The Institutionalization of the Taiwan Personal Data Protection Committee - Triumph of Digital Constitutionalism: A Legal Positivism Analysis

Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022 2022/11/24 I.Introduction 　　In 2012, the Taiwan Human Rights Promotion Association and other civil groups believe that the National Health Insurance Administration released the national health insurance database and other health insurance data for scholars to do research without consent, which may be unconstitutional and petitioned for constitutional interpretation. 　　Taiwan Human Rights Promotion Association believes that the state collects, processes, and utilizes personal data on a large scale with the "Personal Data Protection Law", but does not set up another law of conduct to control the exercise of state power, which has violated the principle of legal retention; the data is provided to third-party academic research for use, and the parties involved later Excessive restrictions on the right to withdraw go against the principle of proportionality. 　　The claimant criticized that depriving citizens of their prior consent and post-control rights to medical data is like forcing all citizens to unconditionally contribute data for use outside the purpose before they can use health insurance. The personal data law was originally established to "avoid the infringement of personality rights and promote the rational use of data", but in the insufficient and outdated design of the regulations, it cannot protect the privacy of citizens' information from infringement, and it is easy to open the door to the use of data for other purposes. 　　In addition, even if the health insurance data is de-identified, it is still "individual data" that can distinguish individuals, not "overall data." Health insurance data can be connected with other data of the Ministry of Health and Welfare, such as: physical and mental disability files, sexual assault notification files, etc., and you can also apply for bringing in external data or connecting with other agency data. Although Taiwan prohibits the export of original data, the risk of re-identification may also increase as the number of sources and types of data concatenated increases, as well as unspecified research purposes. 　　The constitutional court of Taiwan has made its judgment on the constitutionality of the personal data usage of National Health Insurance research database. The judgment, released on August 12, 2022, states that Article 6 of Personal Data Protection Act(PDPA), which asks“data pertaining to a natural person's medical records, healthcare, genetics, sex life, physical examination and criminal records shall not be collected, processed or used unless where it is necessary for statistics gathering or academic research by a government agency or an academic institution for the purpose of healthcare, public health, or crime prevention, provided that such data, as processed by the data provider or as disclosed by the data collector, may not lead to the identification of a specific data subject”does not violate Intelligible principle and Principle of proportionality. Therefore, PDPA does not invade people’s right to privacy and remains constitutional. 　　However, the judgment finds the absence of independent supervisory authority responsible for ensuring Taiwan institutions and bodies comply with data protection law, can be unconstitutional, putting personal data protection system on the borderline to failure. Accordingly, laws and regulations must be amended to protect people’s information privacy guaranteed by Article 22 of Constitution of the Republic of China (Taiwan). 　　In addition, the judgment also states it is unconstitutional that Articles 79 and 80 of National Health Insurance Law and other relevant laws lack clear provisions in terms of store, process, external transmission of Personal health insurance data held by Central Health Insurance Administration of the Ministry of Health and Welfare. 　　Finally, the Central Health Insurance Administration of the Ministry of Health and Welfare provides public agencies or academic research institutions with personal health insurance data for use outside the original purpose of collection. According to the overall observation of the relevant regulations, there is no relevant provision that the parties can request to “opt-out”; within this scope, it violates the intention of Article 22 of the Constitution to protect people's right to information privacy. II.Independent supervisory authority 　　According to Article 3 of Central Regulations and Standards Act, government agencies can be divided into independent agencies that can independently exercise their powers and operate autonomously, and non- independent agencies that must obey orders from their superiors. In Taiwan, the so-called "dedicated agency"(專責機關) does not fall into any type of agency defined by the Central Regulations and Standards Act. Dedicated agency should be interpreted as an agency that is responsible for a specific business and here is no other agency to share the business. 　　