Post Brexit – An Update on the United Kingdom Privacy Regime
2021/9/10
After lengthy talks, on 31 January 2020, the United Kingdom (‘UK’) finally exited the European Union (‘EU’). Then, the UK shifted into a transition period. The UK government was bombarded with questions from all stakeholders. In particular, the data and privacy industry yelled out the loudest – what am I going to do with data flowing from the EU to the UK? Privacy professionals queried – would the UK have a new privacy regime that significantly departs from the General Data Protection Regulation (‘GDPR’)?
Eventually, the UK made a compromise with all stakeholders – the British, the Europeans and the rest of the world – by bridging its privacy laws with the GDPR. On 28 June 2021, the UK obtained an adequacy decision from the EU.[1] This was widely anticipated but also widely known to be delayed, as it was heavily impacted by the aftermaths of the invalidation of the US- EU Privacy Shield.[2]
While the rest of the world seems to silently observe the transition undertaken by the UK, post-Brexit changes to the UK’s privacy regime is not only a domestic or regional matter, it is an international matter. Global supply chains and cross border data flows will be affected, shuffling the global economy into a new order. Therefore, it is crucial as citizens of a digital economy to unpack and understand the current UK privacy regime.
This paper intends to give the reader a brief introduction to the current privacy regime of the UK. The author proposes to set out the structure of the UK privacy legislation, and to discuss important privacy topics. This paper only focuses on the general processing regime, which is the regime that is most relevant to general stakeholders.
UK Privacy Legislation
There are two main privacy legislation in the UK – the Data Protection Act 2018 (‘DPA’) and the United Kingdom General Data Protection Act (‘UK GDPR’). These two acts must be read together in order to form a coherent understanding of the current UK privacy regime.
The UK GDPR is the creature of Brexit. The UK government wanted a smooth transition out of the EU and acknowledged that they needed to preserve the GDPR in their domestic privacy regime to an extent that would allow them to secure an adequacy decision. The UK government also wanted to create less impact on private companies. Thus, the UK GDPR was born. Largely it aligns closely with the GDPR, supplemented by the DPA.
ICO
The Information Commissioner’s Office (‘ICO’) is the independent authority supervising the compliance of privacy laws in the UK. Prior to Brexit, the ICO was the UK’s supervisory authority under the GDPR. A unique feature of the ICO’s powers and functions is that it adopts a notice system. The ICO has power to issue four types of notices: information notices, assessment notices, enforcement notices and penalty notices.[3] The information notice requires controllers or processors to provide information. The ICO must issue an assessment notice before conducting data protection audits. Enforcement is only exercisable by giving an enforcement notice. Administrative fines are only exercisable by giving a penalty notice.
Territorial Application
Section 207(1A) of the DPA states that the DPA applies to any controller or processor established in the UK, regardless where the processing of personal data takes place. Like the GDPR, the DPA and the UK GDPR have an extraterritorial reach to overseas controllers or processors. The DPA and the UK GDPR apply to overseas controllers or processors who process personal data relating to data subjects in the UK, and the processing activities are related to the offering of goods or services, or the monitoring of data subjects’ behavior.[4]
Transfers of Personal Data to Third Countries
On 28 June 2021, the UK received an adequacy decision from the EU.[5] This means that until 27 June 2025, data can continue to flow freely between the UK and the European Economic Area (‘EEA’).
As for transferring personal data to third countries other than the EU, the UK has similar laws to the GDPR. Both the DPA and the UK GDPR restrict controllers or processors from transferring personal data to third countries. A transfer of personal data to a third country is permitted if it is based on adequacy regulations.[6] An EU adequacy decision is known as ‘adequacy regulations’ under the UK regime.
