Research on Taiwan’s Policies of Innovative Industry Development in Recent Years (2015-2016)

Research on Taiwan’s Policies of Innovative Industry Development in Recent Years (2015-2016)

1. “Five plus Two” Innovative Industries Policy
  On June 15, 2016, Premier Lin Chuan met with a group of prominent business leaders to talk about a government project on five innovative industries, which aim to drive the next generation of businesses in R.O.C.. Subsequently the program was expanded to include “new agriculture” and the “circular economy” as the “+2.” The program was then broadened even further to include the Digital Economy and Cultural Innovation, with even Semiconductors and IC Design included, although the name of the policy remains 5+2. Speaking at the Third Wednesday Club in Taipei, Premier Lin said the industries require more investment to drive the next generation of industry growth momentum in R.O.C., create high-quality jobs, and upgrade the industrial competitiveness. Executive Yuan has selected the five innovative industries of Asia Silicon Valley, smart machinery, green energy, biotech & pharmaceutical industry, and national defense, which will be the core for pushing forward the next-generation industrial growth and improve overall environment by creating a cluster effect that links local and global industries, while simultaneously raising wages and stimulating employment.
  Premier Lin said, regarding industrial competitiveness and investment issues the lackluster economy has stifled investment opportunities, and with limited government budgets, the private sector must play the larger role in investments. Regarding the “Five major Innovative Industries” project, Premier Lin said the National Development Council is currently drafting long-term plan to attract talent, create a thriving working environment, and infuse companies with more innovation, entrepreneurship and young workers. In addition, R.O.C. must also cultivate a strong software industry, without which it would be difficult to build a highly intelligent infrastructure.
  The National Development Council said the program possess both the capacity of domestic demand and local characteristics, as the core for pushing forward the next-generation industrial growth. The government aims to promote a seamless synergy of investment, technology, and the talent, in order to develop innovative industrial clusters for furthering global linkage and nurturing international enterprises. In the meantime, the government also aims at achieving the enhancement of technology levels, balanced regional development, as well as realizing the benefits of job creation.

 2. The Asia Silicon Valley Development Plan
  In September 2016 the government approved the Asia Silicon Valley Development Plan, which connect Taiwan to global tech clusters and create new industries for the next generation. By harnessing advanced technological research and development results from around the world, the plan hopes to promote innovation and R&D for devices and applications of the internet of things (IoT), and upgrade Taiwan’s startup and entrepreneurship ecosystem.
  The four implementation strategies are as follows:
  (1) Building a comprehensive ecosystem to support innovation and entrepreneurship
  (2) Connect with international research and development capabilities
  (3) Create an IoT value chain
  (4) Construct diversified test beds for smart products and services by establishing a quality internet environment
  Taiwan’s first wave of industrial development was driven by continuous technological innovation, and the wave that followed saw the information industry become a major source of economic growth.

3. Global Hub for Smart Machinery
  On July 21, 2016, Premier Lin Chuan said at a Cabinet meeting, the government aims to forge Taiwan into a global manufacturing hub for intelligent machinery and high-end equipment parts. Upgrading from precision machinery to intelligent machinery is the main goal of putting intelligent machinery industry into focal execution area expecting to create jobs and to maximize the production of production line as well as to forge central Taiwan into a global manufacturing hub for smart machinery. The Ministry of Economic draws up the Intelligent Machinery Promotion Program to establish the applications of the technology and capacity of services that fit the demand of the market. The program embodies two parts. The first is to accelerate the industrialization of intelligent machinery for building an ecosystem. The second is to improve intelligentization by means of introducing the intelligent machinery into the industries.
  The execution policy of the Intelligent Machinery Promotion Program is to integrate the intelligent functions such as malfunctions predictions, accuracy compensation, and automatic parameter setting into the machinery industry so as to have the ability to render the whole solutions to the problem. Simultaneously, the program employs three strategies, which are connecting with the local industries, connecting with the future, and connecting with the world, to develop the mentioned vision and objectives. Especially, the way to execute the strategy of connecting with the local industries consists of integrating the capabilities of industry, research organization and the government. At the meantime, the government will encourage the applications of smart vehicles and unmanned aerial vehicles and train the talents as well. The thinking of connecting with the future lies in the goal of deepening the technologies, establishing systematic solutions, and providing a testing areas, which focus on the related applications such as aerospace, advanced semiconductor, smart transportation, green vehicles, energy industry, whole solutions between factories, intelligent man-machine coordination, and robots of machine vision combined with intelligent machinery applications. The government would strengthen the cross-cutting cooperation to develop machines for aerospace and integrate the system of industrial division to form a cluster in order to create Taiwanese IoT technology. Eventually, Taiwan will be able to connect with the world, enhance international cooperation, expand export trade and push industry moving toward the age of information and digital economy and break the edge of industry technology to make the industry feel the goodwill of the government.

