The CTI is also an institution dedicated to boosting innovation in Switzerland. Established in 1943, it was known as the Commission for the Promotion of Scientific Research[1]. It was initially established for the purpose of boosting economy and raising the employment rate, and renamed after 1996. The CTI and SNSF are two major entities dedicated to funding scientific research in Switzerland, and the difference between both resides in that the CTI is dedicated to funding R&D of the application technology and industrial technology helpful to Switzerland’s economic development.
Upon enforcement of the amended RIPA 2011, the CTI was officially independent from the Federal Office for Professional Education and Technology (OEPT) and became an independent entity entitled to making decisions and subordinated to the Federal Department of Economic Affairs (FDEA) directly[2]. The CTI is subject to the council system, consisting of 65 professional members delegated from industrial, academic and research sectors. The members assume the office as a part time job. CTI members are entitled to making decisions on funding, utilization of resources and granting of CTI Start-up Label independently[3].
The CTI primarily carries out the mission including promotion of R&D of industrial technology, enhancement of the market-orientation innovation process and delivery of R&D energy into the market to boost industrial innovation. For innovation, the CTI's core mission is categorized into[4]:
The CTI invests considerable funds and resources in boosting the R&D of application technology and industrial technology. The CTI R&D Project is intended to fund private enterprises (particularly small-sized and medium-sized enterprises) to engage in R&D of innovation technology or product. The enterprises may propose their innovative ideas freely, and the CTI will decide whether the funds should be granted after assessing whether the ideas are innovative and potentially marketable[5].
CTI’s funding is conditioned on the industrial and academic cooperation. Therefore, the enterprises must work with at least one research institution (including a university, university of science and technology, or ETH) in the R&D. Considering that small-sized and medium-sized enterprises usually do not own enough working funds, technology and human resources to commercialize creative ideas, the CTI R&D Project is intended to resolve the problem about insufficient R&D energy and funds of small- and medium-sized enterprises by delivering the research institutions’ plentiful research energy and granting the private enterprises which work with research institutions (including university, university of science and technology, or ETH) the fund. Notably, CTI’s funding is applicable to R&D expenses only, e.g., research personnel’s salary and expenditure in equipment & materials, and allocated to the research institutions directly. Meanwhile, in order to enhance private enterprises' launch into R&D projects and make them liable for the R&D success or failure, CTI’s funding will be no more than 50% of the total R&D budget and, therefore, the enterprises are entitled to a high degree of control right in the process of R&D.
The industrial types which the CTI R&D Project may apply to are not limited. Any innovative ideas with commercial potential may be proposed. For the time being, the key areas funded by CTI include the life science, engineering science, Nano technology and enabling sciences, etc.[6] It intends to keep Switzerland in the lead in these areas. As of 2011, in order to mitigate the impact of drastic CHF revaluation to the industries, the CTI launched its new R&D project, the CTI Voucher[7]. Given this, the CTI is not only an entity dedicated to funding but also plays an intermediary role in the industrial and academic sectors. Enterprises may submit proposals before finding any academic research institution partner. Upon preliminary examination of the proposals, the CTI will introduce competent academic research institutions to work with the enterprises in R&D, subject to the enterprises' R&D needs. After the cooperative partner is confirmed, CTI will grant the fund amounting to no more than CHF3,500,000 per application[8], provided that the funding shall be no more than 50% of the R&D project expenditure.
The CTI R&D Project not only boosts innovation but also raises private enterprises’ willingness to participate in the academic and industrial cooperation, thereby narrowing the gap between the supply & demand of innovation R&D in the industrial and academic sectors. Notably, the Project has achieved remarkable effect in driving private enterprises’ investment in technology R&D. According to statistical data, in 2011, the CTI solicited additional investment of CHF1.3 from a private enterprise by investing each CHF1[9]. This is also one of the important reasons why the Swiss innovation system always acts vigorously.
Table 1 2005-2011 Passing rate of application for R&D funding
Year |
2011 |
2010 |
2009 |
2008 |
2007 |
2006 |
2005 |
Quantity of applications |
590 |
780 |
637 |
444 |
493 |
407 |
522 |
Quantity of funded applications |
293 |
343 |
319 |
250 |
277 |
227 |
251 |
Pass rate |
56% |
44% |
50% |
56% |
56% |
56% |
48% |
Data source: Prepared by the Study
Switzerland has learnt that high-tech start-ups are critical to the creation of high-quality employment and boosting of economic growth, and start-ups were able to commercialize the R&D results. Therefore, as of 2001, Switzerland successively launched the CTI Entrepreneurship and CTI Startup to promote entrepreneurship and cultivate high-tech start-ups.
The CTI Entrepreneurship was primarily implemented by the Venture Lab founded by CTI investment. The Venture Lab launched a series of entrepreneurship promotion and training courses, covering day workshops, five-day entrepreneurship intensive courses, and entrepreneurship courses available in universities. Each training course was reviewed by experts, and the experts would provide positive advice to attendants about innovative ideas and business models.
Data source: Venture Lab Site
Fig. 3 Venture Lab Startup Program
The CTI is dedicated to driving the economy by virtue of innovation as its priority mission. In order to cultivate the domestic start-ups with high growth potential in Switzerland, the CTI Startup project was launched in 1996[10] in order to provide entrepreneurs with the relevant guidance services. The project selected young entrepreneurs who provided innovative ideas, and guided them in the process of business start to work their innovative ideas and incorporate competitive start-ups.