If there is no adequacy regulations, then a transfer of personal data to a third country will only be permitted if it is covered by appropriate safeguards, including standard data protection clauses, binding corporate rules, codes of conduct, and certifications.[7] The ICO intends to publish UK standard data protection clauses in 2021.[8] In the meantime, the EU has published a new set of standard data protection clauses (‘SCCs’).[9] However, it must be noted that the EU SCCs are not accepted to be valid in the UK, and may only be used for reference purposes. It is also worth noting that the UK has approved three certification schemes to assist organizations in demonstrating compliance to data protection laws.[10]
Lawful Bases for Processing
Basically, the lawful bases for processing in the UK regime are the same as the GDPR. Six lawful bases are set out in article 6 of the UK GDPR. To process personal data, at least one of the following lawful bases must be satisfied:[11]
Rights & Exemptions
The UK privacy regime, like the GDPR, gives data subjects certain rights. Most of the rights granted under the UK privacy regime is akin to the GDPR and can be found under the UK GDPR. Individual rights under the UK privacy regime is closely linked with its exemptions, this may be said to be a unique feature of the UK privacy regime which sets it apart from the GDPR. Under the DPA and the UK GDPR, there are certain exemptions, meaning organizations are exempted from certain obligations, most of them are associated with individual rights. For example, if data is processed for scientific or historical research purposes, or statistical purposes, organizations are exempted from provisions on the right of access, the right to rectification, the right to restrict processing and the right to object in certain circumstances.[12]
Penalties
The penalty for infringement of the UK GDPR is the amount specified in article 83 of the UK GDPR.[13] If an amount is not specified, the penalty is the standard maximum amount.[14] The standard maximum amount, at the time of writing, is £8,700,000 (around 10 million Euros) or 2% of the undertaking’s total annual worldwide turnover in the preceding financial year.[15] In any other case, the standard maximum amount is £8,700,000 (around 10 million Euros).[16]
Conclusion
The UK privacy regime closely aligns with the GDPR. However it would be too simple of a statement to say that the UK privacy regime is almost identical to the GDPR. The ICO’s unique enforcement powers exercised through a notice system is a distinct feature of the UK privacy regime. Recent legal trends show that the UK while trying to preserve its ties with the EU is gradually developing an independent privacy persona. The best example is that in regards to transfers to third countries, the UK has developed its first certification scheme and is attempting to develop its own standard data protection clauses. The UK’s transition out of the EU has certainly been interesting; however, the UK’s transformation from the EU is certainly awaited with awe.
[1] Commission Implementing Decision of 28.6.2021, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom, C(2021) 4800 final, https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf..
[2] Judgment of 16 July 2020, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems, C-311/18, EU:C:2020:559, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62018CJ0311.
[3] Data Protection Act 2018, §115.
[4] Data Protection Act 2018, §207(1A); REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 3.
[5] supra note 1.
[6] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 44-50.
[7] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 46-47.
[8]International transfers after the UK exit from the EU Implementation Period, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/ (last visited Sep. 10, 2021).
[9] Standard contractual clauses for international transfers, European Commission, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en (last visited Sep. 10, 2021).
[10] ICO, New certification schemes will “raise the bar” of data protection in children’s privacy, age assurance and asset disposal, ICO, Aug. 19, 2021, https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/08/ico-approves-the-first-uk-gdpr-certification-scheme-criteria/ (last visited Sep. 10, 2021).
[11] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 6(1)-(2); Lawful basis for processing, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ (last visited Sep. 10, 2021).
[12] Data Protection Act 2018, sch 2, part 6, para 27.
[13] id. at §157.
[14] id.
[15] id.
[16] id.
Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022 2022/11/24 I.Introduction In 2012, the Taiwan Human Rights Promotion Association and other civil groups believe that the National Health Insurance Administration released the national health insurance database and other health insurance data for scholars to do research without consent, which may be unconstitutional and petitioned for constitutional interpretation. Taiwan Human Rights Promotion Association believes that the state collects, processes, and utilizes personal data on a large scale with the "Personal Data Protection Law", but does not set up another law of conduct to control the exercise of state power, which has violated the principle of legal retention; the data is provided to third-party academic research for use, and the parties involved later Excessive restrictions on the right to withdraw go against the principle of proportionality. The claimant criticized that depriving citizens of their prior consent and post-control rights to medical data is like forcing all citizens to unconditionally contribute data for use outside the purpose before they can use health insurance. The personal data law was originally established to "avoid the infringement of personality rights and promote the rational use of data", but in the insufficient and outdated design of the regulations, it cannot protect the privacy of citizens' information from infringement, and it is easy to open the door to the use of data for other purposes. In