I.Summary In 1995, the Computer-Processed Personal Data Protection Law was implemented in the Republic of China. With the constant development of information technology and the limitations in the application of the legislation, the design of the original legal system is no longer consistent with practical requirements. Considering the increasing number of incidents of personal data leaks, discussions were carried out over a long period of time and the new version of the Personal Information Protection Act was passed after three readings in April, 2010. The title of the law was changed to Personal Information Protection Act. The new system has been officially implemented since 1 October, 2012. The new Act not only revised the provisions of the law in a comprehensive way, but also significantly increased the obligations and responsibilities of enterprises. In terms of civil liability, the maximum amount of compensation for a single incident is 200 Million NTD. For domestic industries, how to effectively respond to the requirements under the Personal Information Protection Act and adopt proper corresponding measures to lower the risk has become a key task for enterprise operation. II. Main Points 1. Implementation of the Enforcement Rules of the Personal Information Protection Act Personal information protection can be said the most concerned issue in Taiwan recently. As a matter of fact, the Computer-Processed Personal Data Protection Law was established in Taiwan as early as August 1995. After more than 10 years of development, computer and information technology has evolved significantly, and many emerging business models such as E-commerce are extensively collecting personal data. It has become increasingly important to properly protect personal privacy. However, the previous Computer-Processed Personal Data Protection Law was only applicable to certain industries, i.e. the following 8 specific industries: the credit investigation business, hospital, school, telecommunication business, financial business, securities business, insurance business, and mass media. And other business was designated by the Ministry of Justice and the central government authorities in charge of concerned enterprises. In addition, the law only protected personal information that was processed by “computer or automatic equipment”. Personal information that was not computer processed was not included. There were clearly no sufficient regulations for the protection of personal data privacy and interest. There were numerous incidents of personal data leaks. Among the top 10 consumer news issued by the Consumer Protection Committee of the Executive Yuan in 2007, “incidents of personal data leaks through E-commerce and TV shopping” was on the top of the list. This provoked the Ministry of Justice and the Ministry of Economic Affairs to “jointly designate” the retail industry without physical boutique (including 3 transaction models: online shopping, catalogue shopping and TV shopping) to be governed by the Computer-Processed Personal Data Protection Law since 1 July 2010. To allow the provisions of the personal information protection legal system to meet the environment of rapid change, the Executive Yuan proposed a Draft Amendment to the Computer-Processed Personal Data Protection Law very early and changed the title to the Personal Information Protection Act. The draft was discussed many times in the Legislative Yuan. Personal Information Protection Act was finally passed after three readings in April 2010, which was officially published by the Office of the President on 26 May. Although the new law was passed in April 2010, to allow sufficient time for enterprises and the public to understand and comply the new law, the new version of the personal information protection law was not implemented on the date of publication. In accordance with Article 56 of the Act, the date of implementation was to be further established by the Executive Yuan. After discussions over a long period of time, the Executive Yuan decided for the Personal Information Protection Act to be officially implemented on 1 October 2012. However, the implementation of two articles is withheld: Article 6 of the Act about the principal prohibition against the collection, processing and use of special personal information and Article 54 about the obligation to notice the Party within one year for personal information indirectly acquired before the implementation of the new law. In terms of the personal data protection legal system, other than the most important Personal Data Protection Act, the enforcement rules established in accordance with the main law also play a key role. The previous Enforcement Rules of the Computer-Processed Personal Data Protection Law were published and implemented on 1 May, 1996. Considering that the Computer-Processed Personal Data Protection Law was amended in 2010 and that its title has been changed to the Personal Data Protection Act, the Ministry of Justice also followed the amended provisions under the new law and actively studied the Draft Amendment to the Enforcement Rules of the Computer-Processed Personal Data Protection Act. After it was confirmed that the new version of the Personal Data Protection Act would be officially launched on 1 October 2012, the Ministry of Justice announced officially the amended enforcement rules on 26 September, 2012. The title of the enforcement rules was also amended to the Enforcement Rules of the Personal Data Protection Act. The new version of personal data protection law and enforcement rules was thus officially launched, creating a brand new era for the promotion of personal data protection in Taiwan. II. Personal Data Administration System and Information Privacy Protection Charter Before the amendment to