TL;DR:
- The mandate: The European Commission is forcing Google to share search data, full queries, timestamps, location, clicks, scrolls, with competitors through an automated API, under the Digital Markets Act. [1][2]
- The problem: Google’s distinguished differential privacy scientist Sergei Vassilvitskii says his red team re-identified users from the “anonymized” data in under two hours. [3]
- The flaw: The EU’s anonymization relies on an allowlist that approves query terms used by at least 50 people. But unique combinations of common words, like a rare medical condition searched from a small town, can still identify you. [1][4]
- The attacks: Malicious actors could deliberately seed searches to push terms onto the allowlist. Location “buckets” of just 3 km² can pinpoint specific neighborhoods. External datasets can correlate search records with website visitor logs. [1]
- The deadline: July 27, 2026. Non-compliance means fines of up to 10% of Google’s global revenue. But compliance could mean the largest government-mandated data exposure in European history. [2][3][5]
What Brussels Is Demanding
Here’s the setup. The European Commission passed the Digital Markets Act to break Big Tech’s grip on digital markets. Article 6(11) says “gatekeepers” running search engines must share their data with competitors on “fair, reasonable, and non-discriminatory” terms. Google is currently the only company designated as a search gatekeeper. [2][5]
The idea sounds reasonable on paper: if Google has decades of search data powering its algorithms, competitors should get access to level the playing field. Pro-competition. Anti-monopoly. The kind of thing regulators put in press releases.
But look at what the Commission is actually requiring Google to hand over: [1][2]
- Full search queries, every word you typed
- Timestamps
- Approximate location data
- Device information and language settings
- Clicks, scrolls, swipes, and query refinements, down to the millisecond
- Sequential activity patterns over time
Direct identifiers like IP addresses and account IDs get stripped. Everything else stays. And that everything else is the problem.
Two Hours to Unmask You
Sergei Vassilvitskii has been at Google since 2012. He’s one of the most cited differential privacy researchers in the field. When he tells the European Commission their anonymization doesn’t work, it’s worth paying attention. [3]
“We are concerned because the EC’s approach to anonymisation fails to protect Europeans’ privacy,” Vassilvitskii said. “Our red team managed to re-identify users in less than two hours.” [3]
Less than two hours. Not with some nation-state hacking toolkit. With the Commission’s own proposed anonymization applied to real search data. The system the EU designed to protect you can be beaten before lunch.
The proposed anonymization relies on combinations of pseudonymization, aggregation, and noise injection, methods that privacy researchers have documented as vulnerable to linkage attacks for over a decade. When queries are sufficiently distinctive, stripping the name doesn’t help if the search itself is unique enough to identify the person who made it. [3][4]
The Allowlist That Doesn’t Protect You
The Commission’s anonymization system works like this: individual components of search queries get approved for sharing if at least 50 signed-in users have searched for that term over a 13-month period. Once approved, a term stays shareable for up to five years. [1]
Sounds conservative. It isn’t.
The threshold applies to fragments, not complete queries. Each word in your search might pass the 50-user bar individually. But the combination? That could be you and only you. [1]
Search for “endometriosis specialist” from a mid-sized German town. Each word clears the allowlist. Together, with a timestamp and a 3 km² location bucket? That search is effectively your signature. As cybersecurity researcher Lukasz Olejnik put it, “a search for a rare medical condition submitted from a small town can be effectively identifying even without a name attached, because context alone narrows the field.” [1]
Olejnik described the proposal as “one of the most significant potential data-exposure risks in Europe in recent years,” criticizing the Commission’s reliance on procedural controls rather than real technical protections. [1]
Three Ways This Gets Exploited
The re-identification risk isn’t theoretical. There are concrete attack vectors that would work against this system. [1]
1. Seeding Attacks
An attacker creates 50 accounts and searches for a specific term repeatedly. That term gets added to the allowlist. Now they can track anyone who searches for it, a whistleblower looking up a company name, a journalist researching a politician, a patient searching for an HIV clinic. The 50-user threshold becomes a tool for surveillance, not a shield against it.
2. Location Buckets
The Commission requires location data to be generalized into geographic “buckets” covering at least 3 km² with a minimum of 1,000 users. That sounds anonymous until you realize 3 km² is a specific neighborhood. A specific university campus. A specific government district. Cross-reference a search pattern with a known location, and you’ve got an identity.
3. External Correlation
This is the one that should scare you most. Website operators can see who visits their site and when. If shared search data shows someone clicked through to a specific page at a specific timestamp, matching that click with a website’s analytics log identifies the searcher. No hacking required. Just two datasets and basic correlation.
The DMA Just Crashed Into the GDPR
Here’s the part Brussels doesn’t want to talk about. The EU’s own privacy law, the GDPR, likely makes this data sharing illegal. [4][5]
Researchers Fredrik Erixon and Dyuti Pandya at the European Centre for International Political Economy (ECIPE) laid out the collision in stark terms: this granular search data qualifies as personal data under GDPR Article 4(1). Users “would not ordinarily expect” their search behavior shared with competitors. The anonymization the Commission proposes doesn’t meet GDPR standards because it can be reversed. [5]
Their conclusion? “Article 6(11), as currently designed, cannot achieve its stated objectives without either compromising GDPR compliance or rendering the shared data competitively inert.” [5]
Translation: if the data is useful enough to help competitors, it’s detailed enough to identify you. If it’s anonymized enough to protect you, it’s useless for competition. There’s no middle ground.
