We hereby aim to analyze and research the role played by The Finnish Innovation Fund (“Sitra”) in boosting the national innovation ability and propose the characteristics of its organization and operation which may afford to facilitate the deliberation on Taiwan’s legal system. Sitra is an independent organization which is used to reporting to the Finnish Parliament directly, dedicated to funding activities to boost sustainable development as its ultimate goal and oriented toward the needs for social change. As of 2004, it promoted the fixed-term program. Until 2012, it, in turn, primarily engaged in 3-year program for ecological sustainable development and enhancement of society in 2012. The former aimed at the sustainable use of natural resources to develop new structures and business models and to boost the development of a bioeconomy and low-carbon society, while the latter aimed to create a more well-being-oriented public administrative environment to upgrade various public sectors’ leadership and decision-making ability to introduce nationals’ opinion to policies and the potential of building new business models and venture capital businesses.
1. Sitra Standing in Boosting of Finnish Innovation Policies
(1) Positive Impact from Support of Innovation R&D Activities by Public Sector
Utilization of public sector’s resources to facilitate and boost industrial innovation R&D ability is commonly applied in various countries in the world. Notwithstanding, the impact of the public sector’s investment of resources produced to the technical R&D and the entire society remains explorable. Most studies still indicate positive impact, primarily as a result of the market failure. Some studies indicate that the impact of the public sector’s investment of resources may be observable at least from several points of view, including: 1. The direct output of the investment per se and the corresponding R&D investment potentially derived from investees; 2. R&D of outputs derived from the R&D investment, e.g., products, services and production methods, etc.; 3. direct impact derived from the R&D scope, e.g., development of a new business, or new business and service models, etc.; 4. impact to national and social economies, e.g., change of industrial structures and improvement of employment environment, etc. Most studies indicate that from the various points of view, the investment by public sector all produced positive impacts and, therefore, such investment is needed definitely. The public sector may invest in R&D in diversified manners. Sitra invests in the “market” as an investor of corporate venture investment market, which plays a role different from the Finnish Funding Agency for Technology and Innovation (“Tekes”), which is more like a governmental subsidizer. Nevertheless, Finland’s characteristics reside in the combination of multiple funding and promotion models. Above all, due to the different behavior model, the role played by the former is also held different from those played by the general public sectors. This is why we choose the former as the subject to be studied herein.
Data source: Jari Hyvärinen & Anna-Maija Rautiainen, Measuring additionality and systemic impacts of public research and development funding – the case of TEKES, FINLAND, RESEARCH EVALUATION, 16(3), 205, 206 (2007).
Fig. 1 Phased Efforts of Resources Invested in R&D by Public Sector
(2) Two Sided f Role Played by Sitra in Boosting of Finnish Innovation Policies
Sitra has a very special position in Finland’s national innovation policies, as it not only helps successful implementation of the innovation policies but also acts an intermediary among the relevant entities. Sitra was founded in 1967 under supervision of the Bank of Finland before 1991, but was transformed into an independent foundation under the direction of the Finnish Parliament.
Though Sitra is a public foundation, its operation will not be intervened or restricted by the government. Sitra may initiate any innovation activities for its new organization or system, playing a role dedicated to funding technical R&D or promoting venture capital business. Meanwhile, Sitra also assumes some special function dedicated to decision-makers’ training and organizing decision-maker network to boost structural change. Therefore, Sitra may be identified as a special organization which may act flexibly and possess resources at the same time and, therefore, may initiate various innovation activities rapidly.
Sitra is authorized to boost the development of innovation activities in said flexible and characteristic manner in accordance with the Finland Innovation Fund Act (Laki Suomen itsenäisyyden juhlarahastosta). According to the Act, Finland established Sitra in 1967 and Sitra was under supervision of Bank of Finland (Article 1). Sitra was established in order to boost the stable growth of Finland’s economy via the national instrument’s support of R&D and education or other development instruments (Article 2). The policies which Sitra may adopt include loaning or funding, guarantee, marketable securities, participation in cooperative programs, partnership or equity investment (Article 3). If necessary, Sitra may collect the title of real estate or corporate shares (Article 7).
Data source: Finnish innovation system, Research.fi, http://www.research.fi/en/innovationsystem.html (last visited Mar. 15, 2013).
Fig. 2 Finnish Scientific Research Organization Chart
Sitra's innovation role has been evolved through two changes. Specifically, Sitra was primarily dedicated to funding technical R&D among the public sectors in Finland, and the funding model applied by Sitra prior to the changes initiated the technical R&D promotion by Tekes, which was established in 1983. The first change of Sitra took place in 1987. After that, Sitra turned to focus on the business development and venture capital invested in technology business and led the venture capital investment. Meanwhile, it became a partner of private investment funds and thereby boosted the growth of venture capital investments in Finland in 1990. In 2000, the second change of Sitra took place and Sitra’s organization orientation was changed again. It achieved the new goal for structural change step by step by boosting the experimental social innovation activities. Sitra believed that it should play the role contributing to procedural change and reducing systematic obstacles, e.g., various organizational or institutional deadlocks.
Among the innovation policies boosted by the Finnish Government, the support of Start-Ups via governmental power has always been the most important one. Therefore, the Finnish Government is used to playing a positive role in the process of developing the venture capital investment market. In 1967, the Government established a venture capital company named Sponsor Oy with the support from Bank of Finland, and Sponsor Oy was privatized after 1983. Finland Government also established Kera Innovation Fund (now known as Finnvera) in 1971, which was dedicated to boosting the booming of Start-Ups in Finland jointly with Finnish Industry Investment Ltd. (“FII”) established by the Government in 1994, and Sitra, so as to make the “innovation” become the main development force of the country .
Sitra plays a very important role in the foundation and development of venture capital market in Finland and is critical to the Finnish Venture Capital Association established in 1990. After Bank of Finland was under supervision of Finnish Parliament in 1991, Sitra became on the most important venture capital investors. Now, a large portion of private venture capital funds are provided by Sitra. Since Sitra launched the new strategic program in 2004, it has turned to apply smaller sized strategic programs when investing young innovation companies, some of which involved venture capital investment. The mapping of young innovation entrepreneurs and angel investors started as of 1996.
