Observing Recent Foreign Developments upon Bio-medicine、 Marketing Medical Devices、Technology Development Project and the Newest Litigation Trend Concerning the Joint Infringement of Method/Process Patents

A Before and After Impact Comparison of Applying Statute for Industrial Innovation Article 23-1 Draft on Venture Capital Limited Partnerships I. Background 　　Because the business models adopted by Industries, such as venture capital, film, stage performance and others, are intended to be temporary entities, and the existing business laws are not applicable for such industries,[1] the Legislature Yuan passed the “Limited Partnership Act” in June 2015,[2] for the purpose of encouraging capital injection into these industries. However, since the Act was passed, there are currently only nine limited partnerships listed on the Ministry of Economic Affairs' limited partnership information website. Among them, “Da-Zuo Limited Partnership (Germany) Taiwan Branch” and “Stober Antriebstechnik Limited Partnership (Germany) Taiwan Branch”, are branch companies established by foreign businesses, the remaining seven companies are audio video production and information service businesses. It is a pity that no venture capital company is adopting this format.[3] 　　In fact, several foreign countries have set up supporting measures for their taxation systems targeting those business structures, such as limited partnerships. For example, the pass-through taxation method (or referred to as single entity taxation) is adopted by the United States, while Transparenzprinzip is used by Germany. These two taxation methods may have different names, but their core ideas are to pass the profits of a limited partnership to the earnings of partners.[4] However, following the adoption of the Limited Partnership Act in Taiwan, the Ministry of Finance issued an interpretation letter stating that because the current legal system confers an independent legal entity status to the business structure of a limited partnership, it should be treated as a profit-seeking business and taxed with Profit-Seeking Enterprise Income Tax.[5] Therefore, to actualize the legislative objective of encouraging innovative businesses organized under tenets of the Limited Partnership Act, the Executive Yuan presented a draft amendment for Article 23-1 of the Statute for Industrial Innovation (hereinafter referred to as the Draft), introducing the "Pass Through Taxation Principle" as adopted by several foreign countries. That is, a Limited Partnership will not be levied with the Profit-Seeking Enterprise Income Tax, but each partner will file income tax reports based on after-profit-gains from the partnership that are passed through to each partner. It is expected that the venture capital industry will now be encouraged to adopt the limited partnership structure, and thus increase investment capital in new ventures. II. The Pass Through Taxation Method is Applicable to Newly Established Venture Capital Limited Partnerships 1. The Requirements and Effects 　　(1) The Requirements 　　According to the provisions of Article 23-1 Paragraph 3 of the Draft, to be eligible for Pass Through Taxation, newly established venture capital limited partnerships must meet the following requirements: 1. The venture capital limited partnerships are established between January 1, 2017 and December 31, 2019. 2. Investment threshold of the total agreed capital contribution, total received capital contribution, and accumulated total capital contribution, within five years of the establishment of venture capital limited partnerships: Total Agreed Capital Contribution in the Limited Partnership Agreement Total Received Capital Contribution Accumulated Investment Amount for Start-up Companies The Year of Establishment 3 hundred million ✕ ✕ The Second Year ✕ ✕ The Third Year 1 hundred million ✕ The Fourth Year 2 hundred million Reaching 30 percent of the total received capital contribution of the year or 3 hundred million NT dollars. The Fifth Year 3 hundred million 3. The total amount, that an overseas company applies in capital and investments in actual business operations in Taiwan, reaches 50% of its total received capital contribution of that year. 4. In compliance with government policies. 5. Reviewed and approved by the central competent authority each year. 　　(2) The Effects 　　The effects of applying the provisions of Article 23-1 Paragraph 3 of the Draft are as follows: 1. Venture capital limited partnerships are exempt from the Profit-Seeking Enterprise Income Tax. 2. Taxation method for partners in a limited partnership after obtaining profit gains: (1) Pursuant to the Income Tax Act, Individual partners and for-profit business partners are taxed on their proportionally-calculated, distributed earnings. (2) Individual partners and foreign for-profit business partners are exempt from income tax on the stock earnings distributed by a limited partnership. 