The Institutionalization of the Taiwan Personal Data Protection Committee - Triumph of Digital Constitutionalism: A Legal Positivism Analysis
2023/07/13
The Legislative Yuan recently passed an amendment to the Taiwan Personal Data Protection Act, which resulted in the institutionalization of the Taiwan Personal Data Protection Commission (hereunder the “PDPC”)[1]. This article aims to analyze the significance of this institutionalization from three different perspectives: legal positivism, digital constitutionalism, and Millian liberalism. By examining these frameworks, we can better understand the constitutional essence of sovereignty, the power dynamics among individuals, businesses, and governments, and the paradox of freedom that the PDPC addresses through governance and trust.
I.Three Layers of Significance
1.Legal Positivism
The institutionalization of the PDPC fully demonstrates the constitutional essence of sovereignty in the hands of citizens. Legal positivism emphasizes the importance of recognizing and obeying (the sovereign, of which it is obeyed by all but does not itself obey to anyone else, as Austin claims) laws that are enacted by legitimate authorities[2]. In this context, the institutionalization of the PDPC signifies the recognition of citizens' rights to control their personal data and the acknowledgment of the sovereign in protecting their privacy. It underscores the idea that the power to govern personal data rests with the individuals themselves, reinforcing the principles of legal positivism regarding sovereign
Moreover, legal positivism recognizes the authority of the state in creating and enforcing laws. The institutionalization of the PDPC as a specialized commission with the power to regulate and enforce personal data protection laws represents the state's recognition of the need to address the challenges posed by the digital age. By investing the PDPC with the authority to oversee the proper handling and use of personal data, the state acknowledges its responsibility to protect the rights and interests of its citizens.
2.Digital Constitutionalism
The institutionalization of the PDPC also rebalances the power structure among individuals, businesses, and governments in the digital realm[3]. Digital constitutionalism refers to the principles and norms that govern the relationship between individuals and the digital sphere, ensuring the protection of rights and liberties[4]. With the rise of technology and the increasing collection and use of personal data, individuals often find themselves at a disadvantage compared to powerful entities such as corporations and governments[5].
However, the PDPC acts as a regulatory body that safeguards individuals' interests, rectifying the power imbalances and promoting digital constitutionalism. By establishing clear rules and regulations regarding the collection, use, and transfer of personal data, the PDPC may set a framework that ensures the protection of individuals' privacy and data rights. It may enforce accountability among businesses and governments, holding them responsible for their data practices and creating a level playing field where individuals have a say in how their personal data is handled.
3.Millian Liberalism
The need for the institutionalization of the PDPC embodies the paradox of freedom, as raised in John Stuart Mill’s “On Liberty”[6], where Mill recognizes that absolute freedom can lead to the infringement of others' rights and well-being. In this context, the institutionalization of the PDPC acknowledges the necessity of governance to mitigate the risks associated with personal data protection.
In the digital age, the vast amount of personal data collected and processed by various entities raises concerns about privacy, security, and potential misuse. The institutionalization of the PDPC represents a commitment to address these concerns through responsible governance. By setting up rules, regulations, and enforcement mechanisms, the PDPC ensures that individuals' freedoms are preserved without compromising the rights and privacy of others. It strikes a delicate balance between individual autonomy and the broader social interest, shedding light on the paradox of freedom.
II.Legal Positivism: Function and Authority of the PDPC
1.John Austin's Concept of Legal Positivism: Sovereignty, Punishment, Order
To understand the function and authority of the PDPC, we turn to John Austin's concept of legal positivism. Austin posited that laws are commands issued by a sovereign authority and backed by sanctions[7]. Sovereignty entails the power to make and enforce laws within a given jurisdiction.
In the case of the PDPC, its institutionalization by the Legislative Yuan reflects the recognition of its authority to create and enforce regulations concerning personal data protection. The PDPC, as an independent and specialized committee, possesses the necessary jurisdiction and competence to ensure compliance with the law, administer punishments for violations, and maintain order in the realm of personal data protection.
2.Dire Need for the Institutionalization of the PDPC
There has been a dire need for the establishment of the PDPC following the Constitutional Court's decision in August 2022, holding that the government needed to establish a specific agency in charge of personal data-related issues[8]. This need reflects John Austin's concept of legal positivism, as it highlights the demand for a legitimate and authoritative body to regulate and oversee personal data protection. The PDPC's institutionalization serves as a response to the growing concerns surrounding data privacy, security breaches, and the increasing reliance on digital platforms. It signifies the de facto recognition of the need for a dedicated institution to safeguard the individual’s personal data rights, reinforcing the principles of legal positivism.