In addition to being an important innovation R&D promoter in Finland, Sitra is also an excellent organization which is financially self-sufficient and tends to gain profit no less than that to be generated by a private enterprise. As an organization subordinated to the Finnish Parliament immediately, all of Sitra’s decisions are directly reported to the Parliament (public opinion). Chairman of Board, Board of Directors and supervisors of Sitra are all appointed by the Parliament directly. Its working funds are generated from interest accruing from the Fund and investment income from the Fund, not tax revenue or budget prepared by the Government any longer. The total fund initially founded by Bank of Finland amounted to DEM100,000,000 (approximately EUR17,000,000), and was accumulated to DEM500,000,000 (approximately EUR84,000,000) from 1972 to 1992. After that, following the increase in market value, its nominal capital amounted to DEM1,400,000,000 (approximately EUR235,000,000) from 1993 to 2001. Obviously, Sitra generated high investment income. Until 2010, it has generated the investment income amounting to EUR697,000,000 .
In fact, Sitra’s concern about venture capital investment is identified as one of the important changes in Finland's national technical R&D polices after 1990. Sitra is used to funding businesses in three manners, i.e., direct investment in domestic stock, investment in Finnish venture capital funds, and investment in international venture capital funds, primarily in four industries, technology, life science, regional cooperation and small-sized & medium-sized starts-up. Meanwhile, it also invests in venture capital funds for high-tech industries actively. In addition to innovation technology companies, technical service providers are also its invested subjects.
2. “Investment” Instrument Applied by Sitra to Boost Innovation Business
The Starts-Up funding activity conducted by Sitra is named PreSeed Program, including INTRO investors’ mapping platform dedicated to mapping 450 angel investment funds and entrepreneurs, LIKSA engaged in working with Tekes to funding new companies no more than EUR40,000 for purchase of consultation services (a half thereof funded by Tekes, and the other half funded by Sitra in the form of loan convertible to shares), DIILI service dedicated to providing entrepreneurs with professional sale consultation resources to integrate the innovation activity (product thereof) and the market to remedy the deficit in the new company’s ability to sell.
The investment subjects are stated as following. Sitra has three investment subjects, namely, corporate investments, fund investments and project funding.
(1) Corporate investment
Sitra will not “fund” enterprises directly or provide the enterprises with services without consideration (small-sized and medium-sized enterprises are aided by other competent authorities), but invest in the businesses which are held able to develop positive effects to the society, e.g., health promotion, social problem solutions, utilization of energy and effective utilization of natural resources. Notwithstanding, in order to seek fair rate of return, Sitra is dedicated to making the investment (in various enterprises) by its professional management and technology, products or competitiveness of services, and ranging from EUR300,000 to EUR1,000,000 to acquire 10-30% of the ownership of the enterprises, namely equity investment or convertible funding. Sitra requires its investees to value corporate social responsibility and actively participate in social activities. It usually holds the shares from 4 years to 10 years, during which period it will participate the corporate operation actively (e.g., appointment of directors).
(2) Fund investments
For fund investments, Sitra invests in more than 50 venture capital funds. It invests in domestic venture capital fund market to promote the development of the market and help starts-up seek funding and create new business models, such as public-private partnerships. It invests in international venture capital funds to enhance the networking and solicit international funding, which may help Finnish enterprises access international trend information and adapt to the international market.
(3) Project funding
For project funding, Sitra provides the on-site information survey (supply of information and view critical to the program), analysis of business activities (analysis of future challenges and opportunities) and research & drafting of strategies (collection and integration of professional information and talents to help decision making), and commissioning of the program (to test new operating model by commissioning to deal with the challenge from social changes). Notwithstanding, please note that Sitra does not invest in academic study programs, research papers or business R&D programs.
(4) DIILI Investment Model Integrated With Investment Absorption
A Start-Up usually will not lack technologies (usually, it starts business by virtue of some advanced technology) or foresighted philosophy when it is founded initially, while it often lacks the key to success, the marketing ability. Sitra DIILI is dedicated to providing the professional international marketing service to help starts-up gain profit successfully. Owing to the fact that starts-up are usually founded by R&D personnel or research-oriented technicians, who are not specialized in marketing and usually retains no sufficient fund to employ marketing professionals, DILLI is engaged in providing dedicated marketing talents. Now, it employs about 85 marketing professionals and seeks to become a start-up partner by investing technical services.
Notwithstanding, in light of the characteristics of Sitra’s operation and profitability, some people indicate that it is more similar to a developer of an innovation system, rather than a neutral operator. Therefore, it is not unlikely to hinder some work development which might be less profitable (e.g., establishment of platform). Further, Sitra is used to developing some new investment projects or areas and then founding spin-off companies after developing the projects successfully. The way in which it operates seems to be non-compatible with the development of some industries which require permanent support from the public sector. The other issues, such as INTRO lacking transparency and Sitra's control over investment objectives likely to result in adverse choice, all arise from Sitra’s consideration to its own investment opportunities and profit at the same time of mapping. Therefore, some people consider that it should be necessary to move forward toward a more transparent structure or a non-income-oriented funding structure . Given this, the influence of Sitra’s own income over upgrading of the national innovation ability when Sitra boosts starts-up to engage in innovation activities is always a concern remaining disputable in the Finnish innovation system.