addition, even if the health insurance data is de-identified, it is still "individual data" that can distinguish individuals, not "overall data." Health insurance data can be connected with other data of the Ministry of Health and Welfare, such as: physical and mental disability files, sexual assault notification files, etc., and you can also apply for bringing in external data or connecting with other agency data. Although Taiwan prohibits the export of original data, the risk of re-identification may also increase as the number of sources and types of data concatenated increases, as well as unspecified research purposes. The constitutional court of Taiwan has made its judgment on the constitutionality of the personal data usage of National Health Insurance research database. The judgment, released on August 12, 2022, states that Article 6 of Personal Data Protection Act(PDPA), which asks“data pertaining to a natural person's medical records, healthcare, genetics, sex life, physical examination and criminal records shall not be collected, processed or used unless where it is necessary for statistics gathering or academic research by a government agency or an academic institution for the purpose of healthcare, public health, or crime prevention, provided that such data, as processed by the data provider or as disclosed by the data collector, may not lead to the identification of a specific data subject”does not violate Intelligible principle and Principle of proportionality. Therefore, PDPA does not invade people’s right to privacy and remains constitutional. However, the judgment finds the absence of independent supervisory authority responsible for ensuring Taiwan institutions and bodies comply with data protection law, can be unconstitutional, putting personal data protection system on the borderline to failure. Accordingly, laws and regulations must be amended to protect people’s information privacy guaranteed by Article 22 of Constitution of the Republic of China (Taiwan). In addition, the judgment also states it is unconstitutional that Articles 79 and 80 of National Health Insurance Law and other relevant laws lack clear provisions in terms of store, process, external transmission of Personal health insurance data held by Central Health Insurance Administration of the Ministry of Health and Welfare. Finally, the Central Health Insurance Administration of the Ministry of Health and Welfare provides public agencies or academic research institutions with personal health insurance data for use outside the original purpose of collection. According to the overall observation of the relevant regulations, there is no relevant provision that the parties can request to “opt-out”; within this scope, it violates the intention of Article 22 of the Constitution to protect people's right to information privacy. II.Independent supervisory authority According to Article 3 of Central Regulations and Standards Act, government agencies can be divided into independent agencies that can independently exercise their powers and operate autonomously, and non- independent agencies that must obey orders from their superiors. In Taiwan, the so-called "dedicated agency"(專責機關) does not fall into any type of agency defined by the Central Regulations and Standards Act. Dedicated agency should be interpreted as an agency that is responsible for a specific business and here is no other agency to share the business. The European Union requires member states to set up independent regulatory agencies (refer to Articles 51 and 52 of General Data Protection Regulation (GDPR)). In General Data Protection Regulation and the adequacy reference guidelines, the specific requirements for personal data supervisory agencies are as follows: the country concerned should have one or more independent supervisory agencies; they should perform their duties completely independently and cannot seek or accept instructions; the supervisory agencies should have necessary and practicable powers, including the power of investigation; it should be considered whether its staff and budget can effectively assist its implementation. Therefore, in order to pass the EU's adequacy certification and implement the protection of people's privacy and information autonomy, major countries have set up independent supervisory agencies for personal data protection based on the GDPR standards. According to this research, most countries have 5 to 10 commissioners that independently exercise their powers to supervise data exchange and personal data protection. In order to implement the powers and avoid unnecessary conflicts of interests among personnel, most of the commissioners are full-time professionals. Article 3 of Basic Code Governing Central Administrative Agencies Organizations defines independent agency as "A commission-type collegial organization that exercises its powers and functions independently without the supervision of other agencies, and operates autonomously unless otherwise stipulated." It is similar to Japan, South Korea, and the United States. III.Right to Opt-out The judgment pointed out that the parties still have the right to control afterwards the personal information that is allowed to be collected, processed and used without the consent of the parties or that meets certain requirements. Although Article 11 of PDPA provides for certain parties to exercise the right to control afterwards, it does not cover all situations in which personal data is used, such as: legally collecting, processing or using correct personal data, and its specific purpose has not disappeared, In the event that the time limit has not yet expired, so the information autonomy of the party cannot be fully protected, the subject, cause, procedure, effect, etc. of the request for suspension of use should be clearly stipulated in the revised law, and exceptions are not allowed. The United Kingdom is of great reference. In 2017, after the British Information Commissioner's Office (ICO) determined that the data sharing agreement between Google's artificial intelligence DeepMind and the British National Health Service (NHS) violated