Furthermore, the institutionalization of the PDPC demonstrates the responsiveness of the legislative branch to the evolving challenges posed by the digital age. The amendment to the Taiwan Personal Data Protection Act and the subsequent institutionalization of the PDPC are the outcomes of a democratic process, reflecting the will of the people and their desire for enhanced data protection measures. It signifies a commitment to uphold the rule of law and ensure the protection of citizens' rights in the face of emerging technologies and their impact on privacy.
3.Authority to Define Cross-Border Transfer of Personal Data
Upon the establishment of the PDPC, it's authority to define what constitutes a cross-border transfer of personal data under Article 21 of the Personal Data Protection Act will then align with John Austin's theory on order. According to Austin, laws bring about order by regulating behavior and ensuring predictability in society.
By granting the PDPC the power to determine cross-border data transfers, the legal framework brings clarity and consistency to the process. This promotes order by establishing clear guidelines and standards, reducing uncertainty, and enhancing the protection of personal data in the context of international data transfers.
The PDPC's authority in this regard reflects the recognition of the need to regulate and monitor the cross-border transfer of personal data to protect individuals' privacy and prevent unauthorized use or abuse of their information. It ensures that the transfer of personal data across borders adheres to legal and ethical standards, contributing to the institutionalization of a comprehensive framework for cross-border data transfer.
III.Conclusion
In conclusion, the institutionalization of the Taiwan Personal Data Protection Committee represents the convergence of legal positivism, digital constitutionalism, and Millian liberalism. It signifies the recognition of citizens' sovereignty over their personal data, rebalances power dynamics in the digital realm, and addresses the paradox of freedom through responsible governance. By analyzing the PDPC's function and authority in the context of legal positivism, we understand its role as a regulatory body to maintain order and uphold the principles of legal positivism. The institutionalization of the PDPC serves as a milestone in Taiwan's commitment to protect individuals' personal data and safeguard the digital rights. In essence, the institutionalization of the Taiwan Personal Data Protection Committee represents a triumph of digital constitutionalism, where individuals' rights and interests are safeguarded, and power imbalances are rectified. It also embodies the recognition of the paradox of freedom and the need for responsible governance in the digital age in Taiwan.
Reference:
[1] Lin Ching-yin & Evelyn Yang, Bill to establish data protection agency clears legislative floor, CNA English News, FOCUS TAIWAN, May 16, 2023, https://focustaiwan.tw/society/202305160014 (last visited, July 13, 2023).
[2] Legal positivism, Stanford Encyclopedia of Philosophy, https://plato.stanford.edu/entries/legal-positivism/?utm_source=fbia (last visited July 13, 2023).
[3] Edoardo Celeste, Digital constitutionalism: how fundamental rights are turning digital, (2023): 13-36, https://doras.dcu.ie/28151/1/2023_Celeste_DIGITAL%20CONSTITUTIONALISM_%20HOW%20FUNDAMENTAL%20RIGHTS%20ARE%20TURNING%20DIGITAL.pdf (last visited July 3, 2023).
[4] GIOVANNI DE GREGORIO, DIGITAL CONSTITUTIONALISM IN EUROPE: REFRAMING RIGHTS AND POWERS IN THE ALGORITHMIC SOCIETY 218 (2022).
[5] Celeste Edoardo, Digital constitutionalism: how fundamental rights are turning digital (2023), https://doras.dcu.ie/28151/1/2023_Celeste_DIGITAL%20CONSTITUTIONALISM_%20HOW%20FUNDAMENTAL%20RIGHTS%20ARE%20TURNING%20DIGITAL.pdf (last visited July 13, 2023).
[6] JOHN STUART MILL, On Liberty (1859), https://openlibrary-repo.ecampusontario.ca/jspui/bitstream/123456789/1310/1/On-Liberty-1645644599.pdf (last visited July 13, 2023).
[7] Legal positivism, Stanford Encyclopedia of Philosophy, https://plato.stanford.edu/entries/legal-positivism/?utm_source=fbia (last visited July 13, 2023).
[8] Lin Ching-yin & Evelyn Yang, Bill to establish data protection agency clears legislative floor, CNA English News, FOCUS TAIWAN, May 16, 2023, https://focustaiwan.tw/society/202305160014 (last visited, July 13, 2023).
