5G(4) AI(31) Best practices(11) CEE(4) Cloud(4) Connectivity(18) Cybersecurity(8) Data(21) DMA(6) E-commerce(2) E-governance(13) Fintech(5) Global(15) Innovation(17) Intellectual Property(2) News(49) Privacy(24) Wiser Regulation(5)

EU orders Google to share search data with third-parties

The EU has ordered Google to share its search data with rivals by January 2027 under the DMA. But as concerns grow over data privacy and loopholes, a new survey reveals that 71% of Europeans have no idea their data will be shared.

EU orders Google to share search data with third-parties
Photo by Firmbee.com / Unsplash

Today, the European Commission specified two binding obligations under the Digital Markets Act (DMA) for Alphabet/Google. One of them, pursuant to Article 6(11), obliges Google Search to allow third-party search engines to access its data, such as ranking, query, click, and view data.

Although the decision can still be challenged in courts, Google is now officially obliged to implement the guidance by January 2027, otherwise it would be subject to new investigations and fines.   

While the decisions are consistent with the DMA’s broader goals on fostering competition, concerns about privacy and consumer awareness remain. 

Potential privacy and security issues

Although the EU’s data rulebook is one of the strictest in the world, and the EU, as seen by the recent debates on the Digital Omnibus, is immune to tangible revisions of it to help the European AI and data economy, the DMA’s obligations and follow-up guidelines may be at odds with the general approach.

Prior discussions on the matter revolved around three key issues: the scope of data to be shared with third parties, the security of proposed anonymization methods for protecting Europeans’ personal data, and the types of companies that Google Search should grant access to.

While the companies that could get access to Google Search engine’s data would be limited to the ones that are based in the European Economic Area (EEA), some believe that the flexible and dynamic nature of today’s digital world may potentially leave legal loopholes that can expose European consumers' data to adversaries.

Although the Commission seems to be confident about its proposed anonymization methods, calling it a multi-layered method, developed with the help of internal and external privacy experts, Google & Alphabet’s President for Global Affairs Kent Walker reacted to the decision by stating that European “private searches would be exposed to unfamiliar companies, without adequate anonymisation of the data and without user knowledge or consent.” 

71% of European consumers are not aware of how their data can be shared 

A recent consumer survey conducted by the Center for Information Policy Leadership (CIPL) and the European Public Policy Partnership (EPPP) found that most European consumers are largely unaware of the EU's digital rulebook’s goals and potential implications for their privacy, including those outlined in the DMA. 

(c) CIPL & EPPP; A Single Standard for Anonymisation, July 2026

The survey results revealed that 71% of respondents were unaware that the DMA may require certain search engines to share data with competing providers. 

CIPL-EPPP survey respondents are also skeptical about the anonymization methods that are supposed to protect their personal data -  50% consider that their personal data, even if it’s anonymized, could be re-identified and linked back to them. 

Lastly, the survey results reveal that European consumers would like to have a say where and how their data is used and shared, which is essentially not ensured by the DMA’s Article 6(11) - 51% would want to be given an opportunity to opt out. 

The survey gathered the views of 3,000 respondents in countries of varying sizes, digital maturity, and approaches to the EU’s rulebook - Slovakia, Germany, France, Ireland, Estonia, and Spain, consequently, it can be considered a highly representative sample.