The human genes database or human genome project, the product under the policy of biotechnology no matter in a developed or developing country, has been paid more attention by a government and an ordinary people gradually. The construction of human genes database or human genome project, which is not only related to a country’s innovation on biotechnology, but also concerns the promotion of a country’s medical quality, the construction of medical care system, and the advantages brought by the usage of bio-information stored in human genes database or from human genome project. However, even though every country has a high interest in setting up human genes database or performing human genome project, the issues concerning the purposes of related biotechnology policies, the distribution of advantages and risks and the management of bio-information, since each country has different recognition upon human genes database or human genome project and has varied standards of protecting human basic rights, there would be a totally difference upon planning biotechnology policies or forming the related systems. Right now, the countries that vigorously discuss human genes database or practice human genome project include England, Iceland, Norway, Sweden, Latvia and Estonia.
Estonia, which is the country around the Baltic Sea, has planned to set up its own human genes database in order to draw attention from other advanced countries, to attract intelligent international researchers or research groups, and to be in the lead in the area of biotechnology. To sum up, the purpose of constructing Estonian human genes database was to collect the genes and health information of nearly 70% Estonia’s population and to encourage bio-research and promote medical quality.
The construction of Estonian human genes database started from Estonian Genome Project (EGP). This project was advocated by the professor of biotechnology Andres Metspalu at Tartu University in Estonia, and he proposed the idea of setting up Estonian human genes database in 1999. The purposes of EGP not only tried to make the economy of Estonia shift from low-cost manufacturing and heavy industry to an advanced technological economy, but also attempted to draw other countries’ attention and to increase the opportunity of making international bio-researches, and then promoted the development of biotechnology and assisted in building the system of medical care in Estonia.
EGP started from the agreement made between Estonian government and Eesti Geenikeskus (Estonian Genome Foundation) in March, 1999. Estonian Genome Foundation was a non-profit organization formed by Estonian scientists, doctors and politicians, and its original purposes were to support genes researches, assist in proceeding any project of biotechnology and to set up EGP. The original goals of constructing EGP were “(a) reaching a new level in health care, reduction of costs, and more effective health care, (b) improving knowledge of individuals, genotype-based risk assessment and preventive medicine, and helping the next generation, (c) increasing competitiveness of Estonia – developing infrastructure, investments into high-technology, well-paid jobs, and science intensive products and services, (d) [constructing] better management of health databases (phenotype/genotype database), (e) … [supporting]… economic development through improving gene technology that opens cooperation possibilities and creates synergy between different fields (e.g., gene technology, IT, agriculture, health care)”1.
In order to ensure that Estonian human genes database could be operated properly and reasonably in the perspectives of law, ethics and society in Estonia, the Estonian parliament followed the step of Iceland to enact “Human Genes Research Act” (HGRA) via a special legislative process to regulate its human genes database in 2000. HGRA not only authorizes the chief processor to manage Estonian human genes database, but also regulates the issues with regard to the procedure of donation, the maintenance and building of human genes database, the organization of making researches, the confidential identity of donator or patient, the discrimination of genes, and so on.
Since the construction of Estonian human genes database might bring the conflicts of different points of view upon the database in Estonia, in order to “avoid fragmentation of societal solidarity and ensure public acceptability and respectability”2 , HGRA adopted international standards regulating a genes research to be a norm of maintaining and building the database. Those standards include UNESCO Universal Declaration on the Human Genome and Human Rights (1997) and the Council of Europe’s Convention on Human Rights and Biomedicine (1997).
The purpose of enacting HGRA is mainly to encourage and promote genes researches in Estonia via building Estonian human genes database. By means of utilizing the bio-information stored in the database, it can generate “more exact and efficient drug development, new diagnostic tests, improved individualized treatment and determination of risks of the development of a disease in the future”3 . In order to achieve the above objectives, HGRA primarily puts emphasis on several aspects. Those aspects include providing stronger protection on confidential identity of donators or patients, caring for their privacy, ensuring their autonomy to make donations, and avoiding any possibility that discrimination may happen because of the disclosure of donators’ or patients’ genes information.
1.HERBERT GOTTWEIS & ALAN PETERSEN, BIOBANKS – GOVERNANCE IN COMPARATIVE PERSPECTIVE 59 (2008).