Taiwan Government passed The「Act for the Development of Biotech and New Pharmaceuticals Industry」for supporting the biopharmaceutical industry. The purpose of the Act is solely for biopharmaceutical industry, and building the leading economic force in Taiwan. To fulfill this goal, the Act has enacted regulations concerning funding, taxation and recruitment especially for the biopharmaceutical industry. The Act has been seen as the recent important law in the arena of upgrading industry regulation on the island. It is also a rare case where single legislation took place for particular industry. After the Act came into force, the government has promulgated further regulations to supplement the Act, including Guidance for MOEA-Approved Biotech and New Pharmaceuticals Company Issuing Stock Certificate, Deductions on Investments in R&D and Personnel Training of Biotech and New Pharmaceuticals Company, Guidance for Deduction Applicable to Shareholders of Profit-Seeking Enterprises -Biotech and New Pharmaceuticals Company etc. The following discussions are going to introduce the Act along with related incentive measures from an integrated standpoint. 1 、 Scope of Application According to Article 3 of the Act, 「Biotech and New Pharmaceuticals Industry」 refers to the industry that deals in New Rugs and High-risk Medical devices used by human beings, animals, and plants; 「Biotech and New Pharmaceuticals Company」 refers to a company in the Biotech and New Pharmaceuticals Industry that is organized and incorporated in accordance with the Company Act and engages in the research, development, and manufacture of new drugs and high-risk medical devices. Thus, the Act applies to company that conducts research and manufacture product in new drug or high-risk medical devices for human and animal use. Furthermore, to become a Biotech and New Pharmaceuticals Company stipulated in the Act, the Company must receive letter of approval to establish as a Biotech and New Pharmaceuticals Company valid for five years. Consequently, company must submit application to the authority for approval by meeting the following requirements: (1) Companies that conduct any R&D activities or clinical trials must receive permission, product registration, or proof of manufacture for such activities from a competent authority. However, for those conducted these activities outside the country will not apply. (2) When applied for funding for the previous year or in the same year, the expense on R&D in the previous year exceeds 5% of the total net revenue within the same year; or the expenses exceeds 10% of the total capital of the company. (3) Hired at least five R&D personnel majored in biotechnology. For New Drug and High-Risk Medical Device are confined in specific areas. New Drug provided in the Act refers to a drug that has a new ingredient, a new therapeutic effect or a new administration method as verified by the central competent authorities. And High-Risk Medical Device refers to a type of Class III medical devices implanted into human bodies as verified by the central competent authorities. Therefore, generic drug, raw materials, unimplanted medical device, and medical device are not qualified as type III, are all not within the scope of the Act and are not the subject matter the Act intends to reward. 2 、 Tax Benefits Article 5, 6 and 7 provided in the Act has followed the footsteps of Article 6 and 8 stipulated of the Statute, amending the rules tailored to the biopharmaceutical industry, and provided tax benefits to various entities as 「Biotech and New Pharmaceuticals Company」, 「Investors of Biotech and New Pharmaceuticals Industry」, 「Professionals and Technology Investors」. (1) Biotech and New Pharmaceuticals Company In an effort to advance the biopharmaceutical industry, alleviate financial burden of the companies and strengthen their R&D capacity. The Act has provided favorable incentive measures in the sector of R&D and personnel training. According to Article 5: 「For the purpose of promoting the Biotech and New Pharmaceuticals Industry, a Biotech and New Pharmaceuticals Company may, for a period of five years from the time it is subject to profit-seeking enterprise income tax payable, enjoy a reduction in its corporate income tax payable, for up to 35% of the total funds invested in research and development (R&D) and personnel training each year.」 Consequently, company could benefit through tax deduction and relieve from the stress of business operation. Moreover, in supporting Biotech and New Pharmaceutical Company to proceed in R&D and personnel training activities, the Act has set out rewards for those participate in ongoing R&D and training activities. As Article 5 provided that」 If the R&D expenditure of a particular year exceeds the average R&D expenditure of the previous two years, or if the personnel training expenditure of a particular year exceeds the average personnel training expenditure of the pervious two years, 50% of the exceed amount in excess of the average may be used to credit against the amount of profit-seeking enterprise income tax payable. 「However, the total amount of investment credited against by the payable corporate income tax in each year shall not exceed 50% of the amount of profit-seeking enterprise income tax payable by a Biotech and New Pharmaceuticals Company in a year, yet this restriction shall not apply to the amount to be offset in the last year of the aforementioned five-year period. Lastly, Article 5 of the Act shall not apply to Biotech and New Pharmaceutical Company that set up headquarters or branches outside of Taiwan. Therefore, to be qualified for tax deduction on R&D and personnel training, the headquarters or branches of the company must be located in Taiwan. (2) Investors of Biotech and New Pharmaceuticals Company To raise funding, expand business development, and attract investor continuing making investments, Article 6 of the Act has stated that 「In order to encourage the establishment or expansion of Biotech and New Pharmaceuticals Companies, a profit-seeking enterprise that subscribes for the stock issued by a Biotech and New Pharmaceuticals Company at the time of the latter's establishment or subsequent expansion; and has been a registered shareholder of the Biotech and New Pharmaceuticals Company for a period of 3 years or more, may, for a period of five years from the time it is subject to corporate income tax, enjoy a reduction in its profit-seeking enterprise income tax payable for up to 20% of the total amount of the price paid for the subscription of shares in such Biotech and New Pharmaceuticals Company.」 