2. Benefit Analysis Before and After Applying Pass Through Taxation Method 　　A domestic individual A, a domestic profit-making business B, and a foreign profit-making business C jointly form a venture capital limited partnership, One. The earnings distribution of the company One is 10%, 80% and 10% for A, B, and C partners, respectively. The calculated earnings of company One are one million (where eight hundred thousand are stock earnings, and two hundred thousand are non-stock earnings). How much income tax should be paid by the company One, and partners A, B, and C? 　　(1) Pursuant to the Income Tax Act, before the amended draft: 1. One Venture Capital Limited Partnership Should pay Profit-Seeking Enterprise Income Tax = (NT$1,000,000 (earning) - NT$500,000[6])x12% (tax rate[7])=NT$60,000 2. Domestic Individual A Should file a comprehensive income report with business profit income =(NT$1,000,000-NT$60,000) x 10% (company One draft a voucher for net amount for A) + NT$60,000÷2×10% (deductible tax rate)= NT$97,000 Tax payable on profit earnings＝NT$91,500×5%(tax rate)＝NT$4,850 Actual income tax paid＝NT$4,850 - NT$60,000÷2×10% (deductible tax rate) ＝NT$1,485 3. Domestic For-Profit Business B Pursuant to the provisions of Article 42 of the Income Tax Act, the net dividend or net income received by a profit-seeking company is not included in the income tax calculation. 4. Foreign For-Profit Business C Tax paid at its earning source＝(NT$1,000,000 - NT$60,000) ×10% (earning distribution rate) ×20% (tax rate at earning source)＝NT$18,800 　　(2) Applying Pass Through Taxation Method After Enacting the Amendment 1. One Venture Capital Limited Partnership No income tax. 2. Domestic Individual A Should pay tax＝NT$800,000 (non-stock distributed earnings)×10% (earning distribution rate)×5% (comprehensive income tax rate)＝NT$1,000 3. Domestic For-Profit Business B Pursuant to the provisions of Article 42 of the Income Tax Act, the net dividend or net income received by a profit-seeking company is not included in the income tax calculation. 4. Foreign For-Profit Business C Tax paid at its earning source＝NT$800,000 (non-stock distributed earnings)×10%(earning distribution rate)×20% (tax rate at earning source)＝NT$4,000 　　The aforementioned example shows that under the situation, where the earning distribution is the same and tax rate for the same taxation subject is the same, the newly-established venture capital limited partnerships and their shareholders enjoy a more favorable tax benefit with the adoption of pass through taxation method: Before the Amendment After the Amendment Venture Capital Limited Partnership NT$60,000 Excluded in calculation Shareholders Domestic Individual NT$1,850 NT$1,000 Domestic For-Profit Business Excluded in calculation Excluded in calculation Foreign For-Profit Business NT$18,800 NT$4,000 Sub-total NT$80,650 NT$5,000 III. Conclusion 　　Compared to the corporate taxation, the application of the pass through taxation method allows for a significant reduction in tax burden. While developing Taiwan’s pass through tax scheme, the government referenced corporate taxation under the U.S. Internal Revenue Code (IRC), where companies that meet the conditions of Chapter S can adopt the “pass through” method, that is, pass the earnings to the owner, with the income of shareholders being the objects of taxation;[8] and studied the "Transparenzprinzip" adopted by the German taxation board for partnership style for-profit businesses. Following these legislative examples, where profits are identified as belonging to organization members,[9] the government legislation includes the adoption of the pass through taxation scheme for venture capital limited partnerships in the amended draft of Article 23-1 of the Statute for Industrial Innovation, so that the legislation is up to international standards and norms, while making an important breakthrough in the current income tax system. This is truly worthy of praise. [1] The Legislative Yuan Gazette, Vol. 104, No. 51, page 325. URL:http://misq.ly.gov.tw/MISQ//IQuery/misq5000Action.action [2] A View on the Limited Partnership in Taiwan, Cross-Strait Law Review, No. 54, Liao, Da-Ying, Page 42. [3] Ministry of Economic Affairs - Limited Partnership Registration Information URL: http://gcis.nat.gov.tw/lmpub/lms/dir.jsp?showgcislocation=true&agencycode=allbf [4] Same as annotate 2, pages 51-52. [5] Reference Letter of Interpretation dated December 18, 2015, Tai-Cai-Shui Zi No. 10400636640, the Ministry of Finance [6] First half of Paragraph 1 of Article 8 of the Income Basic Tax Act [7] Second half of Paragraph 1 of Article 8 of the Income Basic Tax Act [8] A Study on the Limited Partnership Act, Master’s degree thesis, College of Law, Soochow University, Wu, Tsung-Yeh, pages 95-96. [9] Reference annotate 2, pages 52.