2.Andres Rannamae, Populations and Genetics – Legal and Socio-Ethical Perspectives, in Estonian Genome Porject – Large Scale Health Status Description and DNA Collection 18, 21 (Bartha Maria Knoppers et al. eds., 2003.
3.REMIGIUS N. NWABUEZE, BIOTECHNOLOGY AND THE CHALLENGE OF PROPERTY – PROPERTY RIGHTS IN DEAD BODIES, BODY PARTS, AND GENETIC INFORMATION, 163 (2007).
Executive Yuan Yuan Promoted “Productivity 4.0” to Boost Global Competitiveness 1.Executive Yuan held the “Productivity 4.0: Strategy Review Board Meeting” to boost industrial transformation The Executive Yuan held the “Productivity 4.0: Strategy Review Board Meeting” on June 4-5th , 2015. The GDP per capita of manufacturing and service industries, including machinery, metal processing, transportation vehicles, 3C, food, textile, logistics, health care, and agriculture, are expected to be over 10 million NT dollars by 2024. This meeting focuses on three topics: Productivity 4.0 industry and technology development strategy, advanced development strategy on advanced manufacturing and innovation application, and strategy on engineering smart tech talents cultivation and Industry-academic Cooperation. The three main themes to be used to put the advanced manufacturing into force are smart automation and robots, sensing and control technologies from Internet of Things (IoT), and technologies used in analyzing the big data. As a result, the digitalization of small- and medium-sized business and smart operation of big business are as the cornerstones to build service-oriented systems and develop advanced manufacturing in R.O.C.. Facing challenges of labor shortages and aging labor forces, the Executive Yuan is planning to implement “Productivity 4.0” to stimulate the process of industry transformation of value-added innovation and provide new products and services in global market. In implementing the above-mentioned policy goals, the Executive Yuan is planning three directions to be followed. First, global competitiveness is depended upon key technologies. As OEMs, manufacturing industry in R.O.C. is unable to provide products of self-owned brand and is vulnerable while facing challenges from other transnational companies. Second, the Premier, Dr. Mao Chi-kuo, made reference of the bicycle industry’s successful development model as an example for the Productivity 4.0 “A-Team” model. Through combining technologies and organizations, the aim is to build competitive supply chains across all the small- and medium-sized business. Finally, the new skills training and the cultivation of talents are more urgent than ever before. While technical and vocational schools, universities and postgraduate studies are needed to be equipped with sufficient fundamental knowledge, those already in the job market have to learn the skills and knowledge necessary for industrial transformation so that they could contribute their capabilities and wisdom for Ourfuture. 2.Executive Yuan Approved “Productivity 4.0 Initiative” to Promote Industry Innovation and Transformation The Executive Yuan has approved the Productivity 4.0 Initiative on September 17, 2015. Before its approval, the Office of Science and Technology (OST) gave a presentation on the Draft of the Productivity 4.0 Initiative on July 23, 2015 detailing the underlying motives behind the program. Confronted with the challenges our traditional industries and OEMs meet, including labor shortages (the national laboring population ranging from age 15 to 65 has seen a substantial decrease of 0.18 to 0.2 million annually) and a aging labor force, the the Productivity 4.0 Initiative sets the directions for industrial development tackling these issues through six main strategies: enhancing and fine-tuning flagship industries’ smart-supply-chain ecosystems, encouraging the establishing of startups, localizing production and services, securing autonomy in key technologies, cultivating practical and technical talents and injection of industrial policy tools. After hearing the presentation on the Initiative, the Premier, Mao Chi-kuo, made reference to the core ideas of the Productivity 4.0 Initiative in his concluding remarks. “The core concept of the Productivity 4.0 Initiative is to propel R.O.C. to a pivotal position in the global manufacturing supply chain by capitalizing on the nation’s core strength in industrial technology, while fostering an outstanding work environment stimulating synergy between employees and automotive systems in order to cope with R.O.C.’s imminent labor shortage,” Mao said Also focusing on the Productivity 4.0 Initiative, the Premier gave a keynote speech titled ‘Views on the current economic and social issues’ at the Third Wednesday Club. He