Regulatory Comments

ICLE Comments to the European Commission on Alphabet’s Article 6(11) DMA Obligations

I.         Introduction

The International Center for Law & Economics (ICLE) appreciates the opportunity to respond to the European Commission’s consultation on proposed measures to specify Alphabet’s obligations under Article 6(11) of the Digital Markets Act (DMA). Article 6(11) requires Alphabet to provide access to certain Google Search data to third-party providers of online search engines (OSEs) on fair, reasonable, and non-discriminatory (FRAND) terms.[1] ICLE is a non-profit, non-partisan global research and policy centre that advances evidence-based policy.

These comments address the Commission’s implementing choices under Article 8(2) DMA. They do not challenge Article 6(11) or Alphabet’s designation.[2] The central issue is how the Commission defines ‘effective compliance’. That definition will shape the scope of access, the design of anonymisation, the pricing framework, and the supervisory regime.

The Preliminary Measures risk shifting Article 6(11) from a data-access obligation to a tool for delivering competitor success. The provision does not support that shift. It requires access to specified data, anonymised, on FRAND terms. It does not guarantee that recipients will match Google’s quality, gain market share, or remain in the market. The specification should reflect that legislative choice.

Four themes guide these comments.

Effectiveness. Article 6(11) is an access obligation, not a rescue regime. Effectiveness should turn on whether third parties receive lawful, workable access on FRAND terms. It should not depend on uptake, market-share shifts, or beneficiary survival. Recital 32 confirms that the DMA’s concept of contestability is procedural and opportunity-based.

Data transferability. The premise that shared, anonymised data will generate comparable gains for recipients is uncertain. The literature shows diminishing returns to data and highlights the role of complementary inputs—crawler infrastructure, indexing, ranking systems, engineering capability, and experimentation. Anonymisation further reduces the value of shared data, especially by suppressing rare and tail queries. The Commission should require evidence that specific data fields will produce material improvements, rather than assume parity with Alphabet’s internal use.

Privacy and anonymisation. Search queries are highly sensitive. The Preliminary Measures’ layered design—technical anonymisation combined with extensive contractual restrictions—reflects the limits of anonymisation alone under the General Data Protection Regulation (GDPR). Privacy should operate as a binding constraint. Data minimisation should guide scope and retention, and staged access should mitigate risk as the recipient pool expands.

FRAND pricing. Search data is an information good characterised by high fixed costs and low marginal costs. The FRAND experience with standard-essential patents (SEPs) shows that pricing such assets is inherently indeterminate and yields a range of reasonable outcomes. The draft’s weighted-average-cost-of-capital (WACC) ceiling, exclusion of core investments from the cost base, and open-ended recipient class risk shifting pricing toward recipient ability to pay. Non-discrimination should instead prevent competitive disadvantage among similarly situated recipients, consistent with Unwired Planet v. Huawei. The regime should also allow for periodic ex post review, rather than rely on fixed terms that may not remain appropriate.

These themes reflect a common concern. The Commission’s specification should preserve the balance the DMA strikes—ensuring access while respecting privacy, proportionality, and investment incentives.

II.      ‘Effectiveness’ Means Access, Not Outcomes

The Commission asks whether the proposed measures will be effective in practice.[3] That question should track the legal obligation: effective access to anonymised data on FRAND terms. It should not turn on beneficiary uptake, traffic, market-share shifts, or the survival of particular recipients.

Article 6(11) grants third parties a right of access to specified data, anonymised, on FRAND terms. It does not grant a right to succeed. Conflating ‘effective’ with ‘sufficient to make beneficiaries viable’ would distort the provision. Under that reading, any disappointing competitive outcome—rival exit, lower-quality results, or limited market-share gains—would invite claims that the measures are ineffective and must be tightened. Compliance would become a moving target, defined by the least efficient beneficiaries, rather than by whether Alphabet has met its data-access obligations.

There are strong reasons to reject that approach.

