A top scientist from Google has raised serious concerns about the European Union’s plans to require search engines to share anonymized user data with competitors. The scientist says that the anonymization method proposed by the EU can be broken in just two hours, putting user privacy at risk. This warning comes as the EU pushes forward with new regulations aimed at promoting fair competition among tech giants.

EU’s Data Sharing Rules and Their Privacy Risks

The European Union is working on rules under the Digital Markets Act to make major platforms like Google more open to rivals. Part of this involves sharing certain types of search data, such as rankings, queries, and clicks, with third-party companies. The goal is to create a level playing field and help smaller companies compete.

However, the method the EU plans to use to anonymize this data has come under fire. A top Google researcher, Sergei Vassilvitskii, has warned that the anonymization approach is vulnerable. His team managed to re-identify individual users within just two hours using data that was supposedly anonymized. This suggests that the privacy safeguards may not be strong enough to protect users from being re-identified.

Technical Concerns About Anonymization Techniques

The EU’s proposed method relies on techniques like pseudonymization, data aggregation, and adding noise to the data. These are common strategies meant to hide individual identities. But in practice, they have been shown to be vulnerable, especially when attackers have access to additional information. The Google scientist explained that re-identification is not a binary issue but depends on the data, the attacker’s knowledge, and the anonymization method used.

Vassilvitskii’s research focuses on differential privacy, a mathematical approach to limit the chance of re-identification. His team demonstrated that the EU’s proposed method could be broken with a relatively simple attack. Similar incidents have happened before, such as the 2006 AOL search data leak, where anonymized data was linked back to specific users. Modern search data is even more detailed, making re-identification easier and more likely.

Implications for Privacy and Competition

This warning raises questions about whether the EU’s plans truly protect user privacy. While the rules aim to foster competition, they may inadvertently put users at risk if the anonymization is weak. Google has long claimed that protecting user privacy is a core value, yet it is now being asked to share data in a way that could compromise that privacy.

The situation highlights a difficult balance between promoting fair competition and safeguarding individual privacy. Tech companies and regulators will need to carefully consider the technical vulnerabilities before implementing such data-sharing schemes. Otherwise, they risk undermining the very privacy protections they seek to strengthen.

As the deadline of July 27, 2026 approaches, all eyes are on how these policies will evolve. The warning from Google’s top privacy scientist underscores the need for more robust solutions to ensure user data remains secure even as competition regulations take effect.

Inspired by

• https://thenextweb.com/news/googles-top-differential-privacy-scientist-tells-the-eu-its-data-sharing-plan-can-be-reversed-in-two-hours

Sources

• reuters.com
• europa.eu
• europa.eu
• theregister.com
• itif.org