the Personal Data Protection Act was passed, the Legislative Yuan made a proposal to the government in June 2008 to promote a privacy administration and protection certification system in Taiwan, in reference to foreign practices. In August of the following year, the Strategic Review Board of the Executive Yuan passed a resolution to promote the E-Commerce Personal Data Administration and Information Security Action Plan. In December of the same year, approval was granted for the plan to be included in the key government promotion plans from 2010 to 2013. Based on this action plan, since October 2010, the Ministry of Economic Affairs has asked the Institution for Information Industry to execute an E-Commerce Personal Data Administration System Setup Plan. Since 2012, the E-Commerce Personal Data Administration System Promotion Plan and the Taiwan Personal Information Protection and Administration System (TPIPAS) have been established and promoted, with the objective of procuring enterprises to, while complying with the personal data protection legal system, properly protect consumers’ personal information through the establishment of an internal administration mechanism and ensuring that the introducing enterprises meet the requirements of the system. The issuance of the Data Privacy Protection Mark (dp.mark) was also used as an objective benchmark for consumers to judge the enterprise’s ability to maintain privacy. Regarding the introduction of the personal data administration system, enterprises should establish a content administration mechanism step by step in accordance with the Regulations for Taiwan Personal Information Protection and Administration System. Such system also serves as the review benchmark to decide whether domestic enterprises can acquire the Data Privacy Protection Mark (dp.mark). Since domestic enterprises did not have experience in establishing internal personal data administration system in the past, starting 2011, under the Taiwan Personal Information Protection and Administration System, enterprises received assistance in the training of system professionals such as Personal Data Administrators and Personal Data Internal Appraisers. Quality personal data administrators can help enterprises establish complete internal systems. Internal appraisers play the role of confirming whether the systems established by the enterprises are consistent with the system requirements. As of 2012, there are almost 100 enterprises in Taiwan that participate in the training of system staff and a total of 426 administrators and 131 internal appraisers. In terms of the introduction of TPIPAS, in additional to the establishment and introduction of administration systems by qualified administrators, enterprises can also seek assistance from external professional consulting institutions. Under the Taiwan Personal Information Protection and Administration System, applications for registration of consulting institutions became available in 2012. Qualified system consulting institutions are published on the system website. Today 9 qualified consulting institutions have completed their registrations, providing enterprises with personal data consulting services. After an enterprise completes the establishment of its internal administration system, it may file an application for certification under the Taiwan Personal Information Protection and Administration System. The certification process includes two steps: “written review” and “site review”. After the enterprise passing certification, it is qualified to use the Data Privacy Protection Mark (dp.mark). Today 7 domestic companies have passed TPIPAS certification and acquired the dp.mark: 7net, FamiPort, books.com.tw, LOTTE, GOHAPPY, PAYEASY and Sinya Digital, reinforcing the maintenance of consumer privacy information through the introduction of personal data administration system. III. Event Analysis The Taiwan Personal Information Protection and Administration System (TPIPAS) is a professional personal data administration system established based on the provisions of the latest version of the domestic Personal Data Protection Act, in reference to the latest requirements of personal data protection by international organizations and the experience of main countries in promoting personal data administration system. In accordance with the practical requirements to protect personal data by industries, TPIPAS converted professional legal conditions into an internal personal data administration procedure to effectively assist industries to establish a complete and proper personal data administration system and to comply with the requirements of personal data legislations. With the launch of the new version of the Personal Data Protection Act, introducing TPIPAS and acquiring dp.mark are the best strategies for enterprises to lower the risk from the personal data protection law and to upgrade internal personal data administration capability.