4. Green energy innovations
  The government’s “five plus two” innovative industries program includes a green energy industrial innovation plan passed October 27, 2016 that will focus on Taiwan’s green needs, spur extensive investments from within and outside the country, and increase quality employment opportunities while supporting the growth of green energy technologies and businesses.
  The government is developing the Shalun Green Energy Science City. The hub’s core in Shalun will house a green energy technology research center as well as a demo site, providing facilities to develop research and development (R&D) capabilities and conduct the requisite certification and demonstration procedures. The joint research center for green energy technologies will integrate the efforts of domestic academic institutions, research institutes, state-run enterprises and industry to develop green energy technologies, focusing on four major functions: creating, conserving and storing energy, as well as system integration. Development strategies include systems integration and finding better ways to conserve, generate and store energy by promoting green energy infrastructure, expanding renewable energy capabilities and cooperating with large international firms.
  The emergence of the green economy has prompted the government to build infrastructure that will lay the foundation for Taiwan’s green energy sector, transform the nation into a nuclear-free society, and spur industrial innovation. For innovative technology industries, green energy industries can drive domestic economic development by attracting more venture capital and creating more employment opportunities.

5. Biomedical Industry Innovation Program
  To facilitate development of Taiwan’s biomedical industry, the government proposed a “biomedical industrial innovation promotion program” on November 10, 2016 to serve as the nation’s new blueprint for innovative biomedical research and development (R&D). To facilitate development of the biomedical industry, the government proposed a “biomedical industrial innovation promotion program”. The program centered on the theme of “local, global and future links,” “the biomedical industrial innovation promotion program” includes four action plans:
  (1) Build a comprehensive ecosystem
  To address a rapidly ageing global population, Taiwan will enhance the biomedical industry’s capacity for innovation by focusing on talent, capital, topic selection, intellectual property, laws and regulations, and resources.
  (2) Integrate innovative business clusters
  Established by the Ministry of Science and Technology and based in Hsinchu Biomedical Science Park, the center will serve as a government think tank on related issues. It is also tasked with initiating and advancing exchanges among local and foreign experts, overseeing project implementation, promoting investment and recruiting talents. Equally important, it will play a central role in integrating resources from other biomedical industry clusters around the country, including Nangang Software Park in Taipei City, Central Taiwan Science Park in Taichung City and Southern Science Park in Tainan City.
  (3) Connect global market resources
  Building on Taiwan’s advantages, promote M&A and strategic alliances, and employ buyout funds and syndicated loans to purchase high-potential small and medium-sized international pharmaceutical companies, medical supply companies, distributors and service providers. Use modern mosquito-borne disease control strategies as the foundation of diplomatic cooperation, and promote the development of Taiwan’s public health care and medical services in Southeast Asian countries.
  (4) Promote specialized key industries
  Promote niche precision medical services, foster clusters of world-class specialty clinics, and develop industries in the health and wellness sectors.

6. DIGITAL NATION AND INNOVATIVE ECONOMIC DEVELOPMENT PLAN
   On November 24, 2016, the Executive Yuan promote the Digital Nation and Innovative Economic Development Plan (2017-2025) (DIGI+ program), the plan’s main goals for 2025 are to grow R.O.C.’s digital economy to NT $ 6.5 trillion (US$205.9 billion), increase the digital lifestyle services penetration rate to 80 percent, speed up broadband connections to 2 Gbps, ensure citizens’ basic rights to have 25 Mbps broadband access, and put R.O.C. among the top 10 information technology nations worldwide.
   In addition to the industrial economy, the program can jump off bottlenecks in the past industrial development, and promote the current Internet of things, intelligent machinery, green energy, medical care and other key national industries, but also attaches great importance to strengthening the digital infrastructure construction, the development of equal active, as well as the creation of a service-oriented digital government. It is also hoped that through the construction of a sustainable and intelligent urban and rural area, the quality of life will be improved and the people will enjoy a wealthy and healthy life. Over the next 8 years, the government will spend more than NT $ 150 billion.
  The plan contains several important development strategies: DIGI+Infrastructure: Build infrastructure conducive to digital innovation. DIGI+Talent: Cultivate digital innovation talent. DIGI+Industry: Support cross-industry transformation through digital innovation. DIGI+Rights: Make R.O.C. an advanced society that respects digital rights and supports open online communities. DIGI+Cities: Build smart cities through cooperation among central and local governments and the industrial, academic and research sectors. DIGI+Globalization: Boost R.O.C.’s standing in the global digital service economy.
  The program aims to build a favorable environment for digital innovation and to create a friendly legal environment to complete the draft amendments to the Digital Communications Law and the Telecommunications Act as soon as possible, foster cross-domain digital talents and develop advanced digital technologies, To create a digital economy, digital government, network society, smart urban and rural and other national innovation ecological environment in order to achieve "the development of active network society, promote high value innovation economy, open up rich countries of the policy vision.

   In order to achieve the overall effectiveness of the DIGI + program, interdisciplinary, inter-ministerial, inter-departmental and inter-departmental efforts will be required to collaborate with the newly launched Digital National Innovation Economy (DIGI +) Promotion Team.

