6  Regulating Data Transparency in Social Media

As large social media companies have come under increasing global scrutiny, regulatory questions over transparency and access to public-interest data have gained prominence. Crucially, global regulatory and governance frameworks now recognise that platforms will not voluntarily provide the data necessary for independent, high-quality public-interest research (Coalition for Independent Technology Research 2025).

In the EU, transparency requirements for UGC and advertising platform data are explicitly addressed in the Digital Services Act (DSA). Beyond publicly accessible data, the DSA establishes an unprecedented framework to grant vetted researchers access to certain categories of non-public platform data, including internal documentation and aggregated or otherwise privacy-preserving information relevant to the assessment of systemic risks (Scott and Seiling 2025). While this mechanism constitutes an important regulatory precedent, its practical outcomes remain to be evaluated over time.

Advertising transparency regulation has, too, undergone a significant shift under the DSA. Previously, regulatory frameworks focused on requiring visible labels for users targeted by online ads, clarifying the commercial and promotional nature of the communication. Regulation now also addresses data access policies designed to enable independent scrutiny of advertisers’ targeting, content, and persuasive strategies, going beyond platform self-regulatory measures (Santini et al. 2025; United Nations 2024).

In contrast, neither Brazil nor the United Kingdom currently have a dedicated legal framework for data transparency but have partially addressed this topic through adjacent regulations. In Brazil, the only provisions enabling researchers to access platform data stem from specific decisions and regulations issued by the country’s Electoral Court (Santini et al. 2026). In the UK, the Online Safety Act (OSA) lacks specific provisions for independent research and scrutiny and is more focused on a risk-assessment framework.

The jurisdictions analysed in this study allow for a comparison of online platform data transparency across diverse regulatory contexts. The EU exemplifies a highly developed regulatory framework, offering a mature debate that often serves as a benchmark for other regions. The UK presents a distinctive approach—sometimes leveraging EU-inspired measures, yet at other times pursuing independent regulatory paths. Brazil, representing the Global Majority, illustrates a context where such debates are still emerging, regulatory frameworks are underdeveloped, and transparency practices largely rely on voluntary commitments. By comparing these cases, we capture varying levels of regulatory maturity and derive insights to inform policy development in regions where platform regulation remains nascent.

6.1 European Union

The EU serves as a prominent example of far-reaching and comprehensive regulation for data transparency in social media. The Digital Services Act (DSA) establishes a robust legal framework defining obligations for digital services, aiming to make digital spaces safer and fairer, protect users’ fundamental rights, and ensure a level playing field for businesses. It came into force in November 2022 and became widely applicable across the EU from February 2024, with even earlier compliance deadlines for the largest platforms (European Commission 2024).

Notably, the DSA singles out Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), defined as those with more than an average of 45 million monthly active users in the EU, and imposes enhanced transparency and accountability obligations upon them (European Commission 2025b). Among these obligations is the provision of data for vetted researchers, enabling independent scrutiny and monitoring of so-called systemic risks. Under the DSA, these risks include the dissemination and amplification of illegal, harmful, and misleading content, as well as its algorithmic curation and recommendation, alongside broader societal harms affecting fundamental rights, civic discourse, and public security (European Centre for Algorithmic Transparency 2025).

Data access obligations are set out in Article 40 of the DSA, entitled “Data Access and Scrutiny”. Article 40 is possibly the most far-reaching example of legally-mandated platform data transparency regulation worldwide. It sets out two separate mechanisms for research-related data access in paragraphs 12 and 4.

Paragraph 12 of Article 40 of the DSA states that eligible researchers who meet a set of criteria, including those affiliated with not-for-profit organisations, may obtain access to publicly accessible data on the online interfaces of VLOPs and VLOSEs. These conditions include: not having any commercial interests; disclosing the sources of research funding; demonstrating the ability to comply with data security and confidentiality requirements; and only accessing data that are strictly necessary for carrying out research for detecting, identifying, and understanding systemic risks (European Centre for Algorithmic Transparency 2025). While well-intentioned, in practice, this framing means that, instead of public APIs, researcher access to public UGC data is often mediated through special programs for researchers and platform-designed application processes that create unnecessary hurdles and burdens, including restrictive eligibility criteria (Marsh and Seiling 2026; Scott and Seiling 2025). The increasing transfer of power to the hands of platforms remains a substantial risk, as platforms retain discretionary control over data access while benefiting from state endorsement (Mimizuka et al. 2025).