The Tax Benefit of “Act for Establishment and Administration of Science Parks” and the Relational Norms for Innovation 　　“Act for Establishment and Administration of Science Parks” was promulgated in 1979, and was amended entirely in May 15, 2018, announced in June 6. The title was revised from “Act for Establishment and Administration of Science ‘Industrial’ Parks” to “Act for Establishment and Administration of Science Parks” (it would be called “the Act” in this article). It was a significant transition from traditional manufacture into technological innovation. 　　For encouraging different innovative technology enter into the science park, there is tax benefit in the Act. When the park enterprises import machines, equipment, material and so on from foreign country, the import duties, commodity tax, and business tax shall be exempted; moreover, when the park enterprises export products and services, it will have given favorable business and commodity tax free.[1] Furthermore, the park bureaus also exempt collection of land rent.[2] If they have approval for importing or exporting products, they do not need to apply for permission.[3] In the sub-law, there is also regulations of bonding operation.[4] To sum up, for applying the benefit of the act, enterprises approved for establishment in science parks still require to manufacture products. Such regulations are confined to industrial industry. Innovative companies dedicate in software, big data, or customer service, rarely gain benefits from taxation. 　　In other norms,[5] there are also tax deduction or exemption for developing innovative industries. Based on promoting innovation, the enterprises following the laws of environmental protection, laborers’ safety, food safety and sanitation,[6] or investing in brand-new smart machines for their own utilize,[7] or licensing their intellectual property rights,[8] can deduct from its taxable income. In addition, the research creators from academic or research institutions,[9] or employee,[10] can declare deferral of the income tax payable for the shares distributed. In order to assist new invested innovative enterprises,[11] there are also relational benefit of tax. For upgrading the biotech and new pharmaceuticals enterprises, when they invest in human resource training, research and development, they can have deductible corporate income tax payable.[12] There is also tax favored benefits for small and medium enterprises in using of land, experiment of research, technology stocks, retaining of surplus, and additional employees hiring.[13] The present norms of tax are not only limiting in space or products but also encouraging in “research”. In other word, in each steps of the research of innovation, the enterprises still need to manufacture products from their own technology, fund and human resources. If the government could encourage open innovation with favored taxation, it would strengthen the capability of research and development for innovative enterprises. 　　Supporting the innovation by taxation, the government can achieve the goal of scientific development more quickly and encourage them accepting guidance. “New York State Business Incubator and Innovation Hot Spot Support Act” can be an example, [14]the innovative enterprises accepting the guidance from incubators will have the benefit of tax on “personal income”, “sales and use” and “corporation franchise”. Moreover, focusing on key industries and exemplary cases, there are also the norms of tax exemption and tax abatement in China for promoting the development of technology.[15]The benefit of tax is not only in research but also in “the process of research”. 　　To sum up, the government of Taiwan provides the benefit of tax for advancing the competition of outcomes in market, and for propelling the development of innovation. In order to accelerate the efficiency of scientific research, the government could draw lessons from America and China for enacting the norms about the benefit of tax and the constitution of guidance. [1] The Act §23. [2] Id. §24. [3] Id. §25. [4] Regulations Governing the Bonding Operations in Science Parks. [5] Such as Act for Development of Small and Medium Enterprises, Statute for Industrial Innovation, Act for the Development of Biotech and New Pharmaceuticals Industry. [6] Statute for Industrial Innovation §10. [7] Id. §10-1. [8] Id. §12-1. [9] Id. §12-2. [10] Id. §19-1. [11] Id. §23-1, §23-2, §23-3. [12] Act for the Development of Biotech and New Pharmaceuticals Industry §5, §6, §7. [13] Act for Development of Small and Medium Enterprises Chapter 4: §33 to §36-3. [14] New York State Department of Taxation and Finance Taxpayer Guidance Division, New York State Business Incubator and Innovation Hot Spot Support Act, Technical Memorandum TSB-M-14(1)C, (1)I, (2)S, at 1-6 (March 7, 2014), URL：http://www.wnyincubators.com/content/Innovation%20Hot%20Spot%20Technical%20Memorandum.pdf (last visited：December 18, 2019). [15] Enterprise Income Tax Law of the People’s Republic of China Chapter 4 “Preferential Tax Treatments”: §25 to §36 (2008 revised).