3. Boosting of Balance in Regional Development and R&D Activities
In order to fulfill the objectives under Lisbon Treaty and to enable EU to become the most competitive region in the world, European Commission claims technical R&D as one of its main policies. Among other things, under the circumstance that the entire R&D competitiveness upgrading policy is always progressing sluggishly, Finland, a country with a population of 5,300,000, accounting for 1.1% of the population of 27 EU member states, was identified as the country with the No. 1 innovation R&D ability in the world by World Economic Forum in 2005. Therefore, the way in which it promotes innovation R&D policies catches the public eyes. Some studies also found that the close relationship between R&D and regional development policies of Finland resulted in the integration of regional policies and innovation policies, which were separated from each other initially, after 1990. Finland has clearly defined the plan to exploit the domestic natural resources and human resources in a balanced and effective manner after World War II. At the very beginning, it expanded the balance of human resources to low-developed regions, in consideration of the geographical politics, but in turn, it achieved national balanced development by meeting the needs for a welfare society and mitigation of the rural-urban divide as time went by. The Finnish innovation policies which may resort to technical policies retroactively initially drove the R&D in the manners including upgrading of education degree, founding of Science and Technology Policy Council and Sitra, establishment of Academy of Finland (1970) and establishment of the technical policy scheme, et al.. Among other things, people saw the role played by Sitra in Finland’s knowledge-intensive society policy again. From 1991 to 1995, the Finnish Government officially included the regional competitiveness into the important policies. The National Industrial Policy for Finland in 1993 adopted the strategy focusing on the development based on competitive strength in the regional industrial communities.
Also, some studies indicated that in consideration of Finland’s poor financial and natural resources, its national innovation system should concentrate the resources on the R&D objectives which meet the requirements about scale and essence. Therefore, the “Social Innovation, Social and Economic Energy Re-building Learning Society” program boosted by Sitra as the primary promoter in 2002 defined the social innovation as “the reform and action plan to enhance the regulations of social functions (law and administration), politics and organizational structure”, namely reform of the mentality and cultural ability via social structural changes that results in social economic changes ultimately. Notwithstanding, the productivity innovation activity still relies on the interaction between the enterprises and society. Irrelevant with the Finnish Government’s powerful direction in technical R&D activities, in fact, more than two-thirds (69.1%) of the R&D investment was launched by private enterprises and even one-thirds launched by a single enterprise (i.e., Nokia) in Finland. At the very beginning of 2000, due to the impact of globalization to Finland’s innovation and regional policies, a lot of R&D activities were emigrated to the territories outside Finland. Multiple disadvantageous factors initiated the launch of national resources to R&D again. The most successful example about the integration of regional and innovation policies in Finland is the Centres of Expertise Programme (CEP) boosted by it as of 1990. Until 1994, there have been 22 centres of expertise distributed throughout Finland. The centres were dedicated to integrating local universities, research institutions and enterprise for co-growth. The program to be implemented from 2007 to 2013 planned 21 centres of expertise (13 groups), aiming to promote the corporate sectors’ cooperation and innovation activities. CEP integrated local, regional and national resources and then focused on the businesses designated to be developed.
 Jari Hyvärinen & Anna-Maija Rautiainen, Measuring additionality and systemic impacts of public research and development funding – the case of TEKES, FINLAND, RESEARCH EVALUATION, 16(3), 205, 208 (2007).
 id. at 206-214.
 Charles Edquist, Tterttu Luukkonen & Markku Sotarauta, Broad-Based Innovation Policy, in EVALUATION OF THE FINNISH NATIONAL INNOVATION SYSTEM – FULL REPORT 11, 25 (Reinhilde Veugelers st al. eds., 2009).
 Finnvera is a company specialized in funding Start-Ups, and its business lines include loaning, guarantee, venture capital investment and export credit guarantee, etc. It is a state-run enterprise and Export Credit Agency (ECA) in Finland. Finnvera, http://annualreport2012.finnvera.fi/en/about-finnvera/finnvera-in-brief/ (last visited Mar. 10, 2013).
 Markku Maula, Gordon Murray & Mikko Jääskeläinen, MINISTRY OF TRADE AND INDUSTRY, Public Financing of Young Innovation Companies in Finland 32 (2006).
 id. at 33.
 id. at 41.
 The other two were engaged in boosting the regional R&D center and industrial-academy cooperative center programs. Please see Gabriela von Blankenfeld-Enkvist, Malin Brännback, Riitta Söderlund & Marin Petrov, ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT [OECD],OECD Case Study on Innovation: The Finnish Biotechnology Innovation System 15 (2004).
 id. at20.
 DIILI service provides sales expertise for SMEs, Sitra, http://www.sitra.fi/en/articles/2005/diili-service-provides-sales-expertise-smes-0 (last visited Mar. 10, 2013).
 Maula, Murray & Jääskeläinen, supra note 8 at 41-42.
 The venture capital funds referred to herein mean the pooled investment made by the owners of venture capital, while whether it exists in the form of fund or others is not discussed herein.
 Maula, Murray & Jääskeläinen, supra note 8 at 42.
 Jussi S. Jauhiainen, Regional and Innovation Policies in Finland – Towards Convergence and/or Mismatch? REGIONAL STUDIES, 42(7), 1031, 1032-1033 (2008).
 id. at 1036.
 id. at 1038.
 id. at 1038-1039.
