Meta and TikTok are obstructing researchers' access to data, EU commission rules
47 comments
·October 29, 2025paxys
pms
Long story short, this "research" and data access wouldn't be allowed under the DSA, because (i) the researcher didn't provide any data protection safeguards, (ii) his university (and their data protection officer) didn't assume legal liability for his research, (iii) his research isn't focused on systemic risks to society.
loeg
Platforms (reasonably!) do not trust random academic researchers to be safe custodians of user data. The area of research focus and assumption of liability do not matter. Once a researcher's copy of data is leaked, the damage is done.
verst
As I recall it Cambridge Analytica was a ton of OAuth apps (mostly games and quizzes) requesting all or most account permissions and then sharing this account data (the access for which had been expressly (foolishly) granted by the user) with a third-party data aggregator, namely Cambridge Analytica. Only this re-sharing of data with a third party was against Facebook Terms of Service.
I would not classify Cambridge Analytica as research. They were a data broker that used the data for political polling.
paxys
From https://en.wikipedia.org/wiki/Cambridge_Analytica
> The New York Times and The Observer reported that the company had acquired and used personal data about Facebook users from an external researcher who had told Facebook he was collecting it for academic purposes.
tguvot
link from sentence that you copy pasted https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Ana...
The data was collected through an app called "This Is Your Digital Life", developed by data scientist Aleksandr Kogan and his company Global Science Research in 2013.[2] The app consisted of a series of questions to build psychological profiles on users, and collected the personal data of the users' Facebook friends via Facebook's Open Graph platform.[2] The app harvested the data of up to 87 million Facebook profiles
shakna
Which is why the EU doesn't use a letter-of-the-law system, and also have an ethics regulation system.
So it falls on those misusing the data, unless you knew it would be misused but collected it anyway.
Golden rule: Don't need the data? Don't collect it.
pms
Republicans and Elon Musk have become very skilled at exerting political influence in the US [1] and Europe [2] through social media in ways the public isn't really aware of. Is this really that far from the goal of Cambridge Analytica of influencing elections without people's knowledge? Is it fine for large online platforms to influence election outcomes? Why wouldn't an online platform be used to this end if that's beneficial for it and there is no regulation discouraging it?
[1] https://www.techpolicy.press/x-polls-skew-political-realitie...
_--__--__
I don't think you get it: the EU has a law that says these researchers need to find casus belli to wrestle the norms of online freedom of speech away from American corporations. Therefore they get to request data on every account that has ever interacted with certain political parties on those platforms, as a treat.
dmix
I'd hate to be the engineer that has to deal with these requests. Not even a formal government investigation, just any number of random 3rd party researchers demanding specialized access.
pms
If applications and datasets are fragmented, then that's going to be a nightmare for all stakeholders, including:
* researchers, because they will have to write data access applications, including a sufficient description of planned safeguards, detailed enough to the point that their university is ready to take a legal liability (and you can imagine how easy this will be), and
* digital service coordinators, because it will take ages for them to process applications from thousands of researchers each requesting a slightly different dataset.
In the end, we need to develop standardized datasets across platforms and to streamline data access processes so that they're safe and efficient.
paxys
Engineers don't deal with the requests, lawyers do. No regular engineer at any big tech company is ever going to be in a position where they are responsible for such decisions.
lanyard-textile
Legal will be the face of it, but engineers often handle the actual underlying request.
Over a couple large public companies, I’ve had to react to a court ruling and stop an account’s actions, work with the CA FTB for document requests, provide account activity for evidence in a case, things like that.
thrwaway55
Uhhhhhhhh who do you think builds those tools to enforce the things legal stamps.
Delete all docs we aren't legally required to retain on topic Y before we get formally subpoena'd. We expect it to be on XXX based on our contact.
Nextgrid
The key is to make all the data public so there is no concept of “specialized access” and then you’re golden.
consumer451
> Engineer
Let me know when devs get stamps that make them legally liable for their decisions. Only then will that honor be applicable to software.
tdb7893
Most of my friends are mechanical or aerospace engineers and it's all the same job in a different medium (many do a significant amount of software as part of their work). They don't have stamps and aren't any more legally liable than we are and staying we aren't engineers just seems to be a misunderstanding of what engineering is.
consumer451
I grew up in a structural and civil engineering family. My issue is that there is no path to "professional engineer" or "architect" in software, which as a Hammurabi old, makes me suspect of the entire profession. I am involved in software dev, and I would never call it engineering. This might be niche semantics, and yet it feels very important to me.
https://en.wikipedia.org/wiki/Regulation_and_licensure_in_en...
nothrowaways
They left out X because he will bitch_ about it to his 600 million followers lol.
nothrowaways
Interesting times
ggm
American corporations don't want to accede to european rules about access to data, but it would be grossly simplistic to say all the problem lies on either side. I am not an EU resident but I tend to think there are sound reasons for some of what they want, and as American corporate entities the majors are bound in some tricky issues around US state department expectations, FTC expectations, but it isn't just trade, it's also civil liberties and privacy-vs-security political autonomy issues.
