EU Law

Permissionless Innovation or Precautionary Principle: The Policy Menu of the Future

Ethan Konschuh, MJLST Staffer

In their recent paper, Guns, Limbs, and Toys: What Future for 3D Printing?, published in the Minnesota Journal of Law, Science, and Technology Volume 17, Issue 2, Adam Thierer and Adam Marcus discussed the potential regulatory frameworks for technological innovations that could spur what they call “the next great industrial revolution.”  They believe that 3D printing, one such innovation, could offer such great benefits that it could significantly enhance global welfare.  However, they worry that preemptive regulations on the technology could undermine these benefits before giving them a chance to be realized.  The paper advocates for a method of regulation called “permissionless innovation,” as opposed to regulations following the “precautionary principle.”  While there are many pros to the former, it could leave unchecked the risks curtailed by the latter.

“Permissionless innovation refers to the notion that experimentation with new technologies and business models should generally be permitted by default.”  It follows from the idea that unless a compelling case can be made that a new invention will bring serious harm to society, innovation should be allowed to continue unabated, and problems, should they arise, can be addressed later.  The authors point to numerous benefits of this approach with respect to emerging technologies.  One of the most obvious benefits is that this type of regulatory framework does not prematurely inhibit potential benefits.  “Regulatory systems based on precautionary thinking focus on preemptive remedies that aim to predict the future and its hypothetical problems. But if public policy is rooted in fear of hypothetical worst-case scenarios, it means that best-case scenarios will never come about.”  It would also preserve the modern startup culture where “just about anyone can afford to launch a business.”  Implementing a framework based on the precautionary principle will create barriers to entry and raise the cost of innovation.  This would also reduce the ability to maximize competitive advantage through trial and error, which refines the technology and efficient allocation of resources for development.  As an example of the potential detriments to competitive advantage from preemptive regulation, the authors point to the different policies of the Europe and the U.S. in the mid-nineties internet explosion where the former preemptively regulated and the latter allowed for permissionless innovation, resulting in the U.S. being a global leader in information technologies and Europe lagging far behind.

An alternative regulatory approach discussed in the article is based on the precautionary principle, which generally refers to the belief that new innovations should be curtailed or disallowed until it can be proven that they will not cause harm.  This approach, while posing problems of its own discussed above, would solve some of the problems arising under permissionless innovation.  While there are many economic and social benefits to permissionless innovation as the bedrock on which policy rests, it inherently allows for the “error” half of “trial and error.”  The whole concept is rooted in the idea of ex post regulation, creating policy to correct for problems that have already occurred.  While traditionally, as shown through the internet regulation difference and outcome between Europe and the U.S., the risk of error has not outweighed the benefits that result, new technologies pose new risks.

For example, in the realm of 3D printing, one of the hot topics is 3D printed firearms.  Current laws would not make 3D printed guns illegal, as most regulations focus on the sale and distribution of firearms, not creation for personal use.  The reasons why it might be more prudent to adopt a precautionary principle approach to regulating this technology are obvious.  To adopt an ex post approach to something that could have such dire consequences could be disastrous, especially considering the amount of time required to adopt policy and implement regulations.  Permissionless innovation could thus become a sort of self-fulfilling prophecy in that major tragedies resulting from 3D printing could result in exactly what advocates of permissionless innovation seek to prevent in the first place: strict regulation that undermines the development of the technology.

The debate will likely heat up as technology continues to develop.  In the era of self-driving cars, private drones, big data, and other technologies that continue to change the way that humans interact with the world around them, 3D printing is not the only area in which this discussion will arise.  The policy decisions that will be made in the next few years will have far reaching consequences that are difficult to predict.  Do the economic and social benefits of being able to manufacture goods at home outweigh the risks of legal, discrete self-armament and its consequences?  The proverbial pill may be too large for some to swallow.


E.C.J Leaves U.S. Organizations to Search for Alternative Data Transfer Channels

J. Adam Sorenson, MJLST Staffer

The Court of Justice of the European Union (E.C.J.), the European’s top court, immediately invalidated a 15-year-old U.S. EU Safe Harbor Program Oct. 6th (Schrems v. Data Prot. Comm’r, E.C.J., No. C-362/14, 10/6/15). This left the thousands of businesses which use this program without a reliable and lawful way to transfer personal data from the European Economic Area to the United States.

The Safe Harbor Program was developed by the U.S. Department of Commerce in consultation with the European Commission. It was designed to provide a streamlined and cost-effective means for U.S. organizations to comply with the European Commission’s Directive on Data Protection (Data Protection Directive) which went into effect October of 1998. The program allowed U.S. organizations to voluntarily join and freely transfer personal data out of all 28 member states if they self-certify and comply with the programs 7 Safe Harbor Privacy Principles. The program was enforced by the U.S. Federal Trade Commission. Schrems v. Data Prot. Comm’r, however, brought a swift halt to the program.

This case revolves around Mr. Schrems, an Australian Facbook user since 2008 living in Austria. Some or all of the data collected by the social networking site Facebook is transferred to servers in the United States where it undergoes processing. Mr. Schrems brought suit against the Data Protection Commissioner after he did not exercise his statutory authority to prohibit this transfer. The case applied to a 2000 decision by the European Commission which found the program provided adequate privacy protection and was in line with the Data Protection Directive. The directive prohibits “transfers of personal data to a third country not ensuring an adequate level of protection.”(Schrems) The directive goes on to say that adequate levels may be inferred if a third country ensures an adequate level of protection.

The E.C.J. found that the current Safe Harbor Program did not ensure an adequate level of protection, and therefore found the 2000 decision and the program itself as invalid. This means all U.S. organizations currently transferring personal data out of the EEA are doing so in violation of the Data Protection Directive. This case requires U.S. organizations to find alternative methods of approved data transfer, which generally means seeking the approval of data protection authorities in the EU, which can be a long process.

Although the EU national data protection authorities may allow for some time before cracking down on these U.S. organization, this decision signals a massive shift in the way personal data is transferred between the U.S. and Europe, and will most likely have ripple effects throughout the data privacy and data transfer worlds.