the British data protection law, the British Department of Health and Social Care proposed National data opt-out Directive in May, 2018. British health and social care-related institutions may refer to the National Data Opt-out Operational Policy Guidance Document published by the National Health Service in October to plan the mechanism for exercising patient's opt-out right. The guidance document mainly explains the overall policy on the exercise of the right to opt-out, as well as the specific implementation of suggested practices, such as opt-out response measures, methods of exercising the opt-out right, etc. National Data Opt-out Operational Policy Guidance Document also includes exceptions and restrictions on the right to opt-out. The Document stipulates that exceptions may limit the right to Opt-out, including: the sharing of patient data, if it is based on the consent of the parties (consent), the prevention and control of infectious diseases (communicable disease and risks to public health), major public interests (overriding) Public interest), statutory obligations, or cooperation with judicial investigations (information required by law or court order), health and social care-related institutions may exceptionally restrict the exercise of the patient's right to withdraw. What needs to be distinguished from the situation in Taiwan is that when the UK first collected public information and entered it into the NHS database, there was already a law authorizing the NHS to search and use personal information of the public. The right to choose to enter or not for the first time; and after their personal data has entered the NHS database, the law gives the public the right to opt-out. Therefore, the UK has given the public two opportunities to choose through the enactment of special laws to protect public's right to information autonomy. At present, the secondary use of data in the health insurance database does not have a complete legal basis in Taiwan. At the beginning, the data was automatically sent in without asking for everyone’s consent, and there was no way to withdraw when it was used for other purposes, therefore it was s unconstitutional. Hence, in addition to thinking about what kind of provisions to add to the PDPA as a condition for "exception and non-request for cessation of use", whether to formulate a special law on secondary use is also worthy of consideration by the Taiwan government. IV.De-identification According to the relevant regulations of PDPA, there is no definition of "de-identification", resulting in a conceptual gap in the connotation. In other words, what angle or standard should be used to judge that the processed data has reached the point where it is impossible to identify a specific person. In judicial practice, it has been pointed out that for "data recipients", if the data has been de-identified, the data will no longer be regulated by PDPA due to the loss of personal attributes, and it is even further believed that de-identification is not necessary. However, the Judgment No. 13 of Constitutional Court, pointed out that through de-identification measures, ordinary people cannot identify a specific party without using additional information, which can be regarded as personal data of de-identification data. Therefore, the judge did not give an objective standard for de-identification, but believed that the purpose of data utilization and the risk of re-identification should be measured on a case-by-case basis, and a strict review of the constitutional principle of proportionality should be carried out. So far, it should be considered that the interpretation of the de-identification standard has been roughly finalized. V.Conclusions The judge first explained that if personal information is processed, the type and nature of the data can still be objectively restored to indirectly identify the parties, no matter how simple or difficult the restoration process is, if the data is restored in a specific way, the parties can still be identified. personal information. Therefore, the independent control rights of the parties to such data are still protected by Article 22 of the Constitution. Conversely, when the processed data objectively has no possibility to restore the identification of individuals, it loses the essence of personal data, and the parties concerned are no longer protected by Article 22 of the Constitution. Based on this, the judge declared that according to Article 6, Item 1, Proviso, Clause 4 of the PDPA, the health insurance database has been processed so that the specific party cannot be identified, and it is used by public agencies or academic research institutions for medical and health purposes. Doing necessary statistical or academic research complies with the principles of legal clarity and proportionality, and does not violate the Constitution. However, the judge believes that the current personal data law or other relevant regulations still lack an independent supervision mechanism for personal data protection, and the protection of personal information privacy is insufficient. In addition, important matters such as personal health insurance data can be stored, processed, and transmitted externally by the National Health Insurance Administration in a database; the subject, purpose, requirements, scope, and method of providing external use; and organizational and procedural supervision and protection mechanisms, etc. Articles 79 and 80 of the Health Insurance Law and other relevant laws lack clear provisions, so they are determined to be unconstitutional. In the end, the judge found that the relevant laws and regulations lacked the provisions that the parties can request to stop using the data, whether it is the right of the parties to request to stop, or the procedures to be followed to stop the use, there is no relevant clear text, obviously the protection of information privacy is insufficient. Therefore, regarding unconstitutional issues, the Constitutional Court ordered the relevant agencies to amend the Health Insurance Law and related laws within 3 years, or formulate specific laws.