In order to enable the funding and resources to be utilized effectively, the CTI Startup project enrolled entrepreneurs under very strict procedure, which may be categorized into four stages[11]:
Data source: CTI Startup Site
Fig. 4 Startup Plan Flow Chart
In the first stage, the CTI would preliminarily examine whether the applicant’s idea was innovative and whether it was technologically feasible, and help the applicant register with the CTI Startup project. Upon registration, a more concrete professional examination would be conducted at the second stage. The scope of examination included the technology, market, feasibility and management team’s competence. After that, at the stage of professional guidance, each team would be assigned a professional “entrepreneurship mentor”, who would help the team develop further and optimize the enterprise’s strategy, flow and business model in the process of business start, and provide guidance and advice on the concrete business issues encountered by the start-up. The stage of professional guidance was intended to guide start-ups to acquire the CTI Startup Label, as the CTI Startup Label was granted subject to very strict examination procedure. For example, in 2012, the CTI Startup project accepted 78 applications for entrepreneurship guidance, but finally the CTI Startup Label was granted to 27 applications only[12]. Since 1996, a total of 296 start-ups have acquired the CTI Startup Label, and more than 86% thereof are still operating now[13]. Apparently, the CTI Startup Label represents the certification for innovation and on-going development competence; therefore, it is more favored by investors at the stage of fund raising.
Table 2 Execution of start-up plans for the latest three years
|
Quantity of application |
Quantity of accepted application |
Quantity of CTI Label granted |
2012 |
177 |
78 |
27 |
2011 |
160 |
80 |
26 |
2010 |
141 |
61 |
24 |
Data source: CTI Annual Report, prepared by the Study
Meanwhile, the “CTI Invest” platform was established to help start-up raise funds at the very beginning to help commercialize R&D results and cross the valley in the process of R&D innovation. The platform is a private non-business-making organization, a high-tech start-up fund raising platform co-established by CTI and Swiss investors[14]. It is engaged in increasing exposure of the start-ups and contact with investors by organizing activities, in order to help the start-ups acquire investment funds.
KTT Support (Knowledge & Technology Transfer (KTT Support) is identified as another policy instrument dedicated to boosting innovation by the CTI. It is intended to facilitate the exchange of knowledge and technology between academic research institutions and private enterprises, in order to transfer and expand the innovation energy.
As of 2013, the CTI has launched a brand new KTT Support project targeting at small-sized and medium-sized enterprises. The new KTT Support project consisted of three factors, including National Thematic Networks (NTNs), Innovation Mentors, and Physical and web-based platforms. Upon the CTI’s strict evaluation and consideration, a total of 8 cooperative innovation subjects were identified in 2012, namely, carbon fiber composite materials, design idea innovation, surface innovation, food study, Swiss biotechnology, wood innovation, photonics and logistics network, etc.[15] One NTN would be established per subject. The CTI would fund these NTNs to support the establishment of liaison channels and cooperative relations between academic research institutions and industries and provide small- and medium-sized enterprises in Switzerland with more rapid and easy channel to access technologies to promote the exchange of knowledge and technology between both parties. Innovation Mentors were professionals retained by the CTI, primarily responsible for evaluating the small-sized and medium-sized enterprises’ need and chance for innovation R&D and helping the enterprises solicit competent academic research partners to engage in the transfer of technology. The third factor of KTT Support, Physical and web-based platforms, is intended to help academic research institutions and private enterprises establish physical liaison channels through organization of activities and installation of network communication platforms, to enable the information about knowledge and technology transfer to be more transparent and communicable widely.
In conclusion, the CTI has been dedicated to enhancing the link between scientific research and the industries and urging the industrial sector to involve and boost the R&D projects with market potential. The CTI’s business lines are all equipped with corresponding policy instruments to achieve the industrial-academic cooperation target and mitigate the gap between the industry and academic sectors in the innovation chain. The various CTI policy instruments may be applied in the following manner as identified in the following figure.
Data source: CTI Annual Report 2011
Fig. 5 Application of CTI Policy Instrument to Innovation Chain
The Swiss Federal Government has invested considerable expenditures in technology R&D. According to statistic data provided by Swiss Federal Statistical Office (FSO) and OECD, the Swiss research expenditures accounted for 2.37% of the Federal Government’s total expenditures, following the U.S.A. and South Korea (see Fig. 6). Meanwhile, the research expenditures of the Swiss Government grew from CHF2.777 billion in 2000 to CHF4.639 billion in 2010, an average yearly growth rate of 5.9% (see Fig. 7). It is clear that Switzerland highly values its technology R&D.
Data source: FSO and OECD
Fig. 6 Percentage of Research Expenditures in Various Country Governments’ Total Expenditures (2008)
Data source: FSO and OECD
Fig. 7 Swiss Government Research Expenditures 2000-2010
Swiss research expenditures are primarily allocated to the education, R&D and innovation areas, and play an important role in the Swiss innovation system. Therefore, a large part of the Swiss research expenditures are allocated to institutions of higher education, including ETH, universities, and UASs. The Swiss research expenditures are utilized by three hierarchies[16] (see Fig. 8):
Therefore, the Swiss Government research expenditures may be utilized by the Federal Government directly, or assigned to intermediary agencies, which will allocate the same to the R&D performing institutions. SERI will allocate the research expenditures to institutions of higher education and also hand a lot of the expenditures over to SNSF for consolidated funding to the basic science of R&D.
Data source: FSO
Fig. 8 Swiss Research Fund Utilization Mechanism
~to be continued~
[1] ORGANIZATION FOR ECONNOMIC CO-OPERATION AND DEVELOPMENT [OECD], OECD Reviews of Innovation Policy: Switzerland 27 (2006).
[2] As of January 1, 2013, the Federal Ministry of Economic Affairs was reorganized, and renamed into Federal Department of Economic Affairs, Education and Research (EAER).
[3] The Commission for Technology and Innovation CTI, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.kti.admin.ch/org/00079/index.html?lang=en (last visited Jun. 3, 2013).
