change them to Germany: "To clarify, I requested that Google leave my country association as Germany. I was in Malaysia when I made this request"
B & C. I'm not a lawyer, but unless you're suggesting the law in Germany and Malaysia has literally no difference to the services Google provides, I'm not sure what your point is.
BTW companies like Paypal enforced US boycotts on cuba even if the customer is a EU citizens.
"The ticket retailer Proticket, for example, filed a lawsuit against the blocking of its account after offering tickets for the musical "Soy de Cuba" and the concert of a Cuban artist. Although Proticket won its case at the Dortmund Regional Court in spring 2016, Paypal still did not change its approach."
PayPal LU, the bank that makes PayPal EU possible is a Subsidiary of PayPal Holdings Incorporated in the US.
> All US persons, including US-incorporated entities, their foreign branches (including non-US entities owned or controlled by a US person that are also subject to US sanctions with respect to certain sanctions programs, such as the US's Iran, Cuba, and North Korea sanctions programs) and employees, are prohibited from transacting with sanctioned parties.
Paypal has already lost in german court.
And global sanctions are still invalid.
Paypal explicitly violates applicable EU law, namely the EU Blocking Regulation. This EU directive was explicitly issued in response to the US embargo against Cuba. It prohibits European companies from complying with the embargo and threatens all those who engage in the US blockade with severe penalties.
And PayPal (Europe) S.à r.l. & Cie, S.C.A. is a european company.
> PayPal (Europe) S.à r.l. et Cie, S.C.A. is a credit institution (or bank) authorised and supervised by Luxembourg’s financial regulator
So PayPal "EU" is actually just the Luxembourg Bank PayPal LU which is a subsidiary of the US Holdings.
I'm not a lawyer but it seems PayPal LU just facilitates transfer of funds from EU accounts to PayPal Holdings US. Once the funds are in the US, they are subject to US law.
The blocking statue protects EU Operators from having to comply with 3rd party regulations. But since PayPal LU is simply facilitating transfer of money from the EU to your PayPal account which is in the US, PayPal isn't a 3rd party to the transaction and thus has to comply with US sanctions.
The issue of contention is how they determine the country, apparently even as the user in question is contesting.
i.e. your comment is an irrelevant deflection that adds nothing to the discussion, and you are functionally doing PR for Google for free.
I live in Europe, but past few years I've been working for US-based company, using their VPN a lot. Google wants to associate me with USA instead of my home country, and when I tried to fill support request to correct them their answer was basically "shut up, we know better".
I created another mailbox and am slowly migrating to it. Fuck you Google.
Google wishes to enjoy the investment, employment, legal, and cultural benefits of being physically located in the United States for its key operations, but wishes to associate itself with Ireland, the Netherlands, and Bermuda for tax purposes.
Why shouldn't its users seek similar geographic arbitrage?
No, they only have to satisfy the legal requirements of countries where they have established organizations. That's why GDPR was a game-changer: it made Europe-wide strong privacy regulations that were previously local to a few countries. France's CNIL has always been a farce, but at least on paper provided privacy rights... that Google was free to ignore because it was based in Ireland & such.
Of course as an Internet service you don't have to comply with every single national law there is. Would that even be possible? Of course, if a nation State believes you don't respect their laws, they are "free" to try and censor your website, as many do with The Pirate Bay, Sci Hub, etc.
The strategic significance of a given office may be small, and may well be larger to the country in which it exists than to the firm it represents.
I suspect Google would be more aggreived concerning actions taken against 1600 Ampetheater Parkway, or one of it major datacentres, than against a one-person sales front operating from a bedroom in a remote location. It might well seek to safely extract its personnel, but would have little concern with the facilities or operations it represents themselves.
GDPR will apply to EU citizens living abroad, and the country they are currently in may have conflicting rules. What then? The whole idea seems like a headache.
You're missing the point. To reiterate the whole point of the article, Google is ignoring the actual residency of their users. European citizens who have merely traveled are forcibly having their accounts moved to another country with lax privacy laws. Also, in accordance with everything else they do, there's no meaningful way for users to reverse this decision.
The quote from the article makes this even more clear:
>> I got the same Mail. They want to move my account from Germany to Thailand. I’ve not been to Thailand (or anywhere else) since 2 years…
I was responding to the parent comment (which from my reading asked why users can't tell google which country they want their account to be associated with) not the article.
I'm from Italy and moved to Canada. Buying italian books is a nightmare. You can't buy them with your canadian account, but you can make an italian account only if you have an italian address and an italian credit card. So I had to resort to some serious hacks to access some of this ebooks. Horrible.
And there is no legal path, to be clear, your only option is not buying ebooks, but the physical one require me to travel to Italy, which is insane.
