Taiwan Announced the Biobanks Regulations and Management Practices

1、Chinese REACH has put into shape, how about Taiwan REACH? - A Perspective of Chinese Measures on Environmental Management of New Chemical Substances Taiwan food industry has been struck by the government agency's disclosure that certain unfaithful manufacturers have mixed toxic chemicals into the food additives for the past 30 years, and the chemicals may seriously threaten public health. This event has not only shocked the confidence of the customers to the industry, but also drew public attention on the well-management and the safe use of chemicals. In order to manage the fast advancing and widely applicable chemical substance appropriately, the laws and regulations among the international jurisprudences in recent years tend to regulate unfamiliar chemicals as “new chemical substances” and leverage registration systems to follow their use and import. REACH is one the most successful models which has been implemented by European Union since 2006. China, one of our most important business partners, has also learned from the EU experience and implemented its amended " Measures on Environmental Management of New Chemical Substances" (also known as "Chinese REACH") last year. It is not only a necessity for our industry which has invested or is running a business in China to realize how this new regulation may influence their business as differently , but also for our authority concerned to observe how can our domestic law and regulation may connect to this international trend. Therefore, except for briefing the content of Chinese REACH, this article may also review those existing law and regulations in Taiwan and observe the law making movement taken by our authority. We expect that the comparison and observation in this article may be a reference for our authorities concerned to map out a better environment for new chemical management. 2、The study on Taiwanese businessmen Join the Bid Invitation and Bidding of Science and Technology Project China government invests great funds in their Science and Technology Project management system, containing most of innovated technology. It also creates the great business opportunity for domestic industry. China government builds up a Bid Invitation and Bidding Procedure in the original Science and Technology Project Regime recent years, in order to make the regime become more open and full of transparency. It also improves Regime to become more fairness and efficiency. Taiwan industry may try to apply for those Science and Technology Project, due to this attractive opportunity, but they should understand china's legal system before they really do that. This Article will introduce the "Bid Invitation and Bidding Law of the Peoples Republic of China", and the "Provisional Regulation on Bid Invitation and Bidding of Science and Technology Project", then clarify applied relationship between the "Bid Invitation and Bidding Law of the Peoples Republic of China", and "Government Procurement Law of the Peoples Republic of China". It also analyzes "Bid Invitation and Bidding Procedure", "Administration of Contract Performance Procedure", "Inspection and Acceptance Procedure", and "Protest and Complaint Procedure, providing complete legal observation and opinion for Taiwan industry finally. Keyword Bid Invitation and Bidding Law of the Peoples Republic of China; Government Procurement Law of the Peoples Republic of China; Provisional Regulation on Bid Invitation and Bidding of Science and Technology Project; Applying for Science and Technology Project Regime; Bid Invitation and Bidding Procedure; Administration of Contract Performance Procedure; Inspection and Acceptance Procedure; Protest and Complaint Procedure. 3、Comparing the Decisions of the United States Supreme Court regarding Preempting Marketing Medical Devices and Drugs from State Tort Litigations with the Decision of a Hypothetical Case in Taiwan The investment costs of complying with pertinent laws and regulations for manufacturing, marketing, and profiting from drugs and medical devices (abbreviated as MD) are far higher than the costs necessary for securing a market permit. The usage of MD products contains the risk of harming their users or the patients, who might sue the manufacturer for damages in the court based on tort law. To help reduce the risk of such litigation, the industry should be aware of the laws governing the state tort litigations and the preemption doctrine of the federal laws of the United States. This article collected four critical decisions by the United States Supreme Court to analyze the requirements of federal preemption from the state tort litigations in these cases. The article also analyzed the issues of preemption in our law system in a hypothetical case. These issues include the competing regulatory requirements of the laws and regulations on the drugs and MDs and the Drug Injury Relief Act versus the Civil Code and the Consumer Protection Law. The article concluded: 1. The pre-market-approval of MD in the United States is exempted from the state tort litigations; 2. Brand-name-drug manufacturers must proactively update the drug label regarding severe risks evidenced by the latest findings; 3. Generic-drug manufacturers are exempted from the product liability litigations and not required to comply with the aforementioned brand-name-drug manufacturers' obligation; 4. No preemption issues are involved in these kinds of product liability litigations in our country; 5. The judge of general court is not bound by the approval of marketing of drug and MD; 6. The judge