Taiwan Recent Regulatory Development- Promoting Biotech and New Pharmaceuticals IndustryOver the past twenty years, the Government has sought to cultivate the biopharmaceutical industry as one of the future major industry in Taiwan. Back in 1982, the Government has begun to regard biotechnology as a key technology in Technology Development Program, demonstrated that biotechnology is a vital technology in pursuit of future economic growth. Subsequently, the Government initiated national programs that incorporated biotechnology as a blueprint for future industrial development. In order to enhance our competitiveness and building an initial framework for the industry, The Executive Yuan has passed the Biotechnology Industry Promotion Plan. As the Government seeks to create future engines of growth by building an environment conducive for enterprise development, the Plan has been amended four times, and implemented measures focused on the following six areas: related law and regulations, R&D and applications, technology transfer and commercialization, personnel training, investment promotion and coordination, marketing information and marketing service. In 2002, the Executive Yuan approved the Challenge 2008, a six-year national development plan, pointing out biotechnology industry as one of the Two Trillion, Twin Stars industries. The Government planned for future economic growth by benefiting through the attributes of the biotechnology: high-tech, high-reward and less pollution. Thus, since 1997 the Strategic Review Board (SRB) under the Executive Yuan Science and Technology Advisory Panel has taken action in coordinating government policies with industry comments to form a sound policy for the biotechnology industry. Additionally, a well-established legal system for sufficient protection of intellectual property rights is the perquisite for building the industry, as the Government recognized the significance through amending and executing related laws and regulations. By stipulating data exclusivity and experimental use exception in the Pharmaceutical Affair Act, tax benefits provided in Statute for Upgrading Industries , Incentives for Production and R&D of Rare Disease Medicine, Incentives for Medical Technology Research and Development, provide funding measures in the Guidance of Reviewing Programs for Promoting Biotechnology Investment. Clearly, the government has great expectation for the industry through establishing a favorable environment by carrying out these policies and revising outdated regulations. Thus, the Legislative Yuan has passed the “Act for The Development of Biotechnology and New Pharmaceuticals Industry” in June, 2007, and immediately took effect in July. The relevant laws and regulations became effective as well, driving the industry in conducting researches on new drugs and manufacturing new products, increasing sales and expanding the industry to meet an international level. For a biopharmaceutical industry that requires long-term investment and costly R&D, incentive measures is vital to the industry’s survival before the product launches the market. Accordingly, this article will be introducing the recent important regulation that supports the biopharmaceutical industry in Taiwan, and analyzing the government’s policies. Biotechnology is increasingly gaining global attention for its potential in building future economic growth and generating significant profits. In an effort to support the biotechnology industry in Taiwan, the Government has made a step forward by enacting the “Act for the Development of Biotech and New Pharmaceutical Industry”. The biopharmaceutical industry is characterized as high-risk and high-reward, strong government support and a well-developed legal system plays a vital role from its establishment throughout the long term development. Therefore, the Act was enacted tailor to the Biotech and New Pharmaceutical Industry, primarily focuses on tax benefits, R&D activities, personnel recruitment and investment funding, in support of start-up companies and attracting a strong flow of funding worldwide. To pave the way for promoting the biopharmaceutical industry and the Biotech and New Pharmaceutical Company, here the article will be introducing the incentive measures provided in the Act, and supporting development of the industry, demonstrating the efforts made by the Government to build a “Bio-tech Island”. Reference “Act for Development of Biotech and New Pharmaceutical Industry”, webpage of Law and Regulations Database of the Republic of China. 4 July, 2007. Ministry of Justice, Taiwan. 5 Nov. 2008 http://law.moj.gov.tw/Eng/Fnews/FnewsContent.asp?msgid=3180&msgType=en&keyword=undefined
Review of Taiwan's Existing Regulations on the Access to Bioloical ResourcesThe activities of accessing to Taiwan's biological resources can be governed within certain extent described as follows. 1 、 Certain Biological Resources Controlled by Regulations Taiwan's existing regulation empowers the government to control the access to biological resources within certain areas or specific species. The National Park Law, the Forestry Act, and the Cultural Heritage Preservation Act indicate that the management authority can control the access of animals and plants inside the National Park, the National Park Control Area, the recreational area, the historical monuments, special scenic area, or ecological protection area; forbid the logging of plants and resources within the necessary control area for logging and preserved forestry, or control the biological resources inside the natural preserved area. In terms of the scope of controlled resources, according to the guidance of the Wildlife Conservation Act and the Cultural Heritage Preservation Act, governmental management authority is entitled to forbid the public to access the general and protected wild animals and the plant and biological resources that are classified as natural monuments. To analyse the regulation from another viewpoint, any access to resources in areas and of species other than the listed, such as wild plants or microorganism, is not regulated. Therefore, in terms of scope, Taiwan's management of the access to biological resources has not covered the whole scope. 