takes the view that the GDP downslide is of a structural nature and the government is going to guide the economy towards an upward path by assisting industries to innovate and transform. In an effort to remove the three major obstacles to innovation and entrepreneurship— discouraging laws and regulations, difficulty in raising capital and gathering financing as well as lack of international partnerships, the government has been diligently promoting the Third Party Payment Act as well as setting-up R.O.C. Rapid Innovation Prototyping League for Enterprises. Among these measures, Industry 4.0 has been at the core of the Initiative, in which cyber-physical production system (CPS) would be introduced by integrating Cloud-computing and Internet of Things technology to spur industrial transformations, specifically industrial manufacturing, added-value services and agricultural production. The Productivity 4.0 Initiative is an imperative measure in dealing with R.O.C.’s imminent issues of labor shortage, and the aging society, its promising effects are waiting to unfold. 3.Executive Yuan’s Further Addendum to “Productivity 4.0 Plan”: Attainment of Core Technologies and the Cultivation of Domestic Technical Talents In an continual effort to put in place the most integrated infrastructural setting for the flourishing of its “Productivity 4.0 Plan”, Executive Yuan Premier Mao Chi-Kuo announced on the 22nd October that the overhaul infrastructural set-up will be focused on the development of core technologies and the cultivation of skilled technical labor. To this end, the Executive Yuan is gathering participation and resources from the Ministry of Economic Affairs (hereafter MOEA), Ministry of Education, Ministry of Science and Technology, Ministry of Labor, the Council of Agriculture, among other governmental bodies, collecting experiences and knowledge from academia and researchers, in order to improve the development of pivotal technologies, the training of skilled technical labor and consequently to improve and reform the present education system so as to meet the aforementioned goals. Premier Mao Chi-Kuo pointed out that Productivity 4.0 is a production concept in which the industry is evolved from mere automation- to intelligent-based manufacturing, shifting towards a “small-volume, large-variety” production paradigm, closing the gaps between production and consumption sides through direct communication, hence allowing industry to push itself further on changing its old efficiency-based production model to an innovation-driven one. Apart from the Research and Development efforts geared towards key technologies, Premier Mao stressed that the people element, involved in this transformative process, is what dictates Productivity 4.0 Plan’s success. The cross-over or multi-disciplinary capability of the labor force is especially significant. In order to bring up the necessary work force needed for Productivity 4.0, besides raising support for the needed Research and Development, an extensive effort should be placed in reforming and upgrading the current educational system, as well as the technical labor and internal corporate educational structure. Moreover, an efficient platform should be implemented so that opinions and experiences could be pooled out, thus fostering closer ties between industry, academia and research. The MOEA stated that the fundamental premise behind the Productivity 4.0 strategy is that by way of systematic, brand-orientated formation of technical support groups, constituted by members of industry, academia and research, will we able to develop key sensor, internet and core technologies for our manufacturing, business and agriculture sector. It is estimated that by the end of year 2016, the Executive Yuan will have completed 6 major Productivity 4.0 production lines; supported the development of technical personnel in smart manufacturing, smart business and smart agriculture, amounting to 2,500 persons; established 4 inter-university, inter-disciplinary strategic partnerships in order to prepare much needed labor force for the realization of the Productivity 4.0 Plan. It is estimated that by the year 2020, industry has already developed the key technologies through the Productivity 4.0 platform, aiding to decrease by 50% the time currently needed to for Research and Development, increasing the technological sovereignty by 50% and accrue production efficiency by 15% and above. Furthermore, through the educational reforms, the nation will be able to lay solid foundations for its future labor talents, as well as connecting them to the world at large, effectively making them fit to face the global markets and to upgrade their production model.
Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022 2022/11/24 I.Introduction In 2012, the Taiwan Human Rights Promotion Association and other civil groups believe that the National Health Insurance Administration released the national health insurance database and other health insurance data for scholars to do research without consent, which may be unconstitutional and petitioned for constitutional interpretation. Taiwan Human Rights Promotion Association believes that the state collects, processes, and utilizes personal data on a large scale with the "Personal Data Protection Law", but does not set up another law of conduct to control the exercise of state power, which has violated the principle of legal retention; the data is provided to third-party academic research for use, and the parties involved later Excessive restrictions on the right to withdraw go against the principle of proportionality. The claimant criticized that depriving citizens of their prior consent and post-control rights to medical data is like forcing all citizens to unconditionally contribute data for use outside the purpose before they can use health insurance. The personal data law was originally established to "avoid the infringement of personality rights and promote the rational use of data", but in the insufficient and outdated design of the regulations, it cannot protect the privacy of citizens' information from infringement, and it is easy to open the door to the use of data for other purposes. In addition, even if the health insurance data is de-identified, it is still "individual data" that can distinguish individuals, not "overall data." Health insurance data can be connected with other data of the Ministry of Health and Welfare, such as: physical and mental disability files, sexual assault notification files, etc., and you can also apply for bringing in external data or connecting with other agency data. Although Taiwan prohibits the export of original data, the risk of re-identification may also increase as the number of sources and types of data concatenated increases, as well as unspecified research purposes. The constitutional court of Taiwan has made its judgment on the constitutionality of the personal data usage of National Health Insurance research database. The judgment, released on August 12, 2022, states that Article 6 of Personal Data Protection Act(PDPA), which asks“data pertaining to a natural person's medical records, healthcare, genetics, sex life, physical examination and criminal records shall not be collected, processed or used unless where it is necessary for statistics gathering or academic research by a government agency or an academic institution for the purpose of healthcare, public health, or crime prevention, provided that such data, as processed by the data provider or as disclosed by the data collector, may not lead to the identification of a specific data subject”does not violate Intelligible principle and Principle of proportionality. Therefore, PDPA does not invade people’s right to privacy and remains constitutional. However, the judgment finds the absence of independent supervisory authority responsible for ensuring Taiwan institutions and bodies comply with data protection law, can be unconstitutional, putting personal data protection system on the borderline to failure. Accordingly, laws and regulations must be amended to protect people’s information privacy guaranteed by Article 22 of Constitution of the Republic of China (Taiwan). In addition, the judgment also states it is unconstitutional that Articles 79 and 80 of National Health Insurance Law and other relevant laws lack clear provisions in terms of store, process, external transmission of Personal health insurance data held by Central Health Insurance Administration of the Ministry of Health and Welfare. Finally, the Central Health Insurance Administration of the Ministry of Health and Welfare provides public agencies or academic research institutions with personal health insurance data for use outside the original purpose of collection. According to the overall observation of the relevant regulations, there is no relevant provision that the parties can request to “opt-out”; within this scope, it violates the intention of Article 22 of the Constitution to protect people's right to information privacy. II.Independent supervisory authority According to Article 3 of Central Regulations and Standards Act, government agencies can be divided into independent agencies that can independently exercise their powers and operate autonomously, and non- independent agencies that must obey orders from their superiors. In Taiwan, the so-called "dedicated agency"(專責機關) does not fall into any type of agency defined by the Central Regulations and Standards Act. Dedicated agency should be interpreted as an agency that is responsible for a specific business and here is no other agency to share the business. The European Union requires member states to set up independent regulatory agencies (refer to Articles 51 and 52 of General Data Protection Regulation (GDPR)). In General Data Protection Regulation and the adequacy reference guidelines, the specific requirements for personal data supervisory agencies are as follows: the country concerned should have one or more independent supervisory agencies; they should perform their duties completely independently and cannot seek or accept instructions; the supervisory agencies should have necessary and practicable powers, including the power of investigation; it should be considered whether its staff and budget can effectively assist its implementation. Therefore, in order to pass the EU's adequacy certification and implement the protection of people's privacy and information autonomy, major countries have set up independent supervisory agencies for personal data protection based on the GDPR standards. According to this research, most countries have 5 to 10 commissioners that independently exercise their powers to supervise data exchange and personal data protection. In order to implement the powers and avoid unnecessary conflicts of interests among personnel, most of the commissioners are full-time professionals. Article 3 of Basic Code Governing Central Administrative Agencies Organizations defines independent agency as "A commission-type collegial organization that exercises its powers and functions independently without the supervision of other agencies, and operates autonomously unless otherwise stipulated." It is similar to Japan, South Korea, and the United States. III.Right to Opt-out The judgment pointed out that the parties still have the right to control afterwards the personal information that is allowed to be collected, processed and used without the consent of the parties or that meets certain requirements. Although Article 11 of PDPA provides for certain parties to exercise