The human genes database or human genome project, the product under the policy of biotechnology no matter in a developed or developing country, has been paid more attention by a government and an ordinary people gradually. The construction of human genes database or human genome project, which is not only related to a country’s innovation on biotechnology, but also concerns the promotion of a country’s medical quality, the construction of medical care system, and the advantages brought by the usage of bio-information stored in human genes database or from human genome project. However, even though every country has a high interest in setting up human genes database or performing human genome project, the issues concerning the purposes of related biotechnology policies, the distribution of advantages and risks and the management of bio-information, since each country has different recognition upon human genes database or human genome project and has varied standards of protecting human basic rights, there would be a totally difference upon planning biotechnology policies or forming the related systems. Right now, the countries that vigorously discuss human genes database or practice human genome project include England, Iceland, Norway, Sweden, Latvia and Estonia.
Estonia, which is the country around the Baltic Sea, has planned to set up its own human genes database in order to draw attention from other advanced countries, to attract intelligent international researchers or research groups, and to be in the lead in the area of biotechnology. To sum up, the purpose of constructing Estonian human genes database was to collect the genes and health information of nearly 70% Estonia’s population and to encourage bio-research and promote medical quality.
The construction of Estonian human genes database started from Estonian Genome Project (EGP). This project was advocated by the professor of biotechnology Andres Metspalu at Tartu University in Estonia, and he proposed the idea of setting up Estonian human genes database in 1999. The purposes of EGP not only tried to make the economy of Estonia shift from low-cost manufacturing and heavy industry to an advanced technological economy, but also attempted to draw other countries’ attention and to increase the opportunity of making international bio-researches, and then promoted the development of biotechnology and assisted in building the system of medical care in Estonia.
EGP started from the agreement made between Estonian government and Eesti Geenikeskus (Estonian Genome Foundation) in March, 1999. Estonian Genome Foundation was a non-profit organization formed by Estonian scientists, doctors and politicians, and its original purposes were to support genes researches, assist in proceeding any project of biotechnology and to set up EGP. The original goals of constructing EGP were “(a) reaching a new level in health care, reduction of costs, and more effective health care, (b) improving knowledge of individuals, genotype-based risk assessment and preventive medicine, and helping the next generation, (c) increasing competitiveness of Estonia – developing infrastructure, investments into high-technology, well-paid jobs, and science intensive products and services, (d) [constructing] better management of health databases (phenotype/genotype database), (e) … [supporting]… economic development through improving gene technology that opens cooperation possibilities and creates synergy between different fields (e.g., gene technology, IT, agriculture, health care)”1.
In order to ensure that Estonian human genes database could be operated properly and reasonably in the perspectives of law, ethics and society in Estonia, the Estonian parliament followed the step of Iceland to enact “Human Genes Research Act” (HGRA) via a special legislative process to regulate its human genes database in 2000. HGRA not only authorizes the chief processor to manage Estonian human genes database, but also regulates the issues with regard to the procedure of donation, the maintenance and building of human genes database, the organization of making researches, the confidential identity of donator or patient, the discrimination of genes, and so on.
Since the construction of Estonian human genes database might bring the conflicts of different points of view upon the database in Estonia, in order to “avoid fragmentation of societal solidarity and ensure public acceptability and respectability”2 , HGRA adopted international standards regulating a genes research to be a norm of maintaining and building the database. Those standards include UNESCO Universal Declaration on the Human Genome and Human Rights (1997) and the Council of Europe’s Convention on Human Rights and Biomedicine (1997).
The purpose of enacting HGRA is mainly to encourage and promote genes researches in Estonia via building Estonian human genes database. By means of utilizing the bio-information stored in the database, it can generate “more exact and efficient drug development, new diagnostic tests, improved individualized treatment and determination of risks of the development of a disease in the future”3 . In order to achieve the above objectives, HGRA primarily puts emphasis on several aspects. Those aspects include providing stronger protection on confidential identity of donators or patients, caring for their privacy, ensuring their autonomy to make donations, and avoiding any possibility that discrimination may happen because of the disclosure of donators’ or patients’ genes information.
1.HERBERT GOTTWEIS & ALAN PETERSEN, BIOBANKS – GOVERNANCE IN COMPARATIVE PERSPECTIVE 59 (2008).
2.Andres Rannamae, Populations and Genetics – Legal and Socio-Ethical Perspectives, in Estonian Genome Porject – Large Scale Health Status Description and DNA Collection 18, 21 (Bartha Maria Knoppers et al. eds., 2003.
3.REMIGIUS N. NWABUEZE, BIOTECHNOLOGY AND THE CHALLENGE OF PROPERTY – PROPERTY RIGHTS IN DEAD BODIES, BODY PARTS, AND GENETIC INFORMATION, 163 (2007).