2 、 Access Permit and Entrance Permit Taiwan's current management of biological resources adopts two kinds of schemes: access permit scheme and entrance permit in specific areas. The permit allows management authority to have the power to grant and reject the collection, hunting, or other activities to access resources by people. This scheme is similar to the international standard. The current management system for the access to biological resources promoted by many countries and international organizations does not usually cover the guidance of entrance in specific areas. This is resulting from that the scope of the regulation about access applies for the whole nation. However, since Taiwan has not developed regulations specifically for the access of bio-research resources, the import/export regulations in the existing Wildlife Conservation Act, National Park Law, Forestry Act, and Cultural Heritage Preservation Act may provide certain help if these regulations be properly connected with the principle of access and benefit sharing model, so that they will help to urge people to share the research interests. 3 、 Special Treatments for Academic Research Purpose and Aborigines Comparing to the access for the purpose of business operation, Taiwan's regulations favour the research and development that contains collection and hunting for the purpose of academic researches. The regulation gives permits to the access to biological resources for the activities with nature of academic researches. For instance, the Wildlife Conservation Act, National Park Law, and theCultural Heritage Preservation Act allow the access of regulated biological resources, if the academic research unit obtains the permit, or simply inform the management authority. In addition, the access by the aborigines is also protected by the Forestry Act, Cultural Heritage Preservation Act, and the Aboriginal Basic Act. The aborigines have the right to freely access to biological resources such as plants, animals and fungi. 4 、 The Application of Prior Informed Consent (PIC) In topics of the access to and benefit sharing of biological resources, the PIC between parties of interests has been the focus of international regulation. Similarly, when Taiwan was establishing theAboriginal Basic Act, this regulation was included to protect the aborigines' rights to be consulted, to agree, to participate and to share the interests. This conforms to the objective of access and benefit sharing system. 5 、 To Research and Propose the Draft of Genetic Resources Act The existing Wildlife Conservation Act, National Park Law, Forestry Act,Cultural Heritage Preservation Act, Aboriginal Basic Act provide the regulation guidance to the management of the access to biological resources within certain scope. Comparing to the international system of access and benefit sharing, Taiwan's regulation covers only part of the international guidance. For instance, Taiwan has no regulation for the management of wild plants and micro-organism, so there is no regulation to confine the access to wild plants and microorganism. To enlarge the scope of management in terms of the access to Taiwan's biological resources, the government authority has authorize the related scholars to prepare the draft of Genetic Resources Act. The aim of the Genetic Resources Act is to establish the guidance of the access of genetic resources and the sharing of interests in order to preserve the genetic resources. The draft regulates that the bio-prospecting activity should be classified into business and academic, with the premise of not interfering the traditional usages. After classification, application of the permit should be conducted via either general or express process. During the permit application, the prospector, the management authority, and the owner of the prospected land should conclude an agreement jointly. In the event that the prospector wishes to apply for intellectual property rights, the prospector should disclose the origin of the genetic resources and provide the legally effective documents of obtaining these resources. In addition, a Biodiversity Fund should be established to manage the profits derived from genetic resources. The import/export of genetic resources should also be regulated. Violators should be fined.
Brief Introduction to Taiwan Social Innovation PoliciesBrief Introduction to Taiwan Social Innovation Policies 2021/09/13 1. Introduction The Millennium Development Goals (MDGs)[1] set forth by the United Nations in 2000 are carried out primarily by nations and international organizations. Subsequently, the Sustainable Development Goals (SDGs) set forth by the United Nations in 2015 started to delegate the functions to organizations of all levels. Presently, there is a global awareness of the importance of balancing “economic growth”, “social progress”, and “environmental protection” simultaneously during development. In the above context, many similar concepts have arisen worldwide, including social/solidarity economy, social entrepreneurship and social enterprise, and social innovation. Generally, social innovation aims to alter the interactions between various groups in society through innovative applications of technology or business models, and to find new ways to solve social problems through such alterations. In other words, the goal is to use innovative methods to solve social problems.The difference between social innovation and social enterprise is that social enterprise combines commercial power to achieve its social mission under a specific perspective, while social innovation creates social value through cooperation with and coordination among technology, resources, and communities under a diversified nature. 