First, beneficiary outcomes depend on many factors beyond data access. Product quality, ranking architecture, engineering capacity, marketing, distribution, brand, and business-model fit all matter. In United States v. Google LLC, Google expert Edward Fox’s analysis implied that user-side data explained only about 3 per cent of the measured Google–Bing search-quality gap. Fox testified that the remaining difference was ‘not from user interaction data’, pointing instead to factors such as ‘innovation’ and ‘better algorithms’.[4] If beneficiaries underperform despite receiving data on FRAND terms, that result may reflect ordinary competition, not non-compliance.

Second, the empirical record on remedies that aim to rebalance market shares through forced disclosure or default changes is mixed. Users often revert to preferred services after intervention. In a 2016 experiment, Mozilla switched Firefox’s default search engine to Bing; Bing retained about 42 per cent of search volume by day 12, with retention declining over time.[5] In Europe, where the Android choice screen has operated since 2020, Google’s share of search has barely shifted.[6]  The UK Competition and Markets Authority likewise recognised that, although click-and-query data may improve ranking quality, ‘the empirical evidence finds rapidly diminishing returns to scale’, with effects concentrated in rare queries.[7] These findings do not show that data sharing lacks value. They show that competitive outcomes reflect a broader set of forces. Market shares are therefore a poor proxy for compliance with the DMA’s data-access obligation.

Third, even proponents of data-access remedies warn against using them to override competitive selection. The Crémer–de Montjoye–Schweitzer report acknowledges that ‘the sharing or pooling of data can discourage competitors from differentiating and improving their own data collection and analytics pipelines’.[8] The Furman Report similarly cautions that such interventions carry trade-offs:

Requiring the opening up of a part of a business’s legitimately obtained data holding would be a significant intervention. Platforms would reasonably be concerned about the impact upon their business model, the legitimacy of requiring access to a significant asset, and the impact on incentives for investment in future data collection and management.[9]

These concerns weigh against reading Article 6(11) to require parity with Google.

Some may argue that the DMA’s ‘contestability’ objective permits an outcome-based test of effectiveness. The text does not support that view. Recital 32 defines contestability in procedural terms: the ability of undertakings to overcome barriers to entry and expansion and to challenge the gatekeeper on the merits.[10] The relevant question is whether the measures materially reduce the data-access barriers identified in Recital 61, on FRAND terms and subject to anonymisation, so that eligible third-party search engines can improve and optimise their services. It is not whether those firms achieve a particular market share, user base, query volume, or advertising-revenue shift. Those outcomes depend on factors outside Article 6(11), including product quality, brand, distribution, user preferences, innovation, privacy choices, and the scale and network characteristics of search.

Tying effectiveness to recipient outcomes would also create a predictable ratchet. Beneficiaries that find anonymised data less useful than expected will press for additional data fields. Beneficiaries that find FRAND prices too high will press for lower prices, potentially calibrated to their own constraints. Each step will be framed as necessary to make the measures ‘effective’. Each step will also erode the statutory constraints—privacy, proportionality, and dynamic incentives—that the DMA preserves.

III.    Data Sharing Does Not Guarantee Transferable Value

A second, related concern is the implicit causal premise of the Preliminary Measures: that the same data Google uses internally to optimise its search service will, once anonymised and shared, produce comparable improvements for recipients. The literature does not support that assumption, and the empirical record is mixed. The Commission should treat this as a working hypothesis, not as a basis for broad scope or parity defaults.