It looks like Google told the author to get bent, but it's really rather unclear.
Though note that the dates may be confused: the article was posted on May 1st but the edit is marked April 4th, for an update to an article which would have been posted a month later.
Most likely the date for the update is wrong and should be something like June 4th, and in
> Which will happen first? The automatic switching of the country association, or Google responding to my inquiry? It’s going to be a race!
> I have the impression he mistakenly thinks it stayed with Germany?
I don't get that impression. I think the reason it's in bold with is to show that even after the manual attempt to change it, Google responded with "sorry, still Malaysia".
Do you have Google One or a Workspace plan? I'd be curious if you contact support from there if they are able to assist you. Last I checked, Google One offers a free trial.
I've contacted Google One support regarding youtube/google one family account. They've said some things and I've tried some things, nothing changed. Too big of an issue, I guess.
NordVPN is pushed so hard everywhere that it looks like a single point of failure - I assume every secret service wants to hack it, if they didnt already.
I would have expected some sort of crackdown on popular VPNs used by US citizens if they were as private as they seemed or at least some polical action funded by right holders.
We don't see this at all.
That tells me these services are compromised on some level.
A little while ago I noticed plenty of different VPN providers. Many of the smaller ones were bought and private labelled or had smear campaigns against them. Companies compete so some of that is understood.. but the extent of the attacks tells me players with powerful networks (governmental,business or rogue) shut down many legitimate smaller VPNs whike help promote others.
I would be wary of using any VPN if I expected privacy.
Rolling your own is easy enough but be careful where you setup shop.
Many others? I only know of ProtonMail. Then there's mailbox.org and Posteo, but both are required to provide access to the government [1]. Their only option is to provide end-to-end encryption, like ProtonMail does.
I wouldn't trust any other email provider than one of those three, if I would need to have truly secure emailing via a 3rd party. But none are in a different position that Google, maybe with exception of ProtonMail.
It's not only about mail though. I don't use Gmail, but I still need a Google account for my job to access our Drive, Calendar, etc. I will delete it without hesitation once I don't need it.
Disclaimer: I'm a Googler. These are my personal opinions.
Email is a small part of things I care about. Moreover, there's snowflake's chance in hell I succeed at convincing every correspondent to switch to e2e encryption and off services no more trustworthy than Google or Microsoft. So, the technical premise of ProtonMail doesn't help.
When it comes to Swiss privacy law... I'm already protected by GDPR. Google is a juicy and politically convenient target for most countries, so I'm not worried about its compliance. And I'd rather stick to a company with a legal team equipped to wrestle with government overreach.
Finally, I feel perfectly fine trusting Google to keep my private things private. I keep copies of important documents in Drive. Realistically, the highest risk vector for them leaking is someone pwning my machine.
That is technically correct, but ultimately unhelpful in the context of the post. I’ve rewritten my question to address your objections to my phrasing.
Is Google required to comply with GDPR data and deletion requests made by EU citizens that Google has deemed to be be residing in Malaysia?
Since you’re familiar with GDPR, I would appreciate your opinion on it.
It's not so simple.
A German citizen in the US is protected by the GDPR if he uses a EU company's service, even a US citizen in the US is then protected by GDPR.
Here it is the same, if he uses EU Google he is protected, because of the switch to Google Malaysia he isn't anymore.
I disagree, even EU companies don't have to adhere to the GDPR if they don't target EU countries. Google doesn't have to adhere to the GDPR for people in the US, whether they're EU citizens or not.
Is there any reason why e.g. you go for a holiday outside of EU your account is moved to that country (no more GDPR protection) and all of your data can(?) then be processed. When you come back within the EU GDPR-flag is set back to true.
It's irrelevant where Google decides they reside. It only matters where they actually reside. Your question is a fair one, but it's pretty thin and is therefore trivially answered by a Google search.
There is a disadvantage for me, because the privacy laws in Europe are stronger than Asia, I lose some privacy protection. Is this a coincidence?
Maybe not but some of my accounts have been associated with European Google entities so it works both ways. It seems that they're simply sorting by IP from which you most often access it since consistent use of proxies resulted in predictable country association.
It's even worse if you don't enable javascript. Suddenly most google services will be in another language (not english) and there's nothing you can do about it. My google account regularly gets switched to Taiwan, Hong Kong, etc because lots of people from those countries use the same (canadian) VPS provider as me to tunnel though.
Don’t get me started! Every time I travel somewhere, Google and a bunch of other web sites just decide on their own to send me web content in the local language. Why?? Just respect the user agent’s Accept-Language header. That’s the whole purpose of it!
No, because browser makers don't expose it appropriately. There aren't any real alternatives: The only way to determine the user's language preference that can actually work is for them to provide it.