The European Union requires member states to set up independent regulatory agencies (refer to Articles 51 and 52 of General Data Protection Regulation (GDPR)). In General Data Protection Regulation and the adequacy reference guidelines, the specific requirements for personal data supervisory agencies are as follows: the country concerned should have one or more independent supervisory agencies; they should perform their duties completely independently and cannot seek or accept instructions; the supervisory agencies should have necessary and practicable powers, including the power of investigation; it should be considered whether its staff and budget can effectively assist its implementation. Therefore, in order to pass the EU's adequacy certification and implement the protection of people's privacy and information autonomy, major countries have set up independent supervisory agencies for personal data protection based on the GDPR standards. 　　According to this research, most countries have 5 to 10 commissioners that independently exercise their powers to supervise data exchange and personal data protection. In order to implement the powers and avoid unnecessary conflicts of interests among personnel, most of the commissioners are full-time professionals. Article 3 of Basic Code Governing Central Administrative Agencies Organizations defines independent agency as "A commission-type collegial organization that exercises its powers and functions independently without the supervision of other agencies, and operates autonomously unless otherwise stipulated." It is similar to Japan, South Korea, and the United States. III.Right to Opt-out 　　The judgment pointed out that the parties still have the right to control afterwards the personal information that is allowed to be collected, processed and used without the consent of the parties or that meets certain requirements. Although Article 11 of PDPA provides for certain parties to exercise the right to control afterwards, it does not cover all situations in which personal data is used, such as: legally collecting, processing or using correct personal data, and its specific purpose has not disappeared, In the event that the time limit has not yet expired, so the information autonomy of the party cannot be fully protected, the subject, cause, procedure, effect, etc. of the request for suspension of use should be clearly stipulated in the revised law, and exceptions are not allowed. 　　The United Kingdom is of great reference. In 2017, after the British Information Commissioner's Office (ICO) determined that the data sharing agreement between Google's artificial intelligence DeepMind and the British National Health Service (NHS) violated the British data protection law, the British Department of Health and Social Care proposed National data opt-out Directive in May, 2018. British health and social care-related institutions may refer to the National Data Opt-out Operational Policy Guidance Document published by the National Health Service in October to plan the mechanism for exercising patient's opt-out right. The guidance document mainly explains the overall policy on the exercise of the right to opt-out, as well as the specific implementation of suggested practices, such as opt-out response measures, methods of exercising the opt-out right, etc. 　　National Data Opt-out Operational Policy Guidance Document also includes exceptions and restrictions on the right to opt-out. The Document stipulates that exceptions may limit the right to Opt-out, including: the sharing of patient data, if it is based on the consent of the parties (consent), the prevention and control of infectious diseases (communicable disease and risks to public health), major public interests (overriding) Public interest), statutory obligations, or cooperation with judicial investigations (information required by law or court order), health and social care-related institutions may exceptionally restrict the exercise of the patient's right to withdraw. 　　What needs to be distinguished from the situation in Taiwan is that when the UK first collected public information and entered it into the NHS database, there was already a law authorizing the NHS to search and use personal information of the public. The right to choose to enter or not for the first time; and after their personal data has entered the NHS database, the law gives the public the right to opt-out. Therefore, the UK has given the public two opportunities to choose through the enactment of special laws to protect public's right to information autonomy. 　　At present, the secondary use of data in the health insurance database does not have a complete legal basis in Taiwan. At the beginning, the data was automatically sent in without asking for everyone’s consent, and there was no way to withdraw when it was used for other purposes, therefore it was s unconstitutional. Hence, in addition to thinking about what kind of provisions to add to the PDPA as a condition for "exception and non-request for cessation of use", whether to formulate a special law on secondary use is also worthy of consideration by the Taiwan government. IV.De-identification 　　According to the relevant regulations of PDPA, there is no definition of "de-identification", resulting in a conceptual gap in the connotation. In other words, what angle or standard should be used to judge that the processed data has reached the point where it is impossible to identify a specific person. In judicial practice, it has been pointed out that for "data recipients", if the data has been de-identified, the data will no longer be regulated by PDPA due to the loss of personal attributes, and it is even further believed that de-identification is not necessary. 　　