the right to control afterwards, it does not cover all situations in which personal data is used, such as: legally collecting, processing or using correct personal data, and its specific purpose has not disappeared, In the event that the time limit has not yet expired, so the information autonomy of the party cannot be fully protected, the subject, cause, procedure, effect, etc. of the request for suspension of use should be clearly stipulated in the revised law, and exceptions are not allowed. The United Kingdom is of great reference. In 2017, after the British Information Commissioner's Office (ICO) determined that the data sharing agreement between Google's artificial intelligence DeepMind and the British National Health Service (NHS) violated the British data protection law, the British Department of Health and Social Care proposed National data opt-out Directive in May, 2018. British health and social care-related institutions may refer to the National Data Opt-out Operational Policy Guidance Document published by the National Health Service in October to plan the mechanism for exercising patient's opt-out right. The guidance document mainly explains the overall policy on the exercise of the right to opt-out, as well as the specific implementation of suggested practices, such as opt-out response measures, methods of exercising the opt-out right, etc. National Data Opt-out Operational Policy Guidance Document also includes exceptions and restrictions on the right to opt-out. The Document stipulates that exceptions may limit the right to Opt-out, including: the sharing of patient data, if it is based on the consent of the parties (consent), the prevention and control of infectious diseases (communicable disease and risks to public health), major public interests (overriding) Public interest), statutory obligations, or cooperation with judicial investigations (information required by law or court order), health and social care-related institutions may exceptionally restrict the exercise of the patient's right to withdraw. What needs to be distinguished from the situation in Taiwan is that when the UK first collected public information and entered it into the NHS database, there was already a law authorizing the NHS to search and use personal information of the public. The right to choose to enter or not for the first time; and after their personal data has entered the NHS database, the law gives the public the right to opt-out. Therefore, the UK has given the public two opportunities to choose through the enactment of special laws to protect public's right to information autonomy. At present, the secondary use of data in the health insurance database does not have a complete legal basis in Taiwan. At the beginning, the data was automatically sent in without asking for everyone’s consent, and there was no way to withdraw when it was used for other purposes, therefore it was s unconstitutional. Hence, in addition to thinking about what kind of provisions to add to the PDPA as a condition for "exception and non-request for cessation of use", whether to formulate a special law on secondary use is also worthy of consideration by the Taiwan government. IV.De-identification According to the relevant regulations of PDPA, there is no definition of "de-identification", resulting in a conceptual gap in the connotation. In other words, what angle or standard should be used to judge that the processed data has reached the point where it is impossible to identify a specific person. In judicial practice, it has been pointed out that for "data recipients", if the data has been de-identified, the data will no longer be regulated by PDPA due to the loss of personal attributes, and it is even further believed that de-identification is not necessary. However, the Judgment No. 13 of Constitutional Court, pointed out that through de-identification measures, ordinary people cannot identify a specific party without using additional information, which can be regarded as personal data of de-identification data. Therefore, the judge did not give an objective standard for de-identification, but believed that the purpose of data utilization and the risk of re-identification should be measured on a case-by-case basis, and a strict review of the constitutional principle of proportionality should be carried out. So far, it should be considered that the interpretation of the de-identification standard has been roughly finalized. V.Conclusions The judge first explained that if personal information is processed, the type and nature of the data can still be objectively restored to indirectly identify the parties, no matter how simple or difficult the restoration process is, if the data is restored in a specific way, the parties can still be identified. personal information. Therefore, the independent control rights of the parties to such data are still protected by Article 22 of the Constitution. Conversely, when the processed data objectively has no possibility to restore the identification of individuals, it loses the essence of personal data, and the parties concerned are no longer protected by Article 22 of the Constitution. Based on this, the judge declared that according to Article 6, Item 1, Proviso, Clause 4 of the PDPA, the health insurance database has been processed so that the specific party cannot be identified, and it is used by public agencies or academic research institutions for medical and health purposes. Doing necessary statistical or academic research complies with the principles of legal clarity and proportionality, and does not violate the Constitution. However, the judge believes that the current personal data law or other relevant regulations still lack an independent supervision mechanism for personal data protection, and the protection of personal information privacy is insufficient. In addition, important matters such as personal health insurance data can be stored, processed, and transmitted externally by the National Health Insurance Administration in a database; the subject, purpose, requirements, scope, and method of providing external use; and organizational and procedural supervision and protection mechanisms, etc. Articles 79 and 80 of the Health Insurance Law and other relevant laws lack clear provisions, so they are determined to be unconstitutional. In the end, the judge found that the relevant laws and regulations lacked the provisions that the parties can request to stop using the data, whether it is the right of the parties to request to stop, or the procedures to be followed to stop the use, there is no relevant clear text, obviously the protection of information privacy is insufficient. Therefore, regarding unconstitutional issues, the Constitutional Court ordered the relevant agencies to amend the Health Insurance Law and related laws within 3 years, or formulate specific laws.
