Abbreviations:
DSA: Digital Services Act, a regulation of the European Union, as such directly applicable law within the member states of the European Union, which contains regulations on online platforms and search engines
VLOP/s: Very large online platform/s are platforms with more than 45 million users per month in the European Union, only these fall under the regulations of the Digital Services Act.
VLOSE/s: Very Large online search engine/s, are search engines with more than 45 million users per month in the European Union, only these fall under the regulations of the Digital Services Act.
(List of VLOPs in the EU)
To which platforms does the right to access research data under the DSA apply?
According to the DSA, the so-called Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) are obliged to provide researchers with their data. The European Commission provides a list of providers that are considered VLOPs and VLOSEs. Smaller platforms or search engines are not obliged to grant researchers access to data under the DSA regulations.
How can I apply for data access?
Access to non-public data from VLOPs is only granted to so-called “vetted researchers”. To obtain the status of vetted researcher, researchers must submit a request to the Digital Services Coordinator. Researchers can submit the request either in the EU Member State of the research organization or to the coordinator of the Member State in which the VLOPs from which the data is required are established. If the request is submitted to the coordinator of the researchers' Member State, the coordinator will carry out an initial check of the formal requirements. If these are fulfilled, the request is sent to the responsible coordinator in the Member State where the VLOPs are established. The latter makes the final decision on the status as a vetted researcher.
Under what conditions can I apply for access to research data?
According to Art. 40 para. 4 DSA, the entitlement is subject to several conditions:
Research purpose/research reason
The research must serve to detect, identify and understand so-called systemic risks in the European Union. The term systemic risks is defined in Art. 34 DSA and can therefore be understood very broadly. Systemic risks include, for example, the dissemination of illegal content, actual or foreseeable negative effects on certain fundamental rights (e.g. human dignity, respect for private and family life, non-discrimination, etc.), social discourse, electoral processes, public security or in relation to gender-based violence or public health and consumer protection.
Research institution
In addition to the prescribed research purpose, researchers must belong to a research institution. According to the DSA, which refers to the EU Copyright Directive in this regard, research institutions are first and foremost universities, including their libraries and research institutes. Civil society organizations that conduct scientific research with the primary aim of supporting their mission in the public interest are also considered research institutions. Furthermore, research institutions must not be profit-oriented or must reinvest all profits back into scientific research. If this requirement is not met, a research mission in the public interest recognized by an EU member state can also qualify organizations as a research institution.
Independent of commercial interests
Researchers must be independent of commercial interests. This is not the case if, due to personal financial dependencies, a serious and planned attempt to establish the truth cannot be expected.
Purposes of access to research data
Researchers must demonstrate that the data requested and any time limits set in the request for access to research data are necessary and proportionate. In other words, that they need the requested data to answer the research question. Furthermore, the scope of the data access must not be disproportionate to the legitimate interests of the VLOPs and their users, for example with regard to business secrets or personal data.
Funding and data protection
The research must already be funded and the researchers must be able to deal with the data security and confidentiality requirements of the requested data. To this end, researchers must present appropriate technical and organizational measures. The GFF will develop corresponding sample documents for researchers and make them available for download here.
What must the request for admission as a researcher under the DSA contain?
The request for recognition as a vetted researcher must contain proof or a description of all the necessary requirements for an application for research data access (see question 3.). In addition, the researchers must commit to publish their research results within a reasonable period of time after the research work.
When does access to research data end?
The coordinator for digital services, who has decided on the status as an vetted researcher, also decides on the termination of access to research data. Before the end of the research work, he or she can deny access again if one of the requirements is no longer met.
How do I get access to public data from the platforms?
Researchers can submit a request for access to publicly accessible data directly to the VLOPs. Prior contact with the Digital Services Coordinator is not necessary. Researchers must belong to a research institution (see question 3) or have some other connection to non-profit institutions, organizations or associations in connection with their research. They must also be independent of commercial interests (see question 3). The research must serve the purpose of detecting, identifying and understanding systemic risks (question 3) and the necessary data security must be guaranteed by the researchers. The request for data access must also include proof of funding for the research.
Many VLOPs already provide standardized requests for research data access or tools for accessing public data. An overview can be found here, for example.