The economic literature on data as an input is more cautious than the specification suggests. Anja Lambrecht and Catherine Tucker find that big data rarely satisfies the conditions for a sustained competitive advantage, and that ‘the simple act of amassing big data does not confer a long-term competitive advantage’.[11] Tucker summarises the evidence as showing ‘concave returns to data’—initial gains, followed by rapidly diminishing marginal benefits.[12] Hal Varian likewise notes that data scale faces statistical limits: because measurement accuracy increases with the square root of sample size, ‘you have to have four times as big a sample to get twice as good an estimate’.[13] Empirical work on internet search reaches a similar conclusion. Additional data can improve results, but its marginal value depends on context, including user-history depth, algorithmic quality, and system design.[14]

These findings align with how firms actually create value from data. Data is not a stand-alone input. It complements crawler infrastructure, indexing, ranking systems, machine-learning expertise, experimentation capabilities, and product design. The same dataset will produce different outcomes in different hands.[15]  ICLE scholars describe this as ‘data immobility’: the value of data depends on the system that generates and uses it, and disclosure cannot transfer that value in the absence of complementary capabilities.[16]

The search-specific evidence points in the same direction. The United States v. Google LLC record includes expert testimony attributing only about 3 per cent of the Google–Bing quality gap to user-side data.[17] Other evidence suggests that Bing can perform comparably to Google in some contexts, despite Google’s larger data scale. That result is difficult to square with a theory that treats data as the single binding constraint. The court itself observed that Bing’s ‘search quality on Desktop measures up to Google’s’.[18]

The Commission’s anonymisation regime further limits transferability. The Preliminary Measures recognise that anonymisation suppresses long, rare, and tail queries—the queries where marginal returns to additional data are highest.[19] The U.S. data-sharing remedy in United States v. Google LLC similarly acknowledges that DMA-style anonymisation can remove the vast majority of queries before sharing.[20] The dataset proposed for disclosure is therefore, by design, stripped of much of the information that would drive marginal improvements.

These points do not undermine Article 6(11). They do, however, support two changes to the specification. First, the Commission should require evidence—not assumption—that the data fields included in the search dataset will deliver material improvements after anonymisation and under contractual limits. Second, the Commission should resist scope expansions based on unsupported claims of necessity. The idea of ‘parity with Alphabet’s own use’[21] may reflect a statutory aspiration, but it does not establish proportionality for every data field, recipient, or use case.

IV.    Privacy Is a Binding Constraint, Not a Design Variable

The Preliminary Measures rest on a strong premise: that technical and contractual anonymisation can produce data that is both useful for search optimisation and sufficiently anonymised to satisfy the General Data Protection Regulation (GDPR). Recital 61 of the DMA recognises the tension by requiring anonymisation that does not ‘substantially degrade’ usefulness.[22] The literature on search-query anonymisation, and the Commission’s own framework, show that this trade-off is real. The Commission should treat privacy as a binding constraint on the regime’s design, not as a parameter to relax in pursuit of beneficiary success.

Search queries can reveal highly sensitive information—health, finances, sexuality, location, politics, and ideology—often in granular, longitudinal detail. The 2006 AOL data release illustrates the risk. AOL disclosed 20 million search queries from 658,000 users, replacing identities with numeric pseudonyms. Within days, a New York Times reporter identified user #4417749 as Thelma Arnold of Lilburn, Georgia, based on her queries.[23] Search histories are uniquely revealing. They can expose a user’s health concerns, political interests, religious beliefs, financial anxieties, sexual orientation, and family issues. As privacy advocates have observed, access to search queries can be ‘akin to reading someone’s most complete and intimate diary’.[24]

The technical literature confirms that this risk is not limited to crude anonymisation. Latanya Sweeney showed that 87 per cent of the U.S. population can be uniquely identified using date of birth, gender, and postal code alone.[25] Yves-Alexandre de Montjoye and co-authors found that four spatio-temporal data points can identify 95 per cent of individuals in a large mobility dataset, even when the data is coarse.[26] Cynthia Dwork’s differential-privacy framework formalises the underlying trade-off. Under the ‘Fundamental Law of Information Recovery’, sufficiently accurate answers to enough queries will erode privacy.[27] Differential privacy does not eliminate this constraint; it manages cumulative privacy loss.