Introduction to the “Public Procurement for Startups” mechanism I.Backgrounds According to the EU’s statistics, government procurement budget accounted for over 14% of GDP. And, according to the media report, the total amount of government procurement in Taiwan in 2017 accounted for nearly 8%. Therefore, the government’s procurement power has gradually become a policy tool for the government to promote the development of innovative products and services. In 2017, the Executive Yuan of the R.O.C.(Taiwan)announced a government procurement policy named “Government as Good Partners with Startups (政府成為新創好夥伴)”[1] to encourage government agencies and State-owned Enterprises to procure and adopt innovative goods or services provided by startups. This policy was subsequently implemented through an action plan named “Public Procurement for Startups”(新創採購)[2] by the Small and Medium Enterprise Administration(SMEA).The action plan mainly includes two important parts:One created the procurement process for startups to enter the government contracts market through inter-entities contracts. The other accelerated the collaboration of the government agencies and startups through empirical demonstration. II.Facilitating the procurement process for startups to enter the government market In order to help startups enter the government contracts market in a more efficient way, the SMEA conducts the procurement of inter-entity supply contracts with suppliers, especially startups, for the supply of innovative goods or services. An inter-entity supply contract[3] is a special contractual framework, under which the contracting entity on behalf of two or more other contracting parties signs a contract with suppliers and formulates the specifics and price of products or services provided through the public procurement process. Through the process of calling for tenders, price competition and so on, winning tenderers will be selected and listed on the Government E-Procurement System. This framework allows those contracting entities obtain orders and acquire products or services which they need in a more efficient way so it increases government agencies’ willingness to procure and use innovative products and services. From 2018, the SMEA started to undertake the survey of innovative products and services that government agencies usually needed and conducted the procurement of inter-entity supply contracts for two rounds every year. As a result, the SMEA plays an important role to bridge the demand and supply sides for innovative products or services by means of implementing the forth-mentioned survey and procurement process. Moreover, in order to explore more innovative products and services with high quality and suitable for government agencies and public institutions, the SMEA actively networked with various stakeholders, including incubators, accelerators, startups mentoring programs sponsored by private and public sectors and so on. Initially the items to be procured were categorized into four themes which were named the Smart Innovations, the Smart Eco, the Smart Healthcare, and the Smart Security. Later, in order to show the diversity of the innovation of startups which response well to various social issues, from 2019, the SMEA introduced two new theme solicitations titled the Smart Education and the Smart Agriculture to the inter-entities contracts. Those items included the power management systems, the AI automated recognition and image warning system, the chatbot for public service, unmanned flying vehicles, aerial photography services and so on. Take the popular AI image warning system as an example, the system is used by police officers to make instant evidence searching and image recording. Other government agencies apply the innovative system to the investigation of illegal logging and school safety surveillance. Moreover, the SMEA has also offered subsidy for local governments tobuy those items provided by startups. That is the coordinated supporting measure which allows startups the equal playing field to compete with large companies. The Subsidy scheme is based on the Guideline for Subsidies on Procurement of Innovative Products and Services[3] (approved by the Executive Yuan on March 29, 2018 and revised on Feb. 20, 2021). In the Guideline, “innovative products and services” refer to the products, technologies, labor, service flows or items and services rendered with creative activities through deploying scientific or technical means and a certain degree of innovations by startups with less than five years in operation. Such innovative products and services are displayed for the inter-entity supply contractual framework administered by the SMEA for government procurement. III.Accelerating the collaboration of the government agencies and startups through empirical demonstration To assist startups to prove their concepts or services, and become more familiar with the governemnrt’s needs, the SMEA also created a mechanism called the “Solving Governmental Problems by Star-up Innovation”(政府出題˙新創解題). It plans to collect government agencies’ needs, and then solicit innovative proposals from startups. After their proposals are accepted, startups will be given a grant up to one million NT dollars to conduct empirical studies on solution with government agencies for about half a year. Take the cooperation between the “Taoyuan Long Term Care Institute for Older People and the Biotech Startup” for example, a care system with sanitary aids was introduced to provide automatic detection, cleanup and dry services for the patients’discharges, thus saving 95% of cleaning time for caregivers. In the past, caregivers usually spent 4 hours on the average in inspecting old patients, cleaning and replacing their bedsheets as their busy daily routines. Inadequate caregivers makes it difficult to maintain the care quality. If the problem was not addressed immediately, it would make the life of old patients more difficult. IV.Achievements to date Since the promotion of the products and services of the startups and the launch of the “Public Procurement for Startups” program in 2018, 68 startups, with the SMEA’s assistance, have entered the government procurement contracts market, and more than 100 government agencies have adopted the innovative resolutions. With the encouragement for them in adopting and utilizing the fruits of the startups, it has generated more than NT$150 million in cooperative business opportunities. V.Conclusions While more and more startups are obtaining business opportunities from the favorable procurement process, constant innovation remains the key to success. As such, the SMEA has regularly visited the government agencies-buyers to obtain feedbacks from startups so as to adjust and optimize the innovative products or services. The SMEA has also regularly renewed the specifics and items of the procurement list every year to keep introducing and supplying high-quality products or services to the government agencies. [1] Policy for investment environment optimization for Startups(2017),available athttps://www.ndc.gov.tw/nc_27_28382.(last visited on July 30, 2021 ) [2] https://www.spp.org.tw/spp/(last visited on July 30, 2021 ) [3] Article 93 of Government Procurement Act:I An entity may execute an inter-entity supply contract with a supplier for the supply of property or services that are commonly needed by entities. II The regulations for a procurement of an inter-entity supply contract, the matters specified in the tender documentation and contract, applicable entities, and the related matters shall be prescribed by the responsible entity. [4] https://law.moea.gov.tw/LawContent.aspx?id=GL000555(last visited on July 30, 2021)