7. “NEW AGRICULTURE” PROMOTION PROJECT
   At a Cabinet meeting On December 08, 2016, Premier Lin Chuan underscored the importance of a new agricultural paradigm for Taiwan’s economic development, adding that new agriculture is an integral part of the “five plus two” industrial innovation projects proposed by President Tsai Ing-wen. The “new agriculture” promotion project uses innovation technology to bring value to agricultural, and build new agricultural paradigm, agricultural safety systems and promote agricultural marketing. This project also takes resources recycling and environmental sustainability into consideration to promote agricultural transformation, and build a robust new agricultural system.
  This agricultural project is expected to increase food self-sufficiency rate to 40%, level up agricultural industry value by NT$43.4 billion, create 370,000 jobs and increase portion of total agricultural exports to new overseas markets to 57% by 2020.
  This project contains three aspects:
  First is “building new agricultural paradigm”: to protect farmers, agricultural development and ensure sustainability of the environment.
  Second is “building agricultural safety systems”: Ensuring product safety and quality, and building a certification system which can be trust by the consumers and is consistent with international standards.
  Last but not least is “leveling up agricultural marketing and promotions”: enhancing promotion, making the agricultural industry become profitable and sustainable.
  Council of Agriculture’s initiatives also proposed 10 policies to leverage agricultural industry, not only just use the passive subsidies measure of the past. These policies including promoting environmentally friendly farming practices; giving farmers that are beneficial(green) to the land payments; stabilizing farmers’ incomes; increasing the competitiveness of the livestock and poultry industries; using agricultural resources sustainably; ensuring the safety of agricultural products; developing technological innovation; leveling up food security; increasing diversification of domestic and external marketing channels; and increasing agriculture industry added value.
   In this statutes report, Council of Agriculture said this project will accelerate reforms, create new agricultural models and safety systems, but also build a new sustainable paradigm of agricultural. Premier Lin Chuan also backed this “five plus two innovative industries” program and “new agriculture” project, and asked Council of Agriculture to reviewing the possible legal changes or amendment that may help to enhance the transformation of agricultural sector.

※Research on Taiwan’s Policies of Innovative Industry Development in Recent Years (2015-2016),STLI, https://stli.iii.org.tw/en/article-detail.aspx?no=105&tp=2&i=168&d=7857 (Date:2023/12/06)
Quote this paper
You may be interested
Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022

Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022 2022/11/24 I.Introduction   In 2012, the Taiwan Human Rights Promotion Association and other civil groups believe that the National Health Insurance Administration released the national health insurance database and other health insurance data for scholars to do research without consent, which may be unconstitutional and petitioned for constitutional interpretation.   Taiwan Human Rights Promotion Association believes that the state collects, processes, and utilizes personal data on a large scale with the "Personal Data Protection Law", but does not set up another law of conduct to control the exercise of state power, which has violated the principle of legal retention; the data is provided to third-party academic research for use, and the parties involved later Excessive restrictions on the right to withdraw go against the principle of proportionality.   The claimant criticized that depriving citizens of their prior consent and post-control rights to medical data is like forcing all citizens to unconditionally contribute data for use outside the purpose before they can use health insurance. The personal data law was originally established to "avoid the infringement of personality rights and promote the rational use of data", but in the insufficient and outdated design of the regulations, it cannot protect the privacy of citizens' information from infringement, and it is easy to open the door to the use of data for other purposes.   In addition, even if the health insurance data is de-identified, it is still "individual data" that can distinguish individuals, not "overall data." Health insurance data can be connected with other data of the Ministry of Health and Welfare, such as: physical and mental disability files, sexual assault notification files, etc., and you can also apply for bringing in external data or connecting with other agency data. Although Taiwan prohibits the export of original data, the risk of re-identification may also increase as the number of sources and types of data concatenated increases, as well as unspecified research purposes.   The constitutional court of Taiwan has made its judgment on the constitutionality of the personal data usage of National Health Insurance research database. The judgment, released on August 12, 2022, states that Article 6 of Personal Data Protection Act(PDPA), which asks“data pertaining to a natural person's medical records, healthcare, genetics, sex life, physical examination and criminal records shall not be collected, processed or used unless where it is necessary for statistics gathering or academic research by a government agency or an academic institution for the purpose of healthcare, public health, or crime prevention, provided that such data, as processed by the data provider or as disclosed by the data collector, may not lead to the identification of a specific data subject”does not violate Intelligible principle and Principle of proportionality. Therefore, PDPA does not invade people’s right to privacy and remains constitutional.   However, the judgment finds the absence of independent supervisory authority responsible for ensuring Taiwan institutions and bodies comply with data protection law, can be unconstitutional, putting personal data protection system on the borderline to failure. Accordingly, laws and regulations must be amended to protect people’s information privacy guaranteed by Article 22 of Constitution of the Republic of China (Taiwan).   In addition, the judgment also states it is unconstitutional that Articles 79 and 80 of National Health Insurance Law and other relevant laws lack clear provisions in terms of store, process, external transmission of Personal health insurance data held by Central Health Insurance Administration of the Ministry of Health and Welfare.   Finally, the Central Health Insurance Administration of the Ministry of Health and Welfare provides public agencies or academic research institutions with personal health insurance data for use outside the original purpose of collection. According to the overall observation of the relevant regulations, there is no relevant provision that the parties can request to “opt-out”; within this scope, it violates the intention of Article 22 of the Constitution to protect people's right to information privacy. II.Independent supervisory authority   According to Article 3 of Central Regulations and Standards Act, government agencies can be divided into independent agencies that can independently exercise their powers and operate autonomously, and non- independent agencies that must obey orders from their superiors. In Taiwan, the so-called "dedicated agency"(專責機關) does not fall into any type of agency defined by the Central Regulations and Standards Act. Dedicated agency should be interpreted as an agency that is responsible for a specific business and here is no other agency to share the business.   The European Union requires member states to set up independent regulatory agencies (refer to Articles 51 and 52 of General Data Protection Regulation (GDPR)). In General Data Protection Regulation and the adequacy reference guidelines, the specific requirements for personal data supervisory agencies are as follows: the country concerned should have one or more independent supervisory agencies; they should perform their duties completely independently and cannot seek or accept instructions; the supervisory agencies should have necessary and practicable powers, including the power of investigation; it should be considered whether its staff and budget can effectively assist its implementation. Therefore, in order to pass the EU's adequacy certification and implement the protection of people's privacy and information autonomy, major countries have set up independent supervisory agencies for personal data protection based on the GDPR standards.   According to this research, most countries have 5 to 10 commissioners that independently exercise their powers to supervise data exchange and personal data protection. In order to implement the powers and avoid unnecessary conflicts of interests among personnel, most of the commissioners are full-time professionals. Article 3 of Basic Code Governing Central Administrative Agencies Organizations defines independent agency as "A commission-type collegial organization that exercises its powers and functions independently without the supervision of other agencies, and operates autonomously unless otherwise stipulated." It is similar to Japan, South Korea, and the United States. III.Right to Opt-out   The judgment pointed out that the parties still have the right to control afterwards the personal information that is allowed to be collected, processed and used without the consent of the parties or that meets certain requirements. Although Article 11 of PDPA provides for certain parties to exercise the right to control afterwards, it does not cover all situations in which personal data is used, such as: legally collecting, processing or using correct personal data, and its specific purpose has not disappeared, In the event that the time limit has not yet expired, so the information autonomy of the party cannot be fully protected, the subject, cause, procedure, effect, etc. of the request for suspension of use should be clearly stipulated in the revised law, and exceptions are not allowed.   