The Preliminary Measures themselves recognise these limits. Section 3.1 specifies technical safeguards—removal of identifiers, suppression of long and rare queries, generalisation of metadata, and k=50 / r=50 thresholding—to reduce re-identification risk to a ‘residual level’.[28] Section 3.2 then adds extensive contractual restrictions: prohibitions on attempts to determine which records relate to the same users, prohibitions on linking with auxiliary datasets, limits on augmentation that could weaken safeguards, and audit rights.[29] The Commission describes these contractual measures as necessary to reduce risk to an ‘insignificant level’.[30]

This layered design reflects an important reality. Technical measures alone do not satisfy the GDPR’s anonymisation standard, which requires that re-identification be impossible ‘taking account of all the means reasonably likely to be used’.[31] ICLE’s prior work on the DMA–GDPR interface makes the same point: anonymisation leaves residual risk, and gatekeepers remain the first line of defence.[32] The Commission’s reliance on contractual controls confirms that anonymisation here operates as a governance regime, not a binary switch. Weakening those controls would reintroduce the very risks the regime seeks to manage.

Privacy risk also depends on who receives the data. Risk is not a property of the dataset alone, but of the dataset and the recipient set. Data that poses limited risk in the hands of a single, well-governed recipient may pose far greater risk when shared with a broad and heterogeneous group. The Preliminary Measures extend access to any third-party undertaking offering an online search engine (OSE) in the European Economic Area (EEA), ‘including AI chatbots with OSE functionalities… even if the OSE is provided as part of a broader service’.[33] Expanding eligibility expands the adversary class. It may include recipients with sophisticated inference capabilities not fully addressed in the anonymisation literature.[34]

Against this backdrop, three principles should guide the specification.

First, treat privacy as a binding constraint. If shared data proves less useful than expected, the solution is not to weaken anonymisation, expand permissible uses, or reduce safeguards. The solution is to recognise that the regime delivers what Article 6(11) requires—lawful access on FRAND terms—and that beneficiaries must compete within those limits.

Second, apply data minimisation as the controlling principle for fields, recipients, and retention. The combination of a broad search dataset and a five-year retention period[35] sits at the more permissive end of what proportionality under Recital 61 can support.

Third, consider staged access. Provide synthetic or filtered datasets first, with fuller access contingent on audit, security review, and demonstrated compliance. Staged access aligns with comparable disclosure regimes and reduces the cost of correcting recipient-side failures.

V.      FRAND Pricing Should Reflect Costs, Not Subsidise Competitors

The Preliminary Measures’ FRAND specification risks converting a data-access obligation into a competitor-subsidy regime. Search data, like standard-essential patents (SEPs) and app-store services, is a classic information good. It involves high fixed and sunk costs—collection, indexing, ranking, and quality maintenance—and near-zero marginal costs of replication.

As Carl Shapiro and Hal Varian explain, ‘Information is costly to produce but cheap to reproduce… cost-based pricing does not work’.[36] The two-decade SEP/FRAND experience confirms the point. Accepted methodologies yield a range of defensible outcomes, not a single price.[37] In Microsoft v. Motorola, the court took years to determine a FRAND rate, with a range spanning roughly thirty-fold. Unwired Planet v. Huawei accepted that FRAND yields a range of acceptable royalties, and Optis v. Apple increased the rate sevenfold on appeal.[38] The DMA has already generated a similar dispute in the Apple App Store proceedings, where the Commission has yet to converge on a stable outcome despite years of effort and a €500 million fine.[39]

The Preliminary Measures amplify these structural difficulties through three design choices.

First, paragraph 71 caps Alphabet’s return on capital employed at its weighted average cost of capital, effectively eliminating economic profit. Paragraph 72(i) relaxes that cap only where Alphabet shows it cannot recover costs from its own use of the data.[40] This approach ties pricing to Alphabet’s profitability, not to economic cost.[41] It operates as a transfer rule, not a pricing rule, and risks the under-compensation problem identified by Daniel Spulber and Christopher Yoo in regulated information industries.[42]

Second, paragraph 78 excludes ‘overhead, sunk costs, or investments in data collection, processing and storage not attributable to making the data available’.[43] Those investments create the data’s value. Pricing based only on the marginal cost of disclosure misprices the asset.