Yet 「If the afore-mentioned profit-seeking enterprise is a venture capital company (「VC」), such VC corporate shareholders may, for a period of five years from the fourth anniversary year of the date on which the VC becomes a registered shareholder of the subject Biotech and New Pharmaceuticals Company, enjoy a reduction in their profit-seeking enterprise income tax payable based on the total deductible amount enjoyed by the VC under Paragraph 1 hereof and the shareholders' respective shareholdings in the VC.」 The government enacted this regulation to encourage corporations and VC to invest in biotech and new pharmaceutical company, and thus provide corporate shareholders with 20% of profit-seeking enterprise income tax payable deduction, and provide VC corporate shareholders tax deduction that proportion to its shareholdings in the VC. (3) Top Executives and Technology Investors Top Executives refer to those with biotechnology background, and has experience in serving as officer of chief executive (CEO) or manager; Technology Investors refer to those acquire shares through exchange of technology. As biopharmaceutical industry possesses a unique business model that demands intensive technology, whether top executives and technology investors are willing to participate in a high risk business and satisfy the needs of industry becomes a critical issue. Consequently, Article 7 of the Act stated that 「In order to encourage top executives and technology investors to participate in the operation of Biotech and New Pharmaceuticals Companies and R&D activities, and to share their achievements, new shares issued by a Biotech and New Pharmaceuticals Company to top executives and technology investors (in return of their knowledge and technology) shall be excluded from the amount of their consolidated income or corporate income of the then current year for taxation purposes; provided, however, that if the title to the aforesaid shares is transferred with or without consideration, or distributed as estate, the total purchase price or the market value of the shares at the time of transfer as a gift or distribution as estate shall be deemed income generated in that tax year and such income less the acquisition cost shall be reported in the relevant income tax return.」 Additionally, 「For the title transfer of shares under the preceding paragraph, the Biotech and New Pharmaceuticals Company concerned shall file a report with the local tax authorities within thirty 30 days from the following day of the title transfer.」 Purpose of this regulation is to attract top executives and technology personnel for the company in long-term through defer taxation. Moreover, the Biotech and New Pharmaceutical Company usually caught in a prolong period of losses, and has trouble financing through issuing new shares, as stipulated par value of each share cannot be less than NTD $10.Thus, in order to offer top executive and technology investors incentives and benefits under such circumstances, Article 8 has further provided that」Biotech and New Pharmaceutical Companies may issue subscription warrants to its top executives and technology investors, provided that the proposal for the issuance of the aforesaid subscription warrants shall pass resolution adopted by a majority votes of directors attended by at least two-thirds (2/3) of all the directors of the company; and be approved by the competent authorities. Holders of the subscription warrants may subscribe a specific number of shares at the stipulated price. The amount of stipulated price shall not be subject to the minimum requirement, i.e. par value of the shares, as prescribed under Article 140 of the Company Act. Subscription of the shares by exercising the subscription warrant shall be subject to income tax in accordance with Article 7 hereof. if a Biotech and New Pharmaceutical Company issue new shares pursuant to Article 7 hereof, Article 267 of the Company Act shall not apply. The top executives and technology investors shall not transfer the subscription warrant acquired to pursuant to this Article.」 These three types of tax benefits are detailed incentive measures tailor to the biopharmaceutical industry. However, what is noteworthy is the start date of the benefits provided in the Act. Different from the Statue, the Act allows company to enjoy these benefits when it begins to generate profits, while the Statute provides company tax benefits once the authority approved its application in the current year. Thus, Biotech and New Pharmaceuticals Company enjoys tax benefits as the company starts to make profit. Such approach reflects the actual business operation of the industry, and resolves the issue of tax benefits provided in the Statue is inapplicable to the biopharmaceutical industry. 3 、 Technical Assistance and Capital Investment Due to the R&D capacity and research personnel largely remains in the academic circle, in order to encourage these researchers to convert R&D efforts into commercial practice, the government intends to enhance the collaboration among industrial players, public institutions, and the research and academic sectors, to bolster the development of Biotech and New Pharmaceuticals Company. However, Article 13 of Civil Servants Service Act prohibits officials from engaging in business operation, the Act lifts the restriction on civil servants. According to Article 10 of the Act provided that」For a newly established Biotech and New Pharmaceuticals Company, if the person providing a major technology is a research member of the government research organization, such person may, with the consent of the government research organization, acquired 10% or more of the shares in the Biotech and New Pharmaceuticals Company at the time of its establishment, and act as founder, director, or technical adviser thereof. In such case, Article 13 of the Civil Servants Service Act shall not apply. And the research organization and research member referred to thereof shall be defined and identified by the Executive Yuan, in consultation with the Examination Yuan.」 