Access to data for authorized researchers

Researchers from universities, research centers, or other entities may request access to data from Very Large Online Platforms (hereinafter VLOPs) or Very Large Online Search Engines (hereinafter VLOSEs), in accordance with Article 40 of the Digital Services Act (hereinafter DSA). 

To do so, they must be certified by the Digital Services Coordinators (hereinafter DSCs) of the Member States —in the case of Spain, the CNMC— and demonstrate that they will carry outstudies contributing to the detection, identification, and understanding of systemic risks in the European Union (EU) and the measures required to mitigate them. Systemic risks affect fundamental rights, such as freedom of information or cthe rights of minors, public health and safety, electoral processes, the dissemination of illegal content, etc.
 

What type of data can be requested?

1. Public data (Article 40.12): Researchers who meet the criteria may request access to data directly from the platform or the search engine; for example, access to a content library or the publications API
2. Non-public data, known as “access to data for authorized researchers” (Article 40.4): Researchers authorized by the corresponding DSC, after meeting the criteria established in Article 40.8 of the DSA, can request access to non-public data. Access must be limited, necessary, and proportional to the research purpose.

How can I access public data under the DSA (Article 40.12)?

Before applying to the DSC for authorised researcher status, researchers must assess whether access to public data is sufficient to carry out their research.

To request access to public data, researchers who meet the requirements of Article 40.12 must contact the platform or search engine (VLOP or VLOSE) directly. Both should provide information on how to request this type of access on their websites. 

It is important to note that the CNMC cannot submit requests for access to public data on behalf of researchers.

 

How can I access non-public data under the DSA (Article 40.4)?

Only authorized researchers can access non-public data. 

How can I acquire the status of authorized researcher?

A duly justified application must be submitted via the European Commission’s dedicated (DSA Data Access Portal). There are two possible ways to obtain the status of authorized researcher:

1. Submit the application to the DSC of the Member State where the organisation wishing to carry out the research is located.
2. Or submit it directly to the DSC of the EU country where the platform or search engine is located (VLOP or VLOSE).
   In any case, the DSC of the country where the platform is established is ultimately responsible for granting authorised researcher status

In any case, the DSC of the country where the platform is established is ultimately responsible for granting authorised researcher status.

Within 80 working days of the submission of a request for access to data, the DSC of the country where the platform or search engine (VLOP or VLOPSE) is established may:

• Formulate a reasoned request, submit it to the platform or search engine (VLOP/VLOSE) and notify the principal investigator of the submission of the reasoned request.
• Inform the principal investigator of the reasons why the reasoned request could not be made.  
  Authorised researcher status is granted solely for the specific research projects referred to in the application.

What are the requirements for acquiring the status of authorised researcher?

The DSC of the institution shall grant such researchers the status of authorised researchers when the researchers demonstrate that they meet all the conditions set out in Article 40.8 of the DSA.

These criteria are summarised below (however, it is recommended that you consult the detailed requirements in Article 40.8 itself):

• Be affiliated with a research organisation, as defined in Article 2(1) of Directive (EU) 2019/790. 
• Be independent from a commercial perspective.
• Declare how the research is funded.
• Be able to comply with the specific requirements regarding the security and confidentiality of the requested data and the protection of personal data, and describe the appropriate technical and organisational measures that have been implemented for this purpose.
• Request access to data that is necessary and proportionate for the purposes of the research.
• The proposed research must be carried out with the aim of contributing to the identification, determination and understanding of systemic risks in the EU as described in Article 34(1), and to the assessment of risk mitigation measures pursuant to Article 35.
• Undertake to make the results of the research publicly available free of charge within a reasonable period of time following its completion.
  
   

Where can I get more information?

• Data Access Portal
• Delegated Act of the European Commission
• CNMCblog: Accredited researchers will be able to access the “insides” of Google, Facebook, TikTok, and other large platforms
• accesoadatosDSA@cnmc.es