of general court is not bound by the determination and verdict of the Drug Injury Relief Act. 4、Through Computer-Aided Detection Software, Comparing by Discussing and Analyzing the Regulatory Requirements for Marketing Medical Devices in the United States and in Taiwan Computer-Aided Detection (CADe) software systematically assists medical doctors to detect suspicious diseased site(s) inside patients' bodies, and it would help patients receive proper medical treatments as soon as possible. Only few of this type of medical device (MD) have been legally marketed either in the United States of America (USA) or in Taiwan. This is a novel MD, and the rules regulating it are still under development. Thus, it is valuable to investigate and discuss its regulations. To clarify the requirements of legally marketing the MD, this article not only collects and summarizes the latest draft guidance announced by the USA, but also compares and analyzes the similarities and differences between USA and Taiwan, and further explains the logics that USA applies to clarify and qualify CADe for marketing, so that the Department of Health (DOH) in Taiwan could use them as references. Meanwhile, the article collects the related requirements by the Administrative Procedure Act and by the Freedom of Government Information Law of our nation, and makes the following suggestions on MD regulations to the DOH: creating product code in the system of categorization, providing clearer definition of classification, and actively announcing the (abbreviated) marketing route that secures legal permission for each individual product. 5、A Discussion on the Recent Cases Concerning the Joint Infringement of Method/Process Patents in the U.S. and Japan In the era of internet and mobile communication, practices of a method patent concerning innovative service might often involve several entities, and sometimes the method patent can only be infringed jointly. Joint infringement of method/process patents is an issue needed to be addressed by patent law, since it is assumed that a method patent can only be directly infringed by one entity to perform all the steps disclosed in the patent. In the U.S., CAFC has established the "control or direction" standard to address the issue, but the standard has been criticized and it is under revision now. In Japan, there is no clearly-established standard to address the issue of joint infringement, but it seems that the entity that controls and benefits from the joint infringement might be held liable. Based on its discussion about the recent development in the U.S. and Japan, this article attempts to provide some suggestions for inventors of innovative service models to use patents to protect their inventions properly: they should try to avoid describing their inventions in the way of being practiced by multi-entities, they should try to claim both method and system/apparatus inventions, and they should try to predict the potential infringement of their patents in order to address the problem of how to prove the infringement.

Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022 2022/11/24 I.Introduction 　　In 2012, the Taiwan Human Rights Promotion Association and other civil groups believe that the National Health Insurance Administration released the national health insurance database and other health insurance data for scholars to do research without consent, which may be unconstitutional and petitioned for constitutional interpretation. 　　Taiwan Human Rights Promotion Association believes that the state collects, processes, and utilizes personal data on a large scale with the "Personal Data Protection Law", but does not set up another law of conduct to control the exercise of state power, which has violated the principle of legal retention; the data is provided to third-party academic research for use, and the parties involved later Excessive restrictions on the right to withdraw go against the principle of proportionality. 　　The claimant criticized that depriving citizens of their prior consent and post-control rights to medical data is like forcing all citizens to unconditionally contribute data for use outside the purpose before they can use health insurance. The personal data law was originally established to "avoid the infringement of personality rights and promote the rational use of data", but in the insufficient and outdated design of the regulations, it cannot protect the privacy of citizens' information from infringement, and it is easy to open the door to the use of data for other purposes. 　　In addition, even if the health insurance data is de-identified, it is still "individual data" that can distinguish individuals, not "overall data." Health insurance data can be connected with other data of the Ministry of Health and Welfare, such as: physical and mental disability files, sexual assault notification files, etc., and you can also apply for bringing in external data or connecting with other agency data. Although Taiwan prohibits the export of original data, the risk of re-identification may also increase as the number of sources and types of data concatenated increases, as well as unspecified research purposes. 　　