The European Commission has taken action, requesting information from 17 platforms in accordance with the bloc’s Digital Services Act. These requests are specifically related to the obligation that platforms give data access to researchers investigating systemic risks within the European Union.
The list of platforms, referred to as very large online platforms (VLOPs) and very large online search engines (VLOSEs), that have been sent requests for information (RFIs) is as follows:
- AliExpress
- Amazon Store
- iOS App Store
- Bing
- Booking.com
- Google Search
- Google Play
- Google Maps
- Google Shopping
- Snapchat
- TikTok
- YouTube
- Zalando
In a press release, the Commission stated that these VLOPs and VLOSEs are being asked to provide more information on the measures they have taken to comply with the DSA’s obligation to give access to publicly accessible data on their online interface to eligible researchers without delay.
The Commission emphasized the importance of researchers having access to data in order to ensure accountability and public scrutiny of platform policies. This access is crucial for the goals of the DSA, especially with upcoming events such as national and EU level elections, as well as ongoing monitoring of illegal content and goods on online platforms.
At this point, it is quicker to list the VLOPs that have not yet received RFIs for data access from researchers. These platforms include: Pornhub, Stripchat, Wikipedia, X/Twitter, and XVideos.
However, it is worth noting that X (Twitter) is already under investigation in the EU for data access violations. This is part of a formal investigation proceeding that the Commission opened last month, which also looks into content moderation and risk management, among other concerns. The trio of porn sites were only recently designated as VLOPs, so the EU’s assessment of their compliance is likely less advanced.
So far, the Commission has designated a total of 23 VLOPs. 19 were named in April of last year and three (the porn platforms) were named last month.
Therefore, Wikipedia stands out as the only VLOP that is complying to some extent with providing data access to researchers. This may reflect operational differences between the not-for-profit platform, which does not rely on algorithms and makes information about user contributions and edits publicly available by default, and commercial platforms that use proprietary code and AI to drive engagement for profit.
The latter group is likely to be hesitant to allow outsiders to probe how their money-making technologies may negatively impact society. However, the DSA stipulates that they must facilitate data access for research into systemic risks such as disinformation, child safety issues, gender-based violence, and mental health concerns.
While 17 RFIs may seem like significant regulatory action, we are still in the early stages of the Commission’s oversight of data access for research. Furthermore, the 17 VLOPs/VLOSEs that received RFIs today are not yet under formal investigation for this element of their compliance. However, regulators clearly feel the need to obtain more thorough answers than those provided so far.
The platforms that received RFIs have until February 8 to respond to the EU with the requested information. The Commission will then determine next steps based on their assessments of the replies.
It is important to remember that confirmed breaches of the DSA can result in penalties of up to 6% of a platform’s global annual turnover. The Commission also has additional powers it can use to crack down on repeat offenders. However, the EU only began its DSA oversight for larger platforms at the end of August, so it is still early days for the enforcement of the bloc’s new internet governance regime.
Previous RFIs sent by the EU to VLOPs have focused on a number of other areas, including disinformation risks during the Israel-Hamas war, child safety concerns, election security issues, and consumer protection.