This regulation was enacted because of the Civil Servants Services Act provided that public officials are not allowed to be corporate shareholders. However, under certain regulations, civil servants are allowed to be corporate shareholders in the sector of agriculture, mining, transportation or publication, as value of the shares cannot exceed 10% of the total value of the company, and the civil servant does not served in the institution. In Taiwan, official and unofficial research institution encompasses most of the biotechnology R&D capacity and research personnel. If a researcher is working for a government research institution, he would be qualified as a public servant and shall be governed by the Civil Servants Service Act. As a result of such restriction, the Act has lifted the restriction and encouraged these researchers to infuse new technologies into the industry. At last, for advancing the development of the industry, Article 11 also provided that 」R&D personnel of the academic and research sectors may, subject to the consent of their employers, served as advisors or consultants for a Biotech and New Pharmaceuticals Company.」 4 、 Other Regulations For introducing and transferring advanced technology in support of the biopharmaceutical industry, Article 9 stated that 「Organization formed with government funds to provide technical assistance shall provide appropriate technical assistance as may be necessary.」 Besides technical assistance, government streamlines the review process taken by various regulatory authorities, in order to achieve an improved product launch process result in faster time-to-market and time-to profit. As Article 12 provided that 「the review and approval of field test, clinical trials, product registration, and others, the central competent authorities shall establish an open and transparent procedure that unifies the review system.」
Post Brexit – An Update on the United Kingdom Privacy RegimePost Brexit – An Update on the United Kingdom Privacy Regime 2021/9/10 After lengthy talks, on 31 January 2020, the United Kingdom (‘UK’) finally exited the European Union (‘EU’). Then, the UK shifted into a transition period. The UK government was bombarded with questions from all stakeholders. In particular, the data and privacy industry yelled out the loudest – what am I going to do with data flowing from the EU to the UK? Privacy professionals queried – would the UK have a new privacy regime that significantly departs from the General Data Protection Regulation (‘GDPR’)? Eventually, the UK made a compromise with all stakeholders – the British, the Europeans and the rest of the world – by bridging its privacy laws with the GDPR. On 28 June 2021, the UK obtained an adequacy decision from the EU.[1] This was widely anticipated but also widely known to be delayed, as it was heavily impacted by the aftermaths of the invalidation of the US- EU Privacy Shield.[2] While the rest of the world seems to silently observe the transition undertaken by the UK, post-Brexit changes to the UK’s privacy regime is not only a domestic or regional matter, it is an international matter. Global supply chains and cross border data flows will be affected, shuffling the global economy into a new order. Therefore, it is crucial as citizens of a digital economy to unpack and understand the current UK privacy regime. This paper intends to give the reader a brief introduction to the current privacy regime of the UK. The author proposes to set out the structure of the UK privacy legislation, and to discuss important privacy topics. This paper only focuses on the general processing regime, which is the regime that is most relevant to general stakeholders. UK Privacy Legislation There are two main privacy legislation in the UK – the Data Protection Act 2018 (‘DPA’) and the United Kingdom General Data Protection Act (‘UK GDPR’). These two acts must be read together in order to form a coherent understanding of the current UK privacy regime. The UK GDPR is the creature of Brexit. The UK government wanted a smooth transition out of the EU and acknowledged that they needed to preserve the GDPR in their domestic privacy regime to an extent that would allow them to secure an adequacy decision. The UK government also wanted to create less impact on private companies. Thus, the UK GDPR was born. Largely it aligns closely with the GDPR, supplemented by the DPA. ICO The Information Commissioner’s Office (‘ICO’) is the independent authority supervising the compliance of privacy laws in the UK. Prior to Brexit, the ICO was the UK’s supervisory authority under the GDPR. A unique feature of the ICO’s powers and functions is that it adopts a notice system. The ICO has power to issue four types of notices: information notices, assessment notices, enforcement notices and penalty notices.[3] The information notice requires controllers or processors to provide information. The ICO must issue an assessment notice before conducting data protection audits. Enforcement is only exercisable by giving an enforcement notice. Administrative fines are only exercisable by giving a penalty notice. Territorial Application Section 207(1A) of the DPA states that the DPA applies to any controller or processor established in the UK, regardless where the processing of personal data takes place. Like the GDPR, the DPA and the UK GDPR have an extraterritorial reach to overseas controllers or processors. The DPA and the UK GDPR apply to overseas controllers or processors who process personal data relating to data subjects in the UK, and the processing activities are related to the offering of goods or services, or the monitoring of data subjects’ behavior.