The constitutional court of Taiwan has made its judgment on the constitutionality of the personal data usage of National Health Insurance research database. The judgment, released on August 12, 2022, states that Article 6 of Personal Data Protection Act(PDPA), which asks“data pertaining to a natural person's medical records, healthcare, genetics, sex life, physical examination and criminal records shall not be collected, processed or used unless where it is necessary for statistics gathering or academic research by a government agency or an academic institution for the purpose of healthcare, public health, or crime prevention, provided that such data, as processed by the data provider or as disclosed by the data collector, may not lead to the identification of a specific data subject”does not violate Intelligible principle and Principle of proportionality. Therefore, PDPA does not invade people’s right to privacy and remains constitutional. 　　However, the judgment finds the absence of independent supervisory authority responsible for ensuring Taiwan institutions and bodies comply with data protection law, can be unconstitutional, putting personal data protection system on the borderline to failure. Accordingly, laws and regulations must be amended to protect people’s information privacy guaranteed by Article 22 of Constitution of the Republic of China (Taiwan). 　　In addition, the judgment also states it is unconstitutional that Articles 79 and 80 of National Health Insurance Law and other relevant laws lack clear provisions in terms of store, process, external transmission of Personal health insurance data held by Central Health Insurance Administration of the Ministry of Health and Welfare. 　　Finally, the Central Health Insurance Administration of the Ministry of Health and Welfare provides public agencies or academic research institutions with personal health insurance data for use outside the original purpose of collection. According to the overall observation of the relevant regulations, there is no relevant provision that the parties can request to “opt-out”; within this scope, it violates the intention of Article 22 of the Constitution to protect people's right to information privacy. II.Independent supervisory authority 　　According to Article 3 of Central Regulations and Standards Act, government agencies can be divided into independent agencies that can independently exercise their powers and operate autonomously, and non- independent agencies that must obey orders from their superiors. In Taiwan, the so-called "dedicated agency"(專責機關) does not fall into any type of agency defined by the Central Regulations and Standards Act. Dedicated agency should be interpreted as an agency that is responsible for a specific business and here is no other agency to share the business. 　　The European Union requires member states to set up independent regulatory agencies (refer to Articles 51 and 52 of General Data Protection Regulation (GDPR)). In General Data Protection Regulation and the adequacy reference guidelines, the specific requirements for personal data supervisory agencies are as follows: the country concerned should have one or more independent supervisory agencies; they should perform their duties completely independently and cannot seek or accept instructions; the supervisory agencies should have necessary and practicable powers, including the power of investigation; it should be considered whether its staff and budget can effectively assist its implementation. Therefore, in order to pass the EU's adequacy certification and implement the protection of people's privacy and information autonomy, major countries have set up independent supervisory agencies for personal data protection based on the GDPR standards. 　　According to this research, most countries have 5 to 10 commissioners that independently exercise their powers to supervise data exchange and personal data protection. In order to implement the powers and avoid unnecessary conflicts of interests among personnel, most of the commissioners are full-time professionals. Article 3 of Basic Code Governing Central Administrative Agencies Organizations defines independent agency as "A commission-type collegial organization that exercises its powers and functions independently without the supervision of other agencies, and operates autonomously unless otherwise stipulated." It is similar to Japan, South Korea, and the United States. III.Right to Opt-out 　　The judgment pointed out that the parties still have the right to control afterwards the personal information that is allowed to be collected, processed and used without the consent of the parties or that meets certain requirements. Although Article 11 of PDPA provides for certain parties to exercise the right to control afterwards, it does not cover all situations in which personal data is used, such as: legally collecting, processing or using correct personal data, and its specific purpose has not disappeared, In the event that the time limit has not yet expired, so the information autonomy of the party cannot be fully protected, the subject, cause, procedure, effect, etc. of the request for suspension of use should be clearly stipulated in the revised law, and exceptions are not allowed. 　　The United Kingdom is of great reference. In 2017, after the British Information Commissioner's Office (ICO) determined that the data sharing agreement between Google's artificial intelligence DeepMind and the British National Health Service (NHS) violated the British data protection law, the British Department of Health and Social Care proposed National data opt-out Directive in May, 2018. British health and social care-related institutions may refer to the National Data Opt-out Operational Policy Guidance Document published by the National Health Service in October to plan the mechanism for exercising patient's opt-out right. The guidance document mainly explains the overall policy on the exercise of the right to opt-out, as well as the specific implementation of suggested practices, such as opt-out response measures, methods of exercising the opt-out right, etc. 　　