Third, paragraph 79(b) requires Alphabet to forecast ‘the expected number of eligible access recipients’.[44] That denominator is inherently unstable. The regime covers all OSE providers in the EEA, including AI chatbots with OSE functionalities. As eligibility expands, cost allocation becomes less predictable. Paragraph 75 compounds the problem by locking in FRAND terms for five years, followed by renegotiation without a clear benchmark. This structure is likely to increase, not reduce, disputes.[45]

Taken together, these features calibrate prices to recipient size and ability to pay, rather than to economic cost. Paragraph 74 makes this explicit for small and medium-sized enterprises (SMEs). It caps their charges at incremental cost and requires that other beneficiaries’ allocations be calculated as if all recipients faced that constraint. The result is cross-subsidisation. The burden of below-cost SME access shifts to other recipients.[46]

Article 6(11) does not support that outcome. It requires access on ‘fair, reasonable and non-discriminatory’ terms—not parity, and not pricing based on what recipients can afford. Properly understood, non-discrimination prevents competitive disadvantage among similarly situated licensees. It does not require identical terms for differently situated firms.[47] An access price designed to ensure viability for all would invert that principle. It would equalise outcomes by shifting the shortfall of less efficient recipients onto more efficient ones.

The incentive effects run in the same direction. Below-economic pricing weakens the gatekeeper’s incentives to invest in data quality, abuse detection, and privacy-preserving analytics. It also reduces recipients’ incentives to invest in independent crawl, ranking, and behavioural data. As noted above, even proponents of ex ante data-access duties warn that such regimes can dampen investment incentives.[48]

A more stable design would follow three principles.

First, the cost base should reflect the full economic cost of supplying the data. That includes compliance, audit, security, and monitoring costs, plus a return that reflects investment risk, not just ex post weighted average cost of capital (WACC).

Second, interpret non-discrimination in line with the SEP/FRAND tradition. The goal is to prevent competitive disadvantage among similarly situated recipients, not to impose identical terms across heterogeneous firms.

Third, build in review. The five-year lock-in, followed by renegotiation without a benchmark, trades short-term certainty for long-term instability. Periodic ex post review would better reflect the Commission’s practice and the dynamics of the market.

VI.    Conclusion

Article 6(11) is in force, and ICLE recognises the Commission’s authority to specify what effective compliance requires. The question is how that authority should be exercised. Three points follow.

First, effectiveness should track the legal obligation, not recipient outcomes. Article 6(11) guarantees access to anonymised data on FRAND terms; it does not guarantee competitive success. The DMA’s definition of contestability in Recital 32 is procedural and opportunity-based. It asks whether firms can overcome barriers and compete on the merits, not whether they achieve particular outcomes. The evidence reinforces this distinction. Competitive performance depends on multiple inputs—product quality, engineering, distribution, and business-model fit—not data access alone. A specification that equates effectiveness with competitor success will create a predictable ratchet: broader scope, lower prices, and weaker safeguards, with no principled stopping point.

Second, the Commission should address, not assume away, the core constraints identified above. Data is not a freely transferable input. Its value depends on complementary capabilities, and the empirical literature shows diminishing returns to scale. Anonymisation further limits transferability, especially where it removes tail queries that drive marginal improvements. At the same time, privacy is a binding constraint. The GDPR requires that re-identification be effectively impossible, and the Preliminary Measures’ layered technical-and-contractual regime reflects that reality. These constraints cannot be relaxed without undermining the legal framework.

The same is true for FRAND. Search data is an information good with high fixed costs and low marginal costs. The SEP/FRAND experience shows that pricing such assets yields a range of reasonable outcomes, not a single point. The current specification departs from that logic. The WACC ceiling, the exclusion of core investments from the cost base, and the open-ended recipient class together shift pricing toward recipient ability to pay rather than economic cost. That approach risks under-compensation, cross-subsidisation, and distorted incentives. It weakens investment by both the gatekeeper and recipients.