Paragraph 4 of Article 40 of the DSA states that researchers who meet a separate set of conditions may apply for access to non-public data held by VLOPs and VLOSEs. These conditions include being affiliated with a recognised research institution, conducting research aimed at the detection, identification, and understanding of systemic risks and/or the assessment of risk mitigation measures disclosed by the platforms, and committing to making their research results publicly available free of charge (European Centre for Algorithmic Transparency 2025).

This access is, in principle, operationalised through the recently established DSA Access Portal, through which eligible researchers may submit their data access requests. Access to data may occur either through direct transmission to vetted researchers via a dedicated interface or data storage system, or through a secure processing environment operated by the data provider or a trusted third party. In the latter case, researchers are granted access to a virtual environment rather than raw data (European Centre for Algorithmic Transparency 2025).

Article 40 of the DSA was fully operationalised in July 2025 through a delegated act adopted by the European Commission. The act aims to address inconsistencies in its implementation, including differing application procedures and lengthy exchanges between researchers and platforms. This new legal device further clarifies how data access obligations for VLOPs and VLOSEs should work in practice, particularly regarding access for vetted researchers conducting public-interest research (European Commission 2025a).

Although the delegated act implementing Article 40 does not explicitly address data scraping, it has been argued that, insofar as publicly accessible data from VLOPs must be made available for research purposes, scraping may be interpreted as a legitimate method when official access mechanisms—such as APIs—are insufficient or ineffective (Bekavac and Mayer 2026). In this sense, the delegated act could be read as indirectly legitimising the use of scraping, reducing researchers’ exposure to retaliation or legal uncertainty (Keller 2025b; Marsh and Seiling 2026). It has further been argued that such guarantees should prevail over platforms’ terms of service, which have historically restricted or prohibited scraping activities (Keller 2025a). However, the lack of standardised access mechanisms continues to generate uncertainty and, in some cases, hinders researchers’ ability to obtain the data necessary for their work (Giglietto and Terenzi 2025).

Recently, companies such as TikTok, Meta, and X/Twitter have been found in breach of their obligation to grant researchers adequate access to public data (European Centre for Algorithmic Transparency 2025), which highlights persistent shortcomings in transparency requirement enforcement (Mimizuka et al. 2025). Moreover, as noted by the Commission’s inquiry into X/Twitter, imposing access fees may unlawfully restrict researchers’ ability to use publicly accessible data under the DSA (Marsh and Seiling 2026).

Article 39 of the DSA, in turn, establishes specific data transparency requirements for advertising on online platforms. Under the regulation, platforms must ensure that all commercial communications are clearly identifiable to users and provide them with information on the advertiser and sponsor identities, the period during which the ad was promoted, and the targeting criteria used. In addition, VLOPs and VLOSEs are required to maintain comprehensive ad repositories, making them accessible to users, researchers, and regulators through web-based tools and APIs for scrutiny and oversight. According to the DSA, these repositories must not rely on artificial distinctions between types of content, such as political versus non-political ads, but rather should allow scrutiny of all ads served on these platforms for up to one year after their last display on the platforms’ online interfaces.

The repositories must protect the anonymity of users exposed to the ads while providing the ad content—whether video, image, or text—along with identifying information about the advertiser, the entity that paid for the ad (if different), the period of promotion, the targeting parameters used, and the total number of users reached. Nevertheless, these efforts continue to face significant limitations, particularly with respect to data completeness and comparability (Mozilla Foundation 2024).

Complementing this framework, the EU’s Regulation on Transparency and Targeting of Political Advertising (TTPA) introduces additional obligations specifically for political ads, including stricter requirements on targeting and the information provided in advertising repositories. In response to these rules, major platforms such as Meta and Google have announced plans to stop serving paid political and social issue ads in the EU, citing operational challenges and legal uncertainty (Kroeber-Riel 2024; Meta 2025). This led to certain transparency policies being discontinued, specifically for ads labelled as political on these platforms—most notably, Google went further by removing access to its political advertising record history and data in Europe (Votta 2025).

6.2 Brazil

Brazil currently lacks a regulatory framework for establishing robust transparency obligations or meaningful mechanisms for accessing UGC data for independent researchers. Internet and digital governance are primarily shaped by the Brazilian Civil Rights Framework for the Internet (Marco Civil da Internet, Law No. 12.965/2014), which established foundational principles for internet use, privacy, net neutrality, and intermediary liability. Nevertheless, this legal framework does not fully guarantee the transparency of data from social media platforms, whether for public UGC or advertising.

