Google says EU interoperability plans could put user data at risk
The company says proposed DMA remedies for Android AI and search data sharing could increase fraud and expose supposedly anonymous data.
By James Whitfield · Staff Writer
3 min read
Google is warning that European Union plans to loosen its control over Android AI features and search data could create new privacy and security risks for users. The European Commission is weighing remedies under the Digital Markets Act that could force Google to give rivals deeper access to its platforms.
Wired reported that Heather Adkins, Google’s vice president of security engineering, said the proposals could lead to more fraud in Europe soon after taking effect. “If implemented as described today, I think within a short period of time on Android, we’d see a significant increase in fraud in the EU,” Adkins told Wired.
The Commission’s plans, as described by Wired and Ars Technica, cover two main areas. One would require Google to let users connect alternative AI assistants to Android with access closer to what Gemini receives today. The other would require Google to provide competitors with anonymized search data.
Google’s Gemini has privileged integration on Android, including access to files, screen content and expanded voice functions, according to Ars Technica. Adkins told Wired that giving similar access to other AI services could create openings for malicious tools, though the report said she did not detail specific attack scenarios.
The data-sharing proposal has drawn a more detailed objection from Google. According to a draft described in the reports, Google could be required to share anonymized search information similar to data the company uses internally, including search content, rankings and click rates.
Adkins told Wired that anonymizing data is technically difficult and requires the right specialists. Google argues that even data stripped of obvious identifiers can be tied back to people, especially when large AI models are used to compare datasets and find patterns.
Reuters previously reported that Google security teams were able to associate anonymized search data with individual users in as little as two hours using “linkage attacks.” Google employees told Wired that smaller companies receiving such data under EU rules could become targets for attackers.
The dispute sits inside the EU’s broader effort to regulate large technology platforms under the Digital Markets Act. The law labels companies including Google, Meta and Amazon as gatekeepers, a status that brings extra obligations aimed at limiting the power of dominant platforms.
Google has opposed the DMA and has called for changes to the law, according to Ars Technica. The company also has strong business reasons to resist rules that would weaken its control of search and Android, where regulators are trying to open space for competitors.
The European Commission is still deciding the final shape of the requirements. The public comment period ended May 1, and the Commission expects to issue a legally binding decision for Google on July 27, according to Ars Technica.
This story draws on original reporting from Ars Technica.