Post Brexit – An Update on the United Kingdom Privacy RegimePost Brexit – An Update on the United Kingdom Privacy Regime 2021/9/10 After lengthy talks, on 31 January 2020, the United Kingdom (‘UK’) finally exited the European Union (‘EU’). Then, the UK shifted into a transition period. The UK government was bombarded with questions from all stakeholders. In particular, the data and privacy industry yelled out the loudest – what am I going to do with data flowing from the EU to the UK? Privacy professionals queried – would the UK have a new privacy regime that significantly departs from the General Data Protection Regulation (‘GDPR’)? Eventually, the UK made a compromise with all stakeholders – the British, the Europeans and the rest of the world – by bridging its privacy laws with the GDPR. On 28 June 2021, the UK obtained an adequacy decision from the EU.[1] This was widely anticipated but also widely known to be delayed, as it was heavily impacted by the aftermaths of the invalidation of the US- EU Privacy Shield.[2] While the rest of the world seems to silently observe the transition undertaken by the UK, post-Brexit changes to the UK’s privacy regime is not only a domestic or regional matter, it is an international matter. Global supply chains and cross border data flows will be affected, shuffling the global economy into a new order. Therefore, it is crucial as citizens of a digital economy to unpack and understand the current UK privacy regime. This paper intends to give the reader a brief introduction to the current privacy regime of the UK. The author proposes to set out the structure of the UK privacy legislation, and to discuss important privacy topics. This paper only focuses on the general processing regime, which is the regime that is most relevant to general stakeholders. UK Privacy Legislation There are two main privacy legislation in the UK – the Data Protection Act 2018 (‘DPA’) and the United Kingdom General Data Protection Act (‘UK GDPR’). These two acts must be read together in order to form a coherent understanding of the current UK privacy regime. The UK GDPR is the creature of Brexit. The UK government wanted a smooth transition out of the EU and acknowledged that they needed to preserve the GDPR in their domestic privacy regime to an extent that would allow them to secure an adequacy decision. The UK government also wanted to create less impact on private companies. Thus, the UK GDPR was born. Largely it aligns closely with the GDPR, supplemented by the DPA. ICO The Information Commissioner’s Office (‘ICO’) is the independent authority supervising the compliance of privacy laws in the UK. Prior to Brexit, the ICO was the UK’s supervisory authority under the GDPR. A unique feature of the ICO’s powers and functions is that it adopts a notice system. The ICO has power to issue four types of notices: information notices, assessment notices, enforcement notices and penalty notices.[3] The information notice requires controllers or processors to provide information. The ICO must issue an assessment notice before conducting data protection audits. Enforcement is only exercisable by giving an enforcement notice. Administrative fines are only exercisable by giving a penalty notice. Territorial Application Section 207(1A) of the DPA states that the DPA applies to any controller or processor established in the UK, regardless where the processing of personal data takes place. Like the GDPR, the DPA and the UK GDPR have an extraterritorial reach to overseas controllers or processors. The DPA and the UK GDPR apply to overseas controllers or processors who process personal data relating to data subjects in the UK, and the processing activities are related to the offering of goods or services, or the monitoring of data subjects’ behavior.[4] Transfers of Personal Data to Third Countries On 28 June 2021, the UK received an adequacy decision from the EU.[5] This means that until 27 June 2025, data can continue to flow freely between the UK and the European Economic Area (‘EEA’). As for transferring personal data to third countries other than the EU, the UK has similar laws to the GDPR. Both the DPA and the UK GDPR restrict controllers or processors from transferring personal data to third countries. A transfer of personal data to a third country is permitted if it is based on adequacy regulations.[6] An EU adequacy decision is known as ‘adequacy regulations’ under the UK regime. If there is no adequacy regulations, then a transfer of personal data to a third country will only be permitted if it is covered by appropriate safeguards, including standard data protection clauses, binding corporate rules, codes of conduct, and certifications.[7] The ICO intends to publish UK standard data protection clauses in 2021.[8] In the meantime, the EU has published a new set of standard data protection clauses (‘SCCs’).[9] However, it must be noted that the EU SCCs are not accepted to be valid in the UK, and may only be used for reference purposes. It is also worth noting that the UK has approved three certification schemes to assist organizations in demonstrating compliance to data protection laws.[10] Lawful Bases for Processing Basically, the lawful bases for processing in the UK regime are the same as the GDPR. Six lawful bases are set out in article 6 of the UK GDPR. To process personal data, at least one of the following lawful bases must be satisfied:[11] The data subject has given consent to the processing; The processing is necessary for the performance of a contract; The processing is necessary for compliance with a legal obligation; The processing is necessary to protect vital interests of an individual – that is, protecting an individual’s life; The processing is necessary for the performance of a public task; The processing is necessary for the purpose of legitimate interests, unless other interests or fundamental rights and freedoms override those legitimate interests. Rights & Exemptions The UK privacy regime, like the GDPR, gives data subjects certain rights. Most of the rights granted under the UK privacy regime is akin to the GDPR and can be found under the UK GDPR. Individual rights under the UK privacy regime is closely linked with its exemptions, this may be said to be a unique feature of the UK privacy regime which sets it apart from the GDPR. Under the DPA and the UK GDPR, there are certain exemptions, meaning organizations are exempted from certain obligations, most of them are associated with individual rights. For example, if data is processed for scientific or historical research purposes, or statistical purposes, organizations are exempted from provisions on the right of access, the right to rectification, the right to restrict processing and the right to object in certain circumstances.[12] Penalties The penalty for infringement of the UK GDPR is the amount specified in article 83 of the UK GDPR.[13] If an amount is not specified, the penalty is the standard maximum amount.[14] The standard maximum amount, at the time of writing, is £8,700,000 (around 10 million Euros) or 2% of the undertaking’s total annual worldwide turnover in the preceding financial year.[15] In any other case, the standard maximum amount is £8,700,000 (around 10 million Euros).[16] Conclusion The UK privacy regime closely aligns with the GDPR. However it would be too simple of a statement to say that the UK privacy regime is almost identical to the GDPR. The ICO’s unique enforcement powers exercised through a notice system is a distinct feature of the UK privacy regime. Recent legal trends show that the UK while trying to preserve its ties with the EU is gradually developing an independent privacy persona. The best example is that in regards to transfers to third countries, the UK has developed its first certification scheme and is attempting to develop its own standard data protection clauses. The UK’s transition out of the EU has certainly been interesting; however, the UK’s transformation from the EU is certainly awaited with awe. [1] Commission Implementing Decision of 28.6.2021, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom, C(2021) 4800 final,https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf.. [2] Judgment of 16 July 2020, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems, C-311/18, EU:C:2020:559, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62018CJ0311. [3] Data Protection Act 2018, §115. [4] Data Protection Act 2018, §207(1A); REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 3. [5] supra note 1. [6] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 44-50. [7] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 46-47. [8]International transfers after the UK exit from the EU Implementation Period, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/ (last visited Sep. 10, 2021). [9] Standard contractual clauses for international transfers, European Commission, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en (last visited Sep. 10, 2021). [10] ICO, New certification schemes will “raise the bar” of data protection in children’s privacy, age assurance and asset disposal, ICO, Aug. 19, 2021, https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/08/ico-approves-the-first-uk-gdpr-certification-scheme-criteria/ (last visited Sep. 10, 2021). [11] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 6(1)-(2); Lawful basis for processing, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ (last visited Sep. 10, 2021). [12] Data Protection Act 2018, sch 2, part 6, para 27. [13] id. at §157. [14] id. [15] id. [16] id.