[4] Transfers of Personal Data to Third Countries On 28 June 2021, the UK received an adequacy decision from the EU.[5] This means that until 27 June 2025, data can continue to flow freely between the UK and the European Economic Area (‘EEA’). As for transferring personal data to third countries other than the EU, the UK has similar laws to the GDPR. Both the DPA and the UK GDPR restrict controllers or processors from transferring personal data to third countries. A transfer of personal data to a third country is permitted if it is based on adequacy regulations.[6] An EU adequacy decision is known as ‘adequacy regulations’ under the UK regime. If there is no adequacy regulations, then a transfer of personal data to a third country will only be permitted if it is covered by appropriate safeguards, including standard data protection clauses, binding corporate rules, codes of conduct, and certifications.[7] The ICO intends to publish UK standard data protection clauses in 2021.[8] In the meantime, the EU has published a new set of standard data protection clauses (‘SCCs’).[9] However, it must be noted that the EU SCCs are not accepted to be valid in the UK, and may only be used for reference purposes. It is also worth noting that the UK has approved three certification schemes to assist organizations in demonstrating compliance to data protection laws.[10] Lawful Bases for Processing Basically, the lawful bases for processing in the UK regime are the same as the GDPR. Six lawful bases are set out in article 6 of the UK GDPR. To process personal data, at least one of the following lawful bases must be satisfied:[11] The data subject has given consent to the processing; The processing is necessary for the performance of a contract; The processing is necessary for compliance with a legal obligation; The processing is necessary to protect vital interests of an individual – that is, protecting an individual’s life; The processing is necessary for the performance of a public task; The processing is necessary for the purpose of legitimate interests, unless other interests or fundamental rights and freedoms override those legitimate interests. Rights & Exemptions The UK privacy regime, like the GDPR, gives data subjects certain rights. Most of the rights granted under the UK privacy regime is akin to the GDPR and can be found under the UK GDPR. Individual rights under the UK privacy regime is closely linked with its exemptions, this may be said to be a unique feature of the UK privacy regime which sets it apart from the GDPR. Under the DPA and the UK GDPR, there are certain exemptions, meaning organizations are exempted from certain obligations, most of them are associated with individual rights. For example, if data is processed for scientific or historical research purposes, or statistical purposes, organizations are exempted from provisions on the right of access, the right to rectification, the right to restrict processing and the right to object in certain circumstances.[12] Penalties The penalty for infringement of the UK GDPR is the amount specified in article 83 of the UK GDPR.[13] If an amount is not specified, the penalty is the standard maximum amount.[14] The standard maximum amount, at the time of writing, is £8,700,000 (around 10 million Euros) or 2% of the undertaking’s total annual worldwide turnover in the preceding financial year.[15] In any other case, the standard maximum amount is £8,700,000 (around 10 million Euros).[16] Conclusion The UK privacy regime closely aligns with the GDPR. However it would be too simple of a statement to say that the UK privacy regime is almost identical to the GDPR. The ICO’s unique enforcement powers exercised through a notice system is a distinct feature of the UK privacy regime. Recent legal trends show that the UK while trying to preserve its ties with the EU is gradually developing an independent privacy persona. The best example is that in regards to transfers to third countries, the UK has developed its first certification scheme and is attempting to develop its own standard data protection clauses. The UK’s transition out of the EU has certainly been interesting; however, the UK’s transformation from the EU is certainly awaited with awe. [1] Commission Implementing Decision of 28.6.2021, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom, C(2021) 4800 final,https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf.. [2] Judgment of 16 July 2020, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems, C-311/18, EU:C:2020:559, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62018CJ0311. [3] Data Protection Act 2018, §115. [4] Data Protection Act 2018, §207(1A); REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 3. [5] supra note 1. [6] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 44-50. [7] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 46-47. [8]International transfers after the UK exit from the EU Implementation Period, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/ (last visited Sep. 10, 2021). [9] Standard contractual clauses for international transfers, European Commission, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en (last visited Sep. 10, 2021). [10] ICO, New certification schemes will “raise the bar” of data protection in children’s privacy, age assurance and asset disposal, ICO, Aug. 19, 2021, https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/08/ico-approves-the-first-uk-gdpr-certification-scheme-criteria/ (last visited Sep. 10, 2021). [11] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 6(1)-(2); Lawful basis for processing, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ (last visited Sep. 10, 2021). [12] Data Protection Act 2018, sch 2, part 6, para 27. [13] id. at §157. [14] id. [15] id. [16] id.