Somewhere more prominent, in the main UI. The user may want to see different pages in different languages (e.g. to avoid garbage translations). Or perhaps explicitly ask the user.
I think that's true however you slice it. There's lots of possibilities for defining the default: but the language the user has chosen to use for their system is vastly more likely to be right than a best guess.
The other one is: pick to one language and stick to it. If the page I'm reading is in some European language, please show the GDPR messages in that European language not some other language. If it's a French blogspot blog being visited by a user in Germany, show the messages in French! This is almost guaranteed to be 100% reliable. It's not like Google is ignorant of the language of the page. (I can understand not having GDPR messages translated into say Indonesian. But if you do, then again - match the language of the page.)
In the beginning it wasn't set and was hard to change, and thus websites offered options within the site. And now I'd bet that many people writing websites don't know it exists, further reducing its usefulness, and probability of being offered as an easy to change option to the user.
Not saying that I think it's OK to just ignore what is the STANDARD WAY of specifying my desired language, just saying this type of crap is what they're going to argue when trying to justify it.
I just took a look at this for my own account. It has me associated with India; I’m Australian, but spent just over a year in India recently. I have never received any notification like the one cited in this article. (Perhaps because it wouldn’t affect which company service is offered through? But the laws may still differ.)
And as far as Google Play Store is concerned, I’m American for some completely unknown reason, and they refuse to be convinced otherwise unless I give them credit card details; so any apps region-locked to Australia are out of my reach.
I'm not in Australia, but many other countries have region locked local apps. In my experience banking is a big problem, though it seems to have improved in the last few years.
Local TV providers still use region-locked apps for streaming services.
In addition to what siblings said: taxi apps, parking apps, food delivery apps, package delivery apps are sometimes region locked. I'm not in Australia, though.
Same for me, but they say “As shown in Google’s Terms of Service”, and that link https://policies.google.com/terms?authuser= does show the country (see and possibly click on the text “Country version”).
The country of the Play store is not actually the same than the one this article is about.
I could find a way to change it and have the local store when I moved to Japan, but honestly I don't remember exactly how.
I only remember that it was a major pain in the ass to understand how to do it. I had to navigate between different applications (notably Google pay) and web interfaces to finally be able to change this setting. Worst UX ever.
I was under the impression that the EU privacy laws (GDPR etc) applied to EU citizens regardless of location. If that impression is correct, then isn't it the case that nothing meaningful, privacy-wise, will change for the author even after this change to their account, as long as they remain a German citizen?
No, that's not correct. As an EU citizen living abroad, using non-EU based services, the GDPR will not apply. It would also be impossible to enforce something like that.
We recognize you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore access cannot be granted at this time. For any issues, contact ..."
Lets be honest.. it's not "your account" it's "their account".
It's not just Google, this is the modern web. If you use a web based service I think it's better to assume everything you give them is theirs, otherwise it's an impossible battle of constantly reviewing massive ToS changes and a mutating product/features. I guess this view probably sounds a little out of touch but it's easier if you don't use a smart phone.
No, just people who don't like inconvenient facts.
One of my favorite stickers: "There is no cloud, just someone else's computer"
Techies hate it when you point crap like that out - because it re-enforces that trust, reputation, creditability, character - all those things matter. And most tech companies have damn little of any of those :p
> There is a disadvantage for me, because the privacy laws in Europe are stronger than Asia, I lose some privacy protection.
You don't lose privacy protection by virtue of Google changing your location. You lose privacy protection by not being a resident of the jurisdiction with those laws.
If the company has you down in country A, then they apply the rules for country A. But there are many signs they use to determine what country you are actually in.
Apparently there were enough signs in this case to conclude he had been in Malaysia long enough to trigger the rule.
There were also enough signs for them to identify Dan Schroeder being from Thailand despite the fact he hasn't been there or out of his country of residence for two years.
The argument isn't that the system is perfect. It likely just needs to be good enough. A false positive in attempting to comply with the law really isn't a reason to not try at all.
Then there needs to be an actually working avenue to correct these issues. the rsponse, the system isn't perfect so, sorry, tough luck, is a worse argument in my opinion. In this case Schroeder's valid appeal was denied, which was my point.
The actually working avenue to correct these issues would be to sue them, or file a complaint with the data protection commissioner, or whatever the appropriate legal avenue is in the jurisdiction in which you reside.
> But if a company has you down as being in country x, how do they know to apply the laws from country y? This is a practical rather than legal point
Not really. If you take Google to court, and Google tells the judge "yo, he was connecting from a Malaysian ISP for like 2 years straight", the judge is probably gonna say "okay, yeah, I can see why you thought he was a resident of Malaysia".