[4] Id.
[5] CTI INVEST, Swiss Venture Guide 2012 (2012), at 44, http://www.cti-invest.ch/getattachment/7f901c03-0fe6-43b5-be47-6d05b6b84133/Full-Version.aspx (last visited Jun. 4, 2013).
[6] CTI, CTI Activity Report 2012 14 (2013), available at http://www.kti.admin.ch/dokumentation/00077/index.html?lang=en&download=NHzLpZeg7t,lnp6I0NTU042l2Z6ln1ad1IZn4Z2qZpnO2Yuq2Z6gpJCDen16fmym162epYbg2c_JjKbNoKSn6A-- (last visited Jun. 3, 2013).
[7] CTI Voucher, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.kti.admin.ch/projektfoerderung/00025/00135/index.html?lang=en (last visited Jun. 3, 2013).
[8] Id.
[9] CTI, CTI Activity Report 2011 20 (2012), available at http://www.kti.admin.ch/dokumentation/00077/index.html?lang=en&download=NHzLpZeg7t,lnp6I0NTU042l2Z6ln1ad1IZn4Z2qZpnO2Yuq2Z6gpJCDeYR,gWym162epYbg2c_JjKbNoKSn6A--(last visited Jun. 3, 2013).
[10] CTI Start-up Brings Science to Market, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.ctistartup.ch/en/about/cti-start-/cti-start-up/ (last visited Jun. 5, 2013).
[11] Id.
[12] Supra note 8, at 45.
[13] Id.
[14] CTI Invest, http://www.cti-invest.ch/About/CTI-Invest.aspx (last visited Jun. 5, 2013).
[15] KTT Support, CTI, http://www.kti.admin.ch/netzwerke/index.html?lang=en (last visited Jun.5, 2013).
[16] Swiss Federal Statistics Office (SFO), Public Funding of Research in Switzerland 2000–2010 (2012), available at http://www.bfs.admin.ch/bfs/portal/en/index/themen/04/22/publ.Document.163273.pdf (last visited Jun. 20, 2013).
Experiences about opening data in private sector Ⅰ. Introduction Open data is the idea that data should be available freely for everyone to use and republish without restrictions from copyright, patents or other mechanisms of control. The concept of open data is not new; but a formalized definition is relatively new, and The Open Definition gives full details on the requirements for open data and content as follows: Availability and access: the data must be available as a whole with no more than a reasonable reproduction cost, preferably by downloading over the internet. The data must also be available in a convenient and modifiable form. Reuse and redistribution: the data must be provided under terms that permit reuse and redistribution including the intermixing with other datasets. The data shall be machine-readable. Universal participation: everyone must be able to use, reuse and redistribute the data— which by means there should be no discrimination against fields of endeavor or against persons or groups. For example, “non-commercial” restrictions that would prevent “commercial” use, or restrictions of use for certain purposes are not allowed. In order to be in tune with international developmental trends, Taiwan passed an executive resolution in favor of promoting Open Government Data in November 2012. Through the release of government data, open data has grown significantly in Taiwan and Taiwan has come out on top among 122 countries and areas in the 2015 and 2016 Global Open Data Index[1]. The result represented a major leap for Taiwan, however, progress is still to be made as most of the data are from the Government, and data from other territories, especially from private sector can rarely be seen. It is a pity that data from private sector has not being properly utilized and true value of such data still need to be revealed. The following research will place emphasis to enhance the value of private data and the strategies of boosting private sector to open their own data. Ⅱ. Why open private data With the trend of Open Government Data recent years, countries are now starting to realize that Open Government Data is improving transparency, creating opportunities for social and commercial innovation, and opening the door to better engagement with citizens. But open data is not limited to Open Government Data. In fact, the private sector not only interacts with government data, but also produces a massive amount of data, much of which in need of utilized. According to the G20 open data policy agenda made in 2014, the potential economic value of open data for Australia is up to AUD 64 billion per annum, and the potential value of open data from private sector is around AUD 34 billion per annum. Figure 1 Value of open data for Australia (AUD billion per annum) Source: McKinsey Global Institute The purpose for opening data held by private entities and corporations is rooted in a broad recognition that private data has the potential to foster much public good. Openness of data for companies can translate into more efficient internal governance frameworks, enhanced feedback from workers and employees, improved traceability of supply chains, accountability to end consumers, and with better service and product delivery. Open Private Data is thus a true win-win for all with benefiting not only the governance but environmental and social gains. At the same time, a variety of constraints, notably privacy and security, but also proprietary interests and data protectionism on the part of some companies—hold back this potential. Ⅲ. The cases of Open Private Data Syngenta AG, a global Swiss agribusiness that produces agrochemicals and seeds, has established a solid foundation for reporting on progress that relies on independent data collection and validation, assurance by 3rd party assurance providers, and endorsement from its implementing partners. Through the website, Syngenta AG has shared their datasets for agricultural with efficiency indicators for 3600 farms for selected agro-ecological zones and market segments in 42 countries in Europe, Africa, Latin America, North America and Asia. Such datasets are precious but Syngenta AG share them for free only with a Non-Commercial license which means users may copy and redistribute the material in any medium or format freely but may not use the material for commercial purposes. Figure 2 Description and License for Open data of Syngenta AG Source: http://www.syngenta.com Tokyo Metro is a rapid transit system in Tokyo, Japan has released information such as train location and delay times for all lines as open data. The company held an Open Data Utilization Competition from 12 September to 17 November, 2014 to promote development of an app using this data and continues to provide the data even after the competition ended. However, many restrictions such as non-commercial use, or app can only be used for Tokyo Metro lines has weakened the efficiency of open data, it is still valued as an initial step of open private data. Figure 3 DM of Tokyo Metro Open data Contest Source: https://developer.tokyometroapp.jp/ Ⅳ. How to enhance Open Private Data Open Private Data is totally different from Open Government Data since “motivation” is vital for private institutions to release their own data. Unlike the government data can be disclosed and free to use via administrative order or legislation, all of the data controlled by private institutions can only be opened under their own will. The initiative for open data