The Status of Taiwan's Regulations Concerning with Access to Biological ResourcesPreface In actual practice, the research and development of biotech medicine, food, and environmental products cannot be done by in-lab researches. This is a unique character of the biotechnology industry. To get the research going, the researchers need to search for and exploit new biological materials and, samples outside the lab. Therefore, the access to and management of biological resources have significant impact on the stimulation and development of national biotech industry. Ever since the enforcement of Convention on Biological Diversity (CBD) in 1992 by 172 countries, a general principal about conserving biological diversity and using biological resources has been set. According to CBD, States have sovereign rights over their own biological resources. CBD also encourages each State to access to and manage the biological resources conformed with the principals of conservation, sustainability, NOEL environment friendly, and adequate sharing of benefit arising from biological resources. Therefore, issues such as environmental protection and sustainability have become political issues internationally. If the ABS system for the access to biological resources is designed too strictly, the establishment of the system will make the research and development staffs and related institutions hang back with hesitation both domestically and internationally. Their intention of bioprospecting in the designated country will then be reduced. On the other hand, if the system is designed too loosely, it will not be able to protect the rights of the owner of the resources. As a result, currently, every country holds a cautious attitude in setting up the regulations of managing the access to biological resources. Currently, many countries and regional international organizations already set up ABS system, such as Andean Community, African Union, Association of Southeast Asia Nations (ASEAN), Australia, South Africa, and India, all are enthusiastic with the establishment of the regulations regarding the access management of biological resources and genetic resources. On the other hand, there are still many countries only use traditional and existing conservation-related regulations to manage the access of biological resources. Since it has been more than 10 years that the regulation of access to biological resources and benefit sharing has been developed in some countries, how is Taiwan's current situation regarding this issue? Taiwan's Existing Regulations on the Access to Bioloical Resources In terms of regulations, Taiwan's existing management style of the access to biological resources is similar to that of the US and the EU. It refers to the existing regulations on environmental protection and conservation, and evaluates from the perspective of environmental protection to control and manage the exploitation and application of the related biological resources. These regulations include the Wildlife Conservation Act, theNational Park Law, the Forestry Act, the Cultural Heritage Preservation Act, and the Aboriginal Basic Act. The paragraphs below describe the contents of the acts mentioned that are related to the access to biological resources. 1 、 Wildlife Conservation Act According to the Wildlife Conservation Act, the Protected Species and the products made of cannot be hunted, traded, owned, imported, exported, raised, bred, and processed unless the number of protected wildlife has exceeded the amount the environment permits, or carry the objectives of academic research and education with the permits of central or regional authorities. As for the hunting of General Wildlife, pre-application and approval is needed with the exception of projects based on the objectives of academic research or education. In addition, the import and export of the living wildlife and the products of Protected Wildlife are restricted to the condition of being permitted by management authority. With respect to the import and export of living Protected Wildlife, Academic research institutions and colleagues are the only person who can seek for the approval of management authority before they proceed. 2 、 National Park Law The design and management of Taiwan's national parks are based on the regulations listed in the National Park Law with the purpose of protecting our country's exclusive natural scenery, wildlife and historical spots. Based on the properties and the nature of resources, the national park management structures the preserved area into general control area, playground and resting area, spot of historical interest, special landmark area, and ecological protection area. Ecological protection area refers to the areas where the natural surroundings, creatures, the society they live and propagate are strictly protected only for the research of ecology. According to the regulation of National Park Law, inside the national park area, it is prohibited to hunt animals, fish, take off flowers or trees, not to mention the behaviours that are prohibited by the management authority. Exceptions are made based on the conditions of preserved areas and for the research purposes. In the general control area or resting area, the national park authority allows fishing or other activities agreed by the authority. However, these activities are prohibited in the preserved area of historical interest, special landmark area, and ecological protection area. To suit special purposes, in the special landmark area or ecological protection area, collection of specimens is allowed subject to the approval of authority. Under the purpose of academic research, better management of public safety, and special management of national park, the Ministry of the Interior will permit the collection of specimen. However, to enter the ecological protection area, one must obtain the permission of authority. 