However, the Judgment No. 13 of Constitutional Court, pointed out that through de-identification measures, ordinary people cannot identify a specific party without using additional information, which can be regarded as personal data of de-identification data. Therefore, the judge did not give an objective standard for de-identification, but believed that the purpose of data utilization and the risk of re-identification should be measured on a case-by-case basis, and a strict review of the constitutional principle of proportionality should be carried out. So far, it should be considered that the interpretation of the de-identification standard has been roughly finalized. V.Conclusions 　　The judge first explained that if personal information is processed, the type and nature of the data can still be objectively restored to indirectly identify the parties, no matter how simple or difficult the restoration process is, if the data is restored in a specific way, the parties can still be identified. personal information. Therefore, the independent control rights of the parties to such data are still protected by Article 22 of the Constitution. 　　Conversely, when the processed data objectively has no possibility to restore the identification of individuals, it loses the essence of personal data, and the parties concerned are no longer protected by Article 22 of the Constitution. 　　Based on this, the judge declared that according to Article 6, Item 1, Proviso, Clause 4 of the PDPA, the health insurance database has been processed so that the specific party cannot be identified, and it is used by public agencies or academic research institutions for medical and health purposes. Doing necessary statistical or academic research complies with the principles of legal clarity and proportionality, and does not violate the Constitution. 　　However, the judge believes that the current personal data law or other relevant regulations still lack an independent supervision mechanism for personal data protection, and the protection of personal information privacy is insufficient. In addition, important matters such as personal health insurance data can be stored, processed, and transmitted externally by the National Health Insurance Administration in a database; the subject, purpose, requirements, scope, and method of providing external use; and organizational and procedural supervision and protection mechanisms, etc. Articles 79 and 80 of the Health Insurance Law and other relevant laws lack clear provisions, so they are determined to be unconstitutional. 　　In the end, the judge found that the relevant laws and regulations lacked the provisions that the parties can request to stop using the data, whether it is the right of the parties to request to stop, or the procedures to be followed to stop the use, there is no relevant clear text, obviously the protection of information privacy is insufficient. Therefore, regarding unconstitutional issues, the Constitutional Court ordered the relevant agencies to amend the Health Insurance Law and related laws within 3 years, or formulate specific laws.

With the coming of the Innovation-based economy era, technology research has become the tool of advancing competitive competence for enterprises and academic institutions. Each country not only has begun to develop and strengthen their competitiveness of industrial technology but also has started to establish related mechanism for important technology areas selected or legal analysis. By doing so, they hope to promote collaboration of university-industry research, completely bring out the economic benefits of the R & D. and select the right technology topics. To improve the depth of research cooperation and collect strategic advice, we have to use legislation system, but also social communication mechanism to explore the values and practical recommendations that need to be concerned in policy-making. This article in our research begins with establishing a mechanism for collecting diverse views on the subject, and shaping more efficient dialogue space. Finally, through the process of practicing, this study effectively collects important suggestions of practical experts.

Introduction to the “Public Procurement for Startups” mechanism I.Backgrounds 　　According to the EU’s statistics, government procurement budget accounted for over 14% of GDP. And, according to the media report, the total amount of government procurement in Taiwan in 2017 accounted for nearly 8%. Therefore, the government’s procurement power has gradually become a policy tool for the government to promote the development of innovative products and services. 　　In 2017, the Executive Yuan of the R.O.C.