During recent decades, legal research has been giving increasing attention to the regulation of technology. While legal scholarship focuses mostly on the fitness or scope of specific rules in the light of new challenges, the link to regulatory frameworks as outlined in public policy and governance literature is often missing.

With this book, Marise Cremona fills an important gap and discusses the relationship between science, policy and law. The volume is rooted in a series of lecture courses included in the Academy of European Law’s programme on new technologies and EU law, and it aims to tackle two questions: (i) what is the interplay between science, risk and regulation in EU law, and does EU law have a distinctive character in this respect? and (ii) what challenges do new technologies pose to fundamental principles of EU law, as well as to the EU internal market? Six contributions are included, divided into two parts, the first one focusing on the horizontal dimension of EU approaches to technology or science-related risk (Tallacchini, Hennette Vauchez and Flear), and the second addressing specific EU policy fields (Hustinx, Sartor and Rijpma).

Starting the horizontal discussion is Tallachini’s revelatory chapter (“Medical Technologies and EU Law: The Evolution of Regulatory Approaches and Governance”). It presents the evolution of science and regulation in the context of xenotransplantation (the use of cells, tissues and organs between species). The chapter discusses the concept of co-production, namely how knowledge and regulation generate and influence each other, and it describes and applies three models from existing literature to the xenotransplantation example: science-based; precautionary; and extended participatory.Footnote ¹ The chapter then goes on to historically map and reflect upon science policy developments surrounding xenotransplantation in the United States, Canada, Australia and New Zealand, and compares them to their European counterparts, not solely from the perspective of European institutions, but also looking at the Council of Europe. The chapter finds that the evolution of the European normative framework has very distinct features, characterised by a certain degree of inconsistency (eg maintaining conflicting models, or shifting between models). This inconsistency is particularly highlighted in the context of the EU’s transition to a citizen-based union, which raises new questions over the co-production of technoscientific regulatory processes and the role of democracy.

Hennete Vauchez furthers the health-related theme in her chapter on “EU Law and Bioethics”, which questions the existence of bioethics as a body of law and looks into EU policies and ethics. Absent a legal definition of bioethics, she refers to it as “a set of issues raised by the development of biomedicine: either the conquest of new fields of practice by medicine […] or the technicization and medicalization or phenomena and processes that have long been understood to be beyond human mastery”.Footnote ² In tracing the body of EU rules on bioethics, Hennete Vauchez discusses the competence and legitimacy of EU actions, exploring areas of policy that both directly concern biomedical issues (eg clinical trials, blood, tissue, medicinal products), as well as areas that deal only indirectly with these issues (eg topics on embryonic research in EU research policy),Footnote ³ emphasising that given the central role played by ethics in this framework, this area of policy is between form and substance. To illustrate this point, Hennete Vauchez gives a historical account of the Patent Directive, and proceeds to discuss the most pressing current challenges for EU biomedical law, demonstrated through several decisions by the CJEU and the ECtHR.

In his chapter, “Regulating New Technologies: EU Internal Market Law, Risk, and Socio-Technical Order”, Flear connects the EU regulation of health technologies and the internal market, in order to address European integration. Flear looks into negative integration (eg the prohibition of fiscal and non-fiscal barriers), where he discusses free movement, mutual recognition and the proportionality of derogations, as well as into positive integration, as he addresses the architecture of EU funding (eg Horizon 2020), and the role of intellectual property law in technoscientific development. Moreover, the chapter also explores research policy and regulation, in addition to product safety, which controls the harms and hazards likely to arise out of health technologies. While the four avenues of exploration are fantastically elaborate, the theme of European integration does not stand out on its own, leaving open the question of how the complex and somewhat inconsistent governance of health technologies affects the goals of European integration beyond initial considerations of regulatory harmonisation.

Hustinx’s chapter starts the second part of the book, focused on specific policy fields. His contribution on “EU Data Protection Law: The Review of Directive 95/46/EC and the General Data Protection Regulation” is a historical account of data protection and privacy regulation by CoE and the EU from the perspective of an expert who has served as the European Data Protection Supervisor for a decade (2004–2014). In his chapter, Hustinx provides an account of the statutory crystallisation of privacy and private life as fundamental rights after the Second World War, and the addition of the concept of “data protection” in the light of the increasingly automated processing of personal data. The chapter goes on to explore Directive 95/46/EC and relevant case law arising from it, including the “combined reading” by the Court of Justice of Articles 7 and 8 of the Charter of Fundamental Rights, and subsequently moves on to exploring the main features of and policy debates on the GDPR.Footnote ⁴ Perhaps unsurprisingly, the GDPR is portrayed as an instrument which aims to increase harmonisation and consistency in all Member States, support innovation and simplify regulatory compliance.

Sartor moves on to explore the right to be forgotten in the context of host providers’ liability and data protection, arguing that providers’ immunities must be maintained and strengthened in order to preserve the open and accessible nature of online information. Sartor then explores both the E-Commerce Directive and the GDPR, and shows that providers’ immunities, as introduced by the first, also apply to the latter, and this enhances freedom of speech and information. In what follows, Sartor discusses the right to be forgotten as developed by the CJEU and links it to the impact of sanctions on the behaviour of the parties. In doing so, he addresses the GDPR-based administrative sanctions for non-compliance with removal requests. To enhance information freedom, Sartor is of the opinion that the immunity of providers could be strengthened through removal procedures that would allow them to express their views before data protection authorities issues binding assessments of illegality.

Finally, Rijpma’s part reports how new technologies affect the EU’s migration and asylum policy. He first explores the EU regulatory framework, and investigates the concept of “migration technology”, which he defines as “new means, tools, machines and instruments deployed for the purpose of managing migration and asylum flows”.Footnote ⁵ He then moves on to discuss EU centralised databases created for the collection and exchange of personal data of non-EU citizens, while outlining the data protection rules applicable to such databases. Additionally, EUROSUR is discussed as an EU-wide cross-border operating model for information exchange. Rijpma raises alarm bells regarding the intrusive control exercised over people moving across the EU’s external borders, given the increased reliance on databases, and the automated collection of vast amounts of personal data by new technologies. Rijpma makes the point that such control needs to be subject to democratic scrutiny.

Overall, the contributions in this edited volume are excellent doctrinal pieces which explore complex aspects of technology governance in great detail. However, two promises are made yet not delivered. First, and this point is perhaps reflected in the volume genesis as bringing together a series of lectures: it showcases a series of rather predictable discussions. Health technologies, data protection and online intermediaries are indeed thought-provoking issues that have led to enjoyable reading, but – as it is shown by the historical accounts integrated in most contributions – calling the underlying technologies “new”, as the title of the volume holds, is a misnomer. This is also the case for most technologies currently explored by legal research (including specific research trends such as artificial intelligence and blockchain). Their development follows an incremental path of progress which has taken many decades. What could be new is the increased granularity of their implications. Second, while Cremona found an elegant argument to explain the horizontal and policy-specific division between the two parts of the book, the contributions are in fact united by two themes: health technology policy and regulation, and data protection. With this in mind, revisiting the initial questions the volume set out to answer, they seem too broad for what the contributions accomplish together.

Nevertheless, the volume retains considerable value given its focus on the historical exploration of technology policy and regulation in the EU, which is vital to understanding the complex governance facets of EU action in this respect.