Recognized that Research infrastructures (RIs) are at the centre of the knowledge triangle of research, education and innovation and play an increasingly important role in the advancement of knowledge and technology, the EU began to finance for the establishments of RIs by its Framework Programmes (FPs) since the start of FP2 of 1987. On the other hand, the EU also assigned the European Strategy Forum on Research Infrastructures (ESFRI) to develop a coherent and strategy-led approach to policy-making on RIs between Member States and to facilitate the better use and development of RIs at EU and international level. Based on those efforts, the European Commission understood that a major difficulty in setting up RIs between EU countries is the lack of an adequate legal framework allowing the creation of appropriate partnerships and proposed a legal framework for a European research infrastructure adapted to the needs of such facilities. The new legal framework for a European Research Infrastructure Consortium (ERIC) entered into force on 28 August 2009. An successfully-set-up ERIC will have the legal personality based on EU law, and can benefit from exemptions from VAT and excise duty in all EU Member States and may adopt its own procurement procedures to get rid of the EU's public procurement procedures. It is predicted that the Biobanking and Biomolecular Resources Research Infrastructure (BBMRI) will apply to become a BBMRI-ERIC in the near future. The EU also seeks to lead in Energy, Food and Biology through the reforms of ERICs to assist the high quality of activities of European scientists and attract the best researchers from around the world. Besides, in order to connect the knowledge triangle effectively, the European Commission also established the European Institute of Innovation and Technology (EIT) on March 2008. It hopes through the research development partnership network to gather all the advantages from the science and technology chains of multiple areas, and make an effort for the strategy of EU innovation development jointly；Meanwhile, extends its roadmap to the objectives and practices of the Knowledge and Innovation Communities (KICs) of the EIT. Contrast with the EU's advance, it is necessary to our government to concentrate and contemplate whether it is the time to reconsider if our existing legal instruments available to domestic research facilities and infrastructures are sufficient enough to reach our science and technology development goals.The use of automated facial recognition technology and supervision mechanism in UK
The use of automated facial recognition technology and supervision mechanism in UK I. Introduction Automatic facial recognition (AFR) technology has developed rapidly in recent years, and it can identify target people in a short time. The UK Home Office announced the "Biometrics Strategy" on June 28, 2018, saying that AFR technology will be introduced in the law enforcement, and the Home Office will also actively cooperate with other agencies to establish a new oversight and advisory board in order to maintain public trust. AFR technology can improve law enforcement work, but its use will increase the risk of intruding into individual liberty and privacy. This article focuses on the application of AFR technology proposed by the UK Home Office. The first part of this article describes the use of AFR technology by the police. The second part focuses on the supervision mechanism proposed by the Home Office in the Biometrics Strategy. However, because the use of AFR technology is still controversial, this article will sort out the key issues of follow-up development through the opinions of the public and private sectors. The overview of the discussion of AFR technology used by police agencies would be helpful for further policy formulation. II. Overview of the strategy of AFR technology used by the UK police According to the Home Office’s Biometrics Strategy, the AFR technology will be used in law enforcement, passports and immigration and national security to protect the public and make these public services more efficient. Since 2017 the UK police have worked with tech companies in testing the AFR technology, at public events like Notting Hill Carnival or big football matches. In practice, AFR technology is deployed with mobile or fixed camera systems. When a face image is captured through the camera, it is passed to the recognition software for identification in real time. Then, the AFR system will process if there is a ‘match’ and the alarm would solicit an operator’s attention to verify the match and execute the appropriate action. For example, South Wales Police have used AFR system to compare images of people in crowds attending events with pre-determined watch lists of suspected mobile phone thieves. In the future, the police may also compare potential suspects against images from closed-circuit television cameras (CCTV) or mobile phone footage for evidential and investigatory purposes. The AFR system may use as tools of crime prevention, more than as a form of crime detection. However, the uses of AFR technology are seen as dangerous and intrusive by the UK public. For one thing, it could cause serious harm to democracy and human rights if the police agency misuses AFR technology. For another, it could have a chilling effect on civil society and people may keep self-censoring lawful behavior under constant surveillance. III. The supervision mechanism of AFR technology To maintaining public trust, there must be a supervision mechanism to oversight the use of AFR technology in law enforcement. The UK Home Office indicates that the use of AFR technology is governed by a number of codes of practice including Police and Criminal Evidence Act 1984, Surveillance Camera Code of Practice and the Information Commissioner’s Office (ICO)’s Code of Practice for surveillance cameras. (I) Police and Criminal Evidence Act 1984 The Police and Criminal Evidence Act (PACE) 1984 lays down police powers to obtain and use biometric data, such as collecting DNA and fingerprints from people arrested for a recordable offence. The PACE allows law enforcement agencies proceeding identification to find out people related to crime for criminal and national security purposes. Therefore, for the investigation, detection and prevention tasks related to crime and terrorist activities, the police can collect the facial image of the suspect, which can also be interpreted as the scope of authorization of the PACE. (II) Surveillance Camera Code of Practice The use of CCTV in public places has interfered with the rights of the people, so the Protection of Freedoms Act 2012 requires the establishment of an independent Surveillance Camera Commissioner (SCC) for supervision. The Surveillance Camera Code of Practice proposed by the SCC sets out 12 principles for guiding the operation and use of surveillance camera systems. The 12 guiding principles are as follows: A. Use of a surveillance camera system must always be for a specified purpose which is in pursuit of a legitimate aim and necessary to meet an identified pressing need. B. The use of a surveillance camera system must take into account its effect on individuals and their privacy, with regular reviews to ensure its use remains justified. C. There must be as much transparency in the use of a surveillance camera system as possible, including a published contact point for access to information and complaints. D. There must be clear responsibility and accountability for all surveillance camera system activities including images and information collected, held and used. E. Clear rules, policies and procedures must be in place before a surveillance camera system is used, and these must be communicated to all who need to comply with them. F. No more images and information