The United Kingdom is of great reference. In 2017, after the British Information Commissioner's Office (ICO) determined that the data sharing agreement between Google's artificial intelligence DeepMind and the British National Health Service (NHS) violated the British data protection law, the British Department of Health and Social Care proposed National data opt-out Directive in May, 2018. British health and social care-related institutions may refer to the National Data Opt-out Operational Policy Guidance Document published by the National Health Service in October to plan the mechanism for exercising patient's opt-out right. The guidance document mainly explains the overall policy on the exercise of the right to opt-out, as well as the specific implementation of suggested practices, such as opt-out response measures, methods of exercising the opt-out right, etc.   National Data Opt-out Operational Policy Guidance Document also includes exceptions and restrictions on the right to opt-out. The Document stipulates that exceptions may limit the right to Opt-out, including: the sharing of patient data, if it is based on the consent of the parties (consent), the prevention and control of infectious diseases (communicable disease and risks to public health), major public interests (overriding) Public interest), statutory obligations, or cooperation with judicial investigations (information required by law or court order), health and social care-related institutions may exceptionally restrict the exercise of the patient's right to withdraw.   What needs to be distinguished from the situation in Taiwan is that when the UK first collected public information and entered it into the NHS database, there was already a law authorizing the NHS to search and use personal information of the public. The right to choose to enter or not for the first time; and after their personal data has entered the NHS database, the law gives the public the right to opt-out. Therefore, the UK has given the public two opportunities to choose through the enactment of special laws to protect public's right to information autonomy.   At present, the secondary use of data in the health insurance database does not have a complete legal basis in Taiwan. At the beginning, the data was automatically sent in without asking for everyone’s consent, and there was no way to withdraw when it was used for other purposes, therefore it was s unconstitutional. Hence, in addition to thinking about what kind of provisions to add to the PDPA as a condition for "exception and non-request for cessation of use", whether to formulate a special law on secondary use is also worthy of consideration by the Taiwan government. IV.De-identification   According to the relevant regulations of PDPA, there is no definition of "de-identification", resulting in a conceptual gap in the connotation. In other words, what angle or standard should be used to judge that the processed data has reached the point where it is impossible to identify a specific person. In judicial practice, it has been pointed out that for "data recipients", if the data has been de-identified, the data will no longer be regulated by PDPA due to the loss of personal attributes, and it is even further believed that de-identification is not necessary.   However, the Judgment No. 13 of Constitutional Court, pointed out that through de-identification measures, ordinary people cannot identify a specific party without using additional information, which can be regarded as personal data of de-identification data. Therefore, the judge did not give an objective standard for de-identification, but believed that the purpose of data utilization and the risk of re-identification should be measured on a case-by-case basis, and a strict review of the constitutional principle of proportionality should be carried out. So far, it should be considered that the interpretation of the de-identification standard has been roughly finalized. V.Conclusions   The judge first explained that if personal information is processed, the type and nature of the data can still be objectively restored to indirectly identify the parties, no matter how simple or difficult the restoration process is, if the data is restored in a specific way, the parties can still be identified. personal information. Therefore, the independent control rights of the parties to such data are still protected by Article 22 of the Constitution.   Conversely, when the processed data objectively has no possibility to restore the identification of individuals, it loses the essence of personal data, and the parties concerned are no longer protected by Article 22 of the Constitution.   Based on this, the judge declared that according to Article 6, Item 1, Proviso, Clause 4 of the PDPA, the health insurance database has been processed so that the specific party cannot be identified, and it is used by public agencies or academic research institutions for medical and health purposes. Doing necessary statistical or academic research complies with the principles of legal clarity and proportionality, and does not violate the Constitution.   However, the judge believes that the current personal data law or other relevant regulations still lack an independent supervision mechanism for personal data protection, and the protection of personal information privacy is insufficient. In addition, important matters such as personal health insurance data can be stored, processed, and transmitted externally by the National Health Insurance Administration in a database; the subject, purpose, requirements, scope, and method of providing external use; and organizational and procedural supervision and protection mechanisms, etc. Articles 79 and 80 of the Health Insurance Law and other relevant laws lack clear provisions, so they are determined to be unconstitutional.   In the end, the judge found that the relevant laws and regulations lacked the provisions that the parties can request to stop using the data, whether it is the right of the parties to request to stop, or the procedures to be followed to stop the use, there is no relevant clear text, obviously the protection of information privacy is insufficient. Therefore, regarding unconstitutional issues, the Constitutional Court ordered the relevant agencies to amend the Health Insurance Law and related laws within 3 years, or formulate specific laws.