Well... is the author actually in Maylasia or Germany? I mean, that matters. You don't get to personally choose whose laws you're subject to, nor does Google. Having your Google settings set to Germany does nothing to protect you from Maylay law, nor Google for that matter.
If you don't want to be subject to the laws of the country you're in[1] you have to move. Google can't help you.
[1] Edit: I guess in this circumstance better phrased as "If you want legal protections offered by a country you're not in..."
> Well... is the author actually in Maylasia or Germany?
It seems rather clear that the author is physically in Malaysia.
> I mean, that matters.
Kinda but kinda not? If you're an american citizen and for some reason go spend 6 months or a year in Malaysia, you probably don't want your accounts to be switched over to Malaysia, and possibly Malaysian, a language you probably do not speak.
Localization settings are distinct from location, they're just defaults. You can read Google in German right here in the US, etc...
The author was concerned about losing privacy protection offered by Google to people in Germany as required by German law. Which is nonsensical, because German law does nothing to protect you in Maylasia.
I'm curious if he will then complain about not paying Malaysian tax rates while living in Germany. You want to be protected by the EU's privacy laws? Live in Europe, it's that simple. Sure, he will find fewer dreamy beaches and cheap food, but he can't have his cake and eat it too.
Apparently Google explicitly ignores "Accept-Language: en" because of some Japanese Internet Explorer users whose browsers mistakenly send that header, or something like that. But I find that argument ridiculous, ignoring everyone's preferences due to some buggy browsers is obnoxious. At least limit it to Japanese IPs.
That's wrong. According to EU, GDPR applies to EU residents and the companies need to protect EU resident privacy no matter which country they hail from.
Doesn't this mean that US customs should comply with GDPR when collecting data from EU citizens? I don't remember being notified of my GDPR rights when entering US last time. I suppose this boils down to enforceability.
Yup. Plus, beyond privacy there's the matter of taxes, both paid by the consumer when purchasing but also paid (sometimes...) by Google to the country of operations. So yeah, you don't get to decide.
I'm wondering if a block of IP addresses got shifted from Asia to Europe recently? That's about the only thing that would make sense to me. But then again, ascribing sense to secret-sauce algorithms and AIs probably isn't a good idea.
> You don't get to personally choose whose laws you're subject to, nor does Google.
You could move, apply for and gain citizenship in another country, or do other things to make these choices. But contracts are even easier: Just pick a place. That's what a choice of laws provision[0] is for.
If he lives in Germany, and they mistakenly changed his location to Malaysia, I understand his complaint. But, you can't just say "I want you to treat me as though I lived in a different country than I do, because I prefer their laws on this particular subject".
Granted, I wish Google's approach to privacy was better all around, but given that they want to gobble up as much data as possible, and we all know about that by now, I am not as confused by their approach here as I am by the author's reaction.
> you can't just say "I want you to treat me as though I lived in a different country than I do, because I prefer their laws on this particular subject
Because the laws of the country you are in dictate how Google must treat you as a customer or user, and not your preference of how you'd like them to treat you.
If I sign up with a small company based in, say, Chile, all of my information is likely to be stored there or at least governed by Chile's laws no matter where I am in the world.
The author of this article appears to have engaged with Google on the terms presented in Germany but is accessing Google services from Malaysia. The difference is that Google has a more-substantial presence in Malaysia and is hence more-beholden to Malaysia's laws. Our hero's ability to choose to interact with a first-class service while being treated as a German while abroad has been substantially degraded.
The way I remember this working is that it is entirely dependent on the methods of payment (MOP) associated with your account. If you remove MOPs from country A, and then 30 days later you add a MOP from country B, your underlying gaia account will have the home country migrated (affects play store, etc).
The workaround is to use different accounts, each with MOP from different countries. Pretty sure IP doesn't matter.
Regarding which legal jurisdictions apply between you and a company like Google? Well, the courts are probably not going to consider what it says in your account profile.
Never worked at google, but I use their services and moved country recently.
> The workaround is to use different accounts, each with MOP from different countries. Pretty sure IP doesn't matter.
Maybe it has changed, because this was not my experience: my methods of payments have all remained the same. It appears to be based on IP, because my transition was delayed compared to family members who moved with me because I had VPNed back to the country I had left. I’m pretty sure it was IP based, because the relative delay approximately correlated with how many days I’d used the VPN for.
Managing Terms of Service at scale is actually a real problem companies like Google face, so yeah it's entirely possible the country tracking for Terms of Service (TOS) is completely distinct from the MOP country association in Pay & Play.
I would be an interesting corner case for them then. My account is setup as Canadian, but physically I’ve been in Vietnam for the past 1.5 years, but my home router always tunnels via Singapore. I do so on mobile often as well when I’m outside of the wifi range.
This seems to have been changed lately - Google account will switch it's location (but not language) by itself if it detects you're in a certain country for a long time. Happened to some people I know as well.
