The case concerned a request for public access to the risk assessment report for 2023 of a large social media platform on its compliance with the provisions of the Digital Services Act (DSA). The Commission refused access to the report, referring to exceptions under the EU legislation on public access to documents (Regulation 1049/2001). It considered that there was a general presumption that disclosure of the report would undermine the commercial interests of the platform as well as its ongoing investigation into the platform's compliance with its obligations under the DSA. Consequently, the Commission did not conduct an individual assessment of the report to determine its possible disclosure.

The Ombudsman found that it was unreasonable to apply a general presumption of non-disclosure to a risk assessment report prepared in the framework of the DSA. The Ombudsman considered that the circumstances in which the EU courts have recognised the possibility to use a general presumption are very different from the rules that apply to risk assessment reports. In view of this, the Ombudsman’s preliminary view was that the Commission’s reliance on a general presumption constituted maladministration.

When the Commission maintained its position, the Ombudsman confirmed her view that the reliance on a general presumption of non-disclosure constituted maladministration. She recommended that the Commission conduct an individual assessment of the risk assessment report at issue with a view to granting the widest access possible, in line with Regulation 1049/2001.

The Commission did not accept the Ombudsman’s recommendation and reiterated its position that it can generally be presumed that disclosure of the risk assessment report would undermine the protection of the purpose of its DSA investigation and the commercial interests of the platform concerned. It also took the view that it could not possibly assess whether the report contains any commercially sensitive information and that the interest pursued by the complainant was of a private nature.

The Ombudsman regretted the Commission’s reply. She remained unconvinced that a general presumption of non-disclosure could be applied to risk assessment reports drawn up under the DSA, including after a redacted version of the report has been made public by the platform concerned. The Ombudsman also considered that being able to scrutinise the compliance of a very large online platform with its obligations under the DSA constitutes a public interest in disclosure that the Commission should have balanced against the interests it sought to protect. Finally, the Ombudsman noted that assessing commercially sensitive information is part of the EU institutions’ obligations under Regulation 1049/2001.

Therefore, the Ombudsman closed the case confirming her finding of maladministration.

The case concerned a request for public access to documents held by the European Commission regarding possible exchanges or correspondence with Romanian authorities about the 2024 presidential elections in Romania. The Commission identified a set of documents pertaining to two investigations under the Digital Services Act (DSA) and refused access. Specifically, the Commission argued that the documents were covered by a general presumption of non-disclosure, and that disclosure would undermine the protection of the purpose of investigations and commercial interests of a company.

The complainant asked the Commission to review its decision, arguing that there was an overriding public interest in disclosure. When the Commission maintained its refusal to disclose the documents, the complainant turned to the Ombudsman.

The Ombudsman inquiry team inspected the documents at issue. The Ombudsman also asked the Commission to provide a detailed list of identified documents that could be shared with the complainant.

Based on the inspection, the Ombudsman found that it was reasonable for the Commission to refuse access to the requested documents, given their sensitive nature. While the Commission did not provide a detailed list of documents, during the inquiry, it described the category of documents concerned in more detail, which the Ombudsman found reasonable in the specific context of this case.

The Ombudsman therefore closed the case with the conclusion that no further inquiries were justified.

The complainant asked the European Commission for public access to the risk assessment report for 2023 of a large social media platform on its compliance with the provisions of the Digital Services Act (DSA). Annual reporting is part of the obligations of 'very large online platforms' under the DSA. The Commission refused access to the report, referring to an exception under the EU legislation on public access to documents (Regulation 1049/2001). Specifically, the Commission argued that it could be presumed that disclosure of the report would undermine the commercial interests of the platform as well as its ongoing investigation into the platform's compliance with its obligations under the DSA. The Commission thus did not individually assess the report in view of its possible disclosure.

The Ombudsman inquiry team inspected the report at issue. Based on the inspection, the Ombudsman shared her preliminary view with the Commission that it is unreasonable to apply a general presumption of non-disclosure to a risk assessment report drawn up under the DSA. The Ombudsman considered that the circumstances in which the EU courts have recognised the possibility to use a general presumption are very different from the rules that apply to risk assessment reports. In view of this, the Ombudsman’s preliminary view was that the Commission’s reliance on a general presumption constituted maladministration.

In reply to the Ombudsman, the Commission maintained its view, adding that the use of a general presumption had been justified also in light of the need to protect the purpose of the independent audit on the platform’s compliance with its obligations under the DSA that had been ongoing at the time of its decision on the access request.

The Ombudsman was not convinced that the need to protect the purpose of the audit was such as to justify the Commission’s application of a general presumption of non-disclosure. While the legislator linked the timeline for the proactive publication of the risk assessment report to the completion of the independent audit, this does not imply that requests for public access under Regulation 1049/2001 must be rejected before that date. Rather, if the platform concerned has not yet published the risk assessment report proactively when there is a public access request for its disclosure, the Commission should take this into account in its assessment under Regulation 1049/2001. If it is not clear whether public access can be granted, the Commission should consult the platform to obtain its views on whether any of the exceptions provided for in Article 4 of Regulation 1049/2001 might apply.

The Ombudsman thus found that the Commission’s application of a general presumption of non-disclosure to the risk assessment report at issue constituted maladministration. She recommended that the Commission conduct an individual assessment of the document with a view to granting the widest access possible, in line with Regulation 1049/2001.

The case concerned a request for public access to a case file related to allegations of corruption that the European Anti-Fraud Office (OLAF) had decided not to investigate. OLAF had refused access based on a general presumption of non-disclosure, arguing that disclosure would undermine the purpose of its investigations. The complainant contested OLAF’s application of a general presumption of non-disclosure. He also contended that there was an overriding public interest in disclosure.

Following the opening of the inquiry by the European Ombudsman, OLAF re-considered its position and provided the complainant with public access to the closing decision in the case at issue. The complainant considered that this addressed his access request but also said that OLAF should have provided additional explanations as to why it had refrained from opening an investigation.

The Ombudsman considers it unreasonable to apply a general presumption of non-disclosure to an OLAF decision closing a selection procedure where OLAF finds insufficient grounds for opening an investigation. The Ombudsman thus welcomed OLAF’s positive engagement with the complaint and commended OLAF for its willingness to resolve the matter. Given that this inquiry concerned solely OLAF’s refusal to provide public access, the Ombudsman took the view that the complaint has been resolved and closed the inquiry as settled.

The case concerned the Commission’s refusal to grant full public access to 11 ‘implementing decisions’ determining the individual ‘supervisory fees’ that providers of very large online platforms have to pay in accordance with the Digital Services Act. In refusing access, the Commission relied on one of the exceptions under the EU legislation on public access to documents, arguing that disclosure could undermine commercial interests. The complainant challenged the use of this exception and contended that there is an overriding public interest in disclosure.

The Ombudsman inquiry team inspected the documents at issue, along with other parts of the Commission’s file, and held a meeting with representatives of the Commission. Based on the inspection and the information provided, the Ombudsman found that the withheld information indeed constituted sensitive information the disclosure of which could undermine commercial interests, including in light of the cost-sharing mechanism based on which the individual supervisory fees are calculated. The Ombudsman also found that it had been reasonable for the Commission to consider that there was no overriding public interest in disclosure.

The Ombudsman therefore concluded that the Commission had been justified in refusing to give full public access to the implementing decisions at issue and closed the inquiry finding no maladministration.