Executive Yuan roll-out The Policy of “The Free Economic Pilot Zones”1.Executive Yuan approved a Bill titled “The Free Economic Pilot Zones Special Act”The “Free Economic Demonstration Zones” (hereinafter as FEDZs) is a critical part to improve the liberalization and internationalization of the economy of Republic of China (R.O.C). By deregulation, FEDZs was conceived as trial zones. Once the results of the program were promising, it would be expanded to the entire country. In order to engage in the regional economic and trade integration, the Executive Yuan approved a Bill titled “The Free Economic Pilot Zones Special Act” (hereinafter as Bill) on April 26th, 2013.On Mar 6th, 2014, the Joint Economic, Internal Administration , and Finance Committee of the Legislation Yuan (the Congress) discussed the Bill for reports and questions. By the end of the March, 2014, the Congress will hold five public hearings. Not until the discussion of the Bill item by item and the passage in the Congress, the second stage of the FEDZ program would not be initiated. There are five main points, including the treatments on foreigners and people from mainland China, tax incentives for Taiwanese businessman, foreign professionals and foreign companies, regulations on untaxed goods and labor, regulations on industrial development, such as the agriculture and the medical, and certain new items on education and professional services.For the reason that the government considered the need of human resources to sustain the operation of the industries, the Executive Yuan is trying to promote innovative education in FEPZs. Since the education requirements for both of public and private universities are unified in local, colleges and universities were restrained and missed some great opportunities to discover their own niches in education. Hence, innovative education in FEPZs is trying to help higher education system to introduce foreign education resources and foresight concepts, and to attract more international students. The innovative educational projects within FEPZs will also facilitate the cooperations among domestic and foreign universities, and set up experimental branch campuses, colleges, degree programs or professional courses. Besides, the financial service sector is also included. Since FEDZs is an important pusher for R.O.C to move forward in regional economic integration, accordingly, the most significant liberate item for the financial industry in the FEPZs is to allow offshore banking units and offshore security units to provide financial products and service (e.g. OSU and OBU). Meanwhile, the financial industry is predicted to receive an NTD$140 billion or more in revenues over the next five year.In summary, FEPZs is regarded as a engine propelling liberalization and internationalization. To gain the international competitiveness, the government will continue to promote policies and measures. By establishing the free economic demonstration zone, it is expected to create innovative effects into the education system and to create more job opportunities.2.Legislation Yuan has reviewd “The Free Ecomonic Pilot Zones Special Act”The Republic of China (R.O.C) have been carried out “free economic” recent years, by promoting “Free Economic Pilot Zone” (hereinafter as FEPZs) to encourage every industrial and foreign investment. Besides, FEPZs will not only keep talents and technologies in R.O.C but also liberalize and internationalize our economic.The Executive Yuan had approved a Bill titled “The Free Economic Pilot Zones Special Act” (hereinafter as the Bill) on Dec. 26th, 2013. At the end of May, the Joint Economic, Internal Administration, and Finance Committee of the Legislation Yuan (the Congress) have taken five public hearings for the Bill, and amended the Bill according to the advices proposed by specialists. Not until the deliberation of the Bill item by item and its passage in the Congress, the second stage of the FEDZ program would not be initiated. There are five main points, including the treatments on foreigners, tax incentives for R.O.C businessman, foreign professionals and foreign companies, regulations on untaxed goods and labor, regulations on industrial development, such as the agriculture and the medical service, and certain new items on education and professional services.The government considers that there have to be enough human resource to sustain the opened industries, so Executive Yuan is trying to promote innovative education in FEPZs. The core concept of FEPZs is foresight, liberalization and internationalization, the premier said, and the higher education systems belong to high-end service and have much more marketability and variability compared to other education systems. Through innovative and efficient way to manage the school could let University being much more liberalized. Furthermore, the higher education systems in R.O.C. have to connect with international education to avoid being marginalized. Our first stage of education innovation will promote to set up “degree programs” and “professional courses”. The first phase for the Ministry of Education is going to found “degree programs” or “professional courses” through collaboration way. The Ministry of Education will also draw up related regulations or guidance on standards for school cooperation, co-regulation, setup conditions, supervision, enrolling new student, and recruiting staff.? Once the Bills pass, The Ministry of Education plans to establish “branch school” and “independence campus” helping R.O.C. higher education goes internationalized.On the other hand, Our medical service also has strong international competitiveness. R.O.C is engage in developing international medical and health industry. The premier said, the Ministry of Health and Welfare have proposed some measures, such as limitation to the number of medical centre, medical personnel working hours, and NHI is not allow to use in the zones.The premier added, on the extemporaneous sittings, “The Free Economic Pilot Zones Special Act” will be the priority bills and be deliberated in the end of June By establishing the free economic demonstration zone, it is expected to propel R.O.C take part in Trans-Pacific Partnership (TPP) and the Regional Comprehensive Economic Partnership (RCEP).3.Executive Yuan’s rapid roll-out of “The Free Economic Pilot Zones”, and has published a report concerning the legal and economic implications of its the BillThe “Free Economic Pilot Zones” (hereinafter as FEPZs) plays a pivotal role in promoting market liberalization, especially at an international level. Premier of the Executive