Draft of AI Product and System Evaluation Guidelines Released by the Administration for Digital Industries to Enhance AI GovernanceDraft of AI Product and System Evaluation Guidelines Released by the Administration for Digital Industries to Enhance AI Governance 2024/08/15 I. AI Taiwan Action Plan 2.0 In 2018, the Executive Yuan launched the “AI Taiwan Action Plan” to ensure that the country keeps pace with AI developments. This strategic initiative focuses on attracting top talent, advancing research and development, and integrating AI into critical sectors such as smart manufacturing and healthcare. The action plan has sparked growing discussion on AI regulation. Through these efforts, Taiwan aims to position itself as a frontrunner in the global smart technology landscape. Later in 2023, the Executive Yuan updated the action plan, releasing “AI Taiwan Action Plan 2.0” to further strengthen AI development. “AI Taiwan Action Plan 2.0” outlines five main pillars: 1. Talent Development: Enhancing the quality and quantity of AI expertise, while improving public AI literacy through targeted education and training initiatives. 2. Technological and Industrial Advancement: Focusing on critical AI technologies and applications to foster industrial growth; and creating the Trustworthy AI Dialogue Engine (TAIDE) that communicates in Traditional Chinese. 3. Enhancing work environments: Establishing robust AI governance infrastructure to facilitate industry and governmental regulation, and to foster compliance with international standards. 4. International Collaboration: Expanding Taiwan's role in international AI forums, such as the Global Partnership on AI, to collaborate on developing trustworthy AI practices. 5. Societal and Humanitarian Engagement: Utilizing AI to tackle pressing societal challenges such as labor shortages, an aging population, and environmental sustainability. II. AI Product and System Evaluation Guidelines: A Risk-based Approach to AI Governance To support infrastructure, in March 2024, the Administration for Digital Industries issued the draft AI Product and System Evaluation Guidelines. The Guidelines are intended to serve as a reference for industry when developing and using AI products and systems, thus laying a crucial foundation for advancing AI-related policies in Taiwan. The Guidelines outline several potential risks associated with AI: 1. Third-Party Software and Hardware: While third-party software, hardware, and datasets can accelerate development, they may also introduce risks into AI products and systems. Therefore, effective risk management policies are crucial. 2. System Transparency: The lack of transparency in AI products and systems makes risk assessment relatively challenging. Inadequate transparency in AI models and datasets also pose risks for development and deployment. 3. Differences in Risk Perception: Developers of AI products and systems may overlook risks specific to different application scenarios. Moreover, risks may gradually emerge as the product or system is used and trained over time. 4. Application Domain Risks: Variations between testing results and actual operational performance can lead to differing risk assessments for evaluated products and systems. 5. Deviation from Human Behavioral Norms: If AI products and systems behave unexpectedly compared to human operations, this can indicate a drift in the product, system, or model, thereby introducing risks. The Guidelines also specify that businesses have to categorize risks when developing or using AI products and systems, and manage them in accordance with these classifications. In alignment with the EU AI Act, risks are classified into four levels: unacceptable, high, limited, and minimal. 1. Unacceptable Risk: If AI systems used by public or private entities provide social scoring of individuals, this could lead to discriminatory outcomes and the exclusion of certain groups. Furthermore, if AI systems are employed to manipulate the cognitive behavior of individuals or vulnerable populations, causing physical or psychological harm, such systems are deemed unacceptable and prohibited. 2. High risk: AI systems are classified as high-risk in several situations. These include applications used in critical infrastructure, such as transportation, where there is potential risk to citizens' safety and health. These situations also encompass AI systems involved in educational or vocational training (such as exam scoring), which can determine access to education or professional paths. AI used as safety-critical product components, such as robot-assisted surgery, also falls into this category. In the employment sector, AI systems used for managing recruitment processes, including CV-sorting software, are considered high-risk. Essential private and public services, such as credit scoring systems that impact loan eligibility, also fall under high-risk. AI used in law enforcement in ways that it may affect fundamental rights, such as evaluating the reliability of evidence, is also included. AI systems involved in migration, asylum, and border control, such as automated visa application examinations, are categorized as high-risk. Finally, AI solutions used in the administration of justice and democratic processes, such as court ruling searches, are also classified as high-risk. If an AI system is classified as high risk, it must be evaluated across ten criteria—Safety, Explainability, Resilience, Fairness, Accuracy, Transparency, Accountability, Reliability, Privacy, and Security—to ensure the AI system’s quality. 