A Preferred Model for Taiwan’s agency level AI risk categorization and management: A Cross-Jurisdictional Perspective 2025/09/15 Taiwan’s draft Artificial Intelligence Basic Law includes a provision allowing each government agency to establish its own risk-based AI management rules tailored to sector-specific regulatory needs[1]. To strike an effective balance between innovation and oversight, selecting an appropriate reference model is essential. After comparing major jurisdictions, this research argues that the United States Office of Management and Budget (OMB) Memorandum M-25-21—Accelerating Federal Use of AI through Innovation, Governance, and Public Trust[2]—offers the most balanced and practical approach for Taiwan’s agencies to refer to at this initial stage of developing AI regulation and promoting AI adoption. This article will first present an overview of the U.S. M-25-21 framework and its key features. It will then explain why the U.S. model is more suitable for Taiwan than those of other jurisdictions. Finally, it will conclude with recommendations for the government. I. Overview of the U.S. M-25-21 Framework Issued in April 2025 under Executive Order 14179, M-25-21 directs federal agencies to accelerate the adoption of artificial intelligence while maintaining a set of minimum safeguards. The memorandum identifies three priorities—innovation, governance, and public trust—and structures AI oversight around these principles. It requires every executive branch agency to designate a Chief AI Officer (CAIO), a senior official empowered to promote AI innovation, maintain a current inventory of AI use cases, and ensure that processes such as determining “high-impact” uses are in place. Rather than imposing a centralized management system, M-25-21 allows each agency to make context-sensitive determinations and to accept or waive risk management requirements. This approach recognizes that agencies vary widely in mission and capacity and are best positioned to understand the potential risks and benefits of AI within their own domains. The memorandum defines high-impact AI as systems whose outputs serve as a principal basis for decisions or actions with legal, material, binding, or significant rights and safety consequences. It offers a non-exhaustive list of presumed high-impact categories, including safety-critical functions of critical infrastructure, traffic management, patient diagnosis, blocking protected speech, and law enforcement applications. If an agency official determines that a specific AI use within these categories does not meet the high-impact definition, they must submit written documentation to notify the CAIO. By tying the definition to the effect of an AI system’s output rather than to a fixed sectoral list, M-25-21 provides a flexible method for identifying high-risk AI applications while preserving room for innovation. II. Key Features of the U.S. M-25-21 Framework A. Minimum Risk Management Practices To ensure protection without creating excessive barriers, M-25-21 specifies a set of minimum risk management practices that each agency must apply when using high-impact AI. Agencies are required to conduct pre-deployment testing under realistic conditions to confirm that AI systems perform as intended and to prepare appropriate risk mitigation plans. Even when agencies lack access to source code or training data, they are expected to use alternative testing methods—such as querying the AI service and observing its outputs—to assess performance and potential risks. Before deploying a high-impact AI system, agencies must complete an AI impact assessment. This assessment must explain the system’s intended purpose and expected benefits, analyze the quality and appropriateness of the data used, and evaluate potential impacts on privacy, civil rights, and civil liberties. It should also include a cost analysis, planned reassessment schedules and procedures, and comments highlighting potential concerns or gaps from