New Version of Personal Information Protection Act and Personal Information Protection & Administration SystemI.Summary In 1995, the Computer-Processed Personal Data Protection Law was implemented in the Republic of China. With the constant development of information technology and the limitations in the application of the legislation, the design of the original legal system is no longer consistent with practical requirements. Considering the increasing number of incidents of personal data leaks, discussions were carried out over a long period of time and the new version of the Personal Information Protection Act was passed after three readings in April, 2010. The title of the law was changed to Personal Information Protection Act. The new system has been officially implemented since 1 October, 2012. The new Act not only revised the provisions of the law in a comprehensive way, but also significantly increased the obligations and responsibilities of enterprises. In terms of civil liability, the maximum amount of compensation for a single incident is 200 Million NTD. For domestic industries, how to effectively respond to the requirements under the Personal Information Protection Act and adopt proper corresponding measures to lower the risk has become a key task for enterprise operation. II. Main Points 1. Implementation of the Enforcement Rules of the Personal Information Protection Act Personal information protection can be said the most concerned issue in Taiwan recently. As a matter of fact, the Computer-Processed Personal Data Protection Law was established in Taiwan as early as August 1995. After more than 10 years of development, computer and information technology has evolved significantly, and many emerging business models such as E-commerce are extensively collecting personal data. It has become increasingly important to properly protect personal privacy. However, the previous Computer-Processed Personal Data Protection Law was only applicable to certain industries, i.e. the following 8 specific industries: the credit investigation business, hospital, school, telecommunication business, financial business, securities business, insurance business, and mass media. And other business was designated by the Ministry of Justice and the central government authorities in charge of concerned enterprises. In addition, the law only protected personal information that was processed by “computer or automatic equipment”. Personal information that was not computer processed was not included. There were clearly no sufficient regulations for the protection of personal data privacy and interest. There were numerous incidents of personal data leaks. Among the top 10 consumer news issued by the Consumer Protection Committee of the Executive Yuan in 2007, “incidents of personal data leaks through E-commerce and TV shopping” was on the top of the list. This provoked the Ministry of Justice and the Ministry of Economic Affairs to “jointly designate” the retail industry without physical boutique (including 3 transaction models: online shopping, catalogue shopping and TV shopping) to be governed by the Computer-Processed Personal Data Protection Law since 1 July 2010. To allow the provisions of the personal information protection legal system to meet the environment of rapid change, the Executive Yuan proposed a Draft Amendment to the Computer-Processed Personal Data Protection Law very early and changed the title to the Personal Information Protection Act. The draft was discussed many times in the Legislative Yuan. Personal Information Protection Act was finally passed after three readings in April 2010, which was officially published by the Office of the President on 26 May. Although the new law was passed in April 2010, to allow sufficient time for enterprises and the public to understand and comply the new law, the new version of the personal information protection law was not implemented on the date of publication. In accordance with Article 56 of the Act, the date of implementation was to be further established by the Executive Yuan. After discussions over a long period of time, the Executive Yuan decided for the Personal Information Protection Act to be officially implemented on 1 October 2012. However, the implementation of two articles is withheld: Article 6 of the Act about the principal prohibition against the collection, processing and use of special personal information and Article 54 about the obligation to notice the Party within one year for personal information indirectly acquired before the implementation of the new law. In terms of the personal data protection legal system, other than the most important Personal Data Protection Act, the enforcement rules established in accordance with the main law also play a key role. The previous Enforcement Rules of the Computer-Processed Personal Data Protection Law were published and implemented on 1 May, 1996. Considering that the Computer-Processed Personal Data Protection Law was amended in 2010 and that its title has been changed to the Personal Data Protection Act, the Ministry of Justice also followed the amended provisions under the new law and actively studied the Draft Amendment to the Enforcement Rules of the Computer-Processed Personal Data Protection Act. After it was confirmed that the new version of the Personal Data Protection Act would be officially launched on 1 October 2012, the Ministry of Justice announced officially the amended enforcement rules on 26 September, 2012. The title of the enforcement rules was also amended to the Enforcement Rules of the Personal Data Protection Act. The new version of personal data protection law and enforcement rules was thus officially launched, creating a brand new era for the promotion of personal data protection in Taiwan. II. Personal Data Administration System and Information Privacy Protection Charter Before the amendment to the Personal Data Protection Act was passed, the Legislative Yuan made a proposal to the government in June 2008 to promote a privacy administration and protection certification system in Taiwan, in reference to foreign practices. In August of the following year, the Strategic Review Board of the Executive Yuan passed a resolution to promote the E-Commerce Personal Data Administration and Information Security Action Plan. In December of the same year, approval was granted for the plan to be included in the key government promotion plans from 2010 to 2013. Based on this action plan, since October 2010, the Ministry of Economic Affairs has asked the Institution for Information Industry to execute an E-Commerce Personal Data Administration System Setup Plan. Since 2012, the E-Commerce Personal Data Administration System Promotion Plan and the Taiwan Personal Information Protection and Administration System (TPIPAS) have been established and promoted, with the objective of procuring enterprises to, while complying with the personal data protection legal system, properly protect consumers’ personal information through the establishment of an internal