3. Limited risk: When an AI product or system is classified as having limited risk, it is up to the enterprise to determine whether an evaluation is required. The Guidelines also introduce specific transparency obligations to ensure that humans are informed when necessary, thus fostering trust. For instance, when using AI systems such as chatbots or systems for generating deepfake content, humans must be made aware that they are interacting with a machine so they can take an informed decision to continue or step back. 4. Minimal or no risk: The Guidelines allow the free use of minimal-risk AI. This includes applications such as AI-enabled video games and spam filters. Ⅲ. Conclusion The AI Product and System Evaluation Guidelines represent a significant step forward in establishing a robust, risk-based framework for AI governance in Taiwan. By aligning with international standards like the EU AI Act, these Guidelines ensure that AI products and systems are rigorously assessed and categorized into four distinct risk levels: unacceptable, high, limited, and minimal. This structured approach allows businesses to manage AI-related risks more effectively, ensuring that systems are safe, transparent, and accountable. The emphasis on evaluating AI systems across ten critical criteria—including safety, explainability, and fairness—reflects a comprehensive strategy to mitigate potential risks. This proactive approach not only safeguards the public but also fosters trust in AI technologies. By setting clear expectations and responsibilities for businesses, the Guidelines promote responsible development and deployment of AI, ultimately contributing to Taiwan's goal of becoming a leader in the global AI landscape.
Taiwan Announced the Biobanks Regulations and Management PracticesTaiwan Has Passed “Statute of Human Biobank Management” to Maintain Privacy and Improve Medicine Industries Due to lack of regulations, divergent opinions abounded about the establishment of Biobanks and collection of human biological specimen. For example, a researcher in an academic research organization and a hospital-based physician collected biospecimens from native Taiwanese. Although they insisted that the collections were for research only, human rights groups, ethics researchers, and groups for natives´ benefits condemned the collections as an invasion of human rights. Consequently, the Taiwanese government recognized the need for Biobanks regulation. To investigate the relationship between disease and multiple factors and to proceed with possible prevention, The Legislative Yuan Social Welfare and Healthy Environment Committee has passed "the draft statute of human biobank management" through primary reviewing process on December 30, 2009 and subsequently passed through entire three-reading procedure on January 7, 2010. Therefore, the medical and research institute not only can set up optimal gene database for particular disease curing, but also can collect blood sample for database establishment, legally. However, the use of sample collections will be excluded from the use of judiciary purpose. In the light of to establish large scale biobank is going to face the fundamental human right issue, from the viewpoint of biobank management, it is essential not only to set up the strict ethics regulation for operational standard, but also to make the legal environment more complete. For instance, the Department of Health, Executive Yuan had committed the earlier planning of Taiwan biobank establishment to the Academic Sinica in 2006, and planned to collect bio-specimen by recruiting volunteers. However, it has been criticized by all circles that it might be considered violating the Constitution article 8 provision 1 front paragraph, and article 22 rules; moreover, it might also infringe the personal liberty or body information privacy. Therefore, the Executive Yuan has passed the draft statute of human biobank management which was drafted and reviewed by Department of Health during the 3152nd meeting, on July 16, 2009, to achieve the goal of protecting our nation’s privacy and promoting the development of medical science by management biomedical research affairs in more effective ways. Currently, the draft statute has been passed through the primary review procedure by the Legislative Yuan. About the draft statute, there are several important points as following: (1) Sample Definition: Types of collected sample include human somatic cell, tissues, body fluids, or other derivatives; (2) Biobank Establishment: It requires not only to be qualified and permitted, but also to set up the ethical reviewing mechanism to strengthen its management and application; (3)Sample Collection and Participant