Is Qwant search engine fully private and GDPR-compliant?

1. Qwant’s privacy pitch — what the company says

Qwant’s public messaging and product pages present a clear proposition: searches are private, search history is not stored or sold, and services are hosted in Europe to preserve user privacy ^{[1] [2]}. The Qwant app and marketing repeatedly promise “no storage of your search history, no resale of your data” and position the engine as an alternative to tracking-dependent incumbents ^{[5] [2]}.

2. Independent reporting and reviews — mostly positive but cautious

Multiple security/privacy blogs and review sites describe Qwant as a privacy-focused, legitimate search engine that avoids profiling or selling user data, and they recommend it as a reasonable option for privacy-conscious users ^{[6] [7]}. Tech press pieces and product roundups note Qwant’s use of first‑party crawling and efforts to reduce reliance on US backend providers, which supports its privacy narrative but does not by itself prove full compliance ^{[8] [9]}.

3. Regulatory pushback — CNIL’s 2025 formal reminder

French regulators have not accepted Qwant’s privacy claims uncritically. In February 2025 CNIL issued a formal reminder noting that data Qwant processed and shared with Microsoft should be treated as personal data rather than anonymous, and that Qwant had omitted disclosure of advertising purposes and the legal basis for transfers in its privacy policy ^{[3] [4]}. That intervention shows regulators see gaps between Qwant’s marketing and how data flows actually operate.

4. Technical and vendor realities — why “no tracking” can be complicated

Independent accounts and reporting say Qwant historically leveraged Microsoft/Bing for backend indexing and for some features like images; that dependency creates data flows to third parties and raises questions about whether query anonymization meets regulators’ standards ^{[3] [8]}. Qwant and partners have since worked to build a European index (Staan) to reduce reliance on U.S. providers, an architectural move framed as both privacy and sovereignty improvement ^[9].

5. GDPR compliance: legal test vs. marketing claim

GDPR compliance is not a binary marketing claim; it requires documented legal bases, transparency about processing, third‑party risk management, and demonstrable accountability measures such as data processing records and lawful transfer mechanisms ^{[10] [11]}. The CNIL action indicates Qwant had at least one compliance gap in disclosure and legal-basis description related to transfers to Microsoft ^{[3] [4]}. Available sources do not mention whether CNIL imposed fines or corrective measures beyond the formal reminder ^[3].

6. What the CNIL finding practically means for users

CNIL’s position that Qwant’s transfers were personal data rather than anonymous data means those transfers must meet GDPR standards (transparency, legal basis, safeguards). For users, that creates a difference between a marketing promise of “we don’t track you” and a regulator’s view that some data handling still requires GDPR-style safeguards and disclosures ^{[3] [4]}. Sources do not report that Qwant was found to have unlawfully profited from or sold user data; the issue was disclosure and classification of data ^[3].

7. Qwant’s remediation and strategic response

Qwant has publicly pursued technical and business strategies to address dependence on external indexes — notably partnering with Ecosia to build a Europe‑centric index (Staan) to process more queries inside Europe and frame the product as privacy‑first and GDPR-aligned ^{[9] [8]}. Company pages emphasize continued promises of no search-history storage and European hosting, signaling both product and compliance priorities ^{[2] [1]}.

8. How to evaluate Qwant for yourself — practical checks

If GDPR compliance is essential to you, check Qwant’s current privacy policy and any CNIL updates: regulator findings hinge on how transfers and ad purposes are disclosed ^{[3] [4]}. Watch technical changes such as the rollout of Staan (which started serving queries in France in August 2025) as a signal of reduced third‑party transfers ^[9]. Independent audits or regulator follow-ups would be the strongest confirmations; available sources do not cite a public third‑party audit report of Qwant’s full privacy practices (not found in current reporting).

9. Bottom line — nuanced reality, not absolute privacy

Qwant is a European search engine built and marketed around privacy, with real technical steps taken to localize indexing and reduce external dependencies ^{[1] [9]}. Regulators have flagged specific GDPR-related disclosure and classification issues with Microsoft transfers, demonstrating Qwant’s marketing claim of “fully private” is challenged by legal scrutiny; full GDPR compliance is a process of documentation, controls, and regulator satisfaction, not just a slogan ^{[3] [4]}.