More recently, data transparency and platform accountability mechanisms were proposed through the so-called “Fake News Bill”, officially titled as the Brazilian Law on Freedom, Responsibility and Transparency on the Internet (Bill No. 2630/2020), which sought to regulate social media companies and combat the spread of toxic and malicious content online (Nazareno and Pinheiro 2023). The bill, which was approved by the Federal Senate in 2020, was heavily influenced by the DSA and also substantially revised after the DSA came into force in the EU (Bueno and Canaan 2024).

However, it failed to advance to a plenary vote in the Chamber of Deputies and was ultimately shelved in April 2024, effectively halting its legislative progress. This outcome was largely driven by lobbying efforts and attempts to shape public opinion by online platform companies (Silva and Norigami 2026). Google and Meta, for instance, consistently opposed the bill. Google even used its search engine to display a warning to users, claiming that the proposed law could change the internet as Brazilians knew it for the worse. The company also invested in a paid advertising campaign across its own platforms, as well as on Meta’s platforms and even on Spotify, which allegedly does not allow political advertising. Telegram similarly sent messages to its Brazilian users with an alarmist tone, warning them about the supposed risks presented by the bill (Salles et al. 2025).

This gap also undermines the effectiveness of other recent institutional developments in the country. For instance, the country’s Supreme Court has recently ruled that the Brazilian Civil Rights Framework for the Internet should no longer be interpreted as limiting platform liability to cases of non-compliance. Instead, the Court signaled the need for a more streamlined notice-and-takedown approach in certain circumstances, with a view to reducing reliance on lengthy judicial procedures. While this shift increases the potential for platforms to be made liable for unlawful content circulating on their services, it does not simultaneously establish corresponding transparency, oversight, or auditability mechanisms, leaving platforms subject to heightened responsibility without structurally enhanced public scrutiny, which in turn makes it more difficult to monitor compliance and enforce the law and its corresponding penalties.

Significant advances have occurred in advertising data, although a comprehensive regulatory framework is still lacking. In 2024, Brazil’s Electoral Court, the constitutional authority for regulating electoral procedures, introduced new rules requiring those platforms that do allow the distribution of political and electoral advertising to maintain publicly accessible ad repositories that must also be accompanied by APIs (Tribunal Superior Eleitoral 2024). These repositories must provide basic functions such as keyword search, and key information, including the amount spent on each ad and the size of the audience reached.

However, these measures produced unintended consequences. Leading platforms operating in Brazil, including Google and Kwai (Kuaishou), announced that they would cease to allow political and electoral advertising in the country rather than comply with the new transparency obligations (Nóbrega 2024; Waltenberg 2024). Despite this alleged prohibition in place, political and electoral ads have not been completely prevented from circulating on these platforms, and in fact often appear without meaningful constraints and without the transparency mechanisms envisioned by the Electoral Court (Santini et al. 2024).

Furthermore, Brazil recently passed the Digital Statute for Children and Adolescents (ECA Digital, Law No. 15.211/25), which came into force in March 2026. It is the country’s first law to regulate online platforms in any form, introducing measures for age verification, parental control, and the protection of minors from harmful online content. The law also establishes new transparency requirements, such as the periodic publication of transparency reports by major platforms, but does not include any provisions for data access (Câmara dos Deputados, n.d.).

6.3 United Kingdom

Unlike the far-reaching transparency framework and formalised mechanisms for researcher access to platform data established under EU’s DSA, the United Kingdom’s regulatory approach remains more constrained and, in the words of UK law, “proportionate”. The country’s primary framework for online platform regulation, the Online Safety Act 2023 (OSA), focuses on online content regulation and on protecting children and adults from harmful content (UK Parliament 2023). The Act received Royal Assent in October 2023 and has been implemented gradually since 2024 (Department for Science, Innovation and Technology 2025).

The OSA centres on establishing a statutory duty of care for online platforms, enforced by the UK’s communications regulator, Ofcom. The framework empowers Ofcom to require platform risk assessments, issue codes of practice, and compel the disclosure of information necessary for investigating online harms. While the OSA includes certain transparency and accountability provisions, these are primarily directed toward regulators and designated experts rather than the general public, including public-interest researchers (UK Parliament 2023).

The Data (Use and Access) Act 2025 subsequently introduces a significant, though still indirect, development regarding researcher access to platform data in the UK. The Act, which received Royal Assent in June 2025, amends the OSA by empowering the Secretary of State to establish a framework through secondary legislation that requires providers of regulated online services to disclose information to independent researchers for the purpose of conducting research on online safety issues (UK Parliament 2025). While this provision appears similar to Article 40 of the DSA, it does not immediately create a comparable, fully functioning independent researcher access regime; rather, it delegates authority to future regulations, leaving the UK considerably behind the EU in establishing structured mechanisms for researcher access to social media data.