National Data Opt-out Operational Policy Guidance Document also includes exceptions and restrictions on the right to opt-out. The Document stipulates that exceptions may limit the right to Opt-out, including: the sharing of patient data, if it is based on the consent of the parties (consent), the prevention and control of infectious diseases (communicable disease and risks to public health), major public interests (overriding) Public interest), statutory obligations, or cooperation with judicial investigations (information required by law or court order), health and social care-related institutions may exceptionally restrict the exercise of the patient's right to withdraw. 　　What needs to be distinguished from the situation in Taiwan is that when the UK first collected public information and entered it into the NHS database, there was already a law authorizing the NHS to search and use personal information of the public. The right to choose to enter or not for the first time; and after their personal data has entered the NHS database, the law gives the public the right to opt-out. Therefore, the UK has given the public two opportunities to choose through the enactment of special laws to protect public's right to information autonomy. 　　At present, the secondary use of data in the health insurance database does not have a complete legal basis in Taiwan. At the beginning, the data was automatically sent in without asking for everyone’s consent, and there was no way to withdraw when it was used for other purposes, therefore it was s unconstitutional. Hence, in addition to thinking about what kind of provisions to add to the PDPA as a condition for "exception and non-request for cessation of use", whether to formulate a special law on secondary use is also worthy of consideration by the Taiwan government. IV.De-identification 　　According to the relevant regulations of PDPA, there is no definition of "de-identification", resulting in a conceptual gap in the connotation. In other words, what angle or standard should be used to judge that the processed data has reached the point where it is impossible to identify a specific person. In judicial practice, it has been pointed out that for "data recipients", if the data has been de-identified, the data will no longer be regulated by PDPA due to the loss of personal attributes, and it is even further believed that de-identification is not necessary. 　　However, the Judgment No. 13 of Constitutional Court, pointed out that through de-identification measures, ordinary people cannot identify a specific party without using additional information, which can be regarded as personal data of de-identification data. Therefore, the judge did not give an objective standard for de-identification, but believed that the purpose of data utilization and the risk of re-identification should be measured on a case-by-case basis, and a strict review of the constitutional principle of proportionality should be carried out. So far, it should be considered that the interpretation of the de-identification standard has been roughly finalized. V.Conclusions 　　The judge first explained that if personal information is processed, the type and nature of the data can still be objectively restored to indirectly identify the parties, no matter how simple or difficult the restoration process is, if the data is restored in a specific way, the parties can still be identified. personal information. Therefore, the independent control rights of the parties to such data are still protected by Article 22 of the Constitution. 　　Conversely, when the processed data objectively has no possibility to restore the identification of individuals, it loses the essence of personal data, and the parties concerned are no longer protected by Article 22 of the Constitution. 　　Based on this, the judge declared that according to Article 6, Item 1, Proviso, Clause 4 of the PDPA, the health insurance database has been processed so that the specific party cannot be identified, and it is used by public agencies or academic research institutions for medical and health purposes. Doing necessary statistical or academic research complies with the principles of legal clarity and proportionality, and does not violate the Constitution. 　　However, the judge believes that the current personal data law or other relevant regulations still lack an independent supervision mechanism for personal data protection, and the protection of personal information privacy is insufficient. In addition, important matters such as personal health insurance data can be stored, processed, and transmitted externally by the National Health Insurance Administration in a database; the subject, purpose, requirements, scope, and method of providing external use; and organizational and procedural supervision and protection mechanisms, etc. Articles 79 and 80 of the Health Insurance Law and other relevant laws lack clear provisions, so they are determined to be unconstitutional. 　　In the end, the judge found that the relevant laws and regulations lacked the provisions that the parties can request to stop using the data, whether it is the right of the parties to request to stop, or the procedures to be followed to stop the use, there is no relevant clear text, obviously the protection of information privacy is insufficient. Therefore, regarding unconstitutional issues, the Constitutional Court ordered the relevant agencies to amend the Health Insurance Law and related laws within 3 years, or formulate specific laws.

