EU Digital Markets Act Proposal sparks debate over search data sharing plans

By Alpaslan Düven-London

A proposed measure under the European Union’s Digital Markets Act (DMA) has triggered a wave of concern and controversy online, with critics warning it could significantly expand the sharing of search-related data with third parties. However, the scope and interpretation of the proposal remain disputed, and officials have emphasized safeguards and compliance with existing EU privacy law.

At the centre of the debate is an interpretation of proposed interoperability and data access provisions—sometimes referenced in discussions around Article 6(11) of the DMA—that could require large online platforms to provide certain categories of data to vetted third parties, including competitors and approved service providers.

What the proposal is said to involve

According to critics of the draft framework, the measures could potentially include structured access to aggregated search-related signals such as:

• Search queries and interaction patterns
• Autocomplete and suggestion data
• Device and language metadata
• Generalised location information
• Click and engagement behaviour within search results

Opponents argue that, if implemented broadly, such datasets could provide detailed behavioural insights into users’ interests and concerns, ranging from health-related searches to financial or personal issues.

Privacy and anonymisation concerns

A key point of contention is whether anonymisation techniques would be sufficient to protect individuals. Privacy advocates caution that search data can often be re-identified when combined with other datasets, a concern supported by previous academic research into “re-identification” risks in anonymised behavioural data.

They warn that even partial datasets, if accessed by multiple entities, could increase the surface area for data breaches or misuse.

Supporters highlight competition goals

Supporters of the Digital Markets Act argue that its purpose is not surveillance, but to increase competition in digital markets long dominated by a small number of large platforms. By enabling controlled access to certain data, regulators aim to allow smaller companies, including search engines and AI developers, to compete more effectively.

EU institutions have repeatedly stated that any data-sharing requirements under the DMA must comply with strict GDPR protections, including data minimisation, purpose limitation, and security obligations.

Security and misuse concerns raised by critics

Despite these assurances, critics argue that any expansion of data access—even under regulatory oversight—creates additional risks. They point to potential vulnerabilities such as:

• Increased number of authorised data recipients
• Greater risk of cyberattacks or breaches across multiple organisations
• Potential misuse of behavioural data for profiling or targeting
• Difficulty ensuring consistent enforcement across jurisdictions

Ongoing consultation and next steps

The proposal remains under discussion as part of broader DMA implementation efforts. Stakeholders, including technology companies, civil society groups, and regulators, are expected to continue submitting feedback as part of the consultation process.

No final operational framework has been confirmed, and details may change before any binding rules are adopted.

EU officials have stressed that the aim of the DMA is to regulate digital competition, not to expand surveillance, and that all measures must operate within the EU’s existing privacy and data protection laws.

The final regulatory decisions are expected to be made following the conclusion of ongoing consultations and legislative processes in the coming period.