This regulatory deficit extends to online advertising. While all ads in the UK are required to be “legal, decent, honest and truthful” (Conway 2025), regulation remains split between broadcast and non-broadcast media. Political advertising illustrates this divide. Under the Communications Act 2003 (UK Parliament 2003), this type of advert is prohibited on broadcast media. However, regulating authorities largely exempt political ads in non-broadcast media, including online platforms, from the content standards that apply to other types of advertising.

Originally enacted in 1999, this framework is insufficient to address the challenges posed by the dynamics of information and disinformation on social media platforms (Conway 2025). Weak attempts to increase transparency around ad sources, such as the Elections Act 2022 (UK Parliament 2022), have failed to regulate content or enable meaningful public scrutiny. Without legislation requiring social media platforms to provide free and universal access to digital advertising data, the UK remains particularly vulnerable to political online manipulation and advertising fraud.

Bekavac, Luka, and Simon Mayer. 2026. Auditing Meta and TikTok Research API Data Access Under Article 40(12) of the Digital Services Act. https://arxiv.org/abs/2601.12390.

Bueno, Thiago M., and Renata G. Canaan. 2024. “The Brussels Effect in Brazil: Analysing the Impact of the EU Digital Services Act on the Discussion Surrounding the Fake News Bill.” Telecommunications Policy 48 (5): 102757. https://doi.org/10.1016/j.telpol.2024.102757.

Câmara dos Deputados. n.d. ECA Digital: Mais Proteção Para Crianças e Adolescentes. Https://infograficos.camara.leg.br/eca-digital/.

Coalition for Independent Technology Research. 2025. Power in Numbers. Https://independenttechresearch.org/wp-content/uploads/2025/08/The-State-of-Independent-Technology-Research-Power-in-Numbers.pdf.

Conway, Lucinda. 2025. Regulation of Advertising in the UK. House of Commons Library; https://commonslibrary.parliament.uk/research-briefings/sn06130/.

Department for Science, Innovation and Technology. 2025. Online Safety Act: Explainer. Https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer; GOV.UK.

European Centre for Algorithmic Transparency. 2025. FAQs: DSA Data Access for Researchers. Https://algorithmic-transparency.ec.europa.eu/news/faqs-dsa-data-access-researchers-2025-07-03_en; European Commission.

European Commission. 2024. Questions and Answers on the Digital Services Act. Https://ec.europa.eu/commission/presscorner/detail/en/qanda_20_2348.

European Commission. 2025a. Delegated Act on Data Access Under the Digital Services Act (DSA). Https://digital-strategy.ec.europa.eu/en/library/delegated-act-data-access-under-digital-services-act-dsa.

European Commission. 2025b. DSA: Very Large Online Platforms and Search Engines. Https://digital-strategy.ec.europa.eu/en/policies/dsa-vlops.

Giglietto, Fabio, and Marco Terenzi. 2025. The State of Social Media Research APIs & Tools in the Digital Services Act Era. Università degli Studi di Urbino Carlo Bo; https://ora.uniurb.it/handle/11576/2759111?mode=simple.

Keller, Daphne. 2025a. “How the Meaning of ‘Publicly Accessible’ Shapes Researcher Data Rights Under the DSA.” In Tech Policy Press. Https://www.techpolicy.press/how-the-meaning-of-publicly-accessible-shapes-researcher-data-rights-under-the-dsa/.

Keller, Daphne. 2025b. “Using the DSA to Study Platforms.” In Verfassungsblog. Https://verfassungsblog.de/dsa-platforms-digital-services-act/.

Kroeber-Riel, Alex. 2024. “An Update on Political Advertising in the European Union.” In Google Blog. Https://blog.google/company-news/inside-google/around-the-globe/google-europe/political-advertising-in-eu/.

Marsh, Oliver, and Lena Seiling. 2026. “What the X Fine Reveals about Data Access Under Article 40 of the Digital Services Act.” In Tech Policy Press. Https://www.techpolicy.press/what-the-x-fine-reveals-about-data-access-under-article-40-of-the-digital-services-act/.

Meta. 2025. “Ending Political, Electoral and Social Issue Advertising in the EU in Response to Incoming European Regulation.” In Meta Newsroom. Https://about.fb.com/news/2025/07/ending-political-electoral-and-social-issue-advertising-in-the-eu/.

