Practical Application

Standardized Inspection Procedures Under Implementing Regulation 2023/1201: The Commission initiates Article 69 inspection of Meta's Irish headquarters investigating potential Article 35 risk mitigation violations. Under Commission Implementing Regulation 2023/1201 (adopted pursuant to Article 83), the inspection follows standardized procedures ensuring consistency with inspections of other VLOPs and providing Meta with clear procedural expectations. Advance Notice (Regulation 2023/1201 Art. 5)—Commission provides Meta with written inspection notice at least 2 working days before inspection commencement (shorter notice permissible if evidence spoliation risk exists). Notice specifies: subject matter and purpose of inspection; legal basis (DSA Article 69); date and approximate duration of inspection; categories of information to be examined; Commission officials who will conduct inspection; Meta's obligation to cooperate and legal consequences of non-cooperation. Two-day notice provides Meta time to prepare (gather potentially relevant documents, brief employees who may be interviewed, arrange workspace for inspection team) while limiting opportunity to destroy or alter evidence. Inspection Team Composition (Regulation 2023/1201 Art. 6)—Inspection team comprises: 4 Commission officials with legal and technical expertise in platform risk assessment; 2 appointed technical experts specializing in algorithmic content moderation systems; 1 representative from Irish regulatory authority (as establishment Member State). Team includes at least one member fluent in English (Meta's business language) and one fluent in Irish (local language). All team members sign confidentiality undertakings per Article 84 professional secrecy obligations.

On-Site Access and Document Examination (Regulation 2023/1201 Arts. 8-12)—Inspection team arrives at Meta's Dublin office at 9:00 AM. Meta designates compliance officer as primary contact and provides dedicated conference room workspace. Inspection covers: (1) Document Review—Team examines Article 34 risk assessment reports, Article 35 risk mitigation implementation documentation, internal communications regarding risk mitigation strategy, algorithmic system design specifications, content moderation training materials. Regulation 2023/1201 establishes procedures for identifying potentially privileged documents: when inspection team encounters documents that may be subject to attorney-client privilege, documents are segregated and Meta has 24 hours to assert privilege with supporting explanation; Commission hearing officer reviews privilege claims and makes determination; privileged materials excluded from investigation file. Meta asserts privilege over 47 documents containing external counsel legal advice on risk mitigation compliance strategies. Hearing officer reviews, upholds privilege for 43 documents (genuine legal advice), denies for 4 documents (business strategy discussions not protected). (2) IT System Access—Team accesses Meta's content moderation databases to examine how risk mitigation measures operate in practice. Regulation 2023/1201 Art. 10 specifies that IT system access must be proportionate and limited to systems relevant to investigation. Meta provides read-only access to content moderation decision logs, algorithmic classifier training data, and risk assessment monitoring dashboards. Commission may not access user personal data unrelated to risk mitigation investigation. (3) Employee Interviews (Regulation 2023/1201 Arts. 13-15)—Team interviews 8 Meta employees including: Head of Trust & Safety, algorithmic systems engineers, content moderation supervisors, risk assessment analysts. Interview procedures: Meta employees may have legal counsel present; interviews are audio recorded with transcripts provided to Meta; interviewees informed that they must answer questions truthfully but may assert rights against self-incrimination if testimony could expose them personally to sanctions (though corporate officer testimony generally compelled); interview questions limited to inspection subject matter. Trust & Safety Head explains risk mitigation strategy, acknowledges certain measures proved less effective than anticipated, describes ongoing enhancement efforts. Engineers provide technical details on algorithmic content detection systems.

Document Seizure and Evidence Preservation (Regulation 2023/1201 Arts. 16-18)—Inspection team identifies 1,247 documents relevant to investigation. Under Regulation 2023/1201: Commission may copy documents rather than seizing originals (minimizing business disruption); Meta receives contemporaneous list of all copied materials; documents are stored securely with access limited to investigation team; chain of custody documented to ensure evidence integrity for potential later proceedings. Meta also receives formal evidence preservation notice requiring Meta to preserve all potentially relevant materials (documents, emails, databases, system logs) pending investigation conclusion; intentional or negligent evidence destruction during preservation period may result in Article 74 penalties and adverse inferences. Inspection concludes after 3 days. Commission issues inspection report documenting activities conducted, evidence gathered, and preliminary observations. Meta has 15 days to submit corrections or clarifications of factual inaccuracies. Standardization Benefits—Regulation 2023/1201's detailed procedures ensure: Meta understands its rights and obligations (advance notice, privilege protection, counsel presence at interviews); Commission officials conduct inspection consistently with inspections of Google, TikTok, Amazon, and other VLOPs (preventing selective procedural variations that could evidence bias); procedural regularity protects evidence integrity and ensures any enforcement action based on inspection can withstand legal challenge; balance between effective investigation and proportionate intrusion on Meta's business operations and legal rights. Absent Article 83 implementing acts, each inspection might follow ad hoc procedures creating unpredictability, inconsistency, and potential due process violations.