therefore shall focus on how to motivate private sectors releasing their own data-by ensuring profit and minimizing risks. Originally, open data shall be available freely for everyone to use without any restrictions, and data owners may profit indirectly as users utilizing their data creating apps, etc. but not profit from open data itself. The income is unsteady and data owners therefore lose their interest to open data. As a countermeasure, it is suggested to make data chargeable though this may contradict to the definition of open data. When data owners can charge by usage or by time, the motivation of open data would arise when open data is directly profitable. Data owners may also worry about many legal issues when releasing their own data. They may not care about whether profitable or not but afraid of being involved into litigation disputes such as intellectual property infringement, unfair competition, etc. It is very important for data owners to have a well protected authorization agreement when releasing data, but not all of them is able to afford the cost of making agreement for each data sharing. Therefore, a standard sample of contract that can be widely adopted plays a very important role for open private data. A data sharing platform would be a solution to help data owners sharing their own data. It can not only provide a convenient way to collect profit from data sharing but help data owners avoiding legal risks with the platform’s standard agreement. All the data owners have to do is just to transfer their own data to the platform without concern since the platform would handle other affairs. Ⅴ. Conclusion Actively engaging the private sector in the open data value-chain is considered an innovation imperative as it is highly related to the development of information economy. Although many works still need to be done such as identifying mechanisms for catalyzing private sector engagement, these works can be done by organizations such as the World Bank and the Centre for Open Data Enterprise. Private-public collaboration is also important when it comes to strengthening the global data infrastructure, and the benefits of open data are diverse and range from improved efficiency of public administrations to economic growth in the private sector. However, open private data is not the goal but merely a start for open data revolution. It is to add variation for other organizations and individuals to analyze to create innovations while individuals, private sectors, or government will benefit from that innovation and being encouraged to release much more data to strengthen this data circulation. [1] Global Open Data Index, https://index.okfn.org/place/(Last visited: May 15, 2017)
The use of automated facial recognition technology and supervision mechanism in UKThe use of automated facial recognition technology and supervision mechanism in UK I. Introduction Automatic facial recognition (AFR) technology has developed rapidly in recent years, and it can identify target people in a short time. The UK Home Office announced the "Biometrics Strategy" on June 28, 2018, saying that AFR technology will be introduced in the law enforcement, and the Home Office will also actively cooperate with other agencies to establish a new oversight and advisory board in order to maintain public trust. AFR technology can improve law enforcement work, but its use will increase the risk of intruding into individual liberty and privacy. This article focuses on the application of AFR technology proposed by the UK Home Office. The first part of this article describes the use of AFR technology by the police. The second part focuses on the supervision mechanism proposed by the Home Office in the Biometrics Strategy. However, because the use of AFR technology is still controversial, this article will sort out the key issues of follow-up development through the opinions of the public and private sectors. The overview of the discussion of AFR technology used by police agencies would be helpful for further policy formulation. II. Overview of the strategy of AFR technology used by the UK police According to the Home Office’s Biometrics Strategy, the AFR technology will be used in law enforcement, passports and immigration and national security to protect the public and make these public services more efficient[1]. Since 2017 the UK police have worked with tech companies in testing the AFR technology, at public events like Notting Hill Carnival or big football matches[2]. In practice, AFR technology is deployed with mobile or fixed camera systems. When a face image is captured through the camera, it is passed to the recognition software for identification in real time. Then, the AFR system will process if there is a ‘match’ and the alarm would solicit an operator’s attention to verify the match and execute the appropriate action[3]. For example, South Wales Police have used AFR system to compare images of people in crowds attending events with pre-determined watch lists of suspected mobile phone thieves[4]. In the future, the police may also compare potential suspects against images from closed-circuit television cameras (CCTV) or mobile phone footage for evidential and investigatory purposes[5]. The AFR system may use as tools of crime prevention, more than as a form of crime detection[6]. However, the uses of AFR technology are seen as dangerous and intrusive by the UK public[7]. For one thing, it could cause serious harm to democracy and human rights if the police agency misuses AFR technology. For another, it could have a chilling effect on civil society and people may keep self-censoring lawful behavior under constant surveillance[8]. III. The supervision mechanism of AFR technology To maintaining public trust, there must be a supervision mechanism to oversight the use of AFR technology in law enforcement. The UK Home Office indicates that the use of AFR technology is governed by a number of codes of practice including Police and Criminal Evidence Act 1984, Surveillance Camera Code of Practice and the Information Commissioner’s Office (ICO)’s Code of Practice for surveillance cameras[9]. (I) Police and Criminal Evidence Act 1984 The Police and Criminal Evidence Act (PACE) 1984 lays down police powers to obtain and use biometric data, such as collecting DNA and fingerprints from people arrested for a recordable offence. The PACE allows law enforcement agencies proceeding identification to find out people related to crime for criminal and national security purposes. Therefore, for the investigation, detection and prevention tasks related to crime and terrorist activities, the police can collect the facial image of the suspect, which can also be interpreted as the scope of authorization of the PACE. (II) Surveillance Camera Code of Practice The use of CCTV in public places has interfered with the rights of the people, so the Protection of Freedoms Act 2012 requires the establishment of an independent Surveillance Camera Commissioner (SCC) for