An Analysis of the Recusal Mechanism in the Latest Revision of the Government Procurement Act and Regulations Governing Procurements for Scientific and Technological Research and Development 1. Introduction 　　Article 1 of the Government Procurement Act (hereinafter referred to as the Act) reveals that “This Act is enacted to establish a government procurement system that has fair and open procurement procedures, promotes the efficiency and effectiveness of government procurement operation, and ensures the quality of procurement.” Therefore, a recusal mechanism for reviewing qualification/disqualification of tenders and bidders is highly essential, for example, the head of the agency or its related persons should disclose the conflict of interests. After amended and promulgated on May 22, 2019 (Presidential Decree Hua-tzung-1 Yi No. 10800049691), the Act was revised with the identical legislative principle of the Act on Recusal of Public Servants Due to Conflicts of Interest. In other words, a more flexible and transparent mechanism has been adopted, which is more advanced and ideal for both procurement authority and external supervisors. 2. The New Recusal Mechanism of the Act Enhances the Flexibility and Transparency 　　The revision struck out the Paragraph 4, Article 15 of the Act, and the regulation related to the recusal mechanism shall be comply with the Act on Recusal of Public Servants Due to Conflicts of Interest, especially the qualification/disqualification provision of the “related persons.” The new government procurement procedure adopted a more flexible and transparent practice, “disclosure in advance and publication afterwards.” The detailed analysis is as follows. (1) Before the Act amended, the personnel of a procuring entity and its related persons shall withdraw themselves from the procurement. 　　Before the Act amended, the personnel of a procuring entity and its related persons shall withdraw themselves from the procurement. According to the previous Paragraph 4 of Article 15 (4), “Suppliers or persons in charge shall not participate in the procurement if they have connections with the agency’s head described in Paragraph 2. However, if the implementation of this paragraph is against fair competition or public interest, the exclusion can be exempted with the authority’s approval.” The Paragraph 2 mentioned specified, “The personnel of a procuring entity shall withdraw themselves from procurement and all related matters thereof if they or their spouses, relatives by blood or by marriage within three degrees, or family members living together with them have interests involved therein.” Simply put, legislators considered that suppliers or persons in charge shall not participate in an agency's procurement if they have conflict of interests with its head. For instance, the spouses, all the relatives within the third degree by consanguinity (blood) or by affinity (marriage), or family members living together with the head of the agency, cannot involve in the procurement of the agency. Furthermore, if a legal entity or an organization is directed by the relatives of the head of a government agency mentioned, it is disqualified from the procurement. (2) After the Act amended, the recusal of related persons substituted by self-disclosure and information publication norms 　　According to the Amendment, the Act was amended because the content of the article is existed in Article 9 of Act on Recusal of Public Servants Due to Conflicts of Interest; thus, Article 15 of the Act is hereby deleted. Recalling Article 9 of the previous Act on Recusal of Public Servants Due to Conflicts of Interest, “A public servant and his related persons shall not conduct transactions such as subsidizing, sales, lease, contracting, or other transactions conducted with consideration with the organ with which the public servant serves or the organs under his supervision.” For this reason, the amendment to Article 15 of Government Procurement Act is to regulate the mechanism of withdrawal of relevant parties by Article 14 of the existing Act on Recusal of Public Servants Due to Conflicts of Interest. However, the amendment of this article is greatly affected by the interpretation of judicial court no. 716, so it is necessary to briefly describe its key points as follows. 　　On the basis of the Judicial Yuan Justice Interpretation No. 716 [Transactions between public officials and their associates and service agencies shall be prohibited), adopting a constitutional interpretation of Article 9 of Act on Recusal of Public Servants Due to Conflicts of Interest, grand justice agreed this article does not contradict the proportion principle of article 23 of Constitution of the Republic of China (Taiwan), and it does not violate Article 15 “The right of existence, the right of work, and the right of property shall be guaranteed to the people” and Article 22 “All other freedoms and rights of the people that are not detrimental to social order or public welfare shall be guaranteed under the Constitution”, either. However, for public officials, if they are not allowed to participate in trading competition, it will result in the monopoly of other minority traders, which is not conducive to the public interest. Therefore, this interpretation holds that if the agency has conducted open and fair procedures in the transaction process, and there is sufficient anti-fraud regulation, whether there is still a risk of improper benefit transmission or conflict of interest, and it is necessary to prohibit the transaction of public officials' associates, the relevant authorities should make comprehensive review and improvement as soon as possible. 　　