Outcome-Based Best Practice Creation in Regulatory Deserts

By Samantha Peaslee

2019 has been a year of AI assistants, voice-control devices, the Internet of Things (IoT), blockchain, and cybersecurity. For businesses in these spaces, there exists infinite opportunities – and nearly equal risks.

Since the beginning of this millennium, businesspeople, attorneys, and regulators have lamented or celebrated the inability of the law to keep up with the constantly changing innovative landscape. From the difficulties of anticipating what the “new thing” will be to the archaic mentality of law being locally placed with an abstract location of information, regulation has been slow to keep pace with our daily tech needs. These risks have not prevented consumers from engaging with these businesses. On the contrary – even the riskier of these businesses have grown.

Despite early lack of regulation, businesses engaging in these innovative industries should still act as if they are regulated. Changing an entire business model to adjust to later-created restrictions can be costly and impractical. Additionally, many companies have learned that marketing favors those who protect consumers. Anticipating such laws, on the other hand, is tricky. What are the best ways for an innovative business to protect itself and think with foresight while not handicapping its current success?

Outcome-based regulations have been proposed as an effective and efficient way for administrative agencies and legislators to “keep up” with technology without being outdated before the legislation is finished. Outcome-based regulation looks at governing the results and performance of the technology rather than the process or form it takes. For example, limiting or prohibiting the flying of drones in ways that would harm people or infringe upon privacy rather than by the size, power standards, or capabilities of the drone. Outcome-based regulation are relatively easy to extrapolate from currently existing law or may even reasonably fit within those existing laws. Going back to the drone, the first example, flying a drone in a way that would harm people, would also violate tort or criminal assault laws. The second example, flying a drone in a way that would infringe upon another’s privacy, may violate privacy laws. Similarly, one could look at consumer protection laws for guidance on battery power, safe building methods, and other manufacturing requirements. These do not require the need for “new” laws, but creative applications of existing principles.

For a business-owner, this may seem like a common-sense application or it may seem exhausting. However, it provides good guidance in creating a company’s or products “best practices” surrounding these new technologies – resulting in closer alignment to new laws when they do arise. If one’s best practices are based upon a combination of (1) desirable outcomes, (2) reasonable feared outcomes for the company, (3) reasonable feared outcomes for the users, and (4) reasonable risks created by expected growth, a new company should have little to fear.

While saving some money can be tempting, particularly when a small fortune has been spent in the development, manufacturing, and promoting a new and innovative product, long-term gains can be had by thinking of where the regulatory field will be, not where it currently is.