EC Will Give Researchers Access to Large Platforms' Internal Data to Ensure DSA Compliance
Qualified researchers would gain access to the internal data of companies designated as very large online platforms (VLOPs) and search engines (VLOSEs) under the EU Digital Services Act (DSA). The new access stems from part of a "delegated act," the European Commission announced Wednesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The initiative is a milestone in DSA enforcement because it gives researchers a statutory route to access platform data, EC officials said at a briefing Wednesday in Brussels.
Companies classified as VLOPs under the DSA include Bing, Facebook, Google, LinkedIn and YouTube.
Access from the delegated act's rules will help researchers study the impact of platform practices on society and users, showing which are risky and what platforms are doing to mitigate them, EC officials said. For example, research could involve examining societal polarization, civil discourse and hate speech.
The rules clarify how VLOPs and VLOSEs should share data with qualified researchers and provide legal and technical requirements for data access, the EC said. They also create an online DSA data access portal where researchers can find information and communicate with VLOPs, VLOSEs, national authorities and digital services coordinators, which help the EC monitor and enforce the DSA.
The European Parliament and Council have three months to review the delegated act, after which the first researchers can submit their applications, the EC said.
The DSA governs providers of intermediary services such as social media, online marketplaces, online platforms with at least 45 million active monthly users in the EU and very large search engines (see 2311100001).
Among other requirements, VLOPs must analyze the systemic risks they create when they disseminate illegal content or the harmful effects such content has on fundamental rights (see 2210040001).
Officials listed non-public information such as content, interactions among platform users, and tests platforms conduct on potential new services as the type of content researchers could access.
Researchers seeking access to a platform's data must be vetted by a digital service coordinator, officials said. Once approved, the researcher sends a request to a platform, which has 15 days to decide whether it has the data requested and whether it's too risky to disclose it. If the parties can't agree, there's a mediation process, which could lead to court proceedings, officials said.
The vetting is intended to balance the right of legitimate researchers to access platforms' internal data against potential bad actors who could jeopardize data protection, trade secrets and other protected rights, officials said.
Non-European researchers can make data requests, but such requests must apply only to risks in the EU, officials said. Non-EU researchers could have a harder time proving they comply with other EU laws like the General Data Protection Regulation, but the EC won't lower its standards for non-European researchers, officials said.