Yuan, Mr. Jiang Yi-Hua has stated that the “market economy” and “innovation economy” allows for tremendous economic prosperity to be embraced by the Republic of China (hereinafter as R.O.C). The seizing of such opportunity has been the goal of government efforts, which can be attested by the recent proposal of the “The Free Economic Pilot Zones Special Act” (hereinafter as the Bill), currently undergoing review and consultation proceedings. The Premier further stressed that the national economy should not be left excluded from international commerce, on the other hand, it is imperative that closer economic bonds with other nations are forged, therefore allowing itself open up to wider scope of opportunities for growth. The key in rendering this possible is through the enactment of laws. At a time, when Trans-Pacific nations, including the United States of America, Japan and countries from Southeast Asia, are working towards regional economic cooperation, if R.O.C. is to be left out, it is feared that its position in the global market would further be marginalized.The core innovative strengths of the FEPZs include “Smart Logistics”, “International healthcare services”, “Value added agriculture”, “Financial Services”, “Education Innovation”, all of which are implemented by employing R.O.C.’s finest workforce, knowledge, information and communications technology (ICT), geographical position and cross-strait relationship advantages, leading way for an advantageous basis for pioneering economic development. The first stage of development will be based on 6 locations proximal to the sea (including Keelung Port, Taipei Port, Kaohsiung Port, Suao Harbor, Anping Port, Taichung Port) and Taoyuan Aerotropolis and Pingtung Agricultural Biotech Park. The second stage of development would only commence after the Bill have been approved by the legislative Yuan, which would attract much capital investment, hence boosting high employment rates. Presently, besides the aforementioned regions opened up for the FEPZs, other cities and industrial sites (including those from offshore islands), are striving to gain membership of the FEPZs, or applying for empirical research of the FEPZs.The Executive Yuan has published a report concerning the legal and economic implications of its the Bill on May 2014. The report largely consists of assessments made by varying governing bodies, such as Ministry of Home Affairs, Financial Supervisory Commission etc., on the implications of the draft concerning real estate, employment, fiscal income, logistics, conditions for medical care, agriculture, higher education, social environment and social wealth redistribution etc.Furthermore, international attention has been closely centered on the progress of FEPZs. During the “The third review of the trade policies and practices of Chinese Taipei” after R.O.C accession to the World Trade Organization (WTO) held on the 17th of September 2014 in Geneva, each member state has demonstrated expectations arising out of the direction and planning undertaken for the FEPZs. National economic and international commercial reforms are under way and have seen much progress in further promoting the overall strength of the economic system, in an effort to respond to the rapid global political and economic developments, for example, through the signing of Economic Cooperation Framework Agreement (ECFA), and the implementation of FEPZs policies. In the future, it will be expected that R.O.C. will strive for a more integral international commercial system, allowing much capital investment inflows as well as the cultivating of high-caliber human resources.To promote more liberal and internationalized development of Taiwan economy, government of Republic of China (R.O.C) approved the “Free Economic Pilot Zone (FEPZ) Plan,” which the Bill is currently censored in Legislation Yuan and the measures would be implemented in two phases. The first phase of FEPZs would be initiated within six free trade ports, Taoyuan airport free trade zone, and Pingtung Agricultural Biotechnology Park; other industries that match up with the idea of liberalization, internationalization and foresight can all be incorporated into FEPZ through continuing examination under Execution Yuan. After this special legislation is passed, the set-ups of demonstration zones can be applied by authorities either of central or of local government and the related promotion works of the second phase will be unfolded immediately.Heading to the target of becoming Kin-Xiao (Kinmen and Xiaomen) Free Trade Zone, Kinmen government planned to apply to be one of the FEPZs and thus cooperated with Taiwan Institute of Economic Research (TIER) on December 11, for a commissioned research (which was later released on the conference of accelerating Kin-Xia FTZ on December 19) on evaluating if Kinmen is qualified for an application of FEPZs. Kinmen’s critical location and the featured industries have composed a perfect environment complying with the ideas such as value-added agriculture, international healthcare and innovative education for FEPZ. For instance, the white liquor industry in Kinmen represents the international management and promotion of agricultural products, and is the best example for value-added agriculture. “Long-term Healthcare Village in Kinmen,” which is currently developing in Kinmen, would also be a drive for international healthcare industry. Based on the Taiwan-featured culture, “International Education City” could be developed with a liberal and innovative atmosphere, which would attract famous schools in world to set up their branch school in Kinmen. Above all, Kinmen County vice Mayor, Wu Yo-Chin, indicated that Kinmen would be the first choice for FEPZ and would hold the key to open a new gate for the Cross-Strait. The vice Mayor emphasized that Kinmen government has well budgeting and financial management, which needn’t the extra aids from central government, yet Kinmen was excluded in the first phase of FEPZs. Although Kinmen would apply to be a FEPZ in the second phase after the special legislation passed, Kinmen still strived for taking part in the first phase of FEPZs due to the uncertain schedule for implementation of regulations on FEPZs.National Development Council (NDC), however, gave an opinion on issue of Kinmen applying to be in the first phase of FEPZs, which declared again the original plan for the first phase only included six free trade ports, Taoyuan airport free trade zone, and Pingtung Agricultural Biotechnology Park. NDC also suggested Kinmen could still follow after the first phase and apply to be a FEPZ in the second phase.

