A research project funded by the Dutch Research Council (NWO), exploring the fundamental tension between secrecy claims and transparency needs in the context of EU digital and data legislation. Stay tuned for updates from the project as well as scholarly and regulatory developments and news.
The Charter of Fundamental Rights of the European Union states unequivocally: ‘Any citizen of the Union, and any natural or legal person residing or having its registered office in a member state, has a right of access to documents of the institutions, bodies, offices and agencies of the Union, whatever their medium’.
Despite this, the EU is increasingly hiding things from journalists, researchers and members of civil society.
On 19 June 2026, we had the chance to present our work in progress paper at the ‘Algorithmic Transparency and Explainability’ panel during TILTing Perspectives 2026, the 9th edition of TILT’s biennial conference, held this year in Tilburg under the theme “Between Values and Innovation: Tech Governance in a Multicentric World.”
Debates about algorithmic transparency tend to focus on the technology itself, such as model architecture, training data, explainability tools. Our panel contribution pushed the conversation with a simple provocation: the appearance of technological determinism is convenient for those who hold power over social choices in technology. Before we can scrutinise an algorithm, we often need the institutional documents that describe it, and increasingly, the European Commission is finding ways not to share them.
The starting point is Regulation (EC) 1049/2001, the EU’s access to institutional documents framework. Running alongside it is the General Presumption of Confidentiality (GPC), a judge-made device that lets institutions refuse a document request simply because it falls into a recognised category, without showing disclosure would cause concrete harm. Safeguards exist in principle, such as the duty to give reasons, rebuttal, partial disclosure, but they’re increasingly theoretical in the digital sector. Especially problematic is the “overriding public interest” (OPI) test, which has become dangerously arbitrary in practice.
The paper then provides 3 concrete case studies, illustrating how the European Commission is using the GPC as a default shield rather than a calibrated exception.
Commission Decision (EU) 2024/3080, extending confidentiality to DMA/DSA procedure documents. Currently pending before the CJEU in the case of De Capitani and Others v Commission.
X’s denied DSA risk impact assessment, where a journalist’s request of access has been refused on commercial/investigation grounds; the European Ombudswoman declared this maladministration, but the Commission has not changed its course.
Data centres’ environmental reporting, where a provision lobbied by Big Tech keeps energy and water-use data confidential despite the Aarhus Regulation’s rule that emissions-related environmental information cannot be withheld on commercial grounds. The European Parliament has declared this unlawful.
This echoes similar patterns elsewhere in EU digital regulation (e.g.; GDPR adequacy decisions, DMA gatekeepers compliance, and DSA supervisory powers), widening the gap between technological elites and the public.
This work-in-progress paper is co-authored by Vilma Margarit Nikolaeva, Dr. Plixavra Vogiatzoglou, and Dr. Kristina Irion.
Part of “Artificial Secrecy,” funded by the Dutch Research Council (NWO).
On Thursday 21 May we held our CPDP panel centered around the ‘rights of access to corporate documentations and the trade secrets defence‘.
The EU digital rulebook strikes a balance betweentransparency for affected users and actors’ claims of confidentiality. The most prominent ex post transparency mechanism is the data subject access right to personal data under the General Data Protection Regulation. Yet, such access rights can be restricted in order to protect the rights and freedoms of others, including trade secrets. While jurisprudence about the balancing between conflicting positions of rights is consistent about the right to access corporate documentation such as log files in practice this often leads to a protracted legal battle.
This panel revisited experiences with trade secret claims by providers of digital technologies, the responsibilities of regulators and the impact of the digital omnibus on transparency rights.
The panel was guided by the following questions:
What qualifies as a trade secret and as confidential business information?
How do trade secret claims affect transparency rights?
What balance has the law struck between transparency rights and trade secret claims?
What is the role of regulators, and what is the impact of the Digital Omnibus on transparency rights?
Moderated by Vilma Margarit (IViR) and in conversation with:
Gothenburg promised to optimise school admissions with a piece of code. The resulting chaos showed how unaccountable systems are ruining lives, says Charlotta Kronblad of the University of Gothenburg
On 16-17 April, the Artificial Secrecy researchers are excited to organise an expert workshop “Between secrecy claims and transparency needs: Why, how and for whom the EU digital rulebook negotiates and produces transparency of regulated digital technologies”.
Through this workshop, we aim to connect academics with expertise in corporate confidentiality protection, including trade secrets, with researchers focused on transparency in EU digital and freedom of information laws.
The aim of the workshop is twofold:
First, to explore how EU digital and data regulation balances the protection of confidential information with transparency requirements, including transparency for affected users, qualified transparency for regulatory bodies and public transparency.
Second, to invite participants to contribute to an edited volume on the nexus between transparency and confidentiality. The bundle would include contributions on the covered legislation and emerging case law, as well as contributions clarifying the protection of confidentiality in relation to regulated digital technologies and FOIA requests at the EU and member states’ levels.
The workshop is structured along the following eight panels:
Transparency of regulated digital technologies
Confidential business information as a counterclaim
Transparency regimes before and behind the trade secret barrier
Transparency under the General Data Protection Regulation and the Artificial Intelligence Act
Right to an explanation of Automated Decision Making under the GDPR and the AI Act
Transparency rights under the Digital Services Act and the Digital Markets Act
Transparency rights under the Data Act and the Data Governance Act
Freedom of Information requests to regulatory authorities
The EU Ombudswoman opened an inquiry into the Commission’s failure to reply to a submission on ethical concerns about generative AI systems’ compliance with the EU Charter of Fundamental Rights. The central issues of the inquiry include the failure to follow the law (Art. 4 ECGAB) and failure to deal properly with requests for information (Art. 22 ECGAB).
The complainant asked the European Commission for public access to the risk assessment report of a large social media company on its compliance with the provisions of the Digital Services Act (DSA) – annual reporting is part of the obligations of ‘very large online platforms’ under the Act. The Commission refused access to the document, arguing that it could be generally presumed that disclosure could undermine the commercial interests of the company in question as well as an ongoing investigation into the company’s compliance with the DSA. The Commission did not individually assess the report for possible disclosure.
The Ombudsman concluded that the Commission’s application of a general presumption of non-disclosure to the risk assessment report constituted maladministration. She recommended that the Commission conduct an individual assessment of the document with a view to granting the widest access possible.
“In his opinion, Advocate General Athanasios Rantos proposes that the Court of Justice dismiss both appeals and uphold the judgments of the General Court”, the court said in a statement, adding that Rantos said in his non-binding opinion that the General Court “did not err in law in assessing the necessity of the information requested or in examining the safeguards for its provision.”