And the liability structure makes it worse. Users can’t sue the Commission for mandating the data sharing. But they can sue Google for executing it. The company faces GDPR litigation for complying with a regulation that contradicts another regulation. [5]
Who Actually Benefits?
The DMA’s data sharing was designed to help smaller search engines compete with Google. But the biggest beneficiaries won’t be plucky European startups. They’ll be well-resourced AI companies. [5]
The framework explicitly extends to “AI chatbots that include search features.” [2] Companies building retrieval-augmented generation systems, like the ones powering AI search assistants, would get access to Google’s search data to train their models. The competitive advantage flows to companies that already have the infrastructure to process billions of queries, not to the small competitors the regulation claims to protect.
Google’s own compliance approach shows the scale. Before the Commission pushed for more, Google was already offering a European dataset licensing program: roughly one billion distinct queries across 30 EEA countries, with frequency thresholding that excluded low-volume queries linked to identifiable individuals. Fee-based pricing ran about €3 per 1,000 queries per country. [5]
The Commission rejected this as insufficient. It wants more data, more granularity, and an automated API instead of a licensing program. More data means more privacy risk. That’s not a tradeoff, it’s a design flaw.
We’ve Seen This Before
In 2006, Netflix released an “anonymized” dataset of 100 million movie ratings for a competition to improve its recommendation algorithm. Researchers at the University of Texas re-identified individual users by correlating the Netflix data with public IMDb reviews. [5]
Netflix was sharing movie ratings. The EU wants to share search queries, medical questions, legal problems, financial worries, relationship issues, political views. The information density is orders of magnitude higher. The re-identification risk is proportionally worse.
And unlike Netflix in 2006, today’s attackers have large language models that can automate correlation attacks across datasets at scale. The ECIPE researchers specifically warned that “advanced language models and auxiliary data sources create ongoing re-identification possibilities” that didn’t exist when the DMA was drafted. [5]
The Clock Is Ticking
The public consultation period closed May 11, 2026. The Commission is expected to issue its final binding decision by July 27, 2026. Non-compliance carries fines of up to 10% of Google’s global annual revenue, which, for context, would dwarf the €9.71 billion in EU antitrust fines Google has already paid since 2017. [2][3]
Google’s options are limited. Comply and face GDPR lawsuits from European users. Refuse and face DMA fines that could run into tens of billions. Or hope the Commission blinks and accepts stronger anonymization requirements, which would make the shared data less useful, which defeats the purpose.
ECIPE has recommended delaying the final decision until the European Data Protection Board issues guidelines on anonymization standards for this type of data sharing. They also want the Commission to submit findings to European Data Protection Authorities for GDPR compliance review. [5] Neither is likely to happen before July 27.
What You Can Do
If you’re in Europe, your search data may be piped to companies you’ve never heard of by the end of summer. Here’s how to reduce your exposure:
- Search logged out. The allowlist requires 50 signed-in users. Searching while signed out of Google reduces your contribution to the dataset, though doesn’t eliminate tracking entirely.
- Use a privacy-focused search engine. DuckDuckGo, Startpage, and Brave Search don’t collect or share query data. The DMA only applies to designated gatekeepers, right now, that’s just Google.
- Use a VPN. Location buckets are based on IP-derived geography. A VPN masks your location, making the 3 km² buckets less useful for re-identification.
- Don’t search for sensitive topics on Google. Medical conditions, legal questions, financial problems, search for these on engines that don’t log queries. Period.
- Check which companies request your data. The DMA requires “accessible request processes.” Once implemented, monitor which companies are accessing Google’s search data API and exercise your GDPR rights against them.
The Bottom Line
The European Commission built the GDPR to protect your data. Now the DMA is about to blow a hole through it. A regulation designed to fight Google’s monopoly could create the largest government-mandated data exposure in European history, not from a hack, not from a leak, but from policy.
When a Google scientist tells the EU “your anonymization fails” and proves it in two hours, and the EU’s response is to keep the July deadline anyway, the question stops being about competition vs. privacy. It becomes: does the Commission care more about punishing Google than protecting Europeans?
Sources
- Cyber Insider: EU’s Proposed Google Data Access Rule Could Enable Large-Scale Surveillance
- GBHackers: EU Proposes Forcing Google to Share Search Data With Rivals Under DMA
- The Next Web: Google’s Top Differential-Privacy Scientist Tells the EU Its Data-Sharing Plan Can Be Reversed in Two Hours
- ITIF: Comments to the European Commission Regarding Proposed Measures for Google Search Data Sharing
- ECIPE: To Protect Data or Not to Protect: The Dilemma in the Commission’s Article 6(11) DMA Proceedings Against Google