Taiwan Government Lauched the “Biotechnology Action Plan” The Taiwan Government has planned to boost the support and develop local industries across the following six major sectors: biotechnology, tourism, health care, green energy, innovative culture and post-modern agriculture. As the biotechnology industry has reached its maturity by the promulgation of "Biotech and New Pharmaceutical Development Act" in July, 2007, it will be the first to take the lead among the above sectors. Thus, the Executive Yuan has launched the Biotechnology Action Plan as the first project in building the leading industry sectors, to upgrade local industries and stimulate future economic growth. Taiwan Government Planed to Promote the Biotechnology and Other newly Industries by Investing Two Hundred Billion To expand every industrial scale, enhance industrial value, increase the value around the main industrial field, and to encourage the industrial development by government investments for creating the civil working opportunities to reach the goal of continuous economic development, the Executive Yuan Economic Establishment commission has expressed that, the government has selected six newly industrials including "Biotechnology", "Green Energy", "Refined Agriculture", "Tourism", "Medicare", and "Culture Originality" on November 19, 2009 to promote our national economic growth. The government will invest two hundred billion NT dollars to support the industrial development aggressively and to enhance the social investments from year 2009 to 2012. According to a Chung-Hua Institution for Economic Research report, the future growth rate will reach 8.16% after the evaluation, Hence, the future of the industries seems to be quite bright. Currently, the government plans to put money into six newly industries through the existing ways for investment. For instance, firstly, in accordance with the "Act For The Development Of Biotech And New Pharmaceuticals Industry" article 5 provision 1 ",for the purpose of promoting the Biotech and New Pharmaceuticals Industry, a Biotech and New Pharmaceuticals Company may, for a period of five years from the time it is subject to corporate income tax, enjoy a reduction in its corporate income tax payable for up to thirty-five percent (35%) of the total funds invested in research and development ("R&D") and personnel training each year; provided, however, that if the R&D expenditure of a particular year exceeds the average R&D expenditure of the previous two years or if the personnel training expenditure of a particular year exceeds the average personnel training expenditure of the previous two years, fifty percent (50%) of the amount in excess of the average may be used to credit against the amount of corporate income tax payable. Secondly, according to same act of the article 6 provision 1 ", in order to encourage the establishment or expansion of Bio tech and New Pharmaceuticals Companies, a profit-seeking enterprise that (i) subscribes for the stock issued by a Biotech and New Pharmaceuticals Company at the time of the latter's establishment or subsequent expansion; and (ii) has been a registered shareholder of the Biotech and New Pharmaceuticals Company for a period of three (3) years or more, may, for a period of five years from the time it is subject to corporate income tax, enjoy a reduction in its corporate income tax payable for up to twenty percent (20%) of the total amount of price paid for the subscription of shares in such Biotech and New Pharmaceuticals Company; provided that such Biotech and New Pharmaceuticals Company has not applied for exemption from corporate income tax or shareholders investment credit based on the subscription price under other applicable laws and regulations. Thirdly, to promote the entire biotechnological industry development, the government has drafted the "Biotechnology Takeoff Package" for subsidizing the startup´s social investment companies which can satisfy the conditions to invest in "Drug discovery", "Medical Device" or other related biotech industries up to 5 billion with the capital invest in domestic industry over 50%, , with operating experience of multinational biotech investment companies with capital over 150 million in related industrial fields, and with the working experiences of doctor accumulated up to 60 years. Additionally, the refined agriculture industry field has not only discovered the gene selected products, but also combined the tourism with farming business for new business model creation. According to the "Guidelines for Preferential Loans for the Upgrading of Tourism Enterprises" point 4 provision 1, the expenditure for spending on machine, instruments, land or repairing can be granted a preferential loan in accordance with the rule of point 6, and government will provide a subsidy of interest for loaning Tourism Enterprises with timely payments. At last, Council for Economic Planning and Development also