The hilarious part is that I got this email maybe last week, moving my account to country X. Too bad I lived in country X for 7 months, they didn’t change it then, and now I’ve been in country Y for 2 months, across the world.
Why now? And why the wrong country? I have no links to country X and I haven’t been there in months.
It's not mentioned in the article, but services could differ between app stores if we head in this direction, not only for privacy terms. For instance if China somehow get VPN apps off the shelves from HK's app store and people there couldn't associate their google accounts with regions other than HK, then that's a root/switch OS or no VPN scenario for them. Same could happen to Americans there - it's not based on citizenship or proof of residence, google just decides.
Ultimately one can argue that even so it's not google's responsibility to fight against authoritarians or whatever, but imho android already has a closed eco system, this is getting worse.
Google changing the country in their terms of services without user explicit approval/opt-in is much worse than it seems.
As a user, I might have Germany as my country in Google while living in Malaysia: maybe I like its privacy law better, or I'm a German ambassador on a diplomatic mission, or a German citizen on an exchange program, or a Malaysian citizen who signed up for Google while on vacation in Germany and is now confused about some parts of their account.
The point is, only the last scenario needs some fixing, while in all other cases, the user will understandably prefer to keep the country unchanged. Yet Google forcibly and preemptively switches country in all these scenarios, with no real benefits to the user.
But if there is no real benefit to the end user, and not everyone wants this, why force this change in the first place? Something technical that has to do with local laws.
And that's where it's really bad:
- It's bad as a principle, because if a person signs a contract with an entity under a specific jurisdiction, that person doesn't expect the jurisdiction to change unilaterally.
- It's bad in practice, because instead of knowing with certainty that my data is under a specific jurisdiction, I'm now subject to some automated process that could unilaterally move my data to a random country, resulting in unintended exposure to its laws
Location has has become a huge thorn in Google's side in a number of areas:
- Geographical location of data (Data regions) for Google Workspace
- Culpable deniability about a user's location when anonymously accessing Google Maps
- Compliance with local laws where the user is physically located when accessing a service
- Region locked applications
- Financial/banking restrictions
I'm sure there are more. Google is justifiably concerned about compliance and liability. That's the incentive for these changes, not improving the user experience.
Oh! I'd love to be able to change the country of my Google Apps for Domains. I have tried few times, whenever I remember but gave up.
Why do I want to change?
When I signed up, the currency was USD and perhaps the country stayed USA too! There was no Indian pricing at that time (I think over a decade ago). For the US pricing, I pay $30 monthly for a 5-member plan. I want to leverage the Indian pricing of ₹125 (~$1.6) per account per month.
Google services between Germany and Malaysia might be essentially the same. But that might not be the case if Google decides to relocate you out of the United States.
Even those US Citizens who live in a USA territory like Puerto Rico or US Virgin Islands constantly receive a variant of the message 'this service is not available in your country'.
Be aware that as a US territory, Puerto Rico and USVI are subject to the same federal laws (and financial system) as any other state, so technically they aren't foreign/alien. But a private company like Google can choose to underserve what is not strategic for them.
Google uses either your IP address or the postal address of your payment method to find out that you don't live in the 50 states (or DC).
When launching some services, Google starts in US (or course), excluding their territories. Then they expand to other countries, again skipping the United States territories, which continue receiving the 'this service is not available in your country' message' practically forever.
This happened with Google Music. Also YouTube videos apparently market for USA market only were not playable here. Google controls the YouTube platform and there's no excuse for not negotiating including all the US territories in the definition of USA for YouTube uploaders.
Recently they made YouTube Premium available in this market. And with the YouTube Music change, this also came included. However, I don't know if they fixed completely fixed the issue of viewing USA only videos from here.
200 comments
[ 3.2 ms ] story [ 178 ms ] thread> What I find curious is that it says the services are essentially the same between different countries. So, there is no advantage to me as a consumer for anything to change.
The advantage to the consumer is that they have access to the services at all. Countries have the ability to completely cut off their citizens to a service if they don't follow their laws.
> As someone who travels a lot (not recently!)
But yes, those kinds of thresholds are common when it comes to residency as an official concept for e.g. taxation. Usually the threshold is around 183 days, but there is no reason why it'd be obviously less arbitrary than other choices.
But most importantly, it's the number that the US government uses on form 8840, the Closer Connection Exception Statement for Aliens: https://www.irs.gov/pub/irs-pdf/f8840.pdf
And know I know why, it's because US goverments uses this number as a cut-off for some legal consequences. Thank you!
For the UK it's 31 days of more than 3 hours of work. I think it's the same for the US.