should be stored than that which is strictly required for the stated purpose of a surveillance camera system, and such images and information should be deleted once their purposes have been discharged. G. Access to retained images and information should be restricted and there must be clearly defined rules on who can gain access and for what purpose such access is granted; the disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes. H. Surveillance camera system operators should consider any approved operational, technical and competency standards relevant to a system and its purpose and work to meet and maintain those standards. I. Surveillance camera system images and information should be subject to appropriate security measures to safeguard against unauthorised access and use. J. There should be effective review and audit mechanisms to ensure legal requirements, policies and standards are complied with in practice, and regular reports should be published. K. When the use of a surveillance camera system is in pursuit of a legitimate aim, and there is a pressing need for its use, it should then be used in the most effective way to support public safety and law enforcement with the aim of processing images and information of evidential value. L. Any information used to support a surveillance camera system which compares against a reference database for matching purposes should be accurate and kept up to date. (III) ICO’s Code of Practice for surveillance cameras It must need to pay attention to the personal data and privacy protection during the use of surveillance camera systems and AFR technology. The ICO issued its Code of Practice for surveillance cameras under the Data Protection Act 1998 to explain the legal requirements operators of surveillance cameras. The key points of ICO’s Code of Practice for surveillance cameras are summarized as follows: A. The use time of the surveillance camera systems should be carefully evaluated and adjusted. It is recommended to regularly evaluate whether it is necessary and proportionate to continue using it. B. A police force should ensure an effective administration of surveillance camera systems deciding who has responsibility for the control of personal information, what is to be recorded, how the information should be used and to whom it may be disclosed. C. Recorded material should be stored in a safe way to ensure that personal information can be used effectively for its intended purpose. In addition, the information may be considered to be encrypted if necessary. D. Disclosure of information from surveillance systems must be controlled and consistent with the purposes for which the system was established. E. Individuals whose information is recoded have a right to be provided with that information or view that information. The ICO recommends that information must be provided promptly and within no longer than 40 calendar days of receiving a request. F. The minimum and maximum retention periods of recoded material is not prescribed in the Data Protection Act 1998, but it should not be kept for longer than is necessary and should be the shortest period necessary to serve the purposes for which the system was established. (IV) A new oversight and advisory board In addition to the aforementioned regulations and guidance, the UK Home Office mentioned that it will work closely with related authorities, including ICO, SCC, Biometrics Commissioner (BC), and Forensic Science Regulator (FSR) to establish a new oversight and advisory board to coordinate consideration of law enforcement’s use of facial images and facial recognition systems. To sum up, it is estimated that the use of AFR technology by law enforcement has been abided by existing regulations and guidance. Firstly, surveillance camera systems must be used on the purposes for which the system was established. Secondly, clear responsibility and accountability mechanisms should be ensured. Thirdly, individuals whose information is recoded have the right to request access to relevant information. In the future, the new oversight and advisory board will be asked to consider issues relating to law enforcement’s use of AFR technology with greater transparency. IV. Follow-up key issues for the use of AFR technology Regarding to the UK Home Office’s Biometrics Strategy, members of independent agencies such as ICO, BC, SCC, as well as civil society, believe that there are still many deficiencies, the relevant discussions are summarized as follows: (I) The necessity of using AFR technology Elizabeth Denham, ICO Commissioner, called for looking at the use of AFR technology carefully, because AFR is an intrusive technology and can increase the risk of intruding into our privacy. Therefore, for the use of AFR technology to be legal, the UK police must have clear evidence to demonstrate that the use of AFR technology in public space is effective in resolving the problem that it aims to address. The Home Office has pledged to undertake Data Protection Impact Assessments (DPIAs) before introducing AFR technology, including the purpose and legal basis, the framework applies to the organization using the biometrics, the necessity and proportionality and so on. (II)The limitations of using facial image data The UK police can collect, process and use personal data based on the need for crime prevention, investigation and prosecution. In order to secure the use of biometric information, the BC was established under the Protection of Freedoms Act 2012. The mission of the BC is to regulate the use of biometric information, provide protection from disproportionate enforcement action, and limit the application of surveillance and counter-terrorism powers. However, the BC’s powers do not presently extend to other forms of biometric information other than DNA or fingerprints. The BC has expressed concern that while the use of biometric data may well be in the public interest for law enforcement purposes and to support other government functions, the public benefit must be balanced against loss of privacy. Hence, legislation should be carried to decide that crucial question, instead of depending on the BC’s case feedback. Because biometric data is especially sensitive and most intrusive of individual privacy, it seems that a governance framework should be required and will make decisions of the use of facial images by the police. (III) Database management and transparency For the application of AFR technology, the scope of biometric database is a dispute issue in the UK. It is worth mentioning that the British people feel distrust of the criminal database held by the police. When someone is arrested and detained by the police, the police will take photos of the suspect’s face. However, unlike fingerprints and DNA, even if the person is not sued, their facial images are not automatically deleted from the police biometric database. South Wales Police have used AFR technology to compare facial images of people in crowds attending major public events with pre-determined watch lists of suspected mobile phone thieves in the AFR field test. Although the watch lists are created for time-limited and specific purposes, the inclusion of suspects who could possibly be innocent people still causes public panic. Elizabeth Denham warned that there should be a transparency system about retaining facial images of those arrested but not charged for certain offences. Therefore, in the future the UK Home Office may need to establish a transparent system of AFR biometric database and related supervision mechanism. (IV) Accuracy and identification errors In addition to worrying about infringing personal privacy, the low accuracy of AFR technology is another reason many people oppose the use of AFR technology by police agencies. Silkie Carlo, director of Big Brother Watch, said the