points out because most of technology industry has been impacted seriously by fluctuation of international prosperity due to conducting the export trade oriented strategy. Furthermore, the aspects of our export trade of technology industry have been impacted by the U.S. financial crisis and the economic decay in EU and US; and the industrial development seems to face the problem caused by over centralization in Taiwan. Hence, the current framework of domestic industry should be rearranged and to make it better by promoting the developmental project of six newly industries. Taiwan Government Had Modifies Rules to Accelerate NDA Process and Facilitate Development of Clinical Studies in Taiwan In July 2007, the "Biotech and New Pharmaceutical Development Act" modified many regulations related to pharmaceutical administration, taxes, and professionals in Taiwan. In addition, in order to facilitate the development of the biotechnology and pharmaceutical industries, the government has attempted to create a friendly environment for research and development by setting up appropriate regulations and application systems. These measures show that the Taiwanese government is keenly aware that these industries have huge potential value. To operate in coordination with the above Act and to better deal with the increasing productivity of pharmaceutical R&D programs in Taiwan, the Executive Yuan simplified the New Drug Application (NDA) process to facilitate the submission that required Certificate of Pharmaceutical Product (CPP) for drugs with new ingredients. The current NDA process requires sponsors to submit documentation as specified by one of the following four options: (1) three CPPs from three of "ten medically-advanced countries," including Germany, the U.S., England, France, Japan, Switzerland, Canada, Australia, Belgium, and Sweden; (2) one CPP from the U.S., Japan, Canada, Australia, or England and one CPP from Germany, France, Switzerland, Sweden, or Belgium; (3) a Free Sale Certificate (FSC) from one of ten medically-advanced countries where the pharmaceuticals are originally produced and one CPP from one of the other nine countries; or (4) a CPP from the European Medicines Agency. Thus, the current NDA process requires sponsors to spend inordinate amounts of time and incur significant costs to acquire two or three FSCs or CPPs from ten medically-advanced countries in order to submit an NDA in Taiwan. According to the new rules, sponsors will not have to submit above CPPs if (1) Phase I clinical studies have been conducted in Taiwan, and Phase III Pivotal Trial clinical studies have been simultaneously conducted both in Taiwan and in another country or (2) Phase II and Phase III Pivotal Trial clinical studies have been simultaneously conducted both in Taiwan and in another country. Besides, the required minimum numbers of patients were evaluated during each above phase. Therefore, sponsors who conduct clinical studies in Taiwan and in another country simultaneously could reduce their costs and shorten the NDA process in Taiwan. The new rules aim to encourage international pharmaceutical companies to conduct clinical studies in Taiwan or to conduct such studies cooperatively with Taiwanese pharmaceutical companies. Such interactions will allow Taiwanese pharmaceutical companies to participate in development and implementation of international clinical studies in addition to benefiting from the shortened NDA process. Therefore, the R&D abilities and the internationalization of the Taiwanese pharmaceutical industry will be improved.

Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022 2022/11/24 I.Introduction 　　In 2012, the Taiwan Human Rights Promotion Association and other civil groups believe that the National Health Insurance Administration released the national health insurance database and other health insurance data for scholars to do research without consent, which may be unconstitutional and petitioned for constitutional interpretation. 　　Taiwan Human Rights Promotion Association believes that the state collects, processes, and utilizes personal data on a large scale with the "Personal Data Protection Law", but does not set up another law of conduct to control the exercise of state power, which has violated the principle of legal retention; the data is provided to third-party academic research for use, and the parties involved later Excessive restrictions on the right to withdraw go against the principle of proportionality. 　　The claimant criticized that depriving citizens of their prior consent and post-control rights to medical data is like forcing all citizens to unconditionally contribute data for use outside the purpose before they can use health insurance. The personal data law was originally established to "avoid the infringement of personality rights and promote the rational use of data", but in the insufficient and outdated design of the regulations, it cannot protect the privacy of citizens' information from infringement, and it is easy to open the door to the use of data for other purposes. 　　In addition, even if the health insurance data is de-identified, it is still "individual data" that can distinguish individuals, not "overall data." Health insurance data can be connected with other data of the Ministry of Health and Welfare, such as: physical and mental disability files, sexual assault notification files, etc., and you can also apply for bringing in external data or connecting with other agency data. Although Taiwan prohibits the export of original data, the risk of re-identification may also increase as the number of sources and types of data concatenated increases, as well as unspecified research purposes. 　　