The Automatic Overseas Test
You would normally be considered a non-UK resident if you meet any one of the following elements of the Automatic Overseas Test:
Suppose a law in Mexico requires Google to store search queries and make them available to the government for 1 year, or it requires the collection of certain types of personal information, and a law in Germany bans Google from storing search queries or collecting the information. Now a German citizen travels to Mexico, and does a web query in Mexico, do you think Google should apply Germany's Laws or Mexico's laws? It will apply Mexico's laws because that is the jurisdiction in which the query is made. Similarly if a Mexican travels to Germany and makes a query, then Google will not store the results.
Btw, this is the whole point of international VPNs. People want an internet presence in different countries in order to access content that is not available in their own country or to be treated differently than if they were in their own countries. So if you, as the German traveller, don't want your query stored, you'd VPN to a server in Germany and run your queries through that VPN. If you ran your query through the Mexican ISP, you can be sure that the information would be collected.
Thus as much as European governments may want the GDPR to be a type of shield that you can carry with you when you cross over to other jurisdictions, the reality of that portability is limited to the ability of European nations to convince other nations to go along and treat Europeans differently in their own legal system. It may work, it may not, but whether it works is not a question of the GDPR but of the ability of Europe to project power and override laws in other jurisdictions.
A implies B does not mean B implies A
A. How long this person was in Malaysia
B. What local laws they may have been in breach of or in jeopardy of breaching(or Google)
C. What specific local rules/laws Google was attempting to comply with in good faith(if any)
B & C. I'm not a lawyer, but unless you're suggesting the law in Germany and Malaysia has literally no difference to the services Google provides, I'm not sure what your point is.
"The ticket retailer Proticket, for example, filed a lawsuit against the blocking of its account after offering tickets for the musical "Soy de Cuba" and the concert of a Cuban artist. Although Proticket won its case at the Dortmund Regional Court in spring 2016, Paypal still did not change its approach."
> All US persons, including US-incorporated entities, their foreign branches (including non-US entities owned or controlled by a US person that are also subject to US sanctions with respect to certain sanctions programs, such as the US's Iran, Cuba, and North Korea sanctions programs) and employees, are prohibited from transacting with sanctioned parties.
- https://insightplus.bakermckenzie.com/bm/compliance-investig...
I am pretty sure the EU and US have treaties requiring them to respect one another's sanctions.
So PayPal "EU" is actually just the Luxembourg Bank PayPal LU which is a subsidiary of the US Holdings.
I'm not a lawyer but it seems PayPal LU just facilitates transfer of funds from EU accounts to PayPal Holdings US. Once the funds are in the US, they are subject to US law.
The blocking statue protects EU Operators from having to comply with 3rd party regulations. But since PayPal LU is simply facilitating transfer of money from the EU to your PayPal account which is in the US, PayPal isn't a 3rd party to the transaction and thus has to comply with US sanctions.
Pretty sure PayPal EU wants to be able to send money to people in the US.
I created another mailbox and am slowly migrating to it. Fuck you Google.
Why shouldn't its users seek similar geographic arbitrage?
Of course as an Internet service you don't have to comply with every single national law there is. Would that even be possible? Of course, if a nation State believes you don't respect their laws, they are "free" to try and censor your website, as many do with The Pirate Bay, Sci Hub, etc.
Which for Google and other companies means basically most countries, right? For example they have an office in Malaysia (https://www.google.com/amp/s/www.businessinsider.com/googles...).
If you have an office, the state will be able to seize your assets, or potentially jail your executives. This is not like Pirate Bay or Sci Hub.
I suspect Google would be more aggreived concerning actions taken against 1600 Ampetheater Parkway, or one of it major datacentres, than against a one-person sales front operating from a bedroom in a remote location. It might well seek to safely extract its personnel, but would have little concern with the facilities or operations it represents themselves.
The quote from the article makes this even more clear:
>> I got the same Mail. They want to move my account from Germany to Thailand. I’ve not been to Thailand (or anywhere else) since 2 years…
They are in a very real sense a multi-national - and not just for tax purposes.
And there is no legal path, to be clear, your only option is not buying ebooks, but the physical one require me to travel to Italy, which is insane.
I have the impression he mistakenly thinks it stayed with Germany?
Though note that the dates may be confused: the article was posted on May 1st but the edit is marked April 4th, for an update to an article which would have been posted a month later.
Most likely the date for the update is wrong and should be something like June 4th, and in
> Which will happen first? The automatic switching of the country association, or Google responding to my inquiry? It’s going to be a race!
the automatic switching won.
I don't get that impression. I think the reason it's in bold with is to show that even after the manual attempt to change it, Google responded with "sorry, still Malaysia".
There are many other services that provide much better privacy protections, eg ProtonMail.
We don't see this at all.
That tells me these services are compromised on some level.
