Report: Joint Submission to Public Consultation on the draft Delegated Act on Article 40

18.12.2024. Our Centre and DCU Institute for Future Media, Democracy and Society (FuJo) provided joint submissions to Public Consultation on the draft Delegated Act on Article 40. Authors are Eugenia Siapera, Przemyslaw Grabowicz, Jane Suiter, Susan Leavy, Eileen Culloty and Elizabeth Farries

Aomg other points, in our submission we advocate for the development of (1) a dataset categorisation system  and (2) associated safeguards and data access modalities for each data category. These suggestions will allow researchers and Digital Service Coordinators to agree on the appropriate safeguards and modalities, and further ensure that data providers and users privacy and other rights are protected.

Summary of the Delegated Act: 

The chief objective of the draft Delegated Act is to enable researchers and regulators to access data to study systemic risks and evaluate risk mitigation measures by VLOPs and VLOSEs. The Act aims to promote transparency and informed regulatory enforcement while protecting fundamental rights and platform confidentiality and trade secrets. It seeks to accomplish this by establishing the technical conditions and procedures for data-sharing, in order to ensure secure and effective implementation.

This is how the act envisages data sharing in five steps:

  1. Platforms create data inventories to show researchers what kinds of data are available
  2. The Commission establishes a Data Access Portal to facilitate exchanges between platforms, Digital Services Coordinators (DSCs), and researchers. The Data Access Portal operates as a platform managing the process to data access, enabling communication between researchers, data providers, and regulators. It is envisaged that the Data Access Portal will include public and restricted dashboards for data submission and access tracking.
  3. Researchers must submit evidence of affiliation with research institutions, independence from commercial interests, and adequate safeguards for data security and confidentiality. Vetted researchers must submit their application for accessing data, which should detail research projects, data needs, methodologies, and risk mitigation measures, as well as make a case that data could not be obtained in any other way.  
  4. DSCs will verify compliance, formulate reasoned requests, and define access terms. DSCs have five days to check that the researcher applications are complete or require further information. 
  5. Modalities for accessing data: direct transmission, secure environments, or other defined methods depending on the sensitivity of data and security requirements. Specific safeguards like encryption, controlled access, and logging must be implemented for sensitive data.

Disputes and mediation: platforms can request amendments to requests and if disputes arise they can be resolved through mediation. The process is initiated by platforms who select the mediator. 

Independent experts: The Digital Service Coordinators may request the assistance of experts on any part of the process, from data access and modalities of access to the formulation of reasoned requests. In addition, Digital Services Coordinators may consult independent experts to evaluate sensitive applications or propose alternative access solutions. 

To ensure transparency and accountability, overviews of reasoned requests and outcomes are to be published in the DSA data access portal for public accountability. The Act further includes provisions on compliance with data protection laws (GDPR) and safeguards against abuse, including protection of trade secrets. 

Read more on the Centre and FuJo’s recommendations and commendations on the pdf below.

Submission to public consultation on delegated act final

 

 

Skip to content