The constitutional court of Taiwan has made its judgment on the constitutionality of the personal data usage of National Health Insurance research database. The judgment, released on August 12, 2022, states that Article 6 of Personal Data Protection Act(PDPA), which asks“data pertaining to a natural person's medical records, healthcare, genetics, sex life, physical examination and criminal records shall not be collected, processed or used unless where it is necessary for statistics gathering or academic research by a government agency or an academic institution for the purpose of healthcare, public health, or crime prevention, provided that such data, as processed by the data provider or as disclosed by the data collector, may not lead to the identification of a specific data subject”does not violate Intelligible principle and Principle of proportionality. Therefore, PDPA does not invade people’s right to privacy and remains constitutional. 　　However, the judgment finds the absence of independent supervisory authority responsible for ensuring Taiwan institutions and bodies comply with data protection law, can be unconstitutional, putting personal data protection system on the borderline to failure. Accordingly, laws and regulations must be amended to protect people’s information privacy guaranteed by Article 22 of Constitution of the Republic of China (Taiwan). 　　In addition, the judgment also states it is unconstitutional that Articles 79 and 80 of National Health Insurance Law and other relevant laws lack clear provisions in terms of store, process, external transmission of Personal health insurance data held by Central Health Insurance Administration of the Ministry of Health and Welfare. 　　Finally, the Central Health Insurance Administration of the Ministry of Health and Welfare provides public agencies or academic research institutions with personal health insurance data for use outside the original purpose of collection. According to the overall observation of the relevant regulations, there is no relevant provision that the parties can request to “opt-out”; within this scope, it violates the intention of Article 22 of the Constitution to protect people's right to information privacy. II.Independent supervisory authority 　　According to Article 3 of Central Regulations and Standards Act, government agencies can be divided into independent agencies that can independently exercise their powers and operate autonomously, and non- independent agencies that must obey orders from their superiors. In Taiwan, the so-called "dedicated agency"(專責機關) does not fall into any type of agency defined by the Central Regulations and Standards Act. Dedicated agency should be interpreted as an agency that is responsible for a specific business and here is no other agency to share the business. 　　The European Union requires member states to set up independent regulatory agencies (refer to Articles 51 and 52 of General Data Protection Regulation (GDPR)). In General Data Protection Regulation and the adequacy reference guidelines, the specific requirements for personal data supervisory agencies are as follows: the country concerned should have one or more independent supervisory agencies; they should perform their duties completely independently and cannot seek or accept instructions; the supervisory agencies should have necessary and practicable powers, including the power of investigation; it should be considered whether its staff and budget can effectively assist its implementation. Therefore, in order to pass the EU's adequacy certification and implement the protection of people's privacy and information autonomy, major countries have set up independent supervisory agencies for personal data protection based on the GDPR standards. 　　According to this research, most countries have 5 to 10 commissioners that independently exercise their powers to supervise data exchange and personal data protection. In order to implement the powers and avoid unnecessary conflicts of interests among personnel, most of the commissioners are full-time professionals. Article 3 of Basic Code Governing Central Administrative Agencies Organizations defines independent agency as "A commission-type collegial organization that exercises its powers and functions independently without the supervision of other agencies, and operates autonomously unless otherwise stipulated." It is similar to Japan, South Korea, and the United States. III.Right to Opt-out 　　The judgment pointed out that the parties still have the right to control afterwards the personal information that is allowed to be collected, processed and used without the consent of the parties or that meets certain requirements. Although Article 11 of PDPA provides for certain parties to exercise the right to control afterwards, it does not cover all situations in which personal data is used, such as: legally collecting, processing or using correct personal data, and its specific purpose has not disappeared, In the event that the time limit has not yet expired, so the information autonomy of the party cannot be fully protected, the subject, cause, procedure, effect, etc. of the request for suspension of use should be clearly stipulated in the revised law, and exceptions are not allowed. 　　The United Kingdom is of great reference. In 2017, after the British Information Commissioner's Office (ICO) determined that the data sharing agreement between Google's artificial intelligence DeepMind and the British National Health Service (NHS) violated the British data protection law, the British Department of Health and Social Care proposed National data opt-out Directive in May, 2018. British health and social care-related institutions may refer to the National Data Opt-out Operational Policy Guidance Document published by the National Health Service in October to plan the mechanism for exercising patient's opt-out right. The guidance document mainly explains the overall policy on the exercise of the right to opt-out, as well as the specific implementation of suggested practices, such as opt-out response measures, methods of exercising the opt-out right, etc. 　　