A little while ago I noticed plenty of different VPN providers. Many of the smaller ones were bought and private labelled or had smear campaigns against them. Companies compete so some of that is understood.. but the extent of the attacks tells me players with powerful networks (governmental,business or rogue) shut down many legitimate smaller VPNs whike help promote others.
I would be wary of using any VPN if I expected privacy.
Rolling your own is easy enough but be careful where you setup shop.
I believe that there are still honorable companies out there (and I don't even use ProtonMail in particular)
I wouldn't trust any other email provider than one of those three, if I would need to have truly secure emailing via a 3rd party. But none are in a different position that Google, maybe with exception of ProtonMail.
Which ones would you list?
[1] https://en.wikipedia.org/wiki/Gesetz_zur_Beschr%C3%A4nkung_d...
Email is a small part of things I care about. Moreover, there's snowflake's chance in hell I succeed at convincing every correspondent to switch to e2e encryption and off services no more trustworthy than Google or Microsoft. So, the technical premise of ProtonMail doesn't help.
When it comes to Swiss privacy law... I'm already protected by GDPR. Google is a juicy and politically convenient target for most countries, so I'm not worried about its compliance. And I'd rather stick to a company with a legal team equipped to wrestle with government overreach.
Finally, I feel perfectly fine trusting Google to keep my private things private. I keep copies of important documents in Drive. Realistically, the highest risk vector for them leaking is someone pwning my machine.
Being "private" doesn't magically make GDPR affect non-EU residents.
https://ec.europa.eu/info/law/law-topic/data-protection/refo...
Is Google required to comply with GDPR data and deletion requests made by EU citizens that Google has deemed to be be residing in Malaysia?
Since you’re familiar with GDPR, I would appreciate your opinion on it.
That switch made im a EU citizens living abroad using non-EU services, so no GDPR protection.
Coincidence?
Technically, it doesn't even apply to citizens, but to countries that the company markets to. The link explains all this.
Here it is the same, if he uses EU Google he is protected, because of the switch to Google Malaysia he isn't anymore.
Google probably does not as they surely don't do processing of non-EU user's data within their EU subsidiaries.
But what's a "resident"? That means where you live, not where you're temporarily staying.
> A German citizen in the US isn't protected by the GDPR.
If he's just visiting the US he's still a resident of Germany, AFAICS.
https://www.compliancejunction.com/does-gdpr-apply-to-eu-cit...
> When an individual leaves an EU country and goes to a non-EU country, they are no longer safeguarded by GDPR.
Maybe not but some of my accounts have been associated with European Google entities so it works both ways. It seems that they're simply sorting by IP from which you most often access it since consistent use of proxies resulted in predictable country association.
Firefox has it under "Choose your preferred language for displaying pages" which seems appropriate to me.
The other one is: pick to one language and stick to it. If the page I'm reading is in some European language, please show the GDPR messages in that European language not some other language. If it's a French blogspot blog being visited by a user in Germany, show the messages in French! This is almost guaranteed to be 100% reliable. It's not like Google is ignorant of the language of the page. (I can understand not having GDPR messages translated into say Indonesian. But if you do, then again - match the language of the page.)
See also: client side certificates
I haven't seen anybody install software on the wrong language by mistake for a long time.
Not saying that I think it's OK to just ignore what is the STANDARD WAY of specifying my desired language, just saying this type of crap is what they're going to argue when trying to justify it.
And as far as Google Play Store is concerned, I’m American for some completely unknown reason, and they refuse to be convinced otherwise unless I give them credit card details; so any apps region-locked to Australia are out of my reach.
Local TV providers still use region-locked apps for streaming services.
As shown in Google’s Terms of Service, your account is associated with the following country: .
It seems there are things Google don't know about me, even though I'm not making this information secret.
I could find a way to change it and have the local store when I moved to Japan, but honestly I don't remember exactly how.
I only remember that it was a major pain in the ass to understand how to do it. I had to navigate between different applications (notably Google pay) and web interfaces to finally be able to change this setting. Worst UX ever.
So it doesn't matter where you live if the service is out of reach of this law.
That's only correct with regards to the processing of data subjects who are in the European Union. See Art. 3.2 of the GDPR.
"451: Unavailable due to legal reasons
We recognize you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore access cannot be granted at this time. For any issues, contact ..."
It's not just Google, this is the modern web. If you use a web based service I think it's better to assume everything you give them is theirs, otherwise it's an impossible battle of constantly reviewing massive ToS changes and a mutating product/features. I guess this view probably sounds a little out of touch but it's easier if you don't use a smart phone.