2. Overview of Taiwan Social Enterprise Policy To integrate into the global community and assist in the development of domestic social innovation, Taiwan’s Executive Yuan launched the “Social Enterprise Action Plan” in 2014, which is the first policy initiative to support social enterprises (from 2014 to 2016).Under this policy initiative, through consulting with various ministries and applying methods such as “amending regulations”, “building platforms”, and “raising funds”, the initiative set to create an environment with favorable conditions for social innovation and start-ups. At this stage, the initiative was adopted under the principle of “administrative guidance before legislation” in order to encourage private enterprise development without excessive burden, and avoid regulations restricting the development of social enterprises, such as excessive definition of social enterprises. Moreover, for preserving the original types of these enterprises, this Action Plan did not limit the types of social enterprises to companies, non-profit organizations, or other specific types of organizations. To sustain the purpose of the Social Enterprise Action Plan and to echo and reflect the 17 sustainable development goals proposed in SDGs by the United Nations, the Executive Yuan launched the “Social Innovation Action Plan” (effective from 2018 to 2022) in 2018 to establish a friendly development environment for social innovation and to develop diversified social innovation models through the concept of “openness, gathering, practicality, and sustainability”.In this Action Plan, “social innovation” referred to “social innovation organizations” that solve social problems through technology or innovative business models. The balancing of the three managerial goals of society, environment value, and profitability is the best demonstration of the concept of social innovation. 3. Government’s Relevant Social Enterprise Policy and Resources The ministries of the Taiwan Government have been promoting relevant policies in accordance with the Social Innovation Action Plan issued by the Executive Yuan in 2018, such as the “Registration System for Social Innovation Enterprises” (counseling of social enterprises), the “Buying Power - Social Innovation Products and Services Procurement”, the “Social Innovation Platform” established by the Ministry of Economic Affairs, the “Social Innovation Manager Training Courses”, the “Promoting Social Innovation and Employment Opportunities” administered by the Ministry of Labor, and the “University Social Responsibility Program” published by the Ministry of Education. Among the above policies stands out the measures adopted by the Ministry of Economic Affairs, and a brief introduction of those policies are as follows: i. Social Innovation Platform To connect all resources involved in social issues to promote social innovation development in Taiwan, the Ministry of Economic Affairs established the “Social Innovation Platform”.[2] With visibility through the Social Innovation Platform, it has become more efficient to search for targets in a public and transparent way and to assist with the input of resources originally belonging to different fields in order to expand social influence. As a digital platform gathering “social innovation issues in Taiwan,” the Social Innovation Platform covers multiple and complete social innovation resources, which include the “SDGs Map” constructed on the Social Innovation Platform, by which we can better understand how county and city governments in Taiwan implement SDGs and Voluntary Local Review Reports, and which allow us to search the Social Innovation Database[3] and the registered organizations, by which citizens, enterprises, organizations, and even local governments concerned with local development can find their partners expediently as possible, establish service lines to proactively assist public or private entities with their needs/resources, and continue to enable the regional revitalization organizations, ministries, and enterprises to identify and put forward their needs for social innovation through the function of “Social Innovation Proposals”, which assist social innovation organizations with visibility while advancing cooperation and expanding social influence. In addition, the “Event Page” was established on the Social Innovation Platform and offers functions, such as the publishing, searching, and sorting of events in four major dimensions with respect to social innovation organization, governments, enterprises, and citizens; and encourages citizens, social innovation organizations, enterprises, and governments to devote themselves via open participation to continuously expande the influence of the (Civic Technology) Social Innovation Platform. The “Corporate Social Responsibility Report” collects the corporate social responsibility reports, observes the distribution of resources for sustainable development by corporations in Taiwan, offers filtering functions by regions, keyword, popular rankings, and or SDGs types, and provides contact information and a download function for previous years’ reports, in order to effectively assist social innovation organizations to obtain a more precise understanding of the status quo, needs, and trends with respect to their development of respective products and services. Figure 1: SDGs Map Reference: Social Innovation Platform (https://si.taiwan.gov.tw/) Figure 2: Social Innovation Database Reference: Social Innovation Platform (https://si.taiwan.gov.tw/) Figure 3: Social Innovation Proposals Reference: Social Innovation Platform (https://si.taiwan.gov.tw/) Figure 4: Event Page Reference: Social Innovation Platform (https://si.taiwan.gov.tw/) Figure 5: Corporate Social Responsibility Report Reference: Social Innovation Platform (https://si.taiwan.gov.tw/) ii. Social Innovation Database To encourage social innovation organizations to disclose their social missions, products and services, and to guide society to understand the content of social innovation, and to assist the administrative ministries to be able to utilize such information, the Ministry of Economic Affairs issued the “Principles of Registration of Social Innovation Organizations” to establish the “Social Innovation Database”. Once a social innovation organization discloses the items, such as its social missions, business model, or social influence, it may obtain the relevant promotional