Google warns: DMA requirements pose a threat to privacy and security in the EU
Regulatory initiatives by the European Union aimed at strengthening competition in the digital space could unexpectedly pose serious risks to user privacy. Google's top security and data protection executives have expressed concern: certain provisions of the Digital Markets Act (DMA) could trigger a surge in fraud and the deanonymization of search queries.
Access to Data: A Double-Edged Sword
The European Commission is finalizing its decisions on cases involving Google Search and Android. Adopted in late 2022, the DMA requires major platforms to open their systems and data arrays to competitors. In April, the regulator specified the requirements: competitors must gain access to information at a level comparable to that used by the corporation itself. This includes query texts, metadata, click data, and ranking results.
From an analyst's perspective, this sounds like a boon for the market, but in practice, it opens Pandora's box. Google's Vice President of Security, Heather Adkins, directly stated that in its current form, the DMA requirements will harm EU users. According to the company's estimates, the volume of fraudulent activity will increase, and the new rules will create a risk of query deanonymization, making these data arrays a prime target for hackers.
Anonymization in Question
The European Commission proposes mitigating threats by prohibiting the re-identification of users and strengthening the protection of sensitive information. However, Google argues that these measures are insufficient. Data will need to be shared with greater detail, and existing anonymization methods can be cracked. Independent expert Lukasz Olejnik supported this position, noting that data sanitization is ineffective at such scales.
Interestingly, opinions are divided. DuckDuckGo, on the other hand, considers the European Commission's approach to be consistent with the legal framework, while Alice Cooper, Executive Director of the Knight-Georgetown Institute, called the proposed regime robust, suggesting the involvement of independent experts for verification. This polarization shows how difficult it is to find a balance between openness and security.
Android in the Crosshairs
A separate set of requirements concerns the Android operating system. Eugene Liderman, responsible for OS security, warned that expanding access to permissions, the microphone, the camera, and screen information will give attackers new opportunities. Even Apple partially supported Google's position on this issue, highlighting the seriousness of the threat.
My expert conclusion: Regulators should reconsider the approach to data sharing by implementing a multi-layered protection system and mandatory vulnerability testing. Without this, the DMA risks becoming not a tool for competition, but a catalyst for massive data leaks and cyberattacks. The crypto industry, accustomed to stringent security standards, should closely monitor this precedent—it sets trends for the entire digital space.