administration mechanism and ensuring that the introducing enterprises meet the requirements of the system. The issuance of the Data Privacy Protection Mark (dp.mark) was also used as an objective benchmark for consumers to judge the enterprise’s ability to maintain privacy. Regarding the introduction of the personal data administration system, enterprises should establish a content administration mechanism step by step in accordance with the Regulations for Taiwan Personal Information Protection and Administration System. Such system also serves as the review benchmark to decide whether domestic enterprises can acquire the Data Privacy Protection Mark (dp.mark). Since domestic enterprises did not have experience in establishing internal personal data administration system in the past, starting 2011, under the Taiwan Personal Information Protection and Administration System, enterprises received assistance in the training of system professionals such as Personal Data Administrators and Personal Data Internal Appraisers. Quality personal data administrators can help enterprises establish complete internal systems. Internal appraisers play the role of confirming whether the systems established by the enterprises are consistent with the system requirements. As of 2012, there are almost 100 enterprises in Taiwan that participate in the training of system staff and a total of 426 administrators and 131 internal appraisers. In terms of the introduction of TPIPAS, in additional to the establishment and introduction of administration systems by qualified administrators, enterprises can also seek assistance from external professional consulting institutions. Under the Taiwan Personal Information Protection and Administration System, applications for registration of consulting institutions became available in 2012. Qualified system consulting institutions are published on the system website. Today 9 qualified consulting institutions have completed their registrations, providing enterprises with personal data consulting services. After an enterprise completes the establishment of its internal administration system, it may file an application for certification under the Taiwan Personal Information Protection and Administration System. The certification process includes two steps: “written review” and “site review”. After the enterprise passing certification, it is qualified to use the Data Privacy Protection Mark (dp.mark). Today 7 domestic companies have passed TPIPAS certification and acquired the dp.mark: 7net, FamiPort, books.com.tw, LOTTE, GOHAPPY, PAYEASY and Sinya Digital, reinforcing the maintenance of consumer privacy information through the introduction of personal data administration system. III. Event Analysis The Taiwan Personal Information Protection and Administration System (TPIPAS) is a professional personal data administration system established based on the provisions of the latest version of the domestic Personal Data Protection Act, in reference to the latest requirements of personal data protection by international organizations and the experience of main countries in promoting personal data administration system. In accordance with the practical requirements to protect personal data by industries, TPIPAS converted professional legal conditions into an internal personal data administration procedure to effectively assist industries to establish a complete and proper personal data administration system and to comply with the requirements of personal data legislations. With the launch of the new version of the Personal Data Protection Act, introducing TPIPAS and acquiring dp.mark are the best strategies for enterprises to lower the risk from the personal data protection law and to upgrade internal personal data administration capability.
Introduction to Tax Incentive Regime for SMEsIntroduction to Tax Incentive Regime for SMEs I. Introduction The developments of SMEs (small-and-medium enterprises) plays an important pillar of development of industries and creation of jobs in Taiwan. In 2017, the total number of SMEs in Taiwan was 1,437,616. They offer 8,904,000 jobs, accounting for 78.44% of the workforce[1]. However, SMEs have difficulties in entering international supply chains because of their weakness in finance. Therefore, how to enhance the global competitiveness of SMEs is an important issue for the concerned authority. Chapter 4 of the Act for Development of Small and Medium Enterprises prescribes the tax incentive regime based on the financial capability of SMEs and characteristics of industries in order to facilitate the development of SMEs, especially the globalization of SMEs. This paper will review the importance of tax incentives to SMEs and introduces the tax incentive regime under the Act for Development of Small and Medium Enterprises In order to help SMES have an understanding of such regime. II. SME Tax Incentives Scheme As the gatekeeper of the market, the government may intervene the market with various policies or tools to reallocate and improve the soundness of the market environment when the market competitions is impaired due to information asymmetry or externalities. At this juncture, preferential tax rates or tax deductions can be offered to specific taxpayers through legal institution. This allows these taxpayers to retain higher post-tax earnings so that they are incentified to invest more resources in the legally defined economic activities. Tax incentives targeting at risky or spillover investments to create benefits to specific economic activities will help the development of industries and markets. Whilst Article 10 of the Statute for Industrial Innovation has provided tax cuts for R&D expenditures, these incentives are not focus on SMEs and hence not supportive to their research and innovations. This was the reason for the 2016 amendment of the Act for Development of Small and Medium Enterprises added Article 35 to offer tax incentives in order to encourage R&D and innovative efforts and Article 35-1 to activate intellectual properties via licensing. These articles aim to accelerate the momentum of innovations and transformations which promoting investments for SMEs. OthersTo assist SMEs to cope with change of the business environment, the Article 36-2 added the tax incentives for salary or headcount increases, to contribute to the sustainability of SMEs and stabilize the labour market and industrial structures. Following is an explanation of the applicability of these schemes and the requirements to qualify such incentives. III. Tax Incentives to Promote Investments (I) Tax deductions for R&D expenditures Governments around the world seek to encourage corporate R&D activities, that Tax incentives are put in place to reduce R&D costs and foster a healthy environment of investment for more R&D initiatives. Neighboring countries such as Japan, Korea and Singapore are frequently practicing belowing tax burdens to encourage R&D efforts. Article 35 of the Act for Development of Small and Medium Enterprises in Taiwan allows accelerated