Will your Google search data soon be widely shared, without you being able to do anything about it? Over the last few days, a number of posts from French and English-speaking accounts on social networks have claimed that the European Commission is preparing to "plunder your Google history". Requests, clicks, views, location... A new measure taken under the Digital Market Act (DMA) would force the American digital giant to share its precious data with the European Union.
According to one of these accounts, whose publication on X has been viewed more than 28,000 times since 27 April, "every word typed, every result consulted, every scroll and every voice or photo search" will be concerned. This data, which is supposed to be anonymised, would include "your medical symptoms" as well as your "potential infidelities", according to this user, who asserts that "a very precise request is often enough to (...) re-identify" its author.
Worse still, this step, "officially" taken to encourage the development of European search engines and AI, is, again according to this account, a pretext for the European Commission to build "the continent's largest distributed surveillance database". However, while this measure is indeed planned by the Commission, the way it is presented in these publications is misleading. Franceinfo disentangles the true from the false.
Let's cut through the Orwellian fantasies: this is not about the Commission having access to the search histories of hundreds of millions of Europeans for the purposes of generalised surveillance, but about forcing Google to share its data with its competitors operating in Europe to enable them to develop more effectively. At no time is it intended that the European authorities should have access to your data in any way whatsoever.
Provided for in the DMA, and more specifically in Article 6(11), this measure was theoretically adopted from 2024. But it has been the subject of tough negotiations between Google, which is opposed to sharing its precious data, and the Commission, which wants to put an end to its monopoly position on the European market. As its application is more complex than the rest of the text, the article has not yet come into force and has been put out to public consultation, which ended on 1 May. It must be definitively adopted by 27 July 2026 at the latest.
"Google Search has been the most popular online search engine for over ten years. It has collected a large amount of user data, which third-party search engines have not been able to access," European Commission spokesman Thomas Regnier explained to franceinfo. The measures proposed by the Commission are therefore aimed at reducing this barrier to entry to enable competing search engines and AI dialoguers with search functionalities to effectively challenge" their American rival.
According to StatCounter, Google now has around 90% of the global online search market. Far ahead of Microsoft Bing (5.5%) and Yahoo (1.5%). This ultra-dominant position enables it to collect a considerable amount of data, and therefore to continue improving the relevance of its responses, to the detriment of its competitors, who are unable to catch up.
"If Google Search is in first place, it's not because it's intrinsically better than other search engines, it's because it has a twenty-five year history of data that enables it to rank its results more efficiently", analyses Guillaume Champeau, former legal director of the French search engine Qwant and founder of the online media Numerama. "We know very well that an Internet user who goes to another search engine and finds that the results are not as good as on Google will immediately go back there [to Google]", he continues.
While the sharing of data collected by Google therefore appears essential to the development of its competitors, the American giant is unsurprisingly reluctant to provide it. In particular, the company believes that this measure "goes far beyond the DMA's original remit" and that it "jeopardises the privacy and security of individuals".
"Hundreds of millions of Europeans trust Google with their most sensitive searches - including private matters relating to their health, family and finances - and the Commission's proposal would force us to pass this data on to third parties, with dangerously ineffective privacy protections," Clare Kelly, Google's competition lawyer, said in an official statement sent to franceinfo.
In detail, the set of data requested from Google is indeed considerable. It includes users' queries, their metadata (timestamp, location, type of device, etc.), the information displayed on the results page and data relating to their interaction (or lack of interaction) with the page and its URLs. This extremely precise information could lead to users being identified without any safeguards, as the publications cited above and Google have condemned.
In 2006, before Google became the behemoth it is today, AOL made public for research purposes a file containing 20 million search queries made by more than 650,000 users over a three-month period. The users were not identified, but Internet users and the media, such as the New York Times, managed to re-identify some of them by cross-checking the information contained in their queries. AOL acknowledged its error and deleted the file a few days later, but the file had already been widely copied and shared. This setback led to a lawsuit and the resignation of AOL's technical director, Maureen Govern.
To prevent this from happening, the European Commission, via its spokesman Thomas Regnier, assures us that "personal data (will be) anonymised" when Google shares search data, and that these "extensive technical measures will be supplemented by contractual safeguards and an annual independent audit mechanism to ensure compliance with these safeguards".
In concrete terms, Alphabet (Google's parent company) must delete all direct user identifiers, such as Google Account identifiers, usernames, precise timestamps, IP addresses and device identifiers. For a word or entity to appear, it must have been searched for by at least 50 different users within a 13-month period. These technical measures are accompanied by contractual measures, which prohibit, for example, third-party search engines from attempting to re-identify users, from using search data for advertising or analytical purposes, or from storing data for more than 13 months.
But are these guarantees sufficient? "If it really works as the committee's document indicates, the risk of re-identification is relatively low. In my opinion, the benefit-risk balance is in favour of the user", says Guillaume Champeau, who points out that adjustments can still be made between now and the final adoption of the measure in July. "The data that is going to have to be shared is data that Google already has, so I don't see how it would be any worse for privacy than it is at the moment... unless you think that Google cares about our privacy," quipped Olivier Blazy, a professor at the Ecole Polytechnique and researcher in cryptography.
However, the specialist has more reservations about the European Commission's ability to enforce the law. "There will be control over the use of the data, but it will only be a legal control, and there is no guarantee that companies will not try to use it for other purposes, underhand," he says. He also regrets that the sharing of data has been opened up "to all companies operating on European territory", and not just to European companies. This point was brushed aside by the European Commission, which stated that it wanted to create "opportunities for all companies operating in the EU without discrimination based on their country of origin".
At a time when cyber-attacks are becoming increasingly frequent in France and around the world, some of the social networking sites mentioned above are also concerned about the risk of data leakage. A legitimate concern, according to Olivier Blazy. "The more you multiply the number of companies that have access to this data, the greater the risk that a weak link will leak it. But then again, this data already existed at Google, and was already attractive there", points out the researcher. The American giant is not infallible: in August 2025, it revealed that it had been hacked by hackers from ShinyHunters, a notorious group known for attacks on major brands such as LVMH, Allianz Life, Pixlr and Adidas.
An article written by Tom Hollmann (franceinfo), initially published on 7 May 2026 at 05:59 (CEST)