The middle-out approach: assessing models of legal governance in data protection, artificial intelligence, and the Web of Data

All models of legal governance and most regulatory options have to do with 'top-down' solutions as an essential ingredient of the approach. Such models may include 'bottom-up' forms of self-regulation, such as in forms of ex post regulation, or unenforced self-regulation. This paper focuses on what lies in between such top-down and bottom-up approaches, namely, the middle-out interface of the analysis. Within the EU legal framework, this middle-out layer is mainly associated with forms of co-regulation, as defined by Recital 44 of the 2010 AVMS Directive and Article 5(2) of the GDPR. However, there are also additional models on how we should grasp the middle-out layer of legal regulation, as shown by the debates on the governance of AI and the Web of Data. For example, the debates on issues such as monitored self-regulation, coordination mechanisms for good AI governance, and 'wind-rose' models for the Web of Data make it clear that co-regulation is not the only alternative to both bottom-up and top-down approaches. From a methodological viewpoint, the middle-out approach sheds light on three different kinds of issues that regard (i) how to strike a balance between multiple regulatory systems; (ii) how to align primary and secondary rules of the law; and (iii) how to properly coordinate bottom-up and top-down policy choices. The increasing complexity of technological regulation recommends new models of governance that revolve around this middle-out analytical ground.