Mimizuka, Kayo, Megan A Brown, Kai-Cheng Yang, and Josephine Lukito. 2025. Post-Post-API Age: Studying Digital Platforms in Scant Data Access Times. https://arxiv.org/abs/2505.09877.

Mozilla Foundation. 2024. Stress Testing Tech Platforms’ Ad Repositories. Https://www.mozillafoundation.org/en/research/library/full-disclosure-stress-testing-tech-platforms-ad-repositories/.

Nazareno, Claudio, and Gustavo P. Pinheiro. 2023. Regulação de Plataformas, Fake News e o PL 2630/2020. Câmara dos Deputados. https://bd.camara.leg.br/bd/bitstreams/0c7332c3-a181-4adb-8037-80dcd50e3e5b/download.

Nóbrega, Liz. 2024. “Kwai Veta Anúncios Políticos Para as Eleições de 2024.” In Desinformante. https://desinformante.com.br/kwai-anuncios-politicos/.

Salles, Diego, Bruno Mattos, Rose Marie Santini, and Marcelo Canavarro. 2025. “Unfair Play: Digital Platform’s Abuse of Power to Influence Brazilian Policy Agenda.” AoIR Selected Papers of Internet Research. https://doi.org/10.5210/spir.v2024i0.14053.

Santini, Rose Marie, Diego Salles, Bruno Mattos, et al. 2024. Nota Técnica: Google Diminui Transparência de Anúncios Políticos No Brasil e Desobedece Resolução Do TSE. NetLab UFRJ; https://netlab.eco.ufrj.br/post/nota-tecnica-google.

Santini, Rose Marie, Diego Salles, Bruno Mattos, et al. 2025. Transparency Under Threat: Progress and Setbacks Between CrowdTangle and the Meta Content Library. NetLab UFRJ; https://netlab.eco.ufrj.br/en/post/transparency-under-threat-progress-and-setbacks-between-crowdtangle-and-the-meta-content-library.

Santini, Rose Marie, Diego Salles, Bruno Mattos, and Eduardo Dau. 2026. Propaganda Eleitoral Em 2026: Recomendações à Resolução Nº 23.610/2019 e Às Novas Minutas Do Tribunal Superior Eleitoral (TSE). NetLab UFRJ; https://netlab.eco.ufrj.br/post/propaganda-eleitoral-em-2026.

Scott, Mark, and Lena Seiling. 2025. “In Critical Condition – How to Stabilize Researcher Data Access?” In Tech Policy Press. Https://www.techpolicy.press/in-critical-condition-how-to-stabilize-researcher-data-access/.

Silva, Marina, and Michiko Norigami. 2026. “Brazil: Big Tech Cries ‘Censorship’ and Spreads Disinformation.” In SOMO. Https://www.somo.nl/brazil-big-tech-cries-censorship-and-spreads-disinformation/.

Tribunal Superior Eleitoral. 2024. Resolução n.° 23.732, de 27 de Fevereiro de 2024. Https://www.tse.jus.br/legislacao/compilada/res/2024/resolucao-no-23-732-de-27-de-fevereiro-de-2024.

UK Parliament. 2003. Communications Act 2003. Https://www.legislation.gov.uk/ukpga/2003/21/contents.

UK Parliament. 2022. Elections Act 2022. Https://www.legislation.gov.uk/ukpga/2022/37/contents.

UK Parliament. 2023. Online Safety Act 2023. Https://www.legislation.gov.uk/ukpga/2023/50.

UK Parliament. 2025. Data (Use and Access) Act 2025: Explanatory Notes. Https://www.legislation.gov.uk/ukpga/2025/18/notes/division/12/index.htm.

United Nations. 2024. United Nations Global Principles for Information Integrity: Recommendations for Multi-Stakeholder Action. United Nations. https://www.un.org/sites/un2.un.org/files/un-global-principles-for-information-integrity-en.pdf.

Votta, Fabio. 2025. “What Data Reveals about Meta and Google’s Political Ad Ban in the EU.” In Tech Policy Press. Https://www.techpolicy.press/what-data-reveals-about-meta-and-googles-political-ad-ban-in-the-eu/.

Waltenberg, Fábio. 2024. “Google Veta Impulsionamento Eleitoral Em 2024.” In Poder360. Https://www.poder360.com.br/eleicoes/google-veta-impulsionamento-eleitoral-em-2024-e-pressiona-tse/.