Accordingly, following interpretation no. 716, Act on Recusal of Public Servants Due to Conflicts of Interest was amended and published with 23 articles on 13 June, 2018. The withdrawal of interested parties is provided for in Article 14 and an additional six exceptions are provided, including: (1) The procurement carried out by public notice under the Government Procurement Act or pursuant to Article 105 of the same Act. (2) The property right in interest created for the procurement, sale by tender, lease by tender or tender solicitation carried out by public notice in a fair competitive manner pursuant to laws. (3) Subsidy requested in the legal capacity under laws; the subsidy to the public servant’s related person in an open and fair manner pursuant to laws, or the subsidy which might be against the public interest if it is prohibited and is granted subject to the competent authority’s approval. (4) The subject matter of the transaction is provided by the organ with which the public servant serves or the organs under his supervision, and traded at the official price. (5) The lease, acquisition, discretionary management, improvement and utilization of national non-public real estate requested by the state-owned enterprise in order to execute the national construction projects or public policies, or for the purpose of public welfare. (6) The subsidy and transaction under the specific amount. 　　The above amendments make the transactions between public officials and related parties that should be avoided in the past partially flexible now. In accordance with Paragraph 2 of the same article, in the case of the first three paragraphs of the proviso of Paragraph 1, the applicant or bidder shall voluntarily state his/her identity in the application or tender documents. After the subsidy or transaction is established, the agency shall disclose it together with its identity. That is to say, the self-disclosure is required beforehand and the information will go public afterwards to meet public expectations of transparency. This is also conducive to the supervision of all sectors, and conforms to the intention of the grand justice’s interpretation. 　　The reason why there is no need for government procurement to withdrawal is that the announcement process of the procurement is made in accordance with Government Procurement Act (including open tendering, selective tendering and restricted tendering through the announcement). There are strict procedures to follow and there is no conflict between the conflict of interest of public officials and the spirit of legislation. As to Paragraph 2 of other legal orders, the property right in interest created for the procurement, sale by tender, lease by tender or tender solicitation carried out by public notice in a fair competitive manner pursuant to laws. The legislative explanations are exemplified by the procurement (e.g. procurements for scientific and technological research and development) handled by the announcement in accordance with Fundamental Science and Technology Act. 3. Conclusion: It is suggested that relevant withdrawal regulations should be amended as soon as possible in procurements for scientific and technological research and development 　　The strike-out of the recusal provision of the Act does not mean that government procurement stoke out the recusal mechanism. The recusal mechanism is still stated in Article 14 of Act on Recusal of Public Servants Due to Conflicts of Interest. In addition to the advantages of the same regulations on the prohibition of transactions between related parties, it also enables the regulators with open and fair procedures and sufficient prevention of fraud, such as government procurement, to avoid evading so as not to harm the public interest. At the same time, supplemented by open and transparent disclosure, the amendment is a positive change of legislation. 　　Meanwhile, this paper believes that Government Procurement Act has adopted the mechanism of flexibility and transparency requirements for the procurement object avoidance regulations, and procurements for scientific and technological research and development should revise relevant withdrawal regulations as soon as possible. In accordance with Paragraph 4 of Article 6 of Fundamental Science and Technology Act and the authorization, Regulations Governing Procurements for Scientific and Technological Research and Development (hereinafter referred to as the regulatory regulations) is established. According to Article 8 (2) and (3) of the regulation, a responsible person, partner, or representative of the public school, public research institute (organization), or juristic person or entity performing the scientific research procurement may not serve as a responsible person, partner, or representative of the supplier. The supplier and the juristic person or entity performing the scientific research procurement may not at the same time be affiliated with each other, or affiliated to the same other enterprise. From the perspective of the article structure, the withdrawal regulation for scientific research procurement is within the norm of Article 15 of Government Procurement Act before the amendment, but it includes regulations for affiliated enterprises, which is not included in Article 15. The amendment to Article 14 of Act on Recusal of Public Servants Due to Conflicts of Interest also states that the proviso of Paragraph 1 of scientific research procurement “other procurements that are regulated by fair competition and by means of an announcement procedure” can also prove that the mechanism for scientific research procurement should adopt this provision. Therefore, it is recommended that the original procurements for scientific and technological research that is independent from Government Procurement Act should be amended by the competent authority as soon as possible in order to comply with the relevant provisions of Article 8 of Regulations Governing Procurements for Scientific and Technological Research and Development and to comply with the original intention of the Regulations Governing Procurements for Scientific and Technological Research and Development, and to avoid stricter regulations on scientific procurement than government procurement. Meanwhile, it is in accordance with the spirit of the grand justice’s interpretation No. 716.