Article 79 Hearing Procedures—Right to Be Heard: Commission investigation of TikTok's Article 40 researcher access compliance reaches preliminary conclusion stage. Commission issues Statement of Objections finding TikTok systematically violated Article 40 through overly restrictive application procedures, arbitrary denials of qualified researchers, and inadequate data access scope. TikTok exercises Article 79 right to be heard before Commission adopts final decision. Hearing procedures governed by Regulation 2023/1201 Arts. 35-42 (adopted under Article 83): Hearing Request and Scheduling (Reg. 2023/1201 Arts. 35-36)—TikTok submits hearing request within 15 working days of receiving Statement of Objections. Request specifies TikTok's preliminary objections to Commission findings and identifies hearing participants: 3 TikTok executives (Head of Legal Affairs, Head of Research Relations, Head of Data Governance); 4 external counsel from law firm representing TikTok; 2 technical experts on data access systems. Commission schedules hearing for 6 weeks after request, providing TikTok time to prepare comprehensive response. Hearing Format (Reg. 2023/1201 Art. 37)—Hybrid format: TikTok participants in Brussels Commission headquarters conference room; Commission officials and hearing officer present in person; observers (Irish DSC representatives, European Data Protection Supervisor) attend via video link. 4-hour hearing scheduled. Hearing Officer Independence (Reg. 2023/1201 Art. 38)—Commission appoints independent hearing officer (senior Commission official from different directorate-general than enforcement team) to ensure procedural fairness. Hearing officer: rules on procedural objections TikTok may raise; ensures TikTok has adequate opportunity to present defense; issues post-hearing report assessing whether procedural rights were respected; report included in Commission decision-making file and may inform Commissioners' assessment of case strength.

Hearing Proceedings (Reg. 2023/1201 Arts. 39-40)—9:00-10:00 AM: Commission Presentation—Investigation team presents preliminary findings: TikTok's Article 40 application process requires researchers to disclose detailed research methodologies before access decisions made, enabling TikTok to deny access to research it dislikes; denial rate of 73% far exceeds other VLOPs (Facebook 18%, Google 22%, X 31%); approved researchers receive severely limited data access (aggregate statistics only) rather than meaningful access to public content data required by Article 40; Commission presents evidence from denied researchers, comparative analysis of VLOP access practices, technical assessment of TikTok's data access infrastructure. 10:15-12:00 PM: TikTok Response—TikTok legal team presents defense: Article 40 and implementing delegated acts permit platforms to screen researcher qualifications and research proposals to ensure legitimate scholarly purposes; TikTok's 73% denial rate reflects high volume of unqualified applications from non-eligible researchers and commercially-motivated data requests not covered by Article 40; data access limitations reflect legitimate privacy and security concerns protecting user data and platform intellectual property; TikTok has approved access for 87 qualified researchers from 34 universities representing substantial compliance effort. Technical experts explain data access architecture and privacy-preserving limitations. 12:00-1:00 PM: Commission Questions—Investigation team questions TikTok representatives: What specific criteria trigger application denials? How does TikTok distinguish qualified researchers (Article 40 beneficiaries) from commercial entities? Why is denial rate 2-3× higher than comparable VLOPs? Can TikTok identify any researcher denied access who clearly met delegated act qualification criteria? TikTok provides responses but struggles to articulate clear principled criteria distinguishing approved and denied researchers, suggesting arbitrary decision-making. 1:00-1:30 PM: Closing Statements—Commission reiterates preliminary violations finding. TikTok counsel argues Commission misinterprets Article 40 permissible restrictions and requests opportunity for post-hearing written submission.

Post-Hearing Procedures (Reg. 2023/1201 Arts. 41-42)—Hearing officer grants TikTok's request for post-hearing submission with 10 working day deadline. TikTok submits 45-page post-hearing brief with additional evidence and legal argument. Commission considers brief before finalizing decision. Hearing officer issues report concluding: TikTok's procedural rights were fully respected; hearing provided adequate opportunity to contest Commission findings; TikTok's responses during hearing and post-hearing submission did not persuasively refute Commission's preliminary conclusions that denial rate and access limitations violate Article 40. Commission adopts final Article 73 non-compliance decision finding Article 40 violations, incorporating hearing officer's report. Decision explains how Commission considered TikTok's hearing defense and why defense was ultimately unpersuasive. Due Process Protection—Regulation 2023/1201 hearing procedures (adopted under Article 83) ensure TikTok received meaningful opportunity to be heard before adverse decision adopted, satisfying fundamental due process requirements under Article 79 and Article 47 Charter. Independent hearing officer oversight prevents procedural irregularities. Detailed procedures create record for potential later judicial review under Article 81, enabling courts to assess whether Commission respected TikTok's defense rights. Standardized procedures ensure TikTok received same hearing protections as other VLOPs in comparable proceedings (Google, Meta, Amazon), preventing discriminatory treatment.

