[pms]

Long story short, this "research" and data access wouldn't be allowed under the DSA, because (i) the researcher didn't provide any data protection safeguards, (ii) his university (and their data protection officer) didn't assume legal liability for his research, (iii) his research isn't focused on systemic risks to society.

[loeg]

Platforms (reasonably!) do not trust random academic researchers to be safe custodians of user data. The area of research focus and assumption of liability do not matter. Once a researcher's copy of data is leaked, the damage is done.

[whatevertrevor]

Yup, when the data breach happens the headlines aren't going to be "Random well meaning researchers caught in data breach exposing user data". They're going to be: "5 million Facebook logins hacked in massive data breach", and you'd be hard pressed to find actual information on how the leak happened, just like the gmail story from a few days ago.

[pms]

No researcher will request or get access to "5 million Facebook logins" through the DSA, since such a request wouldn't comply with the DSA requirements, so your point is moot. In fact, we live in a quite different world than you imagine. Currently, researchers don't even have access to the public data, as the article points out. When it comes to private data, researchers won't get access to private messages either, but rather to aggregate-level privacy-preserving data (assuming that the DSA isn't killed before any of this happens by the industry and Republicans, which you seem to advocate for).