supervision. The Surveillance Camera Code of Practice proposed by the SCC sets out 12 principles for guiding the operation and use of surveillance camera systems. The 12 guiding principles are as follows[10]: A. Use of a surveillance camera system must always be for a specified purpose which is in pursuit of a legitimate aim and necessary to meet an identified pressing need. B. The use of a surveillance camera system must take into account its effect on individuals and their privacy, with regular reviews to ensure its use remains justified. C. There must be as much transparency in the use of a surveillance camera system as possible, including a published contact point for access to information and complaints. D. There must be clear responsibility and accountability for all surveillance camera system activities including images and information collected, held and used. E. Clear rules, policies and procedures must be in place before a surveillance camera system is used, and these must be communicated to all who need to comply with them. F. No more images and information should be stored than that which is strictly required for the stated purpose of a surveillance camera system, and such images and information should be deleted once their purposes have been discharged. G. Access to retained images and information should be restricted and there must be clearly defined rules on who can gain access and for what purpose such access is granted; the disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes. H. Surveillance camera system operators should consider any approved operational, technical and competency standards relevant to a system and its purpose and work to meet and maintain those standards. I. Surveillance camera system images and information should be subject to appropriate security measures to safeguard against unauthorised access and use. J. There should be effective review and audit mechanisms to ensure legal requirements, policies and standards are complied with in practice, and regular reports should be published. K. When the use of a surveillance camera system is in pursuit of a legitimate aim, and there is a pressing need for its use, it should then be used in the most effective way to support public safety and law enforcement with the aim of processing images and information of evidential value. L. Any information used to support a surveillance camera system which compares against a reference database for matching purposes should be accurate and kept up to date. (III) ICO’s Code of Practice for surveillance cameras It must need to pay attention to the personal data and privacy protection during the use of surveillance camera systems and AFR technology. The ICO issued its Code of Practice for surveillance cameras under the Data Protection Act 1998 to explain the legal requirements operators of surveillance cameras. The key points of ICO’s Code of Practice for surveillance cameras are summarized as follows[11]: A. The use time of the surveillance camera systems should be carefully evaluated and adjusted. It is recommended to regularly evaluate whether it is necessary and proportionate to continue using it. B. A police force should ensure an effective administration of surveillance camera systems deciding who has responsibility for the control of personal information, what is to be recorded, how the information should be used and to whom it may be disclosed. C. Recorded material should be stored in a safe way to ensure that personal information can be used effectively for its intended purpose. In addition, the information may be considered to be encrypted if necessary. D. Disclosure of information from surveillance systems must be controlled and consistent with the purposes for which the system was established. E. Individuals whose information is recoded have a right to be provided with that information or view that information. The ICO recommends that information must be provided promptly and within no longer than 40 calendar days of receiving a request. F. The minimum and maximum retention periods of recoded material is not prescribed in the Data Protection Act 1998, but it should not be kept for longer than is necessary and should be the shortest period necessary to serve the purposes for which the system was established. (IV) A new oversight and advisory board In addition to the aforementioned regulations and guidance, the UK Home Office mentioned that it will work closely with related authorities, including ICO, SCC, Biometrics Commissioner (BC), and Forensic Science Regulator (FSR) to establish a new oversight and advisory board to coordinate consideration of law enforcement’s use of facial images and facial recognition systems[12]. To sum up, it is estimated that the use of AFR technology by law enforcement has been abided by existing regulations and guidance. Firstly, surveillance camera systems must be used on the purposes for which the system was established. Secondly, clear responsibility and accountability mechanisms should be ensured. Thirdly, individuals whose information is recoded have the right to request access to relevant information. In the future, the new oversight and advisory board will be asked to consider issues relating to law enforcement’s use of AFR technology with greater transparency. IV. Follow-up key issues for the use of AFR technology Regarding to the UK Home Office’s Biometrics Strategy, members of independent agencies such as ICO, BC, SCC, as well as civil society, believe that there are still many deficiencies, the relevant discussions are summarized as follows: (I) The necessity of using AFR technology Elizabeth Denham, ICO Commissioner, called for looking at the use of AFR technology carefully, because AFR is an intrusive technology and can increase the risk of intruding into our privacy. Therefore, for the use of AFR technology to be legal, the UK police must have clear evidence to demonstrate that the use of AFR technology in public space is effective in resolving the problem that it aims to address[13]. The Home Office has pledged to undertake Data Protection Impact Assessments (DPIAs) before introducing AFR technology, including the purpose and legal basis, the framework applies to the organization using the biometrics, the necessity and proportionality and so on. (II)The limitations of using facial image data The UK police can collect, process and use personal data based on the need for crime prevention, investigation and prosecution. In order to secure the use of biometric information, the BC was established under the Protection of Freedoms Act 2012. The mission of the BC is to regulate the use of biometric information, provide protection from disproportionate enforcement action, and limit the application of surveillance and counter-terrorism powers. However, the BC’s powers do not presently extend to other forms of biometric information other than DNA or fingerprints[14]. The BC has expressed concern that while the use of biometric data may well be