Blockchain and General Data Protection Regulation (GDPR) compliance issues (2019)

Blockchain and General Data Protection Regulation (GDPR) compliance issues (2019) I. Brief   Blockchain technology can solve the problem of trust between data demanders and data providers. In other words, in a centralized mode, data demanders can only choose to believe that the centralized platform will not contain the false information. However, in the decentralized mode, data isn’t controlled by one individual group or organization[1], data demanders can directly verify information such as data source, time, and authorization on the blockchain without worrying about the correctness and authenticity of the data.   Take the “immutable” for example, it is conflict with the right to erase (also known as the right to be forgotten) in the GDPR.With encryption and one-time pad (OTP) technology, data subjects can make data off-chain storaged or modified at any time in a decentralized platform, so the problem that data on blockchain not meet the GDPR regulation has gradually faded away. II. What is GDPR?   The purpose of the EU GDPR is to protect user’s data and to prevent large-scale online platforms or large enterprises from collecting or using user’s data without their permission. Violators will be punished by the EU with up to 20 million Euros (equal to 700 million NT dollars) or 4% of the worldwide annual revenue of the prior financial year.   The aim is to promote free movement of personal data within the European Union, while maintaining adequate level of data protection. It is a technology-neutral law, any type of technology which is for processing personal data is applicable.   So problem about whether the data on blockchain fits GDPR regulation has raise. Since the blockchain is decentralized, one of the original design goals is to avoid a large amount of centralized data being abused.   Blockchain can be divided into permissioned blockchains and permissionless blockchains. The former can also be called “private chains” or “alliance chains” or “enterprise chains”, that means no one can join the blockchain without consent. The latter can also be called “public chains”, which means that anyone can participate on chain without obtaining consent.   Sometimes, private chain is not completely decentralized. The demand for the use of blockchain has developed a hybrid of two types of blockchain, called “alliance chain”, which not only maintains the privacy of the private chain, but also maintains the characteristics of public chains. The information on the alliance chain will be open and transparent, and it is in conflict with the application of GDPR. III. How to GDPR apply to blockchain ?   First, it should be determined whether the data on the blockchain is personal data protected by GDPR. Second, what is the relationship and respective responsibilities of the data subject, data controller, and data processor? Finally, we discuss the common technical characteristics of blockchain and how it is applicable to GDPR. 1. Data on the blockchain is personal data protected by GDPR?   First of all, starting from the technical characteristics of the blockchain, blockchain technology is commonly decentralized, anonymous, immutable, trackable and encrypted. The other five major characteristics are immutability, authenticity, transparency, uniqueness, and collective consensus.   Further, the blockchain is an open, decentralized ledger technology that can effectively verify and permanently store transactions between two parties, and can be proved.   It is a distributed database, all users on the chain can access to the database and the history record, also can directly verify transaction records. Each nodes use peer-to-peer transmission for upload or transfer information without third-party intermediation, which is the unique “decentralization” feature of the blockchain.   In addition, the node or any user on the chain has a unique and identifiable set of more than 30 alphanumeric addresses, but the user may choose to be anonymous or provide identification, which is also a feature of transparency with pseudonymity[2]; Data on blockchain is irreversibility of records. Once the transaction is recorded and updated on the chain, it is difficult to change and is permanently stored in the database, that is to say, it has the characteristics of “tamper-resistance”[3].   According to Article 4 (1) of the GDPR, “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.   Therefore, if data subject cannot be identified by the personal data on the blockchain, that is an anonymous data, excluding the application of GDPR. (1) What is Anonymization?   According to Opinion 05/2014 on Anonymization Techniques by Article 29 Data Protection Working Party of the European Union, “anonymization” is a technique applied to personal data in order to achieve irreversible de-identification[4].   And it also said the “Hash function” of blockchain is a pseudonymization technology, the personal data is possible to be re-identified. Therefore it’s not an “anonymization”, the data on the blockchain may still be the personal data stipulated by the GDPR.   As the blockchain evolves, it will be possible to develop technologies that are not regulated by GDPR, such as part of the encryption process, which will be able to pass the court or European data protection authorities requirement of anonymization. There are also many compliance solutions which use technical in the industry, such as avoiding transaction data stored directly on the chain. 2. International data transmission   Furthermore, in accordance with Article 3 of the GDPR, “This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union”.[5]   In other words, GDPR applies only when the data on the blockchain is not anonymized, and involves the processing of personal data of EU citizens. 3. Identification of data controllers and data processors   Therefore, if the encryption technology involves the public storage of EU citizens' personal data and passes it to a third-party controller, it may be identified as the “data controller” under Article 4 of GDPR, and all nodes and miners of the platform may be deemed as the “co-controller” of the data, and be assumed joint responsibility with the data controller by GDPR. For example, the parties can claim the right to delete data from the data controller.   In addition, a blockchain operator may be identified as a “processor”, for example, Backend as a Service (BaaS) products, the third parties provide network infrastructure for users, and let users manage and store personal data. Such Cloud Services Companies provide online services on behalf of customers, do not act as “data controllers”. Some commentators believe that in the case of private chains or alliance chains, such as land records transmission, inter-bank customer information sharing, etc., compared to public chain applications: such as cryptocurrencies (Bitcoin for example), is not completely decentralized, and more likely to meet GDPR requirements[6]. For example, in the case of a private chain or alliance chain, it is a closed platform, which contains only a small number of trusted nodes, is more effective in complying with the GDPR rules. 4. Data subject claims   In accordance with Article 17 of the GDPR, The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay under some grounds.   Off-chain storage technology can help the blockchain industry comply with GDPR rules, allowing offline storage of personal data, or allow trusted nodes to delete the private key of encrypted information, which leaving data that cannot be read and identified on the chain. If the data is in accordance with the definition of anonymization by GDPR, there is no room for GDPR to be applied. IV. Conclusion   In summary, it’s seem that the application of blockchain to GDPR may include: (a) being difficulty to identified the data controllers and data processors after the data subject upload their data. (b) the nature of decentralized storage is transnational storage, and Whether the country where the node is located, is meets the “adequacy decision” of Article 45 of the GDPR.   If it cannot be met, then it needs to consider whether it conforms to the transfers subject to appropriate safeguards of Article 46, or the derogations for specific situations of Article 49 of the GDPR. Reference: [1] How to Trade Cryptocurrency: A Guide for (Future) Millionaires, https://wikijob.com/trading/cryptocurrency/how-to-trade-cryptocurrency [2] DONNA K. HAMMAKER, HEALTH RECORDS AND THE LAW 392 (5TH ED. 2018). [3] Iansiti, Marco, and Karim R. Lakhani, The Truth about Blockchain, Harvard Business Review 95, no. 1 (January-February 2017): 118-125, available at https://hbr.org/2017/01/the-truth-about-blockchain [4] Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques (2014), https://www.pdpjournals.com/docs/88197.pdf [5] Directive 95/46/EC (General Data Protection Regulation), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN [6] Queen Mary University of London, Are blockchains compatible with data privacy law? https://www.qmul.ac.uk/media/news/2018/hss/are-blockchains-compatible-with-data-privacy-law.html