an independent reviewer who was not involved in the system’s development. Importantly, the assessment must carry the signature of an accountable official who formally accepts the risk of deploying the AI system. Once deployed, agencies are expected to monitor AI systems continuously for performance drift, security vulnerabilities, or unforeseen adverse effects, and to implement appropriate mitigations and maintain documentation. Human oversight is equally essential: operators must receive specific training to interpret AI outputs, intervene when necessary, and use fail-safes or override mechanisms to minimize the risk of significant harm in high-impact situations. To protect the public, M-25-21 insists that individuals affected by AI-enabled decisions have access to timely human review and opportunities to appeal adverse outcomes. Appeals should not impose unnecessary burdens on individuals or the administration. Furthermore, agencies are expected to seek feedback from end users and the public to inform AI-related decision-making. These combined practices—testing, assessment, independent review, monitoring, human oversight, remedies, and feedback—form a balanced foundation for responsible AI use. The memorandum also requires agencies to safely discontinue any high-impact use cases that fail to comply with the minimum practices. B. Waiver System: Purpose and Conditions A distinctive feature of M-25-21 is its formal system for waivers from the minimum risk management practices. The waiver mechanism exists to reconcile two priorities: ensuring safety and rights protections on the one hand, and enabling innovation and rapid response on the other. Waivers may be considered when following a particular requirement would actually increase risks to safety or rights overall, or when compliance would create an unacceptable impediment to critical agency operations. For example, during a natural disaster or public health emergency, strict adherence to every procedural requirement might delay the deployment of an AI application that could save lives. In such situations, the CAIO may authorize a waiver to permit rapid deployment while still tracking and reassessing the use. Waivers for pilot programs are equally important for encouraging experimentation and innovation. They allow agencies to conduct small-scale, time-limited AI projects without implementing all minimum risk management practices, provided certain conditions are met: the pilot must be certified by the CAIO, centrally tracked, offer opt-in and opt-out options for individual participation, and apply minimum risk management practices where practicable. The memorandum imposes safeguards on this flexibility. Every waiver must be documented with a written determination explaining the reasoning, centrally tracked, and reassessed annually or whenever significant changes to the AI application’s conditions or context occur. CAIOs retain the power to revoke waivers at any time, and agencies must report any granted or revoked waiver to OMB annually and within 30 days of significant modifications. This approach maintains accountability while preventing rigid rules from becoming obstacles to effective governance. C. Disclosure Requirements for High-Impact Use and Waivers M-25-21 strongly emphasizes transparency as a pillar of public trust. Each agency must maintain an inventory of all AI use cases, submit it to OMB, and post a public version on the agency’s website. This inventory should be updated annually and, ideally, throughout the year to reflect the agency’s current use of AI. Transparency ensures that the public, civil society, and oversight bodies can understand where AI is influencing important government decisions without exposing sensitive or classified details. Similarly, agencies must publicly release summaries of each waiver or determination, including the justification, or explicitly indicate when no determinations or waivers are active. By making these summaries visible, the system