in the public interest for law enforcement purposes and to support other government functions, the public benefit must be balanced against loss of privacy. Hence, legislation should be carried to decide that crucial question, instead of depending on the BC’s case feedback[15]. Because biometric data is especially sensitive and most intrusive of individual privacy, it seems that a governance framework should be required and will make decisions of the use of facial images by the police. (III) Database management and transparency For the application of AFR technology, the scope of biometric database is a dispute issue in the UK. It is worth mentioning that the British people feel distrust of the criminal database held by the police. When someone is arrested and detained by the police, the police will take photos of the suspect’s face. However, unlike fingerprints and DNA, even if the person is not sued, their facial images are not automatically deleted from the police biometric database[16]. South Wales Police have used AFR technology to compare facial images of people in crowds attending major public events with pre-determined watch lists of suspected mobile phone thieves in the AFR field test. Although the watch lists are created for time-limited and specific purposes, the inclusion of suspects who could possibly be innocent people still causes public panic. Elizabeth Denham warned that there should be a transparency system about retaining facial images of those arrested but not charged for certain offences[17]. Therefore, in the future the UK Home Office may need to establish a transparent system of AFR biometric database and related supervision mechanism. (IV) Accuracy and identification errors In addition to worrying about infringing personal privacy, the low accuracy of AFR technology is another reason many people oppose the use of AFR technology by police agencies. Silkie Carlo, director of Big Brother Watch, said the police must immediately stop using the AFR technology and avoid mistaking thousands of innocent citizens as criminals; Paul Wiles, Biometrics Commissioner, also called for legislation to manage AFR technology because of its accuracy is too low and the use of AFR technology should be tested and passed external peer review[18]. In the Home Office’s Biometric Strategy, the scientific quality standards for AFR technology will be established jointly with the FSR, an independent agency under the Home Office. In other words, the Home Office plans to extend the existing forensics science regime to regulate AFR technology. Therefore, the FSR has worked with the SCC to develop standards relevant to digital forensics. The UK government has not yet seen specific standards for regulating the accuracy of AFR technology at the present stage. V. Conclusion From the discussion of the public and private sectors in the UK, we can summarize some rules for the use of AFR technology. Firstly, before the application of AFR technology, it is necessary to complete the pre-assessment to ensure the benefits to the whole society. Secondly, there is the possibility of identifying errors in AFR technology. Therefore, in order to maintain the confidence and trust of the people, the relevant scientific standards should be set up first to test the system accuracy. Thirdly, the AFR system should be regarded as an assisting tool for police enforcement in the initial stage. In other words, the information analyzed by the AFR system should still be judged by law enforcement officials, and the police officers should take the responsibilities. In order to balance the protection of public interest and basic human rights, the use of biometric data in the AFR technology should be regulated by a special law other than the regulations of surveillance camera and data protection. The scope of the identification database is also a key point, and it may need legislators’ approval to collect and store the facial image data of innocent people. Last but not least, the use of the AFR system should be transparent and the victims of human rights violations can seek appeal. [1] UK Home Office, Biometrics Strategy, Jun. 28, 2018, https://www.gov.uk/government/publications/home-office-biometrics-strategy (last visited Aug. 09, 2018), at 7. [2] Big Brother Watch, FACE OFF CAMPAIGN: STOP THE MET POLICE USING AUTHORITARIAN FACIAL RECOGNITION CAMERAS, https://bigbrotherwatch.org.uk/all-campaigns/face-off-campaign/ (last visited Aug. 16, 2018). [3] Lucas Introna & David Wood, Picturing algorithmic surveillance: the politics of facial recognition systems, Surveillance & Society, 2(2/3), 177-198 (2004). [4] Supra note 1, at 12. [5] Id, at 25. [6] Michael Bromby, Computerised Facial Recognition Systems: The Surrounding Legal Problems (Sep. 2006)(LL.M Dissertation Faculty of Law University of Edinburgh), http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.197.7339&rep=rep1&type=pdf , at 3. [7] Owen Bowcott, Police face legal action over use of facial recognition cameras, The Guardian, Jun. 14, 2018, https://www.theguardian.com/technology/2018/jun/14/police-face-legal-action-over-use-of-facial-recognition-cameras (last visited Aug. 09, 2018). [8] Martha Spurrier, Facial recognition is not just useless. In police hands, it is dangerous, The Guardian, May 16, 2018, https://www.theguardian.com/commentisfree/2018/may/16/facial-recognition-useless-police-dangerous-met-inaccurate (last visited Aug. 17, 2018). [9] Supra note 1, at 12. [10] Surveillance Camera Commissioner, Surveillance camera code of practice, Oct. 28, 2014, https://www.gov.uk/government/publications/surveillance-camera-code-of-practice (last visited Aug. 17, 2018). [11] UK Information Commissioner’s Office, In the picture: A data protection code of practice for surveillance cameras and personal information, Jun. 09, 2017, https://ico.org.uk/for-organisations/guide-to-data-protection/encryption/scenarios/cctv/ (last visited Aug. 10, 2018). [12] Supra note 1, at 13. [13] Elizabeth Denham, Blog: facial recognition technology and law enforcement, Information Commissioner's Office, May 14, 2018, https://ico.org.uk/about-the-ico/news-and-events/blog-facial-recognition-technology-and-law-enforcement/ (last visited Aug. 14, 2018). [14] Monique Mann & Marcus Smith, Automated Facial Recognition Technology: Recent Developments and Approaches to Oversight, Automated Facial Recognition Technology, 10(1), 140 (2017). [15] Biometrics Commissioner, Biometrics Commissioner’s response to the Home Office Biometrics Strategy, Jun. 28, 2018, https://www.gov.uk/government/news/biometrics-commissioners-response-to-the-home-office-biometrics-strategy (last visited Aug. 15, 2018). [16] Supra note 2. [17] Supra note 13. [18] Jon Sharman, Metropolitan Police's facial recognition technology 98% inaccurate, figures show, INDEPENDENT, May 13, 2018, https://www.independent.co.uk/news/uk/home-news/met-police-facial-recognition-success-south-wales-trial-home-office-false-positive-a8345036.html (last visited Aug. 09, 2018).