depreciation and offers tax cuts[2] to stimulate R&D and innovations and create an investment friendly environment for SMEs. 1. Taxpaying Entities and Requirements (1) Qualifications for SMEs Article 35 of the Act is applicable to qualified SMEs and individual taxpayers, which are (1) from manufacturing, construction & engineering, mining and quarrying industries, with paid-in capital below or equal to NT$80 million or with the number of full-time employees less than 200 people; (2) from other industries with the sales of the previous year below or equal to NT$100 million or with the number of full-time employees less than 100 people. Thus, the qualifications of Small and Medium Enterprises are based on either paid-in capital/sales or number of employees under the Act[3].Meanwhile, SMEs may not have an independent R&D department due to the limit of size or operating cost.Therefore, if the taxpayers hiring full-time R&D personnel that can provide records of job descriptions and work logs to R&D activities, the SMEs can access the tax incentives provided that the R&D functions. The recognized by government agencies is increasingly flexibility for SMEs seeking policy support. 2. Taxpayers and requirements (1) A certain degree of innovativeness As the tax incentive regime strives to promote innovations, the R&D expenses should be used to fund innovative developments. According to the official letters from the Small and Medium Enterprise Administration, Ministry of Economic Affairs, there is no high bar as forward-looking, risky and innovative as usually” required for other incentives previously, which is considering the size of SMEs and their industry characteristics. The “certain degree” of innovativeness shall be based on industry environments and SME businesses as determined by competent authorities in a flexible manner. (2) Flexibility in the utilization of business income tax reductions To encourage regular R&D activities, The case that SMEs may not have R&D undertakings each year due to funding constraints, or start-up company may have incurred R&D expenditures but are not yet profitable and hence have no tax liabilities during the year, Corporate taxpayers were able to choose beside deduct the payable taxes during a single year, and reduce the payable taxes during the current year over three years starting from the year when tax incentives are applicable. 3. Tax incentive effects As previously mentioned, Article 35 of the Act for Development of Small and Medium Enterprises accommodates the characteristics of SMEs by allowing reductions of corporate business taxes for up to 15% R&D expenditures during the current year, or spreading the tax reductions by spreading up to 10% of the R&D expenditures over three years from the first year when the incentives are applicable. It is worth noting that the tax deductions shall not exceed 30% of the payable business income taxes during a single year. If the instruments and equipment for R&D, experiments or quality inspections have a lifetime over two years or longer, it is possible to accelerate the depreciation within half of the years of service prescribed by the income tax codes for fixed assets. However, the final year less than 12 months over the shortened service years shall not be counted. Accelerated depreciation brings in tax benefits for fixed asset investments during the initial stage, that meets the requirements for new technologies and risk management by frontloading the equipment depreciation and creates a buffer for capital utilization. (II) Deferred taxations on licensing/capitalization of intellectual properties The deferral of tax payments under the Act for Development of Small and Medium Enterprises is meant to avoid any adverse effect on the application of technological R&Ds by SMEs. As the equity stakes via capitalization of intellectual properties by inventors or creators are not cashed out yet and the subsequent gains may not be at the same valuation as determined at the time of capitalization, the immediate taxation may hinder the willingness to transfer intellectual properties. Therefore, assisting SMEs to release intellectual properties with potential economic value, the licensing and capitalization of intellectual properties is strongly encouraged. The tax expenses shall be deferred within SME or an individual acquires stakes on a non-publicly-listed company by transferring their intellectual properties. This is to stimulate the applications and sharing of relevant manufacturing technologies. When an SME or an individual acquires stakes on a non-publicly-listed company by transferring their intellectual properties, their tax expenses shall be deferred. 1. Taxpayers and requirements (1) Qualifications for individuals or SMEs Article 35-1 of the Act for Development of Small and Medium Enterprises is applicable to SMEs and individual taxpayers. This is to foster the growth of SMEs and enhancement of industry competitiveness by encouraging R&D and innovations from individuals and start-ups. To promote the commercialize of intellectual properties in different ways, the Act for Development of Small and Medium Enterprises provides income tax incentives to individuals and SMEs transferring intellectual properties. The purpose is to encourage different paths to industry upgrades. (2) Ownership of intellectual properties To ensure that the proceeds of intellectual property is linked to the activity of intellectual properties which perform by individuals or SMEs. Only the owners of the intellectual properties capitalized and transferred can enjoy the tax benefits. Intellectual properties referred to in the Act for Development of Small and Medium Enterprises are the properties with value created with human activities and hence conferred with legal rights. These include but are not limited to copyrights, patent rights, trademarks, trade secrets, integrated circuit layouts, plant variety rights and any other intellectual properties protected by laws[4]. (3) Acquisition of stock options The abovementioned tax incentives are offered to the individuals or SMEs who transfer intellectual properties to non-listed companies in exchange of their new shares. The income taxes on the owners of intellectual properties are deferred until acquisition of shares. These shares are not registered with the book-entry system yet. Before the transferrers of intellectual properties dispose or offload these shares, immediate taxations will impose economic burdens and funding challenges given the unknown prices of the eventual cash-out. Therefore, this legislation is only applicable to taxpayers who obtain options for new shares. 