police must immediately stop using the AFR technology and avoid mistaking thousands of innocent citizens as criminals; Paul Wiles, Biometrics Commissioner, also called for legislation to manage AFR technology because of its accuracy is too low and the use of AFR technology should be tested and passed external peer review. In the Home Office’s Biometric Strategy, the scientific quality standards for AFR technology will be established jointly with the FSR, an independent agency under the Home Office. In other words, the Home Office plans to extend the existing forensics science regime to regulate AFR technology. Therefore, the FSR has worked with the SCC to develop standards relevant to digital forensics. The UK government has not yet seen specific standards for regulating the accuracy of AFR technology at the present stage. V. Conclusion From the discussion of the public and private sectors in the UK, we can summarize some rules for the use of AFR technology. Firstly, before the application of AFR technology, it is necessary to complete the pre-assessment to ensure the benefits to the whole society. Secondly, there is the possibility of identifying errors in AFR technology. Therefore, in order to maintain the confidence and trust of the people, the relevant scientific standards should be set up first to test the system accuracy. Thirdly, the AFR system should be regarded as an assisting tool for police enforcement in the initial stage. In other words, the information analyzed by the AFR system should still be judged by law enforcement officials, and the police officers should take the responsibilities. In order to balance the protection of public interest and basic human rights, the use of biometric data in the AFR technology should be regulated by a special law other than the regulations of surveillance camera and data protection. The scope of the identification database is also a key point, and it may need legislators’ approval to collect and store the facial image data of innocent people. Last but not least, the use of the AFR system should be transparent and the victims of human rights violations can seek appeal.  UK Home Office, Biometrics Strategy, Jun. 28, 2018, https://www.gov.uk/government/publications/home-office-biometrics-strategy (last visited Aug. 09, 2018), at 7.  Big Brother Watch, FACE OFF CAMPAIGN: STOP THE MET POLICE USING AUTHORITARIAN FACIAL RECOGNITION CAMERAS, https://bigbrotherwatch.org.uk/all-campaigns/face-off-campaign/ (last visited Aug. 16, 2018).  Lucas Introna & David Wood, Picturing algorithmic surveillance: the politics of facial recognition systems, Surveillance & Society, 2(2/3), 177-198 (2004).  Supra note 1, at 12.  Id, at 25.  Michael Bromby, Computerised Facial Recognition Systems: The Surrounding Legal Problems (Sep. 2006)(LL.M Dissertation Faculty of Law University of Edinburgh), http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.197.7339&rep=rep1&type=pdf , at 3.  Owen Bowcott, Police face legal action over use of facial recognition cameras, The Guardian, Jun. 14, 2018, https://www.theguardian.com/technology/2018/jun/14/police-face-legal-action-over-use-of-facial-recognition-cameras (last visited Aug. 09, 2018).  Martha Spurrier, Facial recognition is not just useless. In police hands, it is dangerous, The Guardian, May 16, 2018, https://www.theguardian.com/commentisfree/2018/may/16/facial-recognition-useless-police-dangerous-met-inaccurate (last visited Aug. 17, 2018).  Supra note 1, at 12.  Surveillance Camera Commissioner, Surveillance camera code of practice, Oct. 28, 2014, https://www.gov.uk/government/publications/surveillance-camera-code-of-practice (last visited Aug. 17, 2018).  UK Information Commissioner’s Office, In the picture: A data protection code of practice for surveillance cameras and personal information, Jun. 09, 2017, https://ico.org.uk/for-organisations/guide-to-data-protection/encryption/scenarios/cctv/ (last visited Aug. 10, 2018).  Supra note 1, at 13.  Elizabeth Denham, Blog: facial recognition technology and law enforcement, Information Commissioner's Office, May 14, 2018, https://ico.org.uk/about-the-ico/news-and-events/blog-facial-recognition-technology-and-law-enforcement/ (last visited Aug. 14, 2018).  Monique Mann & Marcus Smith, Automated Facial Recognition Technology: Recent Developments and Approaches to Oversight, Automated Facial Recognition Technology, 10(1), 140 (2017).  Biometrics Commissioner, Biometrics Commissioner’s response to the Home Office Biometrics Strategy, Jun. 28, 2018, https://www.gov.uk/government/news/biometrics-commissioners-response-to-the-home-office-biometrics-strategy (last visited Aug. 15, 2018).  Supra note 2.  Supra note 13.  Jon Sharman, Metropolitan Police's facial recognition technology 98% inaccurate, figures show, INDEPENDENT, May 13, 2018, https://www.independent.co.uk/news/uk/home-news/met-police-facial-recognition-success-south-wales-trial-home-office-false-positive-a8345036.html (last visited Aug. 09, 2018).A Before and After Impact Comparison of Applying Statute for Industrial Innovation Article 23-1 Draft on Venture Capital Limited Partnerships
A Before and After Impact Comparison of Applying Statute for Industrial Innovation Article 23-1 Draft on Venture Capital Limited Partnerships I. Background Because the business models adopted by Industries, such as venture capital, film, stage performance and others, are intended to be temporary entities, and the existing business laws are not applicable for such industries, the Legislature Yuan passed the “Limited Partnership Act” in June 2015, for the purpose of encouraging capital injection into these industries. However, since the Act was passed, there are currently only nine limited partnerships listed on the Ministry of Economic Affairs' limited partnership information website. Among them, “Da-Zuo Limited Partnership (Germany) Taiwan Branch” and “Stober Antriebstechnik Limited Partnership (Germany) Taiwan Branch”, are branch companies established by foreign businesses, the remaining seven companies are audio video production and information service businesses. It is a pity that no venture capital company is adopting this format. In fact, several foreign countries have set up supporting measures for their taxation systems targeting those business structures, such as limited partnerships. For example, the pass-through taxation method (or referred to as single entity taxation) is adopted by the United States, while Transparenzprinzip is used by Germany. These two taxation methods may have different names, but their core ideas are to pass the profits of a limited partnership to the earnings of partners. However, following the adoption of the Limited Partnership Act in Taiwan, the Ministry of Finance issued an interpretation letter stating that because the current legal system confers an independent legal entity status to the business structure of a limited partnership, it should be treated as a profit-seeking business and taxed with Profit-Seeking Enterprise Income Tax. Therefore, to actualize the legislative objective of encouraging innovative businesses organized under tenets of the Limited Partnership Act, the Executive Yuan presented a draft amendment for Article 23-1 of the Statute for Industrial Innovation (hereinafter referred to as the Draft), introducing the "Pass Through Taxation Principle" as adopted by several foreign countries. That is, a Limited Partnership will not be levied with the Profit-Seeking Enterprise Income Tax, but each partner will file income tax reports based on after-profit-gains from the partnership that are passed through to each partner. It is expected that the venture capital industry will now be encouraged to adopt the limited partnership structure, and thus increase investment capital in new ventures. II. The Pass Through Taxation Method is Applicable to Newly Established Venture Capital Limited Partnerships 1. The Requirements and Effects (1) The Requirements According to the provisions of Article 23-1 Paragraph 3 of the Draft, to be eligible for Pass Through Taxation, newly established venture capital limited partnerships must meet the following requirements: 1. The venture capital limited partnerships are established between January 1, 2017 and December 31, 2019. 