Third, the Commission should approach specification with discipline and restraint. The DMA aims to provide clarity through ex ante rules, but early experience shows that even narrow specifications can generate complex disputes and significant enforcement costs. Article 6(11) is broader and more operationally demanding than the provisions the Commission has addressed to date. That increases the risk of unintended effects on users, innovation, and privacy.

These themes point in the same direction. The Commission should anchor effectiveness in access, not outcomes; treat privacy and proportionality as binding constraints; recognise the limits of data transferability; and align FRAND with economic cost, rather than recipient viability. It should also build in mechanisms—such as staged access and periodic ex post review—that allow the regime to adjust without constant expansion.

The Commission has the authority to define what Alphabet must do. It should exercise that authority with care. Article 6(11) does not authorise a competitor-subsidy regime, and the specification should not evolve into one in the name of effectiveness.

[1] Eur. Comm’n, For Public Consultation in Case DMA.100209 — SP — Alphabet — Article 6(11): Preliminary Measures (16 Apr. 2026), https://digital-markets-act.ec.europa.eu/document/download/b3aed7f6-c45c-4bfa-b032-b8975a48bb06_en [hereinafter Preliminary Measures]; Eur. Comm’n, Case DMA.100209 — SP — Alphabet — Article 6(11) Google Search Data Sharing: Case Summary (16 Apr. 2026), https://digital-markets-act.ec.europa.eu/dma100209-consultation-proposed-measures-google-search-data-sharing_en [hereinafter Case Summary].

[2] Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 Sept. 2022 on Contestable and Fair Markets in the Digital Sector, art. 6(11), 2022 O.J. (L 265) 1 [hereinafter DMA]; Eur. Comm’n, Commission Designates Six Gatekeepers Under the Digital Markets Act (5 Sept. 2023), https://ec.europa.eu/commission/presscorner/detail/en/ip_23_4328.

[3] Case Summary, supra note 1, at 1 (‘Interested third parties are now consulted on these measures, in particular their effectiveness, completeness, and implementation timelines’).

[4] See Rebuttal Testimony of Professor Douglas W. Oard, Trial Ex. UPXD105 at 7, 32, United States v. Google LLC, No. 1:20-cv-03010-APM (D.D.C. 15 Nov. 2023) (reporting a measured Bing–Google IS4@5 gap of 3.924 and a frozen-versus-retrained Google effect of 0.113, and quoting Edward Fox’s testimony that the remaining ‘97 percent’ was ‘not from user interaction data’).

[5] United States v. Google LLC, Memorandum Opinion, No. 20-cv-3010 (APM), at 117 (D.D.C. 5 Aug. 2024), https://www.tn.gov/content/dam/tn/attorneygeneral/documents/pr/2024/pr24-59-Google.pdf; see also Geoffrey A. Manne, A Critical Analysis of the Google Search Antitrust Decision 16–17, Int’l Ctr. for L. & Econ. (14 Aug. 2024), https://laweconcenter.org/wp-content/uploads/2024/08/Manne-Google-Search-Decision-Analysis-2024-08-14.pdf [hereinafter Manne, Critical Analysis].

[6] Id.

[7] Competition & Mkts. Auth., Online Platforms and Digital Advertising: Market Study, Appendix I: Search Quality and Economies of Scale ¶ 34 (2020), https://assets.publishing.service.gov.uk/media/5fe4957c8fa8f56aeff87c12/Appendix_I_-_search_quality_v.3_WEB_.pdf.

[8] Jacques Crémer, Yves-Alexandre de Montjoye & Heike Schweitzer, Competition Policy for the Digital Era 9, Eur. Comm’n (2019).

[9] Digital Competition Expert Panel, Unlocking Digital Competition ¶ 2.87 (2019) [hereinafter Furman Report].

[10] DMA, supra note 2, recital 32.