I would have preferred the companies like this emerged as federated entities and european data stayed in european DC and was subject to european laws. I think it would have avoided a lot of this, if they had not constructed themselves to be a single US corporate sheild, with transfer pricing on the side to maximise profit.
nothrowaways
Hi X
Workaccount2
Europe doing everything possible to scare away modern industry.
pms
I hope it's quite the opposite, since this can lead to innovation as we figure out how to depolarize social media platforms or how to develop more politically neutral online media.
mc32
I agree on the need for depolarization (go back to timelines and get rid of recommendation engines) but once you cede control of content to government eve if it's "nuke that misinformation" you will end up being a mouthpiece for the government in power -whoever it be. Look at how "innocent" embeds wholly shaped the messaging on Covid and how they sidelined all dissent (lots of people of renown and stature within relevant disciplines)
pms
That's a great point. I agree that's a danger, but please note DSA doesn't cede the control of content to government, but rather it creates an institution of (national) Digital Service Coordinators (DSCs) that decide whether a researcher's access to data is well-reasoned. In most cases that institution will be in a different country (the country of company's EU's HQs) than the researcher. That said, there could be malicious players involved, e.g., researchers and respective DSCs secretly recruited by a government to influence elections. This, however, sounds implausible, since in principle both the DSCs and researchers are independent from national governments.
Also, we can have depolarized recommendation algorithms. We don't need to go back all the way to timelines.
anigbrowl
What's the product of this industry? It certainly generates huge negative externalities.
pms
Republicans and Elon Musk have become very skilled at exerting political influence in the US [1] and Europe [2] through social media in ways the public isn't really aware of. Is this really that far from the goal of Cambridge Analytica of influencing elections without people's knowledge? Is it fine for large online platforms to influence election outcomes? Why wouldn't an online platform be used to this end if that's beneficial for it and there is no regulation discouraging it?
[1] https://www.techpolicy.press/x-polls-skew-political-realitie...
abtinf
Chat Control is a never ending battle.
hexage1814
Do their own scraping, for God's sake.
pms
Except platforms don't allow it and have sued for it...
Esophagus4
It's a shame the legal system favors big money, because courts typically rule that scraping public data is not against the law[1]. In spite of how much the platforms protest.
Sadly, big companies can bully the scrapers with nuisance lawsuits as long as they wear the scrapers down in legal costs before it gets to trial.
[1]https://www.proskauer.com/release/proskauer-secures-dismissa...
loeg
Good!
user3939382
These services shouldn’t exist in the first place.
charcircuit
Allowing mass scraping like researchers want will further push people away from public platforms towards private group chats like Discord.
SilverElfin
Sorry but this sounds like a privacy nightmare. No one should trust random researchers with mountains of data. They clearly won’t know how to secure it. But also the angle of trying to police information and elections is disturbing, especially after several instances of the EU interfering in elections in recent times.
anigbrowl
The platforms themselves strike many as a privacy nightmare. I'm not aware of any mass data breaches that can be attributed to poor academic security in recent memory.
instances of the EU interfering in elections
Do tell.
loeg
Eh. Users choose to use the platform. Users concerned about privacy don't have to use it.
How can I, an end user who doesn't trust the ability of these researchers to keep my data private, prevent the platform from sharing my data with them?
anonymousDan
You talk as if the US hasn't attempted to interfere in elections.
If online ads can be trivially used by big US tech companies to sway our elections using misinformation without it being observable to anyone or possible to refute (as would be the case for newspaper or TV ads) then why shouldn't it be monitored?
andsoitis
Can you tell us more about how big tech had used ads to sway elections?
Also, minor detail, TikTok in the EU is not US.
pms
I don't think it's about the US in its entirety, nor ads, but Republicans and Elon Musk have become very skilled at exerting political influence in the US [1] and Europe [2] through social media in ways the public isn't really aware of:
[1] https://www.techpolicy.press/x-polls-skew-political-realitie...
Remember that Cambridge Analytica was "research" as well. Laws like these sound good on paper, but it's the company that has to deal with the fallout when the data is used improperly. Unless the government can also come up with a fool proof framework for data sharing and enforce adequate protections, it's always going to be better for the companies to just say no and eat the fines.