To facilitate accountability and transparency, the Digital Services Act (DSA) sets up a process through which Very Large Online Platforms (VLOPs) need to grant vetted researchers access to their internal data (Article 40(4)). Operationalising such access is challenging for at least two reasons. First, data access is only available for research on systemic risks affecting European citizens, a concept with high levels of legal uncertainty. Second, data access suffers from an inherent standoff problem. Researchers need to request specific data but are not in a position to know all internal data processed by VLOPs, who, in turn, expect data specificity for potential access. In light of these limitations, data access under the DSA remains a mystery. To contribute to the discussion of how Article 40 can be interpreted and applied, we provide a concrete illustration of what data access can look like in a real-world systemic risk case study. We focus on the 2024 Romanian presidential election interference incident, the first event of its kind to trigger systemic risk investigations by the European Commission. During the elections, one candidate is said to have benefited from TikTok algorithmic amplification through a complex dis- and misinformation campaign. By analysing this incident, we can comprehend election-related systemic risk to explore practical research tasks and compare necessary data with available TikTok data. In particular, we make two contributions: (i) we combine insights from law, computer science and platform governance to shed light on the complexities of studying systemic risks in the context of election interference, focusing on two relevant factors: platform manipulation and hidden advertising; and (ii) we provide practical insights into various categories of available data for the study of TikTok, based on platform documentation, data donations and the Research API.

翻译：为促进问责制与透明度，《数字服务法案》建立了一套流程，要求超大型在线平台向经认证的研究者开放其内部数据（第40条第4款）。此类数据访问机制的实施至少面临双重挑战：其一，数据访问仅限用于研究影响欧洲公民的系统性风险，而该法律概念具有高度不确定性；其二，数据访问存在固有僵局——研究者需申请特定数据却无法知晓平台处理的所有内部数据，而平台方又要求数据请求具有明确指向性。基于这些局限，《数字服务法案》下的数据访问机制仍迷雾重重。为探讨第40条的解释与适用路径，我们以真实世界系统性风险案例研究具体演示数据访问的可能形态。聚焦2024年罗马尼亚总统选举干预事件——这是首个触发欧盟委员会系统性风险调查的典型案例。选举期间，某候选人被指通过复杂的虚假信息与误导运动，借助TikTok算法推荐获益。通过剖析该事件，我们深入理解选举相关的系统性风险，探索可行研究任务，并对比所需数据与TikTok现有数据。本文主要贡献有二：(i) 融合法学、计算机科学与平台治理的多维视角，以平台操纵与隐蔽广告两大核心要素为切入点，揭示选举干预背景下系统性风险研究的复杂性；(ii) 基于平台文档、数据捐赠计划及研究API，为TikTok研究提供多维可用数据类别的实践洞见。