[11] Anja Lambrecht & Catherine E. Tucker, Can Big Data Protect a Firm from Competition?, Competition Pol’y Int’l Antitrust Chron. 8 (Jan. 2017).

[12] Catherine Tucker, Digital Data, Platforms and the Usual [Antitrust] Suspects: Network Effects, Switching Costs, Essential Facility, 54 Rev. Indus. Org. 683 (2019).

[13] Tom Krazit, Google’s Varian: Search Scale Is ‘Bogus’, CNET (14 Aug. 2009), https://www.cnet.com/culture/googles-varian-search-scale-is-bogus.

[14] Maximilian Schäfer, Geza Sapi & Szabolcs Lorincz, The Effect of Big Data on Recommendation Quality: The Example of Internet Search 1 (DIW Berlin Discussion Paper No. 1730; DICE Discussion Paper No. 284, 2018), https://www.diw.de/documents/publikationen/73/diw_01.c.581628.de/dp1730.pdf; Maximilian Schäfer & Geza Sapi, Learning from Data and Network Effects: The Example of Internet Search 1 (DIW Berlin Discussion Paper No. 1894, 2020), https://www.diw.de/documents/publikationen/73/diw_01.c.798442.de/dp1894.pdf.

[15] Geoffrey A. Manne & Dirk Auer, From Data Myths to Data Reality: What Generative AI Can Tell Us About Competition Policy, Competition Pol’y Int’l (Feb. 2024) (observing that AI rivals such as OpenAI, Anthropic, and Perplexity emerged without massive incumbent data).

[16] See, e.g., Geoffrey A. Manne & Dirk Auer, Antitrust Dystopia and Antitrust Nostalgia: Alarmist Theories of Harm in Digital Markets and Their Origins, 28 Geo. Mason L. Rev. 1280 (2021).

[17] Fox testimony, in Oard, supra note 4.

[18] United States v. Google LLC, supra note 5, at 46.

[19] Preliminary Measures, supra note 1, ¶¶ 13–22 (describing technical anonymisation, including suppression of long queries and queries containing rare words and word combinations); Case Summary, supra note 1, at 3.

[20] Mikolaj Barczentewicz, Comparing the EU DMA to the Search-Query Data-Sharing Remedy in US v Google, Truth on the Mkt. (3 Sept. 2025), https://truthonthemarket.com/2025/09/03/comparing-the-eu-dma-to-the-search-query-data-sharing-remedy-in-us-v-google.

[21] Preliminary Measures, supra note 1, ¶ 3.

[22] DMA, supra note 2, recital 61.

[23] Michael Barbaro & Tom Zeller, Jr., A Face Is Exposed for AOL Searcher No. 4417749, N.Y. Times (9 Aug. 2006), https://www.nytimes.com/2006/08/09/technology/09aol.html.

[24] Chad Marlow & Jennifer Stisa Granick, Celebrating an Important Victory in the Ongoing Fight Against Reverse Warrants, ACLU (29 Jan. 2024), https://www.aclu.org/news/privacy-technology/fight-against-reverse-warrants-victory.

[25] Latanya Sweeney, Simple Demographics Often Identify People Uniquely 16 (Carnegie Mellon Univ. Data Privacy Working Paper No. 3, 2000).

[26] Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen & Vincent D. Blondel, Unique in the Crowd: The Privacy Bounds of Human Mobility, 3 Sci. Rep. 1376 (2013); see also Yves-Alexandre de Montjoye et al., Unique in the Shopping Mall: On the Reidentifiability of Credit Card Metadata, 347 Science 536 (2015).

[27] Cynthia Dwork & Aaron Roth, The Algorithmic Foundations of Differential Privacy, 9 Found. & Trends Theoretical Comput. Sci. 211, 214 (2014) (‘the Fundamental Law of Information Recovery states that overly accurate answers to too many questions will destroy privacy in a spectacular way’); see also Cynthia Dwork, Differential Privacy, in Automata, Languages and Programming 1, 1–12 (Michele Bugliesi et al. eds., 2006), https://doi.org/10.1007/11787006_1.