The Institutionalization of the Taiwan Personal Data Protection Committee - Triumph of Digital Constitutionalism: A Legal Positivism Analysis 2023/07/13 The Legislative Yuan recently passed an amendment to the Taiwan Personal Data Protection Act, which resulted in the institutionalization of the Taiwan Personal Data Protection Commission (hereunder the “PDPC”)[1]. This article aims to analyze the significance of this institutionalization from three different perspectives: legal positivism, digital constitutionalism, and Millian liberalism. By examining these frameworks, we can better understand the constitutional essence of sovereignty, the power dynamics among individuals, businesses, and governments, and the paradox of freedom that the PDPC addresses through governance and trust. I.Three Layers of Significance 1.Legal Positivism The institutionalization of the PDPC fully demonstrates the constitutional essence of sovereignty in the hands of citizens. Legal positivism emphasizes the importance of recognizing and obeying (the sovereign, of which it is obeyed by all but does not itself obey to anyone else, as Austin claims) laws that are enacted by legitimate authorities[2]. In this context, the institutionalization of the PDPC signifies the recognition of citizens' rights to control their personal data and the acknowledgment of the sovereign in protecting their privacy. It underscores the idea that the power to govern personal data rests with the individuals themselves, reinforcing the principles of legal positivism regarding sovereign Moreover, legal positivism recognizes the authority of the state in creating and enforcing laws. The institutionalization of the PDPC as a specialized commission with the power to regulate and enforce personal data protection laws represents the state's recognition of the need to address the challenges posed by the digital age. By investing the PDPC with the authority to oversee the proper handling and use of personal data, the state acknowledges its responsibility to protect the rights and interests of its citizens. 2.Digital Constitutionalism The institutionalization of the PDPC also rebalances the power structure among individuals, businesses, and governments in the digital realm[3]. Digital constitutionalism refers to the principles and norms that govern the relationship between individuals and the digital sphere, ensuring the protection of rights and liberties[4]. With the rise of technology and the increasing collection and use of personal data, individuals often find themselves at a disadvantage compared to powerful entities such as corporations and governments[5]. However, the PDPC acts as a regulatory body that safeguards individuals' interests, rectifying the power imbalances and promoting digital constitutionalism. By establishing clear rules and regulations regarding the collection, use, and transfer of personal data, the PDPC may set a framework that ensures the protection of individuals' privacy and data rights. It may enforce accountability among businesses and governments, holding them responsible for their data practices and creating a level playing field where individuals have a say in how their personal data is handled. 3.Millian Liberalism The need for the institutionalization of the PDPC embodies the paradox of freedom, as raised in John Stuart Mill’s “On Liberty”[6], where Mill recognizes that absolute freedom can lead to the infringement of others' rights and well-being. In this context, the institutionalization of the PDPC acknowledges the necessity of governance to mitigate the risks associated with personal data protection. In the digital age, the vast amount of personal data collected and processed by various entities raises concerns about privacy, security, and potential misuse. The institutionalization of the PDPC represents a commitment to address these concerns through responsible governance. By setting up rules, regulations, and enforcement mechanisms, the PDPC ensures that individuals' freedoms are preserved without compromising the rights and privacy of others. It strikes a delicate balance between individual autonomy and the broader social interest, shedding light on the paradox of freedom. II.Legal Positivism: Function and Authority of the PDPC 1.John Austin's Concept of Legal Positivism: Sovereignty, Punishment, Order To understand the function and authority of the PDPC, we turn to John Austin's concept of legal positivism. Austin posited that laws are commands issued by a sovereign authority and backed by sanctions[7]. Sovereignty entails the power to make and enforce laws within a given jurisdiction. In the case of the PDPC, its institutionalization by the Legislative Yuan reflects the recognition of its authority to create and enforce regulations concerning personal data protection. The PDPC, as an independent and specialized committee, possesses the necessary jurisdiction and competence to ensure compliance with the law, administer punishments for violations, and maintain order in the realm of personal data protection. 