builds confidence that waivers are granted for legitimate reasons. At the same time, OMB retains the authority to request detailed records concerning exception determinations within presumed high-impact categories. This combination of public disclosure and federal oversight helps maintain trust while safeguarding privacy, national security, and proprietary information. III. Why M-25-21 Stands Out for Taiwan’s AI Governance among Global Approaches Taiwan’s draft AI Basic Law envisions a decentralized system in which each agency determines its own risk classification and management practices[3]. The U.S. framework aligns closely with this philosophy. By empowering agencies to identify high-risk AI use cases tailored to their specific contexts, M-25-21 helps ensure that AI governance remains grounded in operational realities. At the same time, adopting M-25-21’s baseline practices, waiver safeguards, and disclosure requirements would provide consistency and public accountability across agencies. The combination of minimum risk management practices and transparent waiver use would encourage innovation while reassuring the public that any exceptions are justified, continuously monitored, and effectively controlled. Furthermore, embracing an approach that reflects emerging international consensus—particularly the emphasis on transparency in both U.S. and EU regimes—would position Taiwan to harmonize with global AI governance trends and strengthen its credibility in international markets. In contrast, the European Union’s AI Act predefines high-risk categories and mandates strict conformity assessments, CE Marking, and post-market monitoring[4]—an approach that is comprehensive but resource-intensive and may not suit all agencies equally. Australia’s ongoing discussions had been trending toward a similarly comprehensive model, but there has recently been backlash against this approach. Korea’s AI Basic Act[5] references high-risk AI only in broad terms and leaves most operational details undefined. M-25-21 strikes a middle ground, offering minimum yet concrete safeguards while preserving the flexibility agencies need to tailor governance to their specific domains. IV. Recommendations and Conclusion Based on this analysis, this research recommends that each agency designate a senior AI leader similar to a CAIO, maintain a public inventory of high-impact AI use cases, and publish summaries of waivers or determinations while safeguarding sensitive information. Agencies should also be encouraged to share AI resources and lessons learned to reduce duplication and strengthen governance maturity across government. Over time, these risk management practices can be refined in response to operational experience and evolving international standards. By adopting these principles, Taiwan can empower its agencies to innovate responsibly, protect citizens’ rights, and build public trust—ensuring that AI deployment across government remains both effective and aligned with global best practices. [1]〈政院通過「人工智慧基本法」草案 建構AI發展與應用良善環境 打造臺灣成為AI人工智慧島〉，行政院，https://www.ey.gov.tw/Page/9277F759E41CCD91/5d673d1e-f418-47dc-ab35-a06600f77f07（最後瀏覽日期︰2025/09/15）。 [2] United States Office of Management and Budget (OMB), M-25-21 Accelerating Federal Use of AI through Innovation, Governance, and Public Trust, https://www.whitehouse.gov/wp-content/uploads/2025/02/M-25-21-Accelerating-Federal-Use-of-AI-through-Innovation-Governance-and-Public-Trust.pdf (last visited Sept 15, 2025). [3] 蘇文彬，〈行政院通過AI基本法草案，將不設立AI專責機關〉，iThome，https://www.ithome.com.tw/news/170874（最後瀏覽日期︰2025/09/15）。 [4] Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689 (last visited Sept 15, 2025). [5] 인공지능발전과신뢰기반조성등에관한기본법안，https://www.law.go.kr/%EB%B2%95%EB%A0%B9/%EC%9D%B8%EA%B3%B5%EC%A7%80%EB%8A%A5%20%EB%B0 %9C%EC%A0%84%EA%B3%BC%20%EC%8B%A0%EB%A2%B0%20%EA%B8%B0%EB%B0%98%20%EC%A1%B0 %EC%84%B1%20%EB%93%B1%EC%97%90%20%EA%B4%80%ED%95%9C%20%EA%B8%B0%EB%B3%B8%EB%B2 %95/(20676,20250121) (last visited Sept 15, 2025).

