// ARS TECHNICA — INTELLIGENZA ARTIFICIALE
Google warns EU's plans to weaken its monopoly could expose user data
The EU wants Google to share search data with competitors and open up AI on Android, but Google alleges major privacy risks.
Europe’s push to rein in Big Tech is ramping up, with the European Commission planning to announce new regulations for Google next month. The rules could see Google forced to play nicer with its EU competitors, but the company has some concerns. Google is framing this not as a manifestation of its anticompetitive bent, but as genuine concern for user privacy.
Heather Adkins, Google’s VP of security engineering, told Wired that the EU’s proposals could lead to serious security and privacy issues. The potential changes come in two forms. First, regulators want Gemini dethroned as the sole integrated AI service on Android. This would mean letting users integrate other AI models and give them Gemini-like system access. Separately, the EU wants Google to share anonymized search data with other companies.
“If implemented as described today, I think within a short period of time on Android, we’d see a significant increase in fraud in the EU,” said Adkins, who noted these events could happen within weeks of pushing through the changes.
Gemini’s special status on Android devices gives it access to user files, screen content, and enhanced voice interactions. Adkins doesn’t go into much detail here, but the implication seems to be that bad actors would leverage these new options to install malicious AI services that could steal data and manipulate the user experience.
Google has more detailed concerns with the anonymized data sharing. According to the draft of the European Commission’s proposal, Google would have to provide anonymized search data to competitors that is similar to what Google sees internally. That could include the content of searches, ranking, and click rates. This data is core to Google’s search product and has not been provided at this level of granularity before.
“Anonymization is hard, and you’ve got to have the right technical experts at the table to come up with the solutions,” Adkins told Wired.
We have known for years that it’s very possible to unmask people in supposedly anonymous data. In fact, Google suggests that the broad availability of powerful AI models makes it easier than ever to de-anonymize large data sets (that also checks out). Google’s internal security teams have reportedly been able to link this anonymous search data to individual users in as little as two hours using so-called “linkage attacks.”
Googlers expressed to Wired that giving this data to smaller EU firms in accordance with the law will make them targets. Google seemingly trusts itself to keep that data secure, but some rinky-dink startup in Europe? Maybe not.
Requiring Google to share data and system access with competitors may come with some security risks, but Google undeniably has a vested interest in maintaining its market position. Both of those things can be true, but is one maybe a little more true than the other? That’s the issue with which the European Commission must grapple.