2.Dire Need for the Institutionalization of the PDPC There has been a dire need for the establishment of the PDPC following the Constitutional Court's decision in August 2022, holding that the government needed to establish a specific agency in charge of personal data-related issues[8]. This need reflects John Austin's concept of legal positivism, as it highlights the demand for a legitimate and authoritative body to regulate and oversee personal data protection. The PDPC's institutionalization serves as a response to the growing concerns surrounding data privacy, security breaches, and the increasing reliance on digital platforms. It signifies the de facto recognition of the need for a dedicated institution to safeguard the individual’s personal data rights, reinforcing the principles of legal positivism. Furthermore, the institutionalization of the PDPC demonstrates the responsiveness of the legislative branch to the evolving challenges posed by the digital age. The amendment to the Taiwan Personal Data Protection Act and the subsequent institutionalization of the PDPC are the outcomes of a democratic process, reflecting the will of the people and their desire for enhanced data protection measures. It signifies a commitment to uphold the rule of law and ensure the protection of citizens' rights in the face of emerging technologies and their impact on privacy. 3.Authority to Define Cross-Border Transfer of Personal Data Upon the establishment of the PDPC, it's authority to define what constitutes a cross-border transfer of personal data under Article 21 of the Personal Data Protection Act will then align with John Austin's theory on order. According to Austin, laws bring about order by regulating behavior and ensuring predictability in society. By granting the PDPC the power to determine cross-border data transfers, the legal framework brings clarity and consistency to the process. This promotes order by establishing clear guidelines and standards, reducing uncertainty, and enhancing the protection of personal data in the context of international data transfers. The PDPC's authority in this regard reflects the recognition of the need to regulate and monitor the cross-border transfer of personal data to protect individuals' privacy and prevent unauthorized use or abuse of their information. It ensures that the transfer of personal data across borders adheres to legal and ethical standards, contributing to the institutionalization of a comprehensive framework for cross-border data transfer. III.Conclusion In conclusion, the institutionalization of the Taiwan Personal Data Protection Committee represents the convergence of legal positivism, digital constitutionalism, and Millian liberalism. It signifies the recognition of citizens' sovereignty over their personal data, rebalances power dynamics in the digital realm, and addresses the paradox of freedom through responsible governance. By analyzing the PDPC's function and authority in the context of legal positivism, we understand its role as a regulatory body to maintain order and uphold the principles of legal positivism. The institutionalization of the PDPC serves as a milestone in Taiwan's commitment to protect individuals' personal data and safeguard the digital rights. In essence, the institutionalization of the Taiwan Personal Data Protection Committee represents a triumph of digital constitutionalism, where individuals' rights and interests are safeguarded, and power imbalances are rectified. It also embodies the recognition of the paradox of freedom and the need for responsible governance in the digital age in Taiwan. [1] Lin Ching-yin & Evelyn Yang, Bill to establish data protection agency clears legislative floor, CNA English News, FOCUS TAIWAN, May 16, 2023, https://focustaiwan.tw/society/202305160014 (last visited, July 13, 2023). [2] Legal positivism, Stanford Encyclopedia of Philosophy, https://plato.stanford.edu/entries/legal-positivism/?utm_source=fbia (last visited July 13, 2023). [3] Edoardo Celeste, Digital constitutionalism: how fundamental rights are turning digital, (2023): 13-36, https://doras.dcu.ie/28151/1/2023_Celeste_DIGITAL%20CONSTITUTIONALISM_%20HOW%20FUNDAMENTAL%20RIGHTS%20ARE%20TURNING%20DIGITAL.pdf (last visited July 3, 2023). [4] GIOVANNI DE GREGORIO, DIGITAL CONSTITUTIONALISM IN EUROPE: REFRAMING RIGHTS AND POWERS IN THE ALGORITHMIC SOCIETY 218 (2022). [5] Celeste Edoardo, Digital constitutionalism: how fundamental rights are turning digital (2023), https://doras.dcu.ie/28151/1/2023_Celeste_DIGITAL%20CONSTITUTIONALISM_%20HOW%20FUNDAMENTAL%20RIGHTS%20ARE%20TURNING%20DIGITAL.pdf (last visited July 13, 2023). [6]JOHN STUART MILL,On Liberty (1859), https://openlibrary-repo.ecampusontario.ca/jspui/bitstream/123456789/1310/1/On-Liberty-1645644599.pdf (last visited July 13, 2023). [7] Legal positivism, Stanford Encyclopedia of Philosophy, https://plato.stanford.edu/entries/legal-positivism/?utm_source=fbia (last visited July 13, 2023). [8] Lin Ching-yin & Evelyn Yang, Bill to establish data protection agency clears legislative floor, CNA English News, FOCUS TAIWAN, May 16, 2023, https://focustaiwan.tw/society/202305160014 (last visited, July 13, 2023).