Long before AlgorithmWatch was forced by Facebook to shut down our Instagram monitoring project in 2021, we urgently advocated for a Digital Services Act (DSA). The DSA empowers qualified researchers and watchdog organizations working in the public interest with the legal means to access and analyze data which is held by major online platforms.
It was clear to us then, as it is now, that platforms cannot be relied upon to voluntarily share data with independent researchers in a consistent or meaningful way. This has been a major impediment to uncovering and holding them accountable for the potential risks that their algorithmic systems pose to individuals and society.
With Article 40 of the DSA, we now have a potentially groundbreaking data access framework to fix this status quo. Article 40 promises to force the largest online platforms and search engines to share data with vetted researchers for the purpose of detecting and analyzing so-called systemic risks that are linked to the design and functioning of platforms' algorithmic systems—risks like negative effects on electoral processes, on public debates, or on public health.
Enabling data access for researchers in this way is a crucial step toward more informed public scrutiny and regulatory oversight of these major platforms. But how will the DSA’s data access rules for researchers actually work in practice?
Enter the European Commission, which is now working to clarify, with formal inputs from the research community and civil society, key technical and procedural aspects of Article 40. After reviewing the evidence from these stakeholders, the Commission will lay out its data access guidelines in a “Delegated Act” to specify, among other things, the kinds of data platforms must actually produce, and how data should be made accessible to vetted public interest researchers in a privacy-protecting manner.
AlgorithmWatch’s submission to the European Commission’s call for evidence centers on six main areas to help inform a strengthened data access framework: 1) empowering a broad base of vetted researchers, 2) governance documentation as data, 3) vetting exemption requests, 4) defining and ensuring reliable access to publicly available data, 5) protecting independent research from platform abuse, and 6) independent advisory mechanisms to support data access applications & vetting.
We conclude by calling for an inclusive and iterative process to further develop data access structures and guidelines going forward.