Google warns EU DMA rules could expose users to scams and privacy risks

At a glance:

• Google warns that EU's Digital Markets Act could increase fraud risks by allowing third-party AI assistants deeper Android access.
• The EU wants Google to share anonymized search queries, click data, and ranking information with rivals to boost competition.
• Privacy-focused DuckDuckGo and researchers say safeguards are sufficient, while Google argues data could be de-anonymized.

EU's DMA targets Google's search dominance

The European Union's Digital Markets Act (DMA) is forcing major tech platforms to open their ecosystems to competitors, aiming to reduce monopolistic control. As one of the designated gatekeepers, Google faces specific requirements around its Search and Android services. The European Commission is pushing for greater interoperability, which would allow rival search engines and AI assistants to integrate more deeply with Google's platforms.

This regulatory push directly challenges Google's long-standing dominance in search, where the company holds roughly 90% of the global market share. By mandating access to anonymized search data, including queries, click patterns, and ranking algorithms, the EU hopes to give smaller players the fuel needed to improve their offerings and compete more effectively.

Google raises security and privacy alarms

Heather Adkins, Google's vice president of security engineering and a long-time security leader at the company, has voiced significant concerns about these proposals. Speaking with Wired, she argued that the current DMA framework could expose millions of users to heightened fraud and cyberattack risks. Adkins specifically highlighted that granting third-party AI assistants deeper access to Android could lead to exploitation of sensitive permissions, including microphone, camera, on-screen content, and installed apps.

The search data sharing component presents another major point of contention. While the EU envisions sharing anonymized data, Google contends it cannot guarantee the protection of sensitive information once it leaves its infrastructure. Adkins warned that more sophisticated AI models could make it easier to de-anonymize large datasets if they fall into the wrong hands, potentially making smaller organizations targets for hackers despite security audits and agreements.

Counterarguments from privacy advocates

Not all stakeholders agree with Google's assessment. Privacy-focused search engine DuckDuckGo has stated that the Commission's proposal already reduces reidentification risks to an insignificant level. Similarly, researchers at the Knight-Georgetown Institute argue that the planned safeguards appear robust enough to support greater competition.

These researchers also point out that Google possesses the technical capability to independently verify that anonymization techniques work as intended. While some academics acknowledge the privacy risks involved, they maintain that these concerns should be weighed against the Commission's technical protections and should not automatically become dealbreakers for fostering competition.

Android integration sparks additional debate

The Android side of the regulatory case is generating similar levels of debate. EU regulators want competing AI assistants to achieve deeper integration with the operating system, including support for wake words and interactions with apps and user data. Google says it shares the Commission's broader goals but believes implementing these changes too quickly could weaken Android's established security protections.

In an unusual show of alignment, Apple has also expressed support for parts of Google's stance on access to operating systems, suggesting that the issue transcends individual company rivalries and touches on fundamental platform security questions.

The European Commission is expected to make final decisions on separate cases for Google Search and Android interoperability by July 27, making the coming weeks critical for determining how these rules will ultimately be implemented.