Article 79 Confidentiality Negotiations—Balancing Defense Rights and Trade Secret Protection: Commission investigation of Amazon's marketplace platform (designated VLOP) for potential Article 25 dark pattern violations involves evidence from competing sellers and internal Amazon business strategy documents. Amazon exercises Article 79 right to access investigation file to prepare defense. Commission file contains: 347 pages of Amazon internal documents (algorithmic recommendation system specifications, user interface design decisions, A/B testing results measuring impact of interface changes on purchase behavior); 89 pages of third-party seller complaints alleging Amazon manipulates product displays to favor Amazon-owned brands; 124 pages of consumer complaints about misleading interface elements; 67 pages of documents from competing platforms (eBay, Etsy) describing their interface design practices for comparison. Confidentiality issues arise: Amazon designates 198 pages of its own documents as containing trade secrets (algorithmic specifications, business strategies, competitive intelligence); competing sellers designated their submissions as confidential commercial information (business volumes, profit margins, product strategies); competing platforms claimed their interface documentation is confidential. Article 79 requires Commission to enable Amazon's defense while protecting confidential information. Regulation 2023/1201 Arts. 28-34 (adopted under Article 83) establish negotiated disclosure procedures:

Initial Disclosure and Confidentiality Claims (Reg. 2023/1201 Arts. 28-29)—Commission provides Amazon with access to investigation file via secure electronic data room. File includes all evidence except: internal Commission deliberative documents (exempt from disclosure); documents covered by attorney-client privilege; documents containing third-party confidential information requiring redaction. Commission's initial assessment identifies 289 pages potentially containing confidential information requiring protection: 198 pages Amazon designated confidential, 91 pages third parties designated confidential. Commission provides Amazon with: (1) full access to all Amazon-submitted documents (even those Amazon designated confidential—Amazon can access its own information); (2) redacted versions of third-party documents with confidential commercial data removed but sufficient information preserved to enable Amazon to understand and contest evidence. Amazon Challenges Commission Redactions (Reg. 2023/1201 Arts. 30-32)—Amazon argues Commission redacted excessively, preventing effective defense: (1) Competing seller complaint documents redacted seller identities, sales volumes, and specific product categories affected. Amazon argues this prevents Amazon from investigating complaint accuracy and presenting counter-evidence. Amazon requests unredacted versions. (2) Competing platform interface documentation redacted specific design features and user metrics. Amazon argues comparative analysis requires access to specific competitor practices to demonstrate Amazon's interfaces are consistent with industry standards. (3) Commission's own technical analysis documents redacted portions of methodology. Amazon argues inability to examine Commission's analytical approach prevents challenging conclusions.

Confidentiality Negotiation Process (Reg. 2023/1201 Art. 31)—Commission hearing officer mediates confidentiality dispute: Seller Complaints—Hearing officer reviews unredacted complaints and Amazon's specific challenges. Determines: Seller identities must remain confidential (commercial sensitivity, potential retaliation risk), but Commission can provide additional non-confidential details enabling Amazon to identify which product categories and time periods complaints reference, allowing Amazon to present data demonstrating these categories/periods did not exhibit complained-of patterns. Sales volumes and profit margins remain redacted as highly confidential commercial information, but Commission provides summary statistics (e.g., "complaints from sellers with sales volumes ranging from €500K-€5M annually") enabling Amazon to understand complaint source context. Competitor Platform Data—Hearing officer determines: Specific interface design features and user metrics legitimately confidential, but Commission must provide more detailed non-confidential descriptions of competitor practices enabling meaningful comparison. Commission revises redacted versions providing: "Competitor Platform A employs neutral-design 'Add to Cart' buttons without color contrasts or size differentials between options" (vs. overly broad original redaction: "Competitor Platform A employs standard interface practices"). Commission Methodology—Hearing officer determines Commission's analytical methodologies are not confidential and must be disclosed to enable Amazon to challenge analysis. Commission provides unredacted methodology sections. Final File Access (Reg. 2023/1201 Art. 33)—After negotiation, Amazon receives: full unredacted access to 198 pages of Amazon's own documents; revised redacted versions of 91 pages third-party documents with enhanced non-confidential summaries enabling defense while protecting confidential commercial information; full access to Commission methodology enabling challenge to analytical approach. Hearing officer issues determination that disclosure balances Amazon's defense rights (Article 79, Article 47 Charter) with third-party confidentiality protection (trade secrets, commercial confidentiality). Amazon prepares defense using disclosed materials. Procedural Regularity Benefits—Regulation 2023/1201 negotiated disclosure procedures (adopted under Article 83) create structured process for resolving inherent tension between defense access and confidentiality: standardized procedures ensure consistent treatment across investigations; hearing officer mediation provides independent assessment preventing Commission from using confidentiality claims to withhold inculpatory evidence; detailed standards and procedures enable parties to predict outcomes and understand their rights; procedural regularity ensures any final Commission decision can withstand judicial review challenges alleging defense rights violations.