Vetted Researcher Data Access

There are two ways that researchers that are studying systemic risk in the EU can get access to data under Article 40 of the DSA. 

• Data under Article 40(12).  This is a process where a researcher who meets the relevant criteria can apply for access to publicly accessible data directly from a VLOP/VLOSE, for example, access to a content library or API of public posts.
• Data, known as “vetted researcher data access”, under Article 40(4)-(11). This is a process where a researcher, who has been vetted or assessed by a Digital Services Coordinator to have met the criteria as set out in DSA Article 40(8), can request access to data held by a VLOP/VLOSE. The data must be limited in scope and deemed necessary and proportionate to the purpose of the research.

How can I access publicly accessible data under the DSA (Article 40(12))?

Before applying for vetted researcher status, researchers must first assess whether public data access may be satisfactory to meet their research needs. 

To request access to publicly accessible data, you should apply directly to the VLOP/VLOSE you wish to obtain data from. Information on how to do this should be available on the VLOP/VLOSE’s own website. We cannot make a public data access request, relating to Article 40 (12), on a researcher’s behalf.

How can I access data under DSA (Article 40(4)-(11))?

What is a vetted researcher?

A vetted researcher is a researcher who:

• applies to a Digital Service Coordinator (DSC) for vetted researcher status;
• is formally awarded vetted researcher status by a DSC, having met the relevant criteria that are set out in Article 40(8); and 
• is granted permission to access the specified data they have requested for the purposes of completing the research outlined in their application. 

What are the requirements for submitting a Vetted Researcher Data Access application?

To be granted access to data held by a VLOP / VLOSE you must submit a detailed application to a Digital Services Coordinator which demonstrates that you meet the criteria as set out in Article 40(8) of the DSA. For your information we have summarised these criteria below. However, please look at the detailed requirements set out in Article 40(8). Each researcher will need to demonstrate:

1. You are affiliated to a research organisation, as defined by Directive (EU) 2019/790. 
2. You are independent from commercial interests.
3. You have disclosed the funding of the research.
4. You can fulfil the specific data security, data protection and confidentiality requirements for the requested data and have described the appropriate technical, organisational and legal measures that you have put in place.
5. Your access to the data and the time frames requested are necessary for, and proportionate to, the purpose of your research.
6. The planned research will be carried out for the purposes of contributing to an understanding of systemic risk and the assessment of risk mitigation measures in the EU.
7. You have committed to making your research results publicly available free of charge, within a reasonable period after the completion of the research.

How can I submit a Vetted Researcher Data Access application?

Coimisiún na Meán is responsible for awarding vetted researcher status and making a reasoned request for data on behalf of a vetted researcher for all applications made regarding VLOP/VLOSEs that are established in Ireland.

Applications must be submitted through the dedicated DSA Data Access Portal.

To create data access applications in the DSA Data access portal, each researcher needs to be registered with a user profile: Login 

See FAQs on how to apply as a researcher.

A researcher who wishes to access data from a VLOP/VLOSE established in Ireland can follow two possible routes to achieving Vetted Researcher status:

• Route 1: A researcher may submit their application to the Digital Services Coordinator of the Member State of the research organisation to which they are affiliated. This initial assessment will then be forwarded to Coimisiún na Meán, for final assessment.
• Route 2: A researcher can apply directly to Coimisiún na Meán (DSC of establishment)

Due to the high volume of applications expected for VLOP/VLOSEs established in Ireland, we would encourage EU based researchers to follow Route 1 as outlined above. 

Please note Coimisiún na Meán will assess applications and supporting documents submitted in English or Irish language only. 

Coimisiún na Meán Article 40.4-11 dedicated point of contact: [email protected]   

How can I prepare for submitting a Vetted Researcher Data Access application?

It is important to understand that your application will be assessed as a data access request and so you will need to show compliance with GDPR (General Data Protection Regulation) if requesting any personal data, as well as any other applicable legislation. Under the GDPR, a Data Protection Impact Assessment (DPIA) is mandatory where data processing “is likely to result in a high risk to the rights and freedoms of natural persons”. In cases where it is not clear whether a DPIA is strictly mandatory, carrying out a DPIA is still good practice and a useful tool to help data controllers comply with data protection law. You can find guidelines on this topic which have been endorsed by the European Data Protection Board.

We would encourage prospective applicants to consult with their research organisation’s Data Protection Officer (DPO) in advance of preparing an application.