2. Taxpayers and requirements (1) Transfer of intellectual properties According to Article 36 of the Copyright Act as interpreted by official letters issued by the Ministry of Finance, the transfer of intellectual properties is the conferring of intellectual properties to others, and the transferees access these intellectual properties within the scope of the transfer. In terms “transfer” of the first and second paragraphs of Article 36 does not include licensing[5], but such as granting, licensing and inheritance. (2) Timing of income tax payments In general, the particular time that calculation of taxes payable is based on when the taxpayers acquire the incomes, less relevant expenses or costs. The taxes payable timing should be depending on when the taxpayers obtain the newly issued shares by transferring intellectual properties. However, the levy of income taxes at the time of intellectual property transfers and new share acquisitions may cause a sudden jump in taxes payable in the progressive system and thus a burden on the economics of SMEs and individuals concerned. Thus, to avoid disruptions to company operations or personal finance planning, Article 36 makes the exception for the incomes earned by subscribing to new shares as a result of transferring intellectual properties. Such incomes are not subject to taxes during the year when the shares are acquired, in order to mitigate the tax barriers concerned. In sum, the taxes shall be paid when such shares are transferred, gifted or distributed. 3. Tax incentive effects Article 35-1 of the Act for Development of Small and Medium Enterprises provides tax incentives to stimulate the mobilization of intellectual properties by smoothing out the impact of income taxes payable. This is applicable to (1) SMEs who can postpone the business income taxes payable from the year when they acquire new shares of non-listed companies by transferring the intellectual properties they own; (2) individuals who can postpone the individual income taxes payable from the year when they acquire new shares of non-listed companies by transferring the intellectual properties they own. IV. Tax incentives aiming to improve the business environment (I) Tax reductions for wages to additional headcounts SMEs are vital to the Taiwan, making uo 90% of the companies accounting in Taiwan, who employ more than 6.5 million people or 72.8% of the total workforce. Any economic recession may make it difficult for SMEs to maintain their labor costs given their smaller funding size and external challenges. This will cause higher unemployment rates and hurt the economy, which may cause impairment of the capacity or create a labor gap for SMEs, eventually shrink the industry scale. To lower the burden of operational and investment costs and learn from the legislatives in Japan and the U.S.[6], tax incentives are put in place as a buffer for adverse effects of external environments. The first paragraph of Article 36-2 of the Act for Development of Small and Medium Enterprises provide tax incentives for employee salaries of new headcounts based on the assessment on the economy over a time period. This is intended to encourage domestic investments and avoid the pitfall of direct government subsidies distorting salary structures. It is hoped that investments from SMEs can stimulate the momentum of economic growth. 1. Taxpayers The tax incentives under Article 36-2 of the Act for Development of Small and Medium Enterprises aim to assist SMEs through difficult times in an economic downturn. The threshold of the period time is based on the unemployment rate has been below the economic indicator predetermined for six consecutive months, which calculated by the Directorate General of Budget, Accounting and Statistics, Executive Yuan. In number of the unemployment rate has been below the economic indicator predetermined for six consecutive months, it is deemed that the business environment is not friendly to SMEs. In this instance, the Regulations for the Tax Preferences Provided to Small and Medium-sized Enterprises on Additional Wage Payment will trigger the tax incentives. The abovementioned economic indicator shall be published by the competent authorities once every two years. Moreover, to qualify for the tax incentives for new employees, SMEs should investing new ventures or instill new capital by at least $500,000[7] or hiring workforce at least two full-time headcounts compared with the previous fiscal year, that constitute at the Article 36-2 of the Act for Development of Small and Medium Enterprises, which aims to encourage SMEs investments. 2. Taxpayers (1) Qualifications of additional headcounts As the dispatched human resource services typically meet temporary or short-term requirements and contractors do not enjoy employment security, this is not consistent with the spirit of the legislation to create jobs and reduce unemployment. Therefore, to avoid the one-time increase of headcounts from accessing the tax reductions during the year and the deterioration of labor relations in Taiwan. Tax incentive is not offered to the additional recruitment of part-time or contracted workers. Meanwhile, the tax incentives are only applicable to the additional employment of Taiwanese nationals, above or below 24 years old. A tax deduction of 50% based on annual wages is provided for the hiring of people below 24 years old. The extra tax deduction will stimulate young employment. (2) Definition of additional employment The number of additional headcounts is based on permanent hires and calculated as the difference between the average number of Taiwanese employees covered by labor insurance per month throughout a single fiscal year or before and after the incremental increase of workforce. The conversion of regular contracts to indefinite employment in writing or signing up for indefinite R&D headcounts under the military service scheme can also be deemed as additional employment. It is worth noting, however, the new headcounts resulted from M&A activities or transfer between affiliated companies are excluded in this legislation. (3) Calculation of wages Companies are also required to increase employment as well as the Comparable Wages. The comparable wages are estimated with the summation of 30% of the wages for the year before and after additional employment that based on the aggregate of the new hires comparable wages compared to the prior year. In other words, if the aggregate wages paid out are higher than comparable wages during the year, the companies concerned have indeed incurred higher personnel expenses. Tax incentives are thus granted because it improves the business environment and it is the purpose of this legislation. 3. Tax incentive effects The first paragraph of Article 36-2 of the Act for Development of Small and Medium Enterprises provides deductions of business income taxes during the year to qualified SMEs at an amount equivalent to 130% of the incremental wages paid to new headcounts who are Taiwanese nationals. The deductible amount is equivalent to 150% of the incremental wages if new headcounts are Taiwanese nationals below 24 years old. (II) Tax incentives for companies that increase salaries Companies are subject to the effect of changes in the external factors such as global supply and demand on the international market, as well as the domestic business environment as a result of risk aversion from investors and expectation from customers. These uncertainties associated with investments and the rising prices for consumers will suppress the wage levels in Taiwan. This the reason why the second paragraph of Article 36-2 of the Act for Development of Small and Medium Enterprises grants tax deductions for the companies who increase salaries, to encourage companies share earnings with employees and enhance private-sector consumption. SMEs may deduct their business income taxes payable during the year up to 30% of salary increase for existing entry-level employees who are Taiwanese nationals, not as a result of statutory requirement for basic wage adjustments. 