Mathias Vermeulen is a director and Laureline Lemoine is senior associate at AWO, an agency that helps a range of organizations with navigating the complex new policy areas posed by emerging technologies.
Last week the European Commission designated 17 online platforms, including Instagram, YouTube, Pinterest, Snapchat, TikTok and Twitter, as “very large online platforms,” while Bing and Google Search were designated as “very large online search engines” according to the EU’s Digital Services Act (DSA). This is important because these companies will now have to comply with the DSA’s most stringent transparency obligations, which include a legal obligation for these 19 companies to provide access to data to national regulators, independent researchers and civil society organizations.
Article 40 of the DSA has the potential to become the sleeping giant of the legislation, as it will allow third parties to request data from platforms to scrutinize a broad range of ‘systemic risks’ (as defined by the DSA) that could be facilitated by the design or functioning of their services. The systemic risks that the DSA lists are broad in scope, and include harms such as the dissemination of illegal content (as defined by the laws of EU member states) and negative effects on fundamental rights, electoral processes, gender-based violence, public health, and the wellbeing of minors.
While the main conditions for researcher access and the obligations of the actors involved are generally set out in the DSA, there are still a number of hard questions that need to be answered before the EU can arrive at an easy, practical and clear process for data access. Some of these questions will be answered in a so-called ‘Delegated Act’ which will add meat to the bones of some of the abstract provisions in the DSA. That ‘Delegated Act on Access to Data’ will see the light of day in 2024.
Now, the European Commission has launched a consultation to get input on how best to set up this complex framework. It is particularly interested in four broad categories of questions:
- Data access needs: what types of data, metadata, data governance documentation and other information about data can be useful for researchers?
- Data access application and procedure: how could an application process to request data work in practice? How could researchers be vetted in a consistent way? Which safeguards are needed to prevent abuse?
- Data access format and involvement of researchers: What technical specifications could be considered for data access interfaces?
- The processes and mechanisms to facilitate access to publicly available data.
The Commission suggests respondents should be familiar with both the European Digital Media Observatory (EDMO) report on platform-to-researcher data access under Article 40 of the General Data Protection Regulation (GDPR) and the Code of Practice on Disinformation. The Commission hopes to hear from research organizations, civil society organizations, fact-checkers, national authorities “and other competent authorities” and ministries, EDMO and its hubs, and “potential providers of very large online platforms and very large online search engines.”
This is an opportunity to shape platform regulation in a very concrete way – not only in the EU, but via the ‘Brussels effect’ also, perhaps, in other jurisdictions. The consultation lasts until May 23, 2023.