Google scientist Sergei Vassilvitskii warned the EU that sharing search data with rivals risks user privacy, as data can be de-anonymized in hours.
A top scientist at Google has issued a stern warning to European Union antitrust regulators, stating that a proposed mandate requiring the search giant to share data with rivals like OpenAI could severely compromise user privacy. In a detailed technical submission on May 5, 2026, Sergei Vassilvitskii, a distinguished scientist at Google, argued that the European Commission’s current approach to data anonymization is dangerously insufficient for the era of generative AI.
The “Two-Hour” Re-identification Threat
The crux of Vassilvitskii’s argument lies in the vulnerability of “anonymized” search logs. He revealed that Google’s internal security teams conducted “linkage attacks”, a method where AI is used to cross-reference anonymous data with publicly available information. The results were startling: the team was able to re-identify specific individual users from supposedly scrubbed search logs in less than two hours.
“Search data is a digital fingerprint,” Vassilvitskii wrote. “Even without a name or IP address attached, the sequence of what a person searches for, the time of day they search, and the specific links they click create a unique behavioral profile that is almost impossible to fully mask.”
The Conflict: DMA vs. GDPR
The dispute stems from the EU’s efforts to enforce the Digital Markets Act (DMA). The act aims to level the playing field for smaller search engines and AI developers by forcing “gatekeepers” like Google to share granular data, including ranking, queries, clicks, and views, with competitors on fair and non-discriminatory terms.
However, Google argues that this creates a legal paradox with the General Data Protection Regulation (GDPR). While the DMA demands data openness to foster competition, the GDPR mandates strict protection of user identity. Google contends that by forcing the sharing of search telemetry, the EU is effectively asking Google to break one law to satisfy another. Critics, however, suggest Google is using privacy as a “shield” to maintain its data monopoly and prevent rivals from training competitive AI models on Google’s massive data repositories.
Technical Guardrails and Differential Privacy
Vassilvitskii is not merely sounding an alarm; he is proposing an alternative technical framework. He is scheduled to meet with EU antitrust officials in Brussels on May 6, 2026, to advocate for differential privacy. This mathematical approach adds “noise” to datasets, allowing rivals to learn general trends (e.g., “users in Paris are interested in electric bikes”) without having access to raw, individual-level logs.
The stakes are high. If Google refuses to comply with the DMA’s data-sharing requirements, it faces massive fines of up to 10% of its global annual turnover. Conversely, if they comply and a data breach or re-identification scandal occurs, the trust in digital ecosystems could be irreparably damaged.
A Global Precedent
The outcome of this battle in Brussels will likely set the tone for AI regulation worldwide. As the United States and other nations consider their own “fair access” laws for AI training data, the world is watching to see if “anonymity” is still a functional concept in the age of super-intelligent algorithms. The European Commission is expected to finalize these measures and issue a formal ruling by July 27, 2026.