One of my favorite stickers: "There is no cloud, just someone else's computer"
Techies hate it when you point crap like that out - because it re-enforces that trust, reputation, creditability, character - all those things matter. And most tech companies have damn little of any of those :p
You don't lose privacy protection by virtue of Google changing your location. You lose privacy protection by not being a resident of the jurisdiction with those laws.
Apparently there were enough signs in this case to conclude he had been in Malaysia long enough to trigger the rule.
Not really. If you take Google to court, and Google tells the judge "yo, he was connecting from a Malaysian ISP for like 2 years straight", the judge is probably gonna say "okay, yeah, I can see why you thought he was a resident of Malaysia".
If you don't want to be subject to the laws of the country you're in[1] you have to move. Google can't help you.
[1] Edit: I guess in this circumstance better phrased as "If you want legal protections offered by a country you're not in..."
It seems rather clear that the author is physically in Malaysia.
> I mean, that matters.
Kinda but kinda not? If you're an american citizen and for some reason go spend 6 months or a year in Malaysia, you probably don't want your accounts to be switched over to Malaysia, and possibly Malaysian, a language you probably do not speak.
The author was concerned about losing privacy protection offered by Google to people in Germany as required by German law. Which is nonsensical, because German law does nothing to protect you in Maylasia.
I remember Google forums there were angry servicemen that got Google in Arabic when they flew to Kuwait...
You could move, apply for and gain citizenship in another country, or do other things to make these choices. But contracts are even easier: Just pick a place. That's what a choice of laws provision[0] is for.
[0]: https://en.m.wikipedia.org/wiki/Choice_of_law_clause
Granted, I wish Google's approach to privacy was better all around, but given that they want to gobble up as much data as possible, and we all know about that by now, I am not as confused by their approach here as I am by the author's reaction.
why not ?
If I sign up with a small company based in, say, Chile, all of my information is likely to be stored there or at least governed by Chile's laws no matter where I am in the world.
The author of this article appears to have engaged with Google on the terms presented in Germany but is accessing Google services from Malaysia. The difference is that Google has a more-substantial presence in Malaysia and is hence more-beholden to Malaysia's laws. Our hero's ability to choose to interact with a first-class service while being treated as a German while abroad has been substantially degraded.
The way I remember this working is that it is entirely dependent on the methods of payment (MOP) associated with your account. If you remove MOPs from country A, and then 30 days later you add a MOP from country B, your underlying gaia account will have the home country migrated (affects play store, etc).
The workaround is to use different accounts, each with MOP from different countries. Pretty sure IP doesn't matter.
Regarding which legal jurisdictions apply between you and a company like Google? Well, the courts are probably not going to consider what it says in your account profile.
> The workaround is to use different accounts, each with MOP from different countries. Pretty sure IP doesn't matter.
Maybe it has changed, because this was not my experience: my methods of payments have all remained the same. It appears to be based on IP, because my transition was delayed compared to family members who moved with me because I had VPNed back to the country I had left. I’m pretty sure it was IP based, because the relative delay approximately correlated with how many days I’d used the VPN for.
Why now? And why the wrong country? I have no links to country X and I haven’t been there in months.
As a user, I might have Germany as my country in Google while living in Malaysia: maybe I like its privacy law better, or I'm a German ambassador on a diplomatic mission, or a German citizen on an exchange program, or a Malaysian citizen who signed up for Google while on vacation in Germany and is now confused about some parts of their account.
The point is, only the last scenario needs some fixing, while in all other cases, the user will understandably prefer to keep the country unchanged. Yet Google forcibly and preemptively switches country in all these scenarios, with no real benefits to the user.
But if there is no real benefit to the end user, and not everyone wants this, why force this change in the first place? Something technical that has to do with local laws.
And that's where it's really bad: - It's bad as a principle, because if a person signs a contract with an entity under a specific jurisdiction, that person doesn't expect the jurisdiction to change unilaterally. - It's bad in practice, because instead of knowing with certainty that my data is under a specific jurisdiction, I'm now subject to some automated process that could unilaterally move my data to a random country, resulting in unintended exposure to its laws
- Geographical location of data (Data regions) for Google Workspace
- Culpable deniability about a user's location when anonymously accessing Google Maps
- Compliance with local laws where the user is physically located when accessing a service
- Region locked applications
- Financial/banking restrictions
I'm sure there are more. Google is justifiably concerned about compliance and liability. That's the incentive for these changes, not improving the user experience.
Why do I want to change?
When I signed up, the currency was USD and perhaps the country stayed USA too! There was no Indian pricing at that time (I think over a decade ago). For the US pricing, I pay $30 monthly for a 5-member plan. I want to leverage the Indian pricing of ₹125 (~$1.6) per account per month.
Recently they made YouTube Premium available in this market. And with the YouTube Music change, this also came included. However, I don't know if they fixed completely fixed the issue of viewing USA only videos from here.