2. Investment threshold of the total agreed capital contribution, total received capital contribution, and accumulated total capital contribution, within five years of the establishment of venture capital limited partnerships: Total Agreed Capital Contribution in the Limited Partnership Agreement Total Received Capital Contribution Accumulated Investment Amount for Start-up Companies The Year of Establishment 3 hundred million ✕ ✕ The Second Year ✕ ✕ The Third Year 1 hundred million ✕ The Fourth Year 2 hundred million Reaching 30 percent of the total received capital contribution of the year or 3 hundred million NT dollars. The Fifth Year 3 hundred million 3. The total amount, that an overseas company applies in capital and investments in actual business operations in Taiwan, reaches 50% of its total received capital contribution of that year. 4. In compliance with government policies. 5. Reviewed and approved by the central competent authority each year. (2) The Effects The effects of applying the provisions of Article 23-1 Paragraph 3 of the Draft are as follows: 1. Venture capital limited partnerships are exempt from the Profit-Seeking Enterprise Income Tax. 2. Taxation method for partners in a limited partnership after obtaining profit gains: (1) Pursuant to the Income Tax Act, Individual partners and for-profit business partners are taxed on their proportionally-calculated, distributed earnings. (2) Individual partners and foreign for-profit business partners are exempt from income tax on the stock earnings distributed by a limited partnership. 2. Benefit Analysis Before and After Applying Pass Through Taxation Method A domestic individual A, a domestic profit-making business B, and a foreign profit-making business C jointly form a venture capital limited partnership, One. The earnings distribution of the company One is 10%, 80% and 10% for A, B, and C partners, respectively. The calculated earnings of company One are one million (where eight hundred thousand are stock earnings, and two hundred thousand are non-stock earnings). How much income tax should be paid by the company One, and partners A, B, and C? (1) Pursuant to the Income Tax Act, before the amended draft: 1. One Venture Capital Limited Partnership Should pay Profit-Seeking Enterprise Income Tax = (NT$1,000,000 (earning) - NT$500,000)x12% (tax rate)=NT$60,000 2. Domestic Individual A Should file a comprehensive income report with business profit income =(NT$1,000,000-NT$60,000) x 10% (company One draft a voucher for net amount for A) + NT$60,000÷2×10% (deductible tax rate)= NT$97,000 Tax payable on profit earnings＝NT$91,500×5%(tax rate)＝NT$4,850 Actual income tax paid＝NT$4,850 - NT$60,000÷2×10% (deductible tax rate) ＝NT$1,485 3. Domestic For-Profit Business B Pursuant to the provisions of Article 42 of the Income Tax Act, the net dividend or net income received by a profit-seeking company is not included in the income tax calculation. 4. Foreign For-Profit Business C Tax paid at its earning source＝(NT$1,000,000 - NT$60,000) ×10% (earning distribution rate) ×20% (tax rate at earning source)＝NT$18,800 (2) Applying Pass Through Taxation Method After Enacting the Amendment 1. One Venture Capital Limited Partnership No income tax. 2. Domestic Individual A Should pay tax＝NT$800,000 (non-stock distributed earnings)×10% (earning distribution rate)×5% (comprehensive income tax rate)＝NT$1,000 3. Domestic For-Profit Business B Pursuant to the provisions of Article 42 of the Income Tax Act, the net dividend or net income received by a profit-seeking company is not included in the income tax calculation. 4. Foreign For-Profit Business C Tax paid at its earning source＝NT$800,000 (non-stock distributed earnings)×10%(earning distribution rate)×20% (tax rate at earning source)＝NT$4,000 The aforementioned example shows that under the situation, where the earning distribution is the same and tax rate for the same taxation subject is the same, the newly-established venture capital limited partnerships and their shareholders enjoy a more favorable tax benefit with the adoption of pass through taxation method: Before the Amendment After the Amendment Venture Capital Limited Partnership NT$60,000 Excluded in calculation Shareholders Domestic Individual NT$1,850 NT$1,000 Domestic For-Profit Business Excluded in calculation Excluded in calculation Foreign For-Profit Business NT$18,800 NT$4,000 Sub-total NT$80,650 NT$5,000 III. Conclusion Compared to the corporate taxation, the application of the pass through taxation method allows for a significant reduction in tax burden. While developing Taiwan’s pass through tax scheme, the government referenced corporate taxation under the U.S. Internal Revenue Code (IRC), where companies that meet the conditions of Chapter S can adopt the “pass through” method, that is, pass the earnings to the owner, with the income of shareholders being the objects of taxation; and studied the "Transparenzprinzip" adopted by the German taxation board for partnership style for-profit businesses. Following these legislative examples, where profits are identified as belonging to organization members, the government legislation includes the adoption of the pass through taxation scheme for venture capital limited partnerships in the amended draft of Article 23-1 of the Statute for Industrial Innovation, so that the legislation is up to international standards and norms, while making an important breakthrough in the current income tax system. This is truly worthy of praise.  The Legislative Yuan Gazette, Vol. 104, No. 51, page 325. URL:http://misq.ly.gov.tw/MISQ//IQuery/misq5000Action.action  A View on the Limited Partnership in Taiwan, Cross-Strait Law Review, No. 54, Liao, Da-Ying, Page 42.  Ministry of Economic Affairs - Limited Partnership Registration Information URL: http://gcis.nat.gov.tw/lmpub/lms/dir.jsp?showgcislocation=true&agencycode=allbf  Same as annotate 2, pages 51-52.  Reference Letter of Interpretation dated December 18, 2015, Tai-Cai-Shui Zi No. 10400636640, the Ministry of Finance  First half of Paragraph 1 of Article 8 of the Income Basic Tax Act  Second half of Paragraph 1 of Article 8 of the Income Basic Tax Act  A Study on the Limited Partnership Act, Master’s degree thesis, College of Law, Soochow University, Wu, Tsung-Yeh, pages 95-96.  Reference annotate 2, pages 52.Blockchain and General Data Protection Regulation (GDPR) compliance issues (2019)