Experiences about opening data in private sector

Experiences about opening data in private sector Ⅰ. Introduction   Open data is the idea that data should be available freely for everyone to use and republish without restrictions from copyright, patents or other mechanisms of control. The concept of open data is not new; but a formalized definition is relatively new, and The Open Definition gives full details on the requirements for open data and content as follows:   Availability and access: the data must be available as a whole with no more than a reasonable reproduction cost, preferably by downloading over the internet. The data must also be available in a convenient and modifiable form.   Reuse and redistribution: the data must be provided under terms that permit reuse and redistribution including the intermixing with other datasets. The data shall be machine-readable.   Universal participation: everyone must be able to use, reuse and redistribute the data— which by means there should be no discrimination against fields of endeavor or against persons or groups. For example, “non-commercial” restrictions that would prevent “commercial” use, or restrictions of use for certain purposes are not allowed.   In order to be in tune with international developmental trends, Taiwan passed an executive resolution in favor of promoting Open Government Data in November 2012. Through the release of government data, open data has grown significantly in Taiwan and Taiwan has come out on top among 122 countries and areas in the 2015 and 2016 Global Open Data Index[1].   The result represented a major leap for Taiwan, however, progress is still to be made as most of the data are from the Government, and data from other territories, especially from private sector can rarely be seen. It is a pity that data from private sector has not being properly utilized and true value of such data still need to be revealed. The following research will place emphasis to enhance the value of private data and the strategies of boosting private sector to open their own data. Ⅱ. Why open private data   With the trend of Open Government Data recent years, countries are now starting to realize that Open Government Data is improving transparency, creating opportunities for social and commercial innovation, and opening the door to better engagement with citizens. But open data is not limited to Open Government Data. In fact, the private sector not only interacts with government data, but also produces a massive amount of data, much of which in need of utilized.   According to the G20 open data policy agenda made in 2014, the potential economic value of open data for Australia is up to AUD 64 billion per annum, and the potential value of open data from private sector is around AUD 34 billion per annum. Figure 1 Value of open data for Australia (AUD billion per annum) Source: McKinsey Global Institute   The purpose for opening data held by private entities and corporations is rooted in a broad recognition that private data has the potential to foster much public good. Openness of data for companies can translate into more efficient internal governance frameworks, enhanced feedback from workers and employees, improved traceability of supply chains, accountability to end consumers, and with better service and product delivery. Open Private Data is thus a true win-win for all with benefiting not only the governance but environmental and social gains.   At the same time, a variety of constraints, notably privacy and security, but also proprietary interests and data protectionism on the part of some companies—hold back this potential. Ⅲ. The cases of Open Private Data   Syngenta AG, a global Swiss agribusiness that produces agrochemicals and seeds, has established a solid foundation for reporting on progress that relies on independent data collection and validation, assurance by 3rd party assurance providers, and endorsement from its implementing partners. Through the website, Syngenta AG has shared their datasets for agricultural with efficiency indicators for 3600 farms for selected agro-ecological zones and market segments in 42 countries in Europe, Africa, Latin America, North America and Asia. Such datasets are precious but Syngenta AG share them for free only with a Non-Commercial license which means users may copy and redistribute the material in any medium or format freely but may not use the material for commercial purposes. Figure 2 Description and License for Open data of Syngenta AG Source: http://www.syngenta.com   Tokyo Metro is a rapid transit system in Tokyo, Japan has released information such as train location and delay times for all lines as open data. The company held an Open Data Utilization Competition from 12 September to 17 November, 2014 to promote development of an app using this data and continues to provide the data even after the competition ended. However, many restrictions such as non-commercial use, or app can only be used for Tokyo Metro lines has weakened the efficiency of open data, it is still valued as an initial step of open private data. Figure 3 DM of Tokyo Metro Open data Contest Source: https://developer.tokyometroapp.jp/ Ⅳ. How to enhance Open Private Data   Open Private Data is totally different from Open Government Data since “motivation” is vital for private institutions to release their own data. Unlike the government data can be disclosed and free to use via administrative order or legislation, all of the data controlled by private institutions can only be opened under their own will. The initiative for open data therefore shall focus on how to motivate private sectors releasing their own data-by ensuring profit and minimizing risks.   Originally, open data shall be available freely for everyone to use without any restrictions, and data owners may profit indirectly as users utilizing their data creating apps, etc. but not profit from open data itself. The income is unsteady and data owners therefore lose their interest to open data. As a countermeasure, it is suggested to make data chargeable though this may contradict to the definition of open data. When data owners can charge by usage or by time, the motivation of open data would arise when open data is directly profitable.   Data owners may also worry about many legal issues when releasing their own data. They may not care about whether profitable or not but afraid of being involved into litigation disputes such as intellectual property infringement, unfair competition, etc. It is very important for data owners to have a well protected authorization agreement when releasing data, but not all of them is able to afford the cost of making agreement for each data sharing. Therefore, a standard sample of contract that can be widely adopted plays a very important role for open private data.   A data sharing platform would be a solution to help data owners sharing their own data. It can not only provide a convenient way to collect profit from data sharing but help data owners avoiding legal risks with the platform’s standard agreement. All the data owners have to do is just to transfer their own data to the platform without concern since the platform would handle other affairs. Ⅴ. Conclusion   Actively engaging the private sector in the open data value-chain is considered an innovation imperative as it is highly related to the development of information economy. Although many works still need to be done such as identifying mechanisms for catalyzing private sector engagement, these works can be done by organizations such as the World Bank and the Centre for Open Data Enterprise. Private-public collaboration is also important when it comes to strengthening the global data infrastructure, and the benefits of open data are diverse and range from improved efficiency of public administrations to economic growth in the private sector. However, open private data is not the goal but merely a start for open data revolution. It is to add variation for other organizations and individuals to analyze to create innovations while individuals, private sectors, or government will benefit from that innovation and being encouraged to release much more data to strengthen this data circulation. [1] Global Open Data Index, https://index.okfn.org/place/(Last visited: May 15, 2017)

The opening and sharing of scientific data- The Data Policy of the U.S. National Institutes of Health

