Technology Regulation

Antoni Roig (antoni.roig@uab.cat)

Regulation of technology is a complex task in a constantly evolving field. General legal frameworks based on principles, for instance Data Protection principles, can be implemented even in changing
conditions.

The limits of general regulation have soon been obvious: implementation of abstract principles requires case-by-case determination. Judicial decisions do not cover all the risk scenarios so a complement to legal principles was needed. Law cannot pretend to extend the legal principles to every situation without any technical layer or adaptation. Law would then soon become a list of virtual
general policies not suitable for technology regulation.

Risk-based impact assessments are now helping data protection compliance of RFID tags or smart metering. More, according to the accountability principle, stakeholders have to prove they effectively
comply with law.

The legal principle is therefore linked to technical standards and measures. But implementing legal principles does not simply mean adding a technical layer to them or, worse, replacing them.

Concrete delegations to impact assessments and privacy by design are not the ultimate solution. In fact, these kind of external technical layers are only accepted because they are considered a final static solution. Law and technology experts should partially merge into sectorial communities in order to offer shared regulatory frameworks.

Indeed, regulatory frameworks have to be a sort of initial and dynamic agreement. Legal principles will then be alive and compliance will benefit from technical expertise.

Technology will thus not only be a challenge for Law; it can also be a good opportunity to improve the legal drafting, to evaluate the efficiency of public policies and to reinforce the legal principles’ compliance by means of citizens and stakeholders’ participation.