1. Taxpayers The tax incentives are applicable to SMEs as defined by the Regulations for the Tax Preferences Provided to Small and Medium-sized Enterprises on Additional Wage Payment and based on the same economic indicators previously mentioned. 2. Qualification for tax incentives (1) Definition of entry-level employees The object of taxation under this act is the enterprise's average wage payment to the entry-level employees. The entry-level employees referred to in this act are authorized by the "Small and medium-sized enterprise employee salary increase, salary deduction act " that refers to employees of local nationality with an average monthly recurring salary below nt $50,000[8] whose were entered into indefinite employment contracts with SMEs. Through such conditions, the effect of tax concessions will be concentrated on promoting the salary level of grassroots staff and helping enterprises to cope with changes in the industrial environment. (2) Average salaries The salaries to entry-level employees refer to the basic salaries, fixed allowances and bonuses paid on a monthly basis. Payment-in-kind shall be discounted based on the actual prices and included into the regular salaries. Meanwhile, regular salaries should be calculated with annualized averages, as this legislation seeks to boost salary levels. The regular salaries to entry-level employees during the year are estimated with the monthly number of entry-level employees during the same year. Only when the average basis salaries during the year are higher than those in the prior year can the tax incentives be applicable. 3. Tax incentive effects Applying this article, SMEs can deduct their business income taxes each year up to 130% of salary increase for existing entry-level employees who are Taiwanese nationals, which are not as a result of statutory requirement for basic wage adjustments. However, it is not allowed to double count the increased personnel expenses for new headcounts applicable to the first and second paragraphs of the same article. V. Conclusions The funding scales and relatively weak financial structures are the factors that led SMEs be susceptible influenced by supply change dynamics and business cycles. To the extent that is suppressing the flexible in capital utilization for SMEs, also influencing on the sustainability of SMEs. Differ from government subsidies require budgeting, reviewing and implementations, there are complications regarding the allocation of administrative resources. Therefore, it is important to plan for tax incentives in order to stimulate R&D, innovation and job creation by SMEs and ultimately make SMEs more competitive. The tax incentives to SMEs amended in 2016 by the Small and Medium Enterprise Administration are known for the following: (I) The lowering of thresholds for tax reductions of R&D expenses in order to encourage SMEs to invest in R&D activities with a “certain degree” of innovativeness and enhance the momentum for SMEs to upgrade and transform themselves; (II) Deferral the income taxations on the transfer of intellectual properties for equity, in order to encourage application and utilization of such intellectual properties, provide incentives for R&D programs or innovations by individuals and SMEs. This also creates a catalyst for industry upgrade; (III) Tax deductions for the employment of new headcounts or the increase of employee wages during the time the economic indicators have reached a certain threshold and based on the health of the investment environment. This is to encourage company investments and capital increases in Taiwan and mitigate the volatility of economic cycles, in order to get ready for business improvement. The above tax incentive programs, i.e. tax deductions for R&D and innovations; deferral of taxations on the transfer of intellectual properties for equity; tax deductions for the hiring of new headcounts and the increase of employee salaries, are meant to boost the investment from SMEs and the competitiveness of SMEs. The Act for Development of Small and Medium Enterprises seeks to reduce tax burdens of SMEs actively investing for their future and competitive advantages. Tax incentives help to mitigate the adverse effect of the economy on the business environment. It is also the fostering of the sources of business income tax revenues for the government. This is the very purpose of the Act for Development of Small and Medium Enterprises. [1]White Paper on Small and Medium Enterprises in Taiwan, 2018, p21 (November 9, 2018) published by the Ministry of Economic Affairs [2]Pursuant to the authorization conferred by Article 35 of the Act for Development of Small and Medium Enterprises, the Ministry of Economic Affairs has announced the Regulations Governing the Reduction of Expenditures for Small and Medium Enterprises Research and Development as Investment. [3]Article 2 on the definition of SMEs. The abovementioned criterion is universally applicable to the Act for Development of Small and Medium Enterprises. It also applies to the eligibility of tax incentives to be introduced in this paper unless otherwise specified. [4]Official Letter Economic-Business No. 10304605790, Ministry of Economic Affairs [5]Official Letter Taiwan-Finance No. 10300207480, Ministry of Finance [6]“Assessment of the Taxations under Article 35, Article 35-1, the first paragraph and the second paragraph of Article 36-2, the Act for Development of Small and Medium Enterprises” published by the Small and Medium Enterprise Administration, Ministry of Economic Affairs, pages 15-17, https://www.moeasmea.gov.tw/files/2670/93B9AF54-84E2-4293-A5CA-EA7DD9FAA05A(most recently browsed date September 9, 2019). [7]Order of Interpretation Economics-Business No. 104004602510 from the Ministry of Economic Affairs: “Second, on the day when the economic indicator has reached the threshold, the paid-in capital of the new business should be at least NT$500,000 and there is no need to instill additional capital during the period when tax incentives are applicable. For existing businesses, there is no limitation on the number of capital increases during the applicable period. So long as the cumulative increase in capital reaches NT$500,000 and new employees are hired during the same fiscal year or during the prior fiscal year.” [8]Paragraph 1, Article 2 of the Regulations for the Tax Preferences Provided to Small and Medium-sized Enterprises on Additional Wage Payment