The Institutionalization of the Taiwan Personal Data Protection Committee - Triumph of Digital Constitutionalism: A Legal Positivism Analysis 2023/07/13 The Legislative Yuan recently passed an amendment to the Taiwan Personal Data Protection Act, which resulted in the institutionalization of the Taiwan Personal Data Protection Commission (hereunder the “PDPC”)[1]. This article aims to analyze the significance of this institutionalization from three different perspectives: legal positivism, digital constitutionalism, and Millian liberalism. By examining these frameworks, we can better understand the constitutional essence of sovereignty, the power dynamics among individuals, businesses, and governments, and the paradox of freedom that the PDPC addresses through governance and trust. I.Three Layers of Significance 1.Legal Positivism The institutionalization of the PDPC fully demonstrates the constitutional essence of sovereignty in the hands of citizens. Legal positivism emphasizes the importance of recognizing and obeying (the sovereign, of which it is obeyed by all but does not itself obey to anyone else, as Austin claims) laws that are enacted by legitimate authorities[2]. In this context, the institutionalization of the PDPC signifies the recognition of citizens' rights to control their personal data and the acknowledgment of the sovereign in protecting their privacy. It underscores the idea that the power to govern personal data rests with the individuals themselves, reinforcing the principles of legal positivism regarding sovereign Moreover, legal positivism recognizes the authority of the state in creating and enforcing laws. The institutionalization of the PDPC as a specialized commission with the power to regulate and enforce personal data protection laws represents the state's recognition of the need to address the challenges posed by the digital age. By investing the PDPC with the authority to oversee the proper handling and use of personal data, the state acknowledges its responsibility to protect the rights and interests of its citizens. 2.Digital Constitutionalism The institutionalization of the PDPC also rebalances the power structure among individuals, businesses, and governments in the digital realm[3]. Digital constitutionalism refers to the principles and norms that govern the relationship between individuals and the digital sphere, ensuring the protection of rights and liberties[4]. With the rise of technology and the increasing collection and use of personal data, individuals often find themselves at a disadvantage compared to powerful entities such as corporations and governments[5]. However, the PDPC acts as a regulatory body that safeguards individuals' interests, rectifying the power imbalances and promoting digital constitutionalism. By establishing clear rules and regulations regarding the collection, use, and transfer of personal data, the PDPC may set a framework that ensures the protection of individuals' privacy and data rights. It may enforce accountability among businesses and governments, holding them responsible for their data practices and creating a level playing field where individuals have a say in how their personal data is handled. 3.Millian Liberalism The need for the institutionalization of the PDPC embodies the paradox of freedom, as raised in John Stuart Mill’s “On Liberty”[6], where Mill recognizes that absolute freedom can lead to the infringement of others' rights and well-being. In this context, the institutionalization of the PDPC acknowledges the necessity of governance to mitigate the risks associated with personal data protection. In the digital age, the vast amount of personal data collected and processed by various entities raises concerns about privacy, security, and potential misuse. The institutionalization of the PDPC represents a commitment to address these concerns through responsible governance. By setting up rules, regulations, and enforcement mechanisms, the PDPC ensures that individuals' freedoms are preserved without compromising the rights and privacy of others. It strikes a delicate balance between individual autonomy and the broader social interest, shedding light on the paradox of freedom. II.Legal Positivism: Function and Authority of the PDPC 1.John Austin's Concept of Legal Positivism: Sovereignty, Punishment, Order To understand the function and authority of the PDPC, we turn to John Austin's concept of legal positivism. Austin posited that laws are commands issued by a sovereign authority and backed by sanctions[7]. Sovereignty entails the power to make and enforce laws within a given jurisdiction. In the case of the PDPC, its institutionalization by the Legislative Yuan reflects the recognition of its authority to create and enforce regulations concerning personal data protection. The PDPC, as an independent and specialized committee, possesses the necessary jurisdiction and competence to ensure compliance with the law, administer punishments for violations, and maintain order in the realm of personal data protection. 