Review of Taiwan's Existing Regulations on the Access to Bioloical ResourcesThe activities of accessing to Taiwan's biological resources can be governed within certain extent described as follows. 1 、 Certain Biological Resources Controlled by Regulations Taiwan's existing regulation empowers the government to control the access to biological resources within certain areas or specific species. The National Park Law, the Forestry Act, and the Cultural Heritage Preservation Act indicate that the management authority can control the access of animals and plants inside the National Park, the National Park Control Area, the recreational area, the historical monuments, special scenic area, or ecological protection area; forbid the logging of plants and resources within the necessary control area for logging and preserved forestry, or control the biological resources inside the natural preserved area. In terms of the scope of controlled resources, according to the guidance of the Wildlife Conservation Act and the Cultural Heritage Preservation Act, governmental management authority is entitled to forbid the public to access the general and protected wild animals and the plant and biological resources that are classified as natural monuments. To analyse the regulation from another viewpoint, any access to resources in areas and of species other than the listed, such as wild plants or microorganism, is not regulated. Therefore, in terms of scope, Taiwan's management of the access to biological resources has not covered the whole scope. 2 、 Access Permit and Entrance Permit Taiwan's current management of biological resources adopts two kinds of schemes: access permit scheme and entrance permit in specific areas. The permit allows management authority to have the power to grant and reject the collection, hunting, or other activities to access resources by people. This scheme is similar to the international standard. The current management system for the access to biological resources promoted by many countries and international organizations does not usually cover the guidance of entrance in specific areas. This is resulting from that the scope of the regulation about access applies for the whole nation. However, since Taiwan has not developed regulations specifically for the access of bio-research resources, the import/export regulations in the existing Wildlife Conservation Act, National Park Law, Forestry Act, and Cultural Heritage Preservation Act may provide certain help if these regulations be properly connected with the principle of access and benefit sharing model, so that they will help to urge people to share the research interests. 3 、 Special Treatments for Academic Research Purpose and Aborigines Comparing to the access for the purpose of business operation, Taiwan's regulations favour the research and development that contains collection and hunting for the purpose of academic researches. The regulation gives permits to the access to biological resources for the activities with nature of academic researches. For instance, the Wildlife Conservation Act, National Park Law, and theCultural Heritage Preservation Act allow the access of regulated biological resources, if the academic research unit obtains the permit, or simply inform the management authority. In addition, the access by the aborigines is also protected by the Forestry Act, Cultural Heritage Preservation Act, and the Aboriginal Basic Act. The aborigines have the right to freely access to biological resources such as plants, animals and fungi. 4 、 The Application of Prior Informed Consent (PIC) In topics of the access to and benefit sharing of biological resources, the PIC between parties of interests has been the focus of international regulation. Similarly, when Taiwan was establishing theAboriginal Basic Act, this regulation was included to protect the aborigines' rights to be consulted, to agree, to participate and to share the interests. This conforms to the objective of access and benefit sharing system. 5 、 To Research and Propose the Draft of Genetic Resources Act The existing Wildlife Conservation Act, National Park Law, Forestry Act,Cultural Heritage Preservation Act, Aboriginal Basic Act provide the regulation guidance to the management of the access to biological resources within certain scope. Comparing to the international system of access and benefit sharing, Taiwan's regulation covers only part of the international guidance. For instance, Taiwan has no regulation for the management of wild plants and micro-organism, so there is no regulation to confine the access to wild plants and microorganism. To enlarge the scope of management in terms of the access to Taiwan's biological resources, the government authority has authorize the related scholars to prepare the draft of Genetic Resources Act. The aim of the Genetic Resources Act is to establish the guidance of the access of genetic resources and the sharing of interests in order to preserve the genetic resources. The draft regulates that the bio-prospecting activity should be classified into business and academic, with the premise of not interfering the traditional usages. After classification, application of the permit should be conducted via either general or express process. During the permit application, the prospector, the management authority, and the owner of the prospected land should conclude an agreement jointly. In the event that the prospector wishes to apply for intellectual property rights, the prospector should disclose the origin of the genetic resources and provide the legally effective documents of obtaining these resources. In addition, a Biodiversity Fund should be established to manage the profits derived from genetic resources. The import/export of genetic resources should also be regulated. Violators should be fined.
Post Brexit – An Update on the United Kingdom Privacy RegimePost Brexit – An Update on the United Kingdom Privacy Regime 2021/9/10 After lengthy talks, on 31 January 2020, the United Kingdom (‘UK’) finally exited the European Union (‘EU’). Then, the UK shifted into a transition period. The UK government was bombarded with questions from all stakeholders. In particular, the data and privacy industry yelled out the loudest – what am I going to do with data flowing from the EU to the UK? Privacy professionals queried – would the UK have a new privacy regime that significantly departs from the General Data Protection Regulation (‘GDPR’)? Eventually, the UK made a compromise with all stakeholders – the British, the Europeans and the rest of the world – by bridging its privacy laws with the GDPR. On 28 June 2021, the UK obtained an adequacy decision from the EU.[1] This was widely anticipated but also widely known to be delayed, as it was heavily impacted by the aftermaths of the invalidation of the US- EU Privacy Shield.