Dear Communications Networks, Content and Technology,

Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:

- The risk assessment or risk assessments provided by X (Twitter) according to the Digital Services Act

Yours faithfully,

Alexander Fanta
Follow the Money
Rue Auguste Orts 2
1000 Bruxelles

Dear Communications Networks, Content and Technology,

Please pass this on to the person who reviews confirmatory applications.

I am filing the following confirmatory application with regards to my access to documents request 'X's DSA risk assessment'.

I argue that DG Connect has not provided a sufficiently clear reason why the information in question would undermine the commercial interests of X. I note that X itself has made substantial public disclosures regarding the matters at hand, including its recently released DSA Transparency report, as well as disclosures under national law such as Germany's NetzDG.

Disclosure can only be reasonably assumed to have any impact on commercial interests where it goes well beyond information already in the public domain through previous public disclosures by the company or widely available press reports. Even where such information goes well beyond what is publicly know, X made this disclosure with a view towards informing a supervisory authority of its obligations visa-vis the public, hence the information should not be considered as business secret but rather as information pertaining to a public obligation.

I note that European Ombudsman decisions state that as not all information about a company is commercially sensitive, a test should be performed each time to conclude whether the exception applies (see European Ombudsman Case: 1701/2011/ANA 24 June 2013; Case: 676/2008/RT 07 July 2010.) The goal should be to determine whether disclosure would actually undermine the commercial interests of the company (see European Ombudsman Case: 1922/2014/PL 30 August 2016). In several cases the Ombudsman has found insufficient grounds for refusal (European Ombudsman Case: 676/2008/RT 07 July 2010; Case: 181/2013/AN 16 February 2015). I further note that the Commission is not bound by objections from the third party involved.

Further, I would like to argue for an overriding public interest in disclosure of X's DSA risk assessment. Similar to reports of health inspectors in restaurants, there is a clear public interest in knowing what measures a service is undertaking to protect its customers/users from risks. If the public has an incomplete understanding of what a platform such as X is, or isn't, doing to protect users from systemic risk, it is deprived from appropriately assessing the safety of said service. It also infringes upon the possibility for institutional and professional users, including public institutions and journalists, from understanding the context in which their official communication happens. A failure to disclose the document in question therefore could harm any attempt to properly evaluate X's services by consumers and professionals.

Yours faithfully,

Alexander Fanta
Follow the Money
Rue Auguste Orts 2
1000 Bruxelles