（Taiwan）announced a government procurement policy named “Government as Good Partners with Startups （政府成為新創好夥伴）”[1] to encourage government agencies and State-owned Enterprises to procure and adopt innovative goods or services provided by startups. This policy was subsequently implemented through an action plan named “Public Procurement for Startups”（新創採購）[2] by the Small and Medium Enterprise Administration（SMEA）.The action plan mainly includes two important parts：One created the procurement process for startups to enter the government contracts market through inter-entities contracts. The other accelerated the collaboration of the government agencies and startups through empirical demonstration. II.Facilitating the procurement process for startups to enter the government market 　　In order to help startups enter the government contracts market in a more efficient way, the SMEA conducts the procurement of inter-entity supply contracts with suppliers, especially startups, for the supply of innovative goods or services. An inter-entity supply contract[3] is a special contractual framework, under which the contracting entity on behalf of two or more other contracting parties signs a contract with suppliers and formulates the specifics and price of products or services provided through the public procurement process. Through the process of calling for tenders, price competition and so on, winning tenderers will be selected and listed on the Government E-Procurement System. This framework allows those contracting entities obtain orders and acquire products or services which they need in a more efficient way so it increases government agencies’ willingness to procure and use innovative products and services. 　　From 2018, the SMEA started to undertake the survey of innovative products and services that government agencies usually needed and conducted the procurement of inter-entity supply contracts for two rounds every year. As a result, the SMEA plays an important role to bridge the demand and supply sides for innovative products or services by means of implementing the forth-mentioned survey and procurement process. Moreover, in order to explore more innovative products and services with high quality and suitable for government agencies and public institutions, the SMEA actively networked with various stakeholders, including incubators, accelerators, startups mentoring programs sponsored by private and public sectors and so on. 　　Initially the items to be procured were categorized into four themes which were named the Smart Innovations, the Smart Eco, the Smart Healthcare, and the Smart Security. Later, in order to show the diversity of the innovation of startups which response well to various social issues, from 2019, the SMEA introduced two new theme solicitations titled the Smart Education and the Smart Agriculture to the inter-entities contracts. 　　Those items included the power management systems, the AI automated recognition and image warning system, the chatbot for public service, unmanned flying vehicles, aerial photography services and so on. Take the popular AI image warning system as an example, the system is used by police officers to make instant evidence searching and image recording. Other government agencies apply the innovative system to the investigation of illegal logging and school safety surveillance. 　　Moreover, the SMEA has also offered subsidy for local governments tobuy those items provided by startups. That is the coordinated supporting measure which allows startups the equal playing field to compete with large companies. The Subsidy scheme is based on the Guideline for Subsidies on Procurement of Innovative Products and Services[3] (approved by the Executive Yuan on March 29, 2018 and revised on Feb. 20, 2021). In the Guideline, “innovative products and services” refer to the products, technologies, labor, service flows or items and services rendered with creative activities through deploying scientific or technical means and a certain degree of innovations by startups with less than five years in operation. Such innovative products and services are displayed for the inter-entity supply contractual framework administered by the SMEA for government procurement. III.Accelerating the collaboration of the government agencies and startups through empirical demonstration 　　To assist startups to prove their concepts or services, and become more familiar with the governemnrt’s needs, the SMEA also created a mechanism called the “Solving Governmental Problems by Star-up Innovation”（政府出題˙新創解題）. It plans to collect government agencies’ needs, and then solicit innovative proposals from startups. After their proposals are accepted, startups will be given a grant up to one million NT dollars to conduct empirical studies on solution with government agencies for about half a year. 　　Take the cooperation between the “Taoyuan Long Term Care Institute for Older People and the Biotech Startup” for example, a care system with sanitary aids was introduced to provide automatic detection, cleanup and dry services for the patients’discharges, thus saving 95% of cleaning time for caregivers. In the past, caregivers usually spent 4 hours on the average in inspecting old patients, cleaning and replacing their bedsheets as their busy daily routines. Inadequate caregivers makes it difficult to maintain the care quality. If the problem was not addressed immediately, it would make the life of old patients more difficult. IV.Achievements to date 　　Since the promotion of the products and services of the startups and the launch of the “Public Procurement for Startups” program in 2018, 68 startups, with the SMEA’s assistance, have entered the government procurement contracts market, and more than 100 government agencies have adopted the innovative resolutions. With the encouragement for them in adopting and utilizing the fruits of the startups, it has generated more than NT$150 million in cooperative business opportunities. V.Conclusions 　　While more and more startups are obtaining business opportunities from the favorable procurement process, constant innovation remains the key to success. As such, the SMEA has regularly visited the government agencies-buyers to obtain feedbacks from startups so as to adjust and optimize the innovative products or services. The SMEA has also regularly renewed the specifics and items of the procurement list every year to keep introducing and supplying high-quality products or services to the government agencies. [1] Policy for investment environment optimization for Startups（2017）,available athttps://www.ndc.gov.tw/nc_27_28382.