The opening and sharing of scientific data- The Data Policy of the U.S. National Institutes of Health Li-Ting Tsai   Scientific research improves the well-being of all mankind, the data sharing on medical and health promote the overall amount of energy in research field. For promoting the access of scientific data and research findings which was supported by the government, the U.S. government affirmed in principle that the development of science was related to the retention and accesses of data. The disclosure of information should comply with legal restrictions, and the limitation by time as well. For government-sponsored research, the data produced was based on the principle of free access, and government policies should also consider the actual situation of international cooperation[1]Furthermore, the access of scientific research data would help to promote scientific development, therefore while formulating a sharing policy, the government should also consider the situation of international cooperation, and discuss the strategy of data disclosure based on the principle of free access.   In order to increase the effectiveness of scientific data, the U.S. National Institutes of Health (NIH) set up the Office of Science Policy (OSP) to formulate a policy which included a wide range of issues, such as biosafety (biosecurity), genetic testing, genomic data sharing, human subjects protections, the organization and management of the NIH, and the outputs and value of NIH-funded research. Through extensive analysis and reports, proposed emerging policy recommendations.[2] At the level of scientific data sharing, NIH focused on "genes and health" and "scientific data management". The progress of biomedical research depended on the access of scientific data; sharing scientific data was helpful to verify research results. Researchers integrated data to strengthen analysis, promoted the reuse of difficult-generated data, and accelerated research progress.[3] NIH promoted the use of scientific data through data management to verify and share research results.   For assisting data sharing, NIH had issued a data management and sharing policy (DMS Policy), which aimed to promote the sharing of scientific data funded or conducted by NIH.[4] DMS Policy defines “scientific data.” as “The recorded factual material commonly accepted in the scientific community as of sufficient quality to validate and replicate research findings, regardless of whether the data are used to support scholarly publications. Scientific data do not include laboratory notebooks, preliminary analyses, completed case report forms, drafts of scientific papers, plans for future research, peer reviews, communications with colleagues, or physical objects, such as laboratory specimens.”[5] In other words, for determining scientific data, it is not only based on whether the data can support academic publications, but also based on whether the scientific data is a record of facts and whether the research results can be repeatedly verified.   In addition, NIH, NIH research institutes, centers, and offices have had expected sharing of data, such as: scientific data sharing, related standards, database selection, time limitation, applicable and presented in the plan; if not applicable, the researcher should propose the data sharing and management methods in the plan. NIH also recommended that the management and sharing of data should implement the FAIR (Findable, Accessible, Interoperable and Reusable) principles. The types of data to be shared should first in general descriptions and estimates, the second was to list meta-data and other documents that would help to explain scientific data. NIH encouraged the sharing of scientific data as soon as possible, no later than the publication or implementation period.[6] It was said that even each research project was not suitable for the existing sharing strategy, when planning a proposal, the research team should still develop a suitable method for sharing and management, and follow the FAIR principles.   The scientific research data which was provided by the research team would be stored in a database which was designated by the policy or funder. NIH proposed a list of recommended databases lists[7], and described the characteristics of ideal storage databases as “have unique and persistent identifiers, a long-term and sustainable data management plan, set up metadata, organizing data and quality assurance, free and easy access, broad and measured reuse, clear use guidance, security and integrity, confidentiality, common format, provenance and data retention policy”[8]. That is to say, the design of the database should be easy to search scientific data, and should maintain the security, integrity and confidentiality and so on of the data while accessing them.   In the practical application of NIH shared data, in order to share genetic research data, NIH proposed a Genomic Data Sharing (GDS) Policy in 2014, including NIH funding guidelines and contracts; NIH’s GDS policy applied to all NIHs Funded research, the generated large-scale human or non-human genetic data would be used in subsequent research. [9] This can effectively promote genetic research forward.   The GDS policy obliged researchers to provide genomic data; researchers who access genomic data should also abide by the terms that they used the Controlled-Access Data for research.[10] After NIH approved, researchers could use the NIH Controlled-Access Data for secondary research.[11] Reviewed by NIH Data Access Committee, while researchers accessed data must follow the terms which was using Controlled-Access Data for research reason.[12] The Genomic Summary Results (GSR) was belong to NIH policy,[13] and according to the purpose of GDS policy, GSR was defined as summary statistics which was provided by researchers, and non-sensitive data was included to the database that was designated by NIH.[14] Namely. NIH used the application and approval of control access data to strike a balance between the data of limitation access and scientific development.   For responding the COVID-19 and accelerating the development of treatments and vaccines, NIH's data sharing and management policy alleviated the global scientific community’s need for opening and sharing scientific data. This policy established data sharing as a basic component in the research process.[15] In conclusion, internalizing data sharing in the research process will help to update the research process globally and face the scientific challenges of all mankind together. [1]NATIONAL SCIENCE AND TECHNOLOGY COUNCIL, COMMITTEE ON SCIENCE, SUBCOMMITEE ON INTERNATIONAL ISSUES, INTERAGENCY WORKING GROUP ON OPEN DATA SHARING POLICY, Principles For Promoting Access To Federal Government-Supported Scientific Data And Research Findings Through International Scientific Cooperation (2016), 1, organized from Principles, at 5-8, https://obamawhitehouse.archives.gov/sites/default/files/microsites/ostp/NSTC/iwgodsp_principles_0.pdf (last visited December 14, 2020). [2]About Us, Welcome to NIH Office of Science Policy, NIH National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/about-us/ (last visited December 7, 2020). [3]NIH Data Management and Sharing Activities Related to Public Access and Open Science, NIH National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/scientific-sharing/nih-data-management-and-sharing-activities-related-to-public-access-and-open-science/ (last visited December 10, 2020). [4]Final NIH Policy for Data Management and Sharing, NIH National Institutes of Health Office of Extramural Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-013.html (last visited December 11, 2020). [5]Final NIH Policy for Data Management and Sharing, NIH National Institutes of Health Office of Extramural Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-013.html (last visited December 12, 2020). [6]Supplemental Information to the NIH Policy for Data Management and Sharing: Elements of an NIH Data Management and Sharing Plan, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-014.html (last visited December 13, 2020). [7]The list of databases in details please see:Open Domain-Specific Data Sharing Repositories, NIH National Library of Medicine, https://www.nlm.nih.gov/NIHbmic/domain_specific_repositories.html (last visited December 24, 2020). [8]Supplemental Information to the NIH Policy for Data Management and Sharing: Selecting a Repository for Data Resulting from NIH-Supported Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-016.html (last visited December 13, 2020). [9]NIH Genomic Data Sharing, National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/scientific-sharing/genomic-data-sharing/ (last visited December 15, 2020). [10]NIH Genomic Data Sharing Policy, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-14-124.html (last visited December 17, 2020). [11]NIH Genomic Data Sharing Policy, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-14-124.html (last visited December 17, 2020). [12]id. [13]NIH National Institutes of Health Turning Discovery into Health, Responsible Use of Human Genomic Data An Informational Resource, 1, at 6, https://osp.od.nih.gov/wp-content/uploads/Responsible_Use_of_Human_Genomic_Data_Informational_Resource.pdf (last visited December 17, 2020). [14]Update to NIH Management of Genomic Summary Results Access, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-19-023.html (last visited December 17, 2020). [15]Francis S. Collins, Statement on Final NIH Policy for Data Management and Sharing, National Institutes of Health Turning Discovery Into Health, https://www.nih.gov/about-nih/who-we-are/nih-director/statements/statement-final-nih-policy-data-management-sharing (last visited December 14, 2020).

TOP