assistance resources, including becoming a trade partner with Buying Power (Social Innovation Products and Services Procurement), receiving exclusive consultation and assistance from professionals for social innovation organizations, and becoming qualified to apply to entering into the Social Innovation Lab.Moreover, the Ministry of Economic Affairs is simultaneously consolidating, identifying, and designating the awards and grants offered by the various ministries, policies and measures in respect of investment, and financing and assistance, as resources made available to registered entities. As of 25 May 2021, there were 658 registered social innovation organizations and 96 Social Innovation Partners (enterprises with CSR or ESG resources that recognize the cooperation with social innovation under the social innovation thinking model may be registered as a “Social Innovation Partner”).The public and enterprises can search for organizations registered in the Social Innovation Database through the above-said Social Innovation Platform, the search ability of which advances the exposure of and the opportunities for cooperation with social innovation organizations. Figure 6: Numbers of registered social innovation organizations and accumulated value of purchases under Buying Power Reference: Social Innovation Platform(https://si.taiwan.gov.tw/) iii. Buying Power - Social Innovation Products and Services Procurement In order to continue increasing the awareness on social innovation organizations and related issues and promote responsible consumption and production in Taiwan, as well as to raise the attention of the commercial sector to the sustainability-driven procurement models, the Ministry of Economic Affairs held the first “Buying Power - Social Innovation Products and Services Procurement” event in 2017. Through the award system under the Buying Power, it continues to encourage the governments, state-owned enterprises, private enterprises, and organizations to take the lead in purchasing products or services from social innovation organizations, to provide the relevant resources so as to assist social innovation organizations to obtain resources and to explore business opportunities in the markets, to practice responsible consumption and production, and to promote innovative cooperation between all industries and commerce and social innovation organizations. The aim of the implementation of the Buying Power is to encourage the central and local governments, state-owned enterprises, private enterprises, and non-governmental organizations to purchase products or services from organizations registered in the Social Innovation Database, while prizes will be awarded based on the purchase amounts accumulated during the calculation period. The winners can obtain priority in applying for membership in the Social Innovation Partner Group, with corresponding member services, in the future. Under the Social Innovation Platform, both the amount of purchase awards and the number of applicants for special awards continue to increase.So far, purchases have accumulated to a value of more than NT$1.1 billion (see Figure 6), and more than 300 organizations have proactively participated. iv. Social Innovation Mark In order to promote public awareness of social innovation, the Ministry of Economic Affairs has been charged with the commissioned task of promoting the Social Innovation Mark, and issued “ The Small and Medium Enterprise Administration of the Ministry of Economic Affairs Directions for Authorization of the Social Innovation Mark” as the standard for the authorization of the Social Innovation Mark. Social innovation organizations can use the Mark, through obtaining authorization, to hold Social Innovation Summits or other social innovation activities for promoting social innovation concepts. In order to build the Mark as a conceptual symbol of social innovation, the Ministry of Economic Affairs has been using the Social Innovation Mark in connection with various social innovation activities, such as the Social Innovation Platform, the Buying Power, and the annual Social Innovation Summit. Taking the selection of sponsors of the Social Innovation Summit in 2022 as an example[4], only organizations that have obtained authorization of the Social Innovation Mark can use the Mark to hold the Social Innovation Summit. Figure 7: The Social Innovation Mark of the Small and Medium Enterprise Administration, Ministry of Economic Affairs IV. Conclusion The “Organization for Economic Cooperation and Development” (OECD) regards social innovation as a new strategy for solving future social problems and as an important method for youth entrepreneurship and social enterprise development.Taiwan’s social innovation energy has entered a stage of expansion and development. Through the promotion of the “Social Innovation Action Plan,” the resources from the central and local governments are integrated to establish the Social Innovation Platform, the Social Innovation Database, the Social Innovation Lab, and the Social Innovation Mark. In addition, incentives such as the Buying Power have been created, manifesting the positive influence of Taiwan’s social innovation. [1] MDGs are put forward by the United Nations in 2000, and are also the goals requiring all the 191 member states and at least 22 international organizations of the United Nations to be committed to on their best endeavors, including: 1. eradicating extreme poverty and hunger, 2. applying universal primary education, 3. promoting gender equality and empowering women, 4. reducing child mortality rates, 5. improving maternal health, 6. combatting HIV/AIDS, malaria, and other diseases, 7. ensuring environmental sustainability, and 8. establishing a global partnership for development. [2] Please refer to the Social Innovation Platform: https://si.taiwan.gov.tw/. [3] Please refer to the Social Innovation Database: https://si.taiwan.gov.tw/Home/Org_list. [4] Please refer to the guidelines for the selection of sponsors of the 2022 Social Innovation Summit: https://www.moeasmea.gov.tw/files/6221/4753E497-B422-4303-A8D4-35AE0B4043A9