[28] Preliminary Measures, supra note 1, ¶¶ 13–22; Case Summary, supra note 1, at 3 (technical measures reduce re-identification risk ‘to a residual level without unnecessarily degrading the quality or usefulness of the search data’).

[29] Preliminary Measures, supra note 1, ¶¶ 38–39 (prohibiting re-identification, sessionisation, linking, and augmentation), ¶¶ 40–48 (imposing purpose limitation), ¶¶ 36–37 (requiring auditor verification).

[30] Case Summary, supra note 1, at 3.

[31] Regulation (EU) 2016/679 (GDPR), recital 26.

[32] Miko?aj Barczentewicz, Comments of the International Center for Law & Economics on the Joint Guidelines on the Interplay Between the Digital Markets Act and the GDPR, Int’l Ctr. for L. & Econ. (2025), https://laweconcenter.org/resources/icle-comments-on-the-interplay-between-dma-and-gdpr.

[33] Preliminary Measures, supra note 1, ¶ 2.

[34] See Barczentewicz, supra note 20 (observing that the privacy-utility trade-off depends on who receives the data and how many recipients there are).

[35] Preliminary Measures, supra note 1, ¶ 12 (requiring data to be made available for at least five years).

[36] Carl Shapiro & Hal R. Varian, Information Rules: A Strategic Guide to the Network Economy 3 (Harv. Bus. Sch. Press 1999); see also William J. Baumol & J. Gregory Sidak, The Pricing of Inputs Sold to Competitors, 11 Yale J. on Reg. 171 (1994).

[37] Anne Layne-Farrar, A. Jorge Padilla & Richard Schmalensee, Pricing Patents for Licensing in Standard-Setting Organizations: Making Sense of FRAND Commitments, 74 Antitrust L.J. 671 (2007); J. Gregory Sidak, The Meaning of FRAND, Part I: Royalties, 9 J. Competition L. & Econ. 931 (2013).

[38] Microsoft Corp. v. Motorola, Inc., 696 F.3d 872 (9th Cir. 2012); Microsoft Corp. v. Motorola, Inc., 795 F.3d 1024 (9th Cir. 2015); Unwired Planet Int’l Ltd. v. Huawei Techs. Co. [2020] UKSC 37; Optis Cellular Tech. LLC v. Apple Retail UK Ltd. [2025] EWCA Civ 552.

[39] Press Release, Eur. Comm’n, Commission Finds Apple’s App Store Rules Breach Digital Markets Act (23 Apr. 2025), https://ec.europa.eu/commission/presscorner/detail/en/ip_25_1085.

[40] Eur. Comm’n, For Public Consultation in Case DMA.100209 — SP — Alphabet — Article 6(11): Preliminary Measures ¶¶ 71, 72(i) (16 Apr. 2026), https://digital-markets-act.ec.europa.eu/document/download/b3aed7f6-c45c-4bfa-b032-b8975a48bb06_en [hereinafter Preliminary Measures].

[41] Sidak, supra note 37.

[42] Daniel F. Spulber & Christopher S. Yoo, On the Regulation of Networks as Complex Systems: A Graph Theory Approach, 99 Nw. U. L. Rev. 1687, 1711–12 (2005).

[43] Preliminary Measures, supra note 1, ¶ 78.

[44] Id. ¶ 79(b).

[45] Id. ¶ 75.

[46] Id. ¶ 74.

[47] Unwired Planet Int’l Ltd. v. Huawei Techs. Co. [2020] UKSC 37, ¶¶ 112–14; Valéria Silva, FRAND-Licensing Litigation Across the Atlantic, Int’l Ctr. for L. & Econ. (8 Apr. 2025), https://laweconcenter.org/resources/frand-licensing-litigation-across-the-atlantic-a-comparative-assessment-of-us-and-uk-jurisprudence-on-telecom-disputes.

[48] See supra notes 8-9 and accompanying text.