（last visited on July 30, 2021 ) [2] https://www.spp.org.tw/spp/（last visited on July 30, 2021 ) [3] Article 93 of Government Procurement Act：I An entity may execute an inter-entity supply contract with a supplier for the supply of property or services that are commonly needed by entities. II The regulations for a procurement of an inter-entity supply contract, the matters specified in the tender documentation and contract, applicable entities, and the related matters shall be prescribed by the responsible entity. [4] https://law.moea.gov.tw/LawContent.aspx?id=GL000555（last visited on July 30, 2021）

Taiwan's Approach to AI Governance 2024/06/19 In an era where artificial intelligence (AI) reshapes every facet of life, governance plays a pivotal role in harnessing its benefits while mitigating associated risks. Taiwan, recognizing the dual-edged nature of AI, has embarked on a comprehensive strategy to ensure its development is both ethical and effective. This article delves into Taiwan's AI governance framework, exploring its strategic pillars, regulatory milestones, and future directions. I. Taiwan's AI Governance Vision: Taiwan AI Action Plan 2.0 Taiwan has long viewed AI as a transformative force that must be guided with a careful balance of innovation and regulation. With the advent of technologies capable of influencing democracy, privacy, and social stability, Taiwan's approach is rooted in human-centric values. The nation's strategy is aligned with global movements towards responsible AI, drawing lessons from international standards like those set by the European Union's Artificial Intelligence Act. The "Taiwan AI Action Plan 2.0" is the cornerstone of this strategy. It is a multi-faceted plan designed to boost Taiwan's AI capabilities through five key components: 1. Talent Development: Enhancing the quality and quantity of AI professionals while improving public AI literacy through targeted education and training initiatives. 2. Technological and Industrial Advancement: Focusing on critical AI technologies and applications to foster industrial growth and creating the Trustworthy AI Dialogue Engine (TAIDE) that communicates in Traditional Chinese. 3. Supportive Infrastructure: Establishing robust AI governance infrastructure to facilitate industry and governmental regulation, and to foster compliance with international standards. 4. International Collaboration: Expanding Taiwan's role in international AI forums, such as the Global Partnership on AI (GPAI), to collaborate on developing trustworthy AI practices. 5. Societal and Humanitarian Engagement: Utilizing AI to tackle pressing societal challenges like labor shortages, an aging population, and environmental sustainability. II. Guidance-before-legislation To facilitate a gradual adaptation to the evolving legal landscape of artificial intelligence and maintain flexibility in governance, Taiwan employs a "guidance-before-legislation" approach. This strategy prioritizes the rollout of non-binding guidelines as an initial step, allowing agencies to adjust before any formal legislation is enacted as needed. Taiwan adopts a proactive approach in AI governance, facilitated by the Executive Yuan. This method involves consistent inter-departmental collaborations to create a unified regulatory landscape. Each ministry is actively formulating and refining guidelines to address the specific challenges and opportunities presented by AI within their areas of responsibility, spanning finance, healthcare, transportation, and cultural sectors. III. Next step: Artificial Intelligence Basic Act The drafting of the "Basic Law on Artificial Intelligence," anticipated for legislative review in 2024, marks a significant step towards codifying Taiwan’s AI governance. Built on seven foundational principles—transparency, privacy, autonomy, fairness, cybersecurity, sustainable development, and accountability—this law will serve as the backbone for all AI-related activities and developments in Taiwan. By establishing rigorous standards and evaluation mechanisms, this law will not only govern but also guide the ethical deployment of AI technologies, ensuring that they are beneficial and safe for all. IV. Conclusion As AI continues to evolve, the need for robust governance frameworks becomes increasingly critical. Taiwan is setting a global standard for AI governance that is both ethical and effective. Through legislation, active international cooperation, and a steadfast commitment to human-centric values, Taiwan is shaping a future where AI technology not only thrives but also aligns seamlessly with societal norms and values.