Skip to main content
European Commission logo
Research and innovation
European Centre for Algorithmic Transparency
Questions and answers13 December 2023Joint Research Centre5 min read

FAQs: DSA data access for researchers

Under article 40 of the Digital Services Act (DSA), vetted researchers will be able to request data from very large online platforms (VLOPs) and search engines (VLOSEs) to conduct research on systemic risks in the EU. 

Woman having a videoconference

 

What is the Digital Services Act (DSA)?

The Digital Services Act (DSA) is a new set of rules that regulate the responsibilities of online intermediaries, including platforms such as social media networks and online marketplaces. The aim of the DSA is to create a safer digital space where the fundamental rights of all users are protected. It sets out clear due diligence obligations for platforms according to their roles, size and impact on the online world. The DSA also establishes mechanisms for the removal of illegal content and the effective protection of users’ fundamental rights online, including freedom of speech.

The transparency and reporting obligations in the DSA create opportunities for stronger public oversight of online intermediaries, with a special set of obligations for those online platforms and search engines that reach an average of more than 45 million monthly users, which corresponds to around 10% of the EU’s population. These intermediaries are formally designated by the Commission as Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs).

Why is the DSA relevant to researchers?

The DSA includes a provision granting researchers unprecedented access to the data of very large online platforms and search engines when certain conditions are met. The aim is to enable a deeper understanding of the way society is shaped by the online world, as well as support effective oversight of DSA compliance.

Before the DSA, this type of data allowing independent research on systemic risks was based on voluntary initiatives by the online platform providers. This resulted in limited research possibilities for third parties to analyse and monitor the impact of platform providers’ choices on the online ecosystem.

Article 40 of the DSA requires providers of VLOPs and VLOSEs to provide access to their data for the purpose of conducting research that contributes to the detection, identification and understanding of systemic risks in the EU. Research can also contribute to the assessment of the adequacy, efficiency and impacts of risk mitigation measures taken by providers of VLOPs and VLOSEs.

Which platforms and search engines does Article 40 apply to?

Data access obligations apply to providers of designated VLOPs and VLOSEs.

What is a Digital Services Coordinator (DSC) and what is their role in helping researchers obtain access to data?

Digital Services Coordinators (DSCs) are independent authorities that must be appointed by each EU Member State at the latest by 17 February 2024. The DSCs are responsible for supervising DSA compliance of intermediary services established in their country. Another responsibility is to assess researchers’ applications for data access. They will also act as link between the researchers and the VLOPs/VLOSEs.

Researchers can either submit their application for data access to the DSC of the Member State of the research organisation they are affiliated to or directly to the DSC where the provider of the VLOP or VLOSE whose data they want to access is established. In either case, the decision whether to request data access on behalf of the researcher rests with the DSC of establishment of the respective provider of the VLOP or VLOSE. When a researcher applies to their “local” DSC, that DSC will transmit the application, together with an initial assessment of that application, to the DSC of establishment.

Who can gain access to VLOP and VLOSE data based on Article 40 of the DSA?

Article 40(8) of the DSA sets out the conditions that researchers must meet in order to obtain the status of “vetted researcher”. Researchers must demonstrate to the DSC that they:

They must also:

  • Disclose the funding of their research
  • Be able to fulfil data security and confidentiality requirements, as well as to protect personal data, and explain how they intend to do so
  • Explain how access to the data and the indicated timeline is necessary and proportionate to the purposes of the research
  • Propose  a research project that contributes to the understanding of systemic risks as laid out in Article 34(1) and/or to assess risk mitigation measures as outlined in Article 35.
  • Commit to making the research results publicly available, free of charge.

What research topics are supported by Article 40 of the DSA?

To gain access to VLOP and VLOSE data as a “vetted researcher”, the research proposed in the application to the DSC must contribute to the detection, identification and understanding of systemic risks in the EU and/or to the assessment of the adequacy, efficiency and impacts of risk mitigation measures.

The systemic risks under consideration, as outlined Article 34(1), are:

  • The dissemination of illegal content
  • Negative effects for the exercise of fundamental rights, in particular the rights to; 
    • Human dignity
    • Respect for private and family life
    • Protection of personal data
    • Freedom of expression and information
    • Non-discrimination
    • Respect for the rights of the child
    • A high level of consumer protection
  • Negative effects on civic discourse and electoral processes, and public security
  • Negative effects in relation to
    • Gender-based violence
    • Protection of public health and minors
    • Serious negative consequences to personal physical and mental well-being.

If I am not a “vetted researcher” what data can I access?

Providers of VLOPs and VLOSEs have to give researchers who meet the following sub-set of conditions of “vetted researchers” access to publicly accessible data without undue delay. If it is technically possible, they should provide real-time data.

For this type of access, the researcher must be independent from commercial interests, disclose the funding of their research, be able to fulfil data security and confidentiality requirements, and explain how access to the data and the indicated timeline is necessary and proportionate to the purposes of the research. The data must also be used solely for performing research that contributes to the detection, identification and understanding of systemic risks in the Union.

When will researchers be able to apply for data access?

Researchers will be able to apply for access to data once Member States have appointed their respective Digital Services Coordinators and a forthcoming delegated act which lays down the specific conditions under which VLOPs and VLOSEs are to provide data is adopted. A call for evidence to inform the work on the delegated act took place in spring of 2023, and an analysis of the responses was published in November. The delegated act is set to be adopted in 2024.  

Details

Publication date
13 December 2023
Author
Joint Research Centre