Blockchain and General Data Protection Regulation (GDPR) compliance issues (2019) I. Brief Blockchain technology can solve the problem of trust between data demanders and data providers. In other words, in a centralized mode, data demanders can only choose to believe that the centralized platform will not contain the false information. However, in the decentralized mode, data demanders can directly verify information such as data source, time, and authorization on the blockchain without worrying about the correctness and authenticity of the data. Take the “immutable” for example, it is conflict with the right to erase (also known as the right to be forgotten) in the GDPR.With encryption and one-time pad (OTP) technology, data subjects can make data off-chain storaged or modified at any time in a decentralized platform, so the problem that data on blockchain not meet the GDPR regulation has gradually faded away. II. What is GDPR? The purpose of the EU GDPR is to protect user’s data and to prevent large-scale online platforms or large enterprises from collecting or using user’s data without their permission. Violators will be punished by the EU with up to 20 million Euros (equal to 700 million NT dollars) or 4% of the worldwide annual revenue of the prior financial year. The aim is to promote free movement of personal data within the European Union, while maintaining adequate level of data protection. It is a technology-neutral law, any type of technology which is for processing personal data is applicable. So problem about whether the data on blockchain fits GDPR regulation has raise. Since the blockchain is decentralized, one of the original design goals is to avoid a large amount of centralized data being abused. Blockchain can be divided into permissioned blockchains and permissionless blockchains. The former can also be called “private chains” or “alliance chains” or “enterprise chains”, that means no one can join the blockchain without consent. The latter can also be called “public chains”, which means that anyone can participate on chain without obtaining consent. Sometimes, private chain is not completely decentralized. The demand for the use of blockchain has developed a hybrid of two types of blockchain, called “alliance chain”, which not only maintains the privacy of the private chain, but also maintains the characteristics of public chains. The information on the alliance chain will be open and transparent, and it is in conflict with the application of GDPR. III. How to GDPR apply to blockchain ? First, it should be determined whether the data on the blockchain is personal data protected by GDPR. Second, what is the relationship and respective responsibilities of the data subject, data controller, and data processor? Finally, we discuss the common technical characteristics of blockchain and how it is applicable to GDPR. 1. Data on the blockchain is personal data protected by GDPR? First of all, starting from the technical characteristics of the blockchain, blockchain technology is commonly decentralized, anonymous, immutable, trackable and encrypted. The other five major characteristics are immutability, authenticity, transparency, uniqueness, and collective consensus. Further, the blockchain is an open, decentralized ledger technology that can effectively verify and permanently store transactions between two parties, and can be proved. It is a distributed database, all users on the chain can access to the database and the history record, also can directly verify transaction records. Each nodes use peer-to-peer transmission for upload or transfer information without third-party intermediation, which is the unique “decentralization” feature of the blockchain. In addition, the node or any user on the chain has a unique and identifiable set of more than 30 alphanumeric addresses, but the user may choose to be anonymous or provide identification, which is also a feature of transparency with pseudonymity; Data on blockchain is irreversibility of records. Once the transaction is recorded and updated on the chain, it is difficult to change and is permanently stored in the database, that is to say, it has the characteristics of “tamper-resistance”. According to Article 4 (1) of the GDPR, “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Therefore, if data subject cannot be identified by the personal data on the blockchain, that is an anonymous data, excluding the application of GDPR. (1) What is Anonymization? According to Opinion 05/2014 on Anonymization Techniques by Article 29 Data Protection Working Party of the European Union, “anonymization” is a technique applied to personal data in order to achieve irreversible de-identification. And it also said the “Hash function” of blockchain is a pseudonymization technology, the personal data is possible to be re-identified. Therefore it’s not an “anonymization”, the data on the blockchain may still be the personal data stipulated by the GDPR. As the blockchain evolves, it will be possible to develop technologies that are not regulated by GDPR, such as part of the encryption process, which will be able to pass the court or European data protection authorities requirement of anonymization. There are also many compliance solutions which use technical in the industry, such as avoiding transaction data stored directly on the chain. 2. International data transmission Furthermore, in accordance with Article 3 of the GDPR, “This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union”. In other words, GDPR applies only when the data on the blockchain is not anonymized, and involves the processing of personal data of EU citizens. 3. Identification of data controllers and data processors Therefore, if the encryption technology involves the public storage of EU citizens' personal data and passes it to a third-party controller, it may be identified as the “data controller” under Article 4 of GDPR, and all nodes and miners of the platform may be deemed as the “co-controller” of the data, and be assumed joint responsibility with the data controller by GDPR. For example, the parties can claim the right to delete data from the data controller. In addition, a blockchain operator may be identified as a “processor”, for example, Backend as a Service (BaaS) products, the third parties provide network infrastructure for users, and let users manage and store personal data. Such Cloud Services Companies provide online services on behalf of customers, do not act as “data controllers”. Some commentators believe that in the case of private chains or alliance chains, such as land records transmission, inter-bank customer information sharing, etc., compared to public chain applications: such as cryptocurrencies (Bitcoin for example), is not completely decentralized, and more likely to meet GDPR requirements. For example, in the case of a private chain or alliance chain, it is a closed platform, which contains only a small number of trusted nodes, is more effective in complying with the GDPR rules. 4. Data subject claims In accordance with Article 17 of the GDPR, The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay under some grounds. Off-chain storage technology can help the blockchain industry comply with GDPR rules, allowing offline storage of personal data, or allow trusted nodes to delete the private key of encrypted information, which leaving data that cannot be read and identified on the chain. If the data is in accordance with the definition of anonymization by GDPR, there is no room for GDPR to be applied. IV. Conclusion In summary, it’s seem that the application of blockchain to GDPR may include: (a) being difficulty to identified the data controllers and data processors after the data subject upload their data. (b) the nature of decentralized storage is transnational storage, and Whether the country where the node is located, is meets the “adequacy decision” of Article 45 of the GDPR. If it cannot be met, then it needs to consider whether it conforms to the transfers subject to appropriate safeguards of Article 46, or the derogations for specific situations of Article 49 of the GDPR. Reference:  DONNA K. HAMMAKER, HEALTH RECORDS AND THE LAW 392 (5TH ED. 2018).  Iansiti, Marco, and Karim R. Lakhani, The Truth about Blockchain, Harvard Business Review 95, no. 1 (January-February 2017): 118-125, available at https://hbr.org/2017/01/the-truth-about-blockchain  Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques (2014), https://www.pdpjournals.com/docs/88197.pdf  Directive 95/46/EC (General Data Protection Regulation), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN  Queen Mary University of London, Are blockchains compatible with data privacy law? https://www.qmul.ac.uk/media/news/2018/hss/are-blockchains-compatible-with-data-privacy-law.html