Designing Europe’s Search Data Sharing Rules for Competition in the AI Era

Google’s dominance in search is increasingly under scrutiny as regulators on both sides of the Atlantic consider whether new rules could reshape competition in the AI-driven search era. Against this backdrop, earlier this year, the European Commission initiated specification proceedings regarding Google’s noncompliance with Article 6(11) of the Digital Markets Act (DMA), which requires the company to share ranking, query, click, and view data with its rivals.

A public consultation on the Commission’s preliminary measures setting out how this data-sharing obligation should be implemented in practice recently concluded. In comments submitted during the consultation period, the Knight-Georgetown Institute noted that the Commission’s proposals represent a comprehensive, well-targeted, and AI-responsive first step toward search data sharing, with the potential to unlock what may prove to be a key ingredient for stimulating competition in the AI-powered search era.

To strengthen the proposed framework, the Commission will need to resolve ambiguities in data scope (particularly the treatment of AI-enabled features) and sharing frequency, specify explicit privacy and utility goals to govern the design of anonymization measures and ongoing evaluation by independent experts, and ensure access to a dispute-resolution process and negotiation flexibility for data recipients.

Mandatory asset sharing has a history of unleashing innovation in digital markets. In 1956, AT&T, then a leading company in computing, agreed to a consent decree with the US Department of Justice requiring it to license its complete portfolio of patents (including key technologies like the transistor) royalty-free. This sharing remedy was crucial for seeding the open innovation ecosystem that defined the early computing industry. Empirical research has since found that AT&T’s patent licensing was responsible for a 12% increase in innovation (relative to non-licensed patents in the same technology class) and a substantial increase in overall innovation.

Seventy years later, we are in the midst of another computing revolution, where mandatory asset sharing may prove critical once again. In addition to the Commission’s actions, the remedies issued last year in the landmark US v. Google antitrust case would require Google to share a substantially narrower universe of search-query data with its rivals. Although the case is currently on appeal, the formation of the court-ordered Technical Committee (TC) to assist with implementing the remedy package is ongoing.

If and when these search-data-sharing regimes come into force, the critical questions become whether and how they can best catalyze competition in online search while protecting user privacy.

Scope of data sharing

A central design choice of any data-sharing regime is the scope of data that must be shared. The European Commission's preliminary measures take a broad approach, requiring Google to disclose comprehensive anonymized information about search results and how a user interacts with them. For instance, this might include the content of a key snippet of a webpage displayed in response to a search query, and how long a user’s cursor hovered over it before clicking on a link. This expansive approach to data sharing, paired with technical and contractual anonymization controls, will equip rivals with a key ingredient necessary to improve the quality of their own search products and compete more effectively with Google.

An important question hanging over enforcers is whether to fold in the generative AI features that increasingly dominate Google Search’s results page, especially as these features drive changes in how users interact with search products.

The Commission’s approach appears to go further than the remedy in the US v. Google case, which excludes user data that Google uses to train search-related generative AI models from the data-sharing requirement. The Commission’s proposed measures, on the other hand, appear to scope in AI features like AI Overviews. Google is required to disclose all “visual content” on the results page, which presumably include AI features such as AI Overviews and AI Mode outputs. The Commission should make the definition of what is included in “visual content” explicit so that it is clear whether AI-related features are covered.

Frequency of data sharing

The performance of machine learning models that power search products typically improves when search engines have access to “fresh” queries, as has been confirmed in US judicial findings and independent empirical research. The Commission’s proposed approach lays a strong foundation for frequent data sharing in establishing the parity principle: rivals’ access to search data must be on par with Google’s. However, the Commission’s measures separately specify that Google must share its search data “daily.” It is unclear how this provision interacts with the parity requirement. The Commission should clarify this ambiguity in its final measures.

This is also an area where US antitrust enforcers could learn from the EU’s approach. The US v. Google Final Judgment leaves the data-sharing frequency question somewhat open, specifying that Google must share query data “at least twice,” with the exact frequency depending on the utility of the dataset after privacy-enhancing techniques are applied. The European Commission’s preliminary measures demonstrate how ambitious this data-sharing remedy could be; the TC could similarly conclude that requiring Google to share its search query data at a specified rate (e.g., once per day) is feasible and desirable.

Protecting user privacy

Given the scale and sensitivity of the data involved, privacy safeguards will be critical to the success and legitimacy of the framework. In its final measures, the Commission should adopt an evidence-informed approach to assessing the relationship between privacy and competition.

The Commission’s preliminary measures include a layer of comprehensive technical protections intended to “mitigate the risk of re-identification of end users to a residual level.” The technical protections are thoughtful and innovative, but the Commission did not derive them from any clearly specified design goals. For example, the measures aim to reduce the risk of user re-identification to a "residual level," without specifying what the Commission considers to be an acceptable threshold. The Commission should also state any other goals it has for the technical protection measures as a whole, including for data utility or contestability. The set of such measures the Commission has proposed cannot be evaluated without knowing the goals of the system.

The Commission should explain the motivation and rationale that it used for the design of the technical measures, including the choice of each parameter specified in the technical measures. The technical measures appear to be broadly aimed at mitigating the risk of user re-identification while maintaining utility of the search data, but the proposed measures do not explain precisely why the Commission chose each measure nor the specific choices made in the design of each measure. The technical measures appear to have been designed with implicit preferences with respect to utility and privacy.

In addition, the Commission should establish a process for ongoing evaluation of search data sharing against its privacy and utility goals, preferably conducted by independent experts. As search behavior changes and more competitors obtain access to the shared data, performance against the privacy and utility goals of the technical measures may degrade or shift. User behavior is not static, especially as AI-enabled features spark change in the types of queries received by search products, implying a need to regularly reevaluate how the technical measures are designed. Independent experts are best suited to this task because both Google and its competitors have vested interests in seeing the results of ongoing evaluation turn out in a way that affects the scope of shared data. Evaluation should thus be conducted by neutral expert parties.

This is another area where US enforcers can learn from the European approach. The Final Judgment is US v. Google gives the TC discretion to determine appropriate privacy and security safeguards for shared search data. The TC is potentially well-equipped to specify design goals through empirical derivation and provide for ongoing independent assessment of the efficacy of the safeguards.

An effective sharing process

While the Commission's preliminary measures are detailed, they still leave Google with discretion in several important areas: the processing of applications, pricing, the scope of contractual limits on data sharing, and the mechanics of the data transfer process. Given the pro-competitive potential of search data sharing, Google has incentives to underinvest and take shortcuts in its compliance efforts. Each area where Google has discretion can therefore create a friction point at which delay or disagreement can arise. Besides disputes over pricing, the preliminary measures do not yet envision how such disagreements would be resolved. The Commission’s final measures could reduce these frictions on the front end by establishing a robust dispute-resolution mechanism to serve as a backstop.

US antitrust enforcers face a similar set of questions about the data-sharing process. The US v. Google Final Judgment leaves the dispute-resolution process open-ended. The TC can play a role in addressing this gap.

The stakes are high

As the next chapter of competition policy in digital markets unfolds, the search data-sharing regime taking shape in the EU will rise or fall on how much data Google must share, how often, with what privacy safeguards, and through what process rivals actually receive it. The Commission has built a framework that, with the refinements outlined above, could serve as a model for jurisdictions around the world. Past antitrust interventions, including the AT&T consent decree, show how asset-sharing remedies can unlock innovation. 

If the search-data-sharing regime in the EU succeeds, it will not only shape the next chapter of search, but could also transform competition in AI-powered information access for a generation.