Protection: In accordance with the draft statute, bio-specimen collecting should respect the living ethics during the time and refer to the "Medical Law" article 64 provision 1; before sample collection, all related points of attention should be kept in written form , the participant should be notified accordingly, and samples can only be collected with the participant’s consent. Furthermore, regarding the restrained read right and setting up participants’ sample process way if there were death or lost of their capacity; (4) Biobank Management: The safety regulation, obligation of active notification, free to retreat, data destruction, confidentiality and obligation, and termination of operation handling are stipulated; and (5) Biobank Application: According to the new draft statute, that the biological data can’t be used for other purposes, for example, the use of inquisition result for the "Civil law", article 1063, provision 2, prosecution for denying the parent-child relationship law suit", or according to the "Criminal law", article 213, provision 6. This rule not only protects the participants’ body information and their privacy right, but also clearly defines application limits, as well as to set up the mechanism for inner control and avoid conflict of interests to prevent unnecessary disputes. Finally, the Department of Health noted that, as many medical researches has shown that the occurrence of diseases are mostly co-effected by various factors such as multiple genes and their living environment, rather than one single gene, developed countries have actively devoted to human biological sample collection for their national biobank establishment. The construction and usage of a large-scale human bank may bring up the critical issue such as privacy protection and ethical problems; however, to meet the equilibrium biomedical research promotion and citizen privacy issue will highly depend on the cooperation and trust between the public and private sectors. Taiwan Department of Health Announced the Human Biobanks Information Security Regulation The field of human biobanks will be governed by the Act of Human Biobanks (“Biobanks Act”) after its promulgation on February 3, 2010 in Taiwan. According to Article 13 of the Biobanks Act, a biobank owner should establish its directive rules based on the regulation of information security of biobanks announced by the competent authority. Thus the Department of Health announced the draft of the Human Biobanks Information Security Regulation (“Regulation”) for the due process requirement. According to the Biobanks Act, only the government institutes, medical institutes, academic institutes, and research institutes are competent to establish biobanks (Article 4). In terms of the collecting of organisms, the participants should be informed of the relevant matters by reasonable patterns, and the collecting of organisms may be conducted after obtaining the written consent of the participants (Article 6). The relative information including the organisms and its derivatives are not allowed to be used except for biological and medical research. After all the protection of biobanks relative information above, the most important thing is the safety regulations and directive rules of the database administration lest all the restrictions of biobanks owners and the use be in vain. The draft Regulation aims to strengthen the safety of biobanks database and assure the data, the systems, the equipments, and the web circumstances are safe for the sake of the participants’ rights. The significant aspects of the draft are described as below. At first, the regulation should refer to the ISO27001, ISO27002 and other official rules. Concerning the personnel management, the security assessment is required and the database management personnel and researchers may not serve concurrently. In case some tasks are outsourced, the contractor should be responsible for the information security; the nondisclosure agreement and auditing mechanism are required. The application system should update periodically including the anti-virus and firewall programs. The biobanks database should be separated physically form internet connection, including the prohibition of information transforming by email or any other patterns through internet. The authorizing protocol of access to the biobanks should be established and all log files should be preserved in a period. The system establishment and maintenance should avoid remote control. In case the database system is physically out of the owner’s control, the authorization of the officer in charge is required. If an information security accident occurred, the bionbanks owner should contact the competent authority immediately and inform the participants by adequate tunnel. The biobanks owner should establish annual security auditing program and the project auditing will be conducted subject to the necessity. To sum up, while the biobanks database security regulation is fully established, the biobanks owners will have the sufficient guidance in connection with the biobank information security to comply with in the future.