Twitter Alludes to Implementing Article 40, DSA (Data Access & Scrutiny)

By Pim ten Thije

Last week, short-form social medium platform Twitter announced it is opening up its ‘Twitter Moderation Research Consortium’ to applications by a group of verified researchers. As the entry into force of the Digital Services Act to VLOPs is rapidly approaching, we keep an eye out at the DSA Observatory for early implementations of the regulation’s new rules by online platforms. Twitter’s actions can be its first steps to implementing the DSA’s rules regarding ‘Data Access and Scrutiny’ under Article 40. 

In short: Twitter is accepting applications for datasets regarding “disclosures of persistent platform manipulation campaigns and information operations” prohibited by its platform manipulation and spam policy. Applicants to the ‘Twitter Moderation Research Consortium’ (TMRC) must be “an academic, journalistic, nonprofit, or civil society research organization”; have prior data-analysis experience; pursue public interest research; and sign a data-use agreement. These requirements do not entirely match those in Article 40 but can be seen as a first step toward implementing the DSA. 

This blog post first shortly recaps the obligations under Article 40 DSA. After that, it discusses how the DSA’s requirements and the Twitter Moderation Research Consortium compare and briefly touches on GDPR compliance. The Commission will clarify Article 40’s requirements in delegated acts later. Still, a temporary conclusion is that Twitter will need to provide access to more data and additional actors (Digital Service Coordinators and Commission) to comply with the DSA, either through other programs or by adapting the TMRC. However, TMRC shows that existing data access initiatives of online platforms can fit well within the DSA’s requirements.  

Article 40, Data Access and Scrutiny 

Article 40 of the DSA first and foremost provides access to data from online platforms and search engines to the Digital Services Coordinator and the European Commission. Platforms must provide access within a reasonable time “… to monitor and assess compliance with this Regulation.” (Article 40(1)-(3), (4)-(7). Additionally, platforms must provide access to ‘vetted researchers’ for one purpose only:  

“… for the sole purpose of conducting research that contributes to the detection, identification and understanding of systemic risks in the Union, () and to the assessment of the adequacy, efficiency and impacts of the risk mitigation measures (…).” – Article 40(4)

Vetted researchers must meet seven criteria in Article 40(8) to obtain data from VLOPs and VLOSEs under the DSA. These requirements mean that researchers: 

  • (a) must fall within the definition of a ‘research organisation’ in Article 2(1) Directive 2019/790 (or are not-for-profit bodies, organisations and associations (Article 40(12))). 
  • (b) be independent of commercial interests;  
  • (c) disclose their research funding;  
  • (d) must fulfil security and confidentiality requirements; 
  • (e) show their data request, time frames and expected results are in line with their research purpose; 
  • (f) promise to stick to their public interest research purpose 
  • (g) publish their results open access within a reasonable amount of time.

Furthermore, the DSA describes procedural requirements for an application as a vetted researcher (Article 40(9) & (11)) and revoking that status (Article 40(10)). VLOPs and VLOSEs must provide access to data “including, where technically possible, to real-time data provided that the data is publicly accessible in their online interface by researchers.” (Article 40(12)).  

Several other developments related to data access for research in the last months apply to (personal) data held by VLOPs and VLOSEs. The European Digital Media Observatory recently released a ‘Draft Code of Conduct for Platform-to-Research Data Sharing’, which details a GDPR-compliant data sharing process. Twitter participated in this report and signed the EU’s strengthened Code of Practice on Disinformation to share more data on disinformation. A commentary on the recent regulatory developments regarding data access is found here. 

Twitter’s TMRC vs DSA: similarities and differences 

Twitter’s implementation of the TMRC is not yet entirely in line with the DSA. Twitter requires applying researchers to match three of the DSA’s requirements roughly. They must have: 

  • a primary institutional affiliation (see (a) above),  
  • “Industry-standard plans and systems for safeguarding the privacy and security of the data” (see (d) above), and 
  • a specific public interest research use case for the data (see (f) above). 

Twitter ‘adds’ another fourth requirement: “prior experience and relevant skills for data-driven analysis”, something not explicitly required by the DSA. Also, Twitter does not grant access to TMRC to those with a primary government affiliation and, once vetted, explicitly prohibits sharing data with governments. 

Additionally, Twitter only makes a limited dataset available to those admitted to TMRC membership, although it tells the Silicon Republic that:   

“Over time, we intend to share similarly comprehensive datasets about other content moderation policy areas and enforcement decisions, such as data about tweets labelled under our misinformation policies.” 

The current dataset is still limited and includes:  

“… an archive of information operations datasets starting from 2018. (…) Once our teams have identified, removed and investigated these campaigns and any associated violative content, we share datasets with Consortium members.” 

Thus, only a small subset of Twitter’s data is available to researchers. Twitter also pre-processes the data and provides far from ‘real-time’ data access. That is, however, available to researchers via Academic Research Access to the Twitter API. 

On the other hand, Twitter currently allows more types of applicants for entry to TRMC than the DSA requires. The DSA only requires access for research organisations and not-for-profit bodies, organisations and associations. Twitter also explicitly welcomes journalistic and civil society organisations to apply. 

The Road Ahead 

Twitter’s Moderation Research Consortium will still need considerable changes in the available data (a broader scope) and the applicants it considers (including DSCs and Commission) to be fully compliant with the DSA. Twitter could of course also choose to create a different program to comply with Article 40 of the DSA. However, the Consortium shows how an existing research access program can fit into the requirements of the DSA regarding data access and scrutiny. 

The European Commission will lay down delegated acts regarding data access and scrutiny in the future. These will describe the technical conditions for providers of very large online platforms and search engines to share data and the “relevant objective indicators, procedures and, where necessary, independent advisory mechanisms in support of sharing of data” (Article 40(13)). Once the Commission has laid down the detailed rules, Twitter will have to revisit the TRMC and keep vigilant for compliance with the GDPR and other relevant regulations. 


More information on TMRC is here. Applications to join the Consortium can be filled here.