2.Dire Need for the Institutionalization of the PDPC There has been a dire need for the establishment of the PDPC following the Constitutional Court's decision in August 2022, holding that the government needed to establish a specific agency in charge of personal data-related issues[8]. This need reflects John Austin's concept of legal positivism, as it highlights the demand for a legitimate and authoritative body to regulate and oversee personal data protection. The PDPC's institutionalization serves as a response to the growing concerns surrounding data privacy, security breaches, and the increasing reliance on digital platforms. It signifies the de facto recognition of the need for a dedicated institution to safeguard the individual’s personal data rights, reinforcing the principles of legal positivism. Furthermore, the institutionalization of the PDPC demonstrates the responsiveness of the legislative branch to the evolving challenges posed by the digital age. The amendment to the Taiwan Personal Data Protection Act and the subsequent institutionalization of the PDPC are the outcomes of a democratic process, reflecting the will of the people and their desire for enhanced data protection measures. It signifies a commitment to uphold the rule of law and ensure the protection of citizens' rights in the face of emerging technologies and their impact on privacy. 3.Authority to Define Cross-Border Transfer of Personal Data Upon the establishment of the PDPC, it's authority to define what constitutes a cross-border transfer of personal data under Article 21 of the Personal Data Protection Act will then align with John Austin's theory on order. According to Austin, laws bring about order by regulating behavior and ensuring predictability in society. By granting the PDPC the power to determine cross-border data transfers, the legal framework brings clarity and consistency to the process. This promotes order by establishing clear guidelines and standards, reducing uncertainty, and enhancing the protection of personal data in the context of international data transfers. The PDPC's authority in this regard reflects the recognition of the need to regulate and monitor the cross-border transfer of personal data to protect individuals' privacy and prevent unauthorized use or abuse of their information. It ensures that the transfer of personal data across borders adheres to legal and ethical standards, contributing to the institutionalization of a comprehensive framework for cross-border data transfer. III.Conclusion In conclusion, the institutionalization of the Taiwan Personal Data Protection Committee represents the convergence of legal positivism, digital constitutionalism, and Millian liberalism. It signifies the recognition of citizens' sovereignty over their personal data, rebalances power dynamics in the digital realm, and addresses the paradox of freedom through responsible governance. By analyzing the PDPC's function and authority in the context of legal positivism, we understand its role as a regulatory body to maintain order and uphold the principles of legal positivism. The institutionalization of the PDPC serves as a milestone in Taiwan's commitment to protect individuals' personal data and safeguard the digital rights. In essence, the institutionalization of the Taiwan Personal Data Protection Committee represents a triumph of digital constitutionalism, where individuals' rights and interests are safeguarded, and power imbalances are rectified. It also embodies the recognition of the paradox of freedom and the need for responsible governance in the digital age in Taiwan. Reference: [1] Lin Ching-yin & Evelyn Yang, Bill to establish data protection agency clears legislative floor, CNA English News, FOCUS TAIWAN, May 16, 2023, https://focustaiwan.tw/society/202305160014 (last visited, July 13, 2023). [2] Legal positivism, Stanford Encyclopedia of Philosophy, https://plato.stanford.edu/entries/legal-positivism/?utm_source=fbia (last visited July 13, 2023). [3] Edoardo Celeste, Digital constitutionalism: how fundamental rights are turning digital, (2023): 13-36, https://doras.dcu.ie/28151/1/2023_Celeste_DIGITAL%20CONSTITUTIONALISM_%20HOW%20FUNDAMENTAL%20RIGHTS%20ARE%20TURNING%20DIGITAL.pdf (last visited July 3, 2023). [4] GIOVANNI DE GREGORIO, DIGITAL CONSTITUTIONALISM IN EUROPE: REFRAMING RIGHTS AND POWERS IN THE ALGORITHMIC SOCIETY 218 (2022). [5] Celeste Edoardo, Digital constitutionalism: how fundamental rights are turning digital (2023), https://doras.dcu.ie/28151/1/2023_Celeste_DIGITAL%20CONSTITUTIONALISM_%20HOW%20FUNDAMENTAL%20RIGHTS%20ARE%20TURNING%20DIGITAL.pdf (last visited July 13, 2023). [6]JOHN STUART MILL,On Liberty (1859), https://openlibrary-repo.ecampusontario.ca/jspui/bitstream/123456789/1310/1/On-Liberty-1645644599.pdf (last visited July 13, 2023). [7] Legal positivism, Stanford Encyclopedia of Philosophy, https://plato.stanford.edu/entries/legal-positivism/?utm_source=fbia (last visited July 13, 2023). [8] Lin Ching-yin & Evelyn Yang, Bill to establish data protection agency clears legislative floor, CNA English News, FOCUS TAIWAN, May 16, 2023, https://focustaiwan.tw/society/202305160014 (last visited, July 13, 2023).