National Data Opt-out Operational Policy Guidance Document also includes exceptions and restrictions on the right to opt-out. The Document stipulates that exceptions may limit the right to Opt-out, including: the sharing of patient data, if it is based on the consent of the parties (consent), the prevention and control of infectious diseases (communicable disease and risks to public health), major public interests (overriding) Public interest), statutory obligations, or cooperation with judicial investigations (information required by law or court order), health and social care-related institutions may exceptionally restrict the exercise of the patient's right to withdraw. 　　What needs to be distinguished from the situation in Taiwan is that when the UK first collected public information and entered it into the NHS database, there was already a law authorizing the NHS to search and use personal information of the public. The right to choose to enter or not for the first time; and after their personal data has entered the NHS database, the law gives the public the right to opt-out. Therefore, the UK has given the public two opportunities to choose through the enactment of special laws to protect public's right to information autonomy. 　　At present, the secondary use of data in the health insurance database does not have a complete legal basis in Taiwan. At the beginning, the data was automatically sent in without asking for everyone’s consent, and there was no way to withdraw when it was used for other purposes, therefore it was s unconstitutional. Hence, in addition to thinking about what kind of provisions to add to the PDPA as a condition for "exception and non-request for cessation of use", whether to formulate a special law on secondary use is also worthy of consideration by the Taiwan government. IV.De-identification 　　According to the relevant regulations of PDPA, there is no definition of "de-identification", resulting in a conceptual gap in the connotation. In other words, what angle or standard should be used to judge that the processed data has reached the point where it is impossible to identify a specific person. In judicial practice, it has been pointed out that for "data recipients", if the data has been de-identified, the data will no longer be regulated by PDPA due to the loss of personal attributes, and it is even further believed that de-identification is not necessary. 　　However, the Judgment No. 13 of Constitutional Court, pointed out that through de-identification measures, ordinary people cannot identify a specific party without using additional information, which can be regarded as personal data of de-identification data. Therefore, the judge did not give an objective standard for de-identification, but believed that the purpose of data utilization and the risk of re-identification should be measured on a case-by-case basis, and a strict review of the constitutional principle of proportionality should be carried out. So far, it should be considered that the interpretation of the de-identification standard has been roughly finalized. V.Conclusions 　　The judge first explained that if personal information is processed, the type and nature of the data can still be objectively restored to indirectly identify the parties, no matter how simple or difficult the restoration process is, if the data is restored in a specific way, the parties can still be identified. personal information. Therefore, the independent control rights of the parties to such data are still protected by Article 22 of the Constitution. 　　Conversely, when the processed data objectively has no possibility to restore the identification of individuals, it loses the essence of personal data, and the parties concerned are no longer protected by Article 22 of the Constitution. 　　Based on this, the judge declared that according to Article 6, Item 1, Proviso, Clause 4 of the PDPA, the health insurance database has been processed so that the specific party cannot be identified, and it is used by public agencies or academic research institutions for medical and health purposes. Doing necessary statistical or academic research complies with the principles of legal clarity and proportionality, and does not violate the Constitution. 　　However, the judge believes that the current personal data law or other relevant regulations still lack an independent supervision mechanism for personal data protection, and the protection of personal information privacy is insufficient. In addition, important matters such as personal health insurance data can be stored, processed, and transmitted externally by the National Health Insurance Administration in a database; the subject, purpose, requirements, scope, and method of providing external use; and organizational and procedural supervision and protection mechanisms, etc. Articles 79 and 80 of the Health Insurance Law and other relevant laws lack clear provisions, so they are determined to be unconstitutional. 　　In the end, the judge found that the relevant laws and regulations lacked the provisions that the parties can request to stop using the data, whether it is the right of the parties to request to stop, or the procedures to be followed to stop the use, there is no relevant clear text, obviously the protection of information privacy is insufficient. Therefore, regarding unconstitutional issues, the Constitutional Court ordered the relevant agencies to amend the Health Insurance Law and related laws within 3 years, or formulate specific laws.