Vous souhaitez déposer une plainte contre une institution ou un organe de l’Union européenne ?
- EN English
The European Commission's refusal to give public access to the risk assessment report of a large social media company on its compliance with the provisions of the Digital Services Act
Affaire ouverte
Affaire 1746/2024/MIG - Ouvert le Vendredi | 27 septembre 2024 - Recommandation le Lundi | 11 mai 2026 - Décision le Jeudi | 07 mai 2026 - Institution concernée Commission européenne ( Mauvaise administration constatée ) - Pays Autriche
Plainte introduite
19/09/2024Analyse de la plainte
20/09/2024Enquête en cours
27/09/2024Conclusions préliminaires
03/11/2025Résultat de l’enquête
19/02/2026
|
Head of Unit - C2 Secretariat‐General European Commission |
Dear Mr X,
The European Ombudsman has received a complaint against the European Commission.
The complaint concerns the Commission’s refusal to give public access to a risk assessment report it received from the provider of the social media platform ‘X’ under the Digital Services Act (DSA). The Commission refused to disclose the report in its entirety, relying on a general presumption of confidentiality. More specifically, the Commission argued that disclosure would undermine the commercial interests of X as well as the purpose of an ongoing investigation it is conducting into X’s compliance with its obligations under the DSA.
The complainant is dissatisfied with this outcome and challenges the Commission’s application of a general presumption of confidentiality. The complainant also considers that there is an overriding public interest in disclosure, namely, in helping the wider public as well as public authorities navigate the risks related to the use of X. In addition, the complainant is concerned that the Commission’s use of a general presumption prevents journalists from exercising their roles as “social watchdogs” as recognised by the European Court of Human Rights.
We have decided to open an inquiry into the complaint against the Commission’s decision to refuse access to the risk assessment report at issue under Regulation 1049/2001.
Regulation 1049/2001 states that applications for access should be handled promptly. It is in line with this principle that the Ombudsman also seeks to deal with cases such as this as quickly as possible.
As a first step, we consider it necessary to review (i) the risk assessment report to which access has been refused as well as (ii) any documentation on the Commission’s (possible) consultation of the third party concerned and/or (iii) the third party’s (possible) ‘statement of reasons’ under Article 42(5) of the DSA. We would be grateful if the Commission could provide a copy of these documents, preferably in electronic format through encrypted e-mail,[1] by 4 October 2024.
The documents subject to the public access request will be treated confidentially, along with any other material the Commission chooses to share with us that it marks confidential. Documents of this kind will be handled and stored in line with this confidential status and will be deleted from the Ombudsman’s files shortly after the inquiry has ended.
The Commission’s position has been set out in its confirmatory response of 20 June 2024. However, should the Commission wish to provide additional views, to be taken into account by the Ombudsman during this inquiry, we would be grateful if they could be provided to us within fifteen working days from the receipt of this letter, that is, by 18 October 2024.
In addition, we would appreciate it if the Commission could provide the Ombudsman with detailed information about the state of play of the investigation it is conducting under Article 66(1) of the DSA. In particular, we would ask the Commission to inform us about (i) the basis on which it opened the procedure, (ii) the steps it has taken so far, (iii) the steps it intends to take, and (iv) an indication of the time line until the investigation will be completed.
Finally, on page 12 of its confirmatory response, the Commission states:
“It is also important to note that X itself has made public information on its activities and practices, as well as measures taken for the security of services, which allow an interested party to evaluate the provided services.”
In this regard, we would kindly ask the Commission to provide the Ombudsman with (the source of) the information to which it was referring.
We would be grateful if the above information could be provided together with any additional comments the Commission may have by 18 October 2024.
The inquiries officer responsible for the case is Michaela Gehring.
Yours sincerely,
Rosita Hickey
Director of Inquiries
Strasbourg, 27/09/2024
[1] Encrypted emails can be sent to our dedicated mailbox.