Data Collection for Internet Researchers under Data Protection Regimes

Internet and social media scholars have long sought access to data about users across platforms to better understand the complex social, cultural, and political dimensions of our online lives and interactions. Researchers have accessed the internet and social media data through formal data-sharing programs, application programming interfaces (APIs), and even manual data collection, but the growing emergence of global data protection regimes – such as the EU’s General Data Protection Regulation (GDPR) – is changing the landscape for both researchers and platforms.

As data protection regimes increasingly place greater emphasis on principles such as consent, transparency, data minimization, and purpose limitations, new questions have emerged for researchers seeking access to user data—as well as for platforms who might wish to provide access in responsible ways. Discussions around these principles are taking place in many forms, including the development of the European Digital Media Observatory code of conduct, strengthening the EC Code of Practice on Disinformation, and the drafting of the Digital Services Act. This event brought together members of AoIR Ethics Working Group, leading internet researchers, and industry/policy practitioners to spark a broader conversation on the challenges and opportunities for harmonizing research ethics and data collection practices when operating under data protection regimes and within uncertain regulatory environments.