[2] While the rest of the world seems to silently observe the transition undertaken by the UK, post-Brexit changes to the UK’s privacy regime is not only a domestic or regional matter, it is an international matter. Global supply chains and cross border data flows will be affected, shuffling the global economy into a new order. Therefore, it is crucial as citizens of a digital economy to unpack and understand the current UK privacy regime. This paper intends to give the reader a brief introduction to the current privacy regime of the UK. The author proposes to set out the structure of the UK privacy legislation, and to discuss important privacy topics. This paper only focuses on the general processing regime, which is the regime that is most relevant to general stakeholders. UK Privacy Legislation There are two main privacy legislation in the UK – the Data Protection Act 2018 (‘DPA’) and the United Kingdom General Data Protection Act (‘UK GDPR’). These two acts must be read together in order to form a coherent understanding of the current UK privacy regime. The UK GDPR is the creature of Brexit. The UK government wanted a smooth transition out of the EU and acknowledged that they needed to preserve the GDPR in their domestic privacy regime to an extent that would allow them to secure an adequacy decision. The UK government also wanted to create less impact on private companies. Thus, the UK GDPR was born. Largely it aligns closely with the GDPR, supplemented by the DPA. ICO The Information Commissioner’s Office (‘ICO’) is the independent authority supervising the compliance of privacy laws in the UK. Prior to Brexit, the ICO was the UK’s supervisory authority under the GDPR. A unique feature of the ICO’s powers and functions is that it adopts a notice system. The ICO has power to issue four types of notices: information notices, assessment notices, enforcement notices and penalty notices.[3] The information notice requires controllers or processors to provide information. The ICO must issue an assessment notice before conducting data protection audits. Enforcement is only exercisable by giving an enforcement notice. Administrative fines are only exercisable by giving a penalty notice. Territorial Application Section 207(1A) of the DPA states that the DPA applies to any controller or processor established in the UK, regardless where the processing of personal data takes place. Like the GDPR, the DPA and the UK GDPR have an extraterritorial reach to overseas controllers or processors. The DPA and the UK GDPR apply to overseas controllers or processors who process personal data relating to data subjects in the UK, and the processing activities are related to the offering of goods or services, or the monitoring of data subjects’ behavior.[4] Transfers of Personal Data to Third Countries On 28 June 2021, the UK received an adequacy decision from the EU.[5] This means that until 27 June 2025, data can continue to flow freely between the UK and the European Economic Area (‘EEA’). As for transferring personal data to third countries other than the EU, the UK has similar laws to the GDPR. Both the DPA and the UK GDPR restrict controllers or processors from transferring personal data to third countries. A transfer of personal data to a third country is permitted if it is based on adequacy regulations.[6] An EU adequacy decision is known as ‘adequacy regulations’ under the UK regime. If there is no adequacy regulations, then a transfer of personal data to a third country will only be permitted if it is covered by appropriate safeguards, including standard data protection clauses, binding corporate rules, codes of conduct, and certifications.[7] The ICO intends to publish UK standard data protection clauses in 2021.[8] In the meantime, the EU has published a new set of standard data protection clauses (‘SCCs’).[9] However, it must be noted that the EU SCCs are not accepted to be valid in the UK, and may only be used for reference purposes. It is also worth noting that the UK has approved three certification schemes to assist organizations in demonstrating compliance to data protection laws.[10] Lawful Bases for Processing Basically, the lawful bases for processing in the UK regime are the same as the GDPR. Six lawful bases are set out in article 6 of the UK GDPR. To process personal data, at least one of the following lawful bases must be satisfied:[11] The data subject has given consent to the processing; The processing is necessary for the performance of a contract; The processing is necessary for compliance with a legal obligation; The processing is necessary to protect vital interests of an individual – that is, protecting an individual’s life; The processing is necessary for the performance of a public task; The processing is necessary for the purpose of legitimate interests, unless other interests or fundamental rights and freedoms override those legitimate interests. Rights & Exemptions The UK privacy regime, like the GDPR, gives data subjects certain rights. Most of the rights granted under the UK privacy regime is akin to the GDPR and can be found under the UK GDPR. Individual rights under the UK privacy regime is closely linked with its exemptions, this may be said to be a unique feature of the UK privacy regime which sets it apart from the GDPR. Under the DPA and the UK GDPR, there are certain exemptions, meaning organizations are exempted from certain obligations, most of them are associated with individual rights. For example, if data is processed for scientific or historical research purposes, or statistical purposes, organizations are exempted from provisions on the right of access, the right to rectification, the right to restrict processing and the right to object in certain circumstances.[12] Penalties The penalty for infringement of the UK GDPR is the amount specified in article 83 of the UK GDPR.[13] If an amount is not specified, the penalty is the standard maximum amount.[14] The standard maximum amount, at the time of writing, is £8,700,000 (around 10 million Euros) or 2% of the undertaking’s total annual worldwide turnover in the preceding financial year.[15] In any other case, the standard maximum amount is £8,700,000 (around 10 million Euros).[16] Conclusion The UK privacy regime closely aligns with the GDPR. However it would be too simple of a statement to say that the UK privacy regime is almost identical to the GDPR. The ICO’s unique enforcement powers exercised through a notice system is a distinct feature of the UK privacy regime. Recent legal trends show that the UK while trying to preserve its ties with the EU is gradually developing an independent privacy persona. The best example is that in regards to transfers to third countries, the UK has developed its first certification scheme and is attempting to develop its own standard data protection clauses. The UK’s transition out of the EU has certainly been interesting; however, the UK’s transformation from the EU is certainly awaited with awe. [1] Commission Implementing Decision of 28.6.2021, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom, C(2021) 4800 final,https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf.. [2] Judgment of 16 July 2020, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems, C-311/18, EU:C:2020:559, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62018CJ0311. [3] Data Protection Act 2018, §115. [4] Data Protection Act 2018, §207(1A); REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 3. [5] supra note 1. [6] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 44-50. [7] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 46-47. [8]International transfers after the UK exit from the EU Implementation Period, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/ (last visited Sep. 10, 2021). [9] Standard contractual clauses for international transfers, European Commission, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en (last visited Sep. 10, 2021). [10] ICO, New certification schemes will “raise the bar” of data protection in children’s privacy, age assurance and asset disposal, ICO, Aug. 19, 2021, https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/08/ico-approves-the-first-uk-gdpr-certification-scheme-criteria/ (last visited Sep. 10, 2021). [11] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 6(1)-(2); Lawful basis for processing, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ (last visited Sep. 10, 2021). [12] Data Protection Act 2018, sch 2, part 6, para 27. [13] id. at §157. [14] id. [15] id. [16] id.