Announced on April 15, 2026, the Commission’s preliminary findings outline six specific compliance areas Google must address under Article 6(11) of the DMA.
These include the eligibility criteria for data beneficiaries, the scope of shareable data, frequency and technical means of sharing, anonymization standards, pricing principles under fair, reasonable, and non-discriminatory (FRAND) terms, and governance processes for data access.
Critically, AI chatbots with integrated search functionalities, such as those competing with Google’s own AI products, are explicitly included as eligible data recipients.
The data types in scope cover four core categories: ranking data, query data, click data, and view data, essentially the behavioral feedback loop that continuously trains and strengthens search algorithms.
Google would be required to deliver this data via API, covering the previous 24 hours of European user search activity.
To address re-identification risks, the Commission has embedded several technical protections into its proposed framework.
These include data binning to generalize sensitive fields, suppression of rare or low-frequency queries that could identify individuals, strict contractual obligations placed on data beneficiaries restricting secondary use, and removal of direct personal identifiers before transmission.
The Commission emphasizes that the proposal does not require Google to hand over personal search histories, only anonymized, aggregated behavioral signals.digital-markets-act.
While proponents argue that equitable data access is essential for innovation, particularly as AI-powered search reshapes the digital landscape, critics have raised significant concerns.
Privacy advocates warn that even anonymized query datasets carry fingerprinting risks, as combinations of rare search terms, geolocation metadata, and behavioral patterns can re-identify individuals.
National security analysts have also flagged risks that aggregated European citizen search behavior could be accessible to foreign-owned or insufficiently vetted platforms.
The Commission opened a public consultation, inviting interested parties to submit feedback by May 1, 2026. Following review of responses from both third parties and Google, the Commission will finalize and issue a binding decision no later than July 27, 2026.
These proceedings are separate from but parallel to the Commission’s broader DMA non-compliance enforcement powers against Google, which was designated a gatekeeper platform in September 2023 and has been subject to full DMA obligations since March 2024.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post EU Proposes Requiring Google to Share User Search Data with Rival Search Engines appeared first on Cyber Security News.
The Sheep Detectives is the cutest, sweetest movie ever made about accepting death and confronting…
The PowerWash Simulator series has announced its biggest collaboration yet: a Star Wars DLC for…
HBO has shared a first-look at Stuart Fails to Save the Universe, its upcoming multiverse…
A newly discovered malware campaign is targeting government employees in Pakistan using carefully crafted spear-phishing…
A new phishing campaign is actively targeting Indian taxpayers and businesses by impersonating the Income…
Security researchers have raised a warning about two widely trusted tools, macOS textutil and KeePassXC,…
This website uses cookies.