3 、 Forestry Act To protect the forest resources and to maximize the public welfare and economic effectiveness, some of the properties are classified as forestry land and being managed by authority. Based on the Forestry Act, management authority has to restrict the area of cutting timber and to identify the area or period of restricted digging of greensward, tree roots, and grass roots, based on the condition of the forest. In addition, to maintain the current ecological environment in the forest, and to preserve the diversity of species, identification of natural preserved area is needed inside the forestland. The entrance and exit of human and vehicles are controlled based on the nature of the resources inside the preserve area. Unless obtaining the approval from the management authority, not a single activity of damaging, logging or digging soil, stones, greensward and roots is allowed. Furthermore, any unauthorized activity of collecting specimen inside the forest recreation area and natural reserve will be fined. Collecting flowers and plants in these areas, or trespassing the natural reserve will also be fined. Only the activities taken by the aborigines to sustain their living or accommodate their customs are not restricted. 4 、 Cultural Heritage Preservation Act The objectives of setting up the Cultural Heritage Preservation Act are to preserve and apply the cultural resources, to enrich the spiritual lives of citizens, and to add glory to the existing diverse cultures. The Cultural Heritage Preservation Act classifies the natural landscape and scenery as cultural assets. Vistas of Natural Culture refer to the natural areas, landforms, plants and mineral which contain the values of preservation. It can be further grouped into natural preserved area and natural monuments. Since the natural monuments include the unusual plants and mineral, it is connected to the management of biological resources. According to the Cultural Heritage Preservation Act, unless approved by the management authority, it is prohibited to collect, log, destroy the plants or bio resources classified as natural monuments or trespass into the area of natural preserve. For the purposes of academic research, or for the memorial ceremony of aboriginal custom, research institute and the aborigines can collect the natural monuments without the approval of authority. 5 、 Aboriginal Basic Act To protect the basic rights of the aborigines, and to sustain and develop the aboriginal society, the Aboriginal Basic Act was designed and enacted. The government not only admits the aborigine's rights in lands and natural resources, but also permits the non-profit behaviour such as hunting of wildlife, colleting of wild plants and fungi for the objective of complying with traditional culture, ceremony or private uses. In addition, the Aboriginal Basic Act provides the requirement of Prior Informed Consent (PIC) to require government or private individual to inform the aborigines before they proceed with land development, resource exploitation, ecological preservation, and academic research in the land where the aborigines live. They need to consult and obtain the aborigines' agreement or participation, and to share the related interests derived from this project. In the case of restricting the aborigine's right of the use of land or natural resources by law, the government,shall consult with the aborigines or the tribe and reach the agreement. When the government wish to design and establish national park, national scenic area, forestry area, ecological protection area, recreational area, or other resource management authorities, the government should obtain the agreement from the local aborigines and to build up the co-management mechanism.
The Research on ownership of cell therapy productsThe Research on ownership of cell therapy products 1. Issues concerning ownership of cell therapy products Regarding the issue of ownership interests, American Medical Association(AMA)has pointed out in 2016 that using human tissues to develop commercially available products raises question about who holds property rights in human biological materials[1]. In United States, there have been several disputes concern the issue of the whether the donor of the cell therapy can claim ownership of the product, including Moore v. Regents of University of California(1990)[2], Greenberg v. Miami Children's Hospital Research Institute(2003)[3], and Washington University v. Catalona(2007)[4]. The courts tend to hold that since cells and tissues were donated voluntarily, the donors had already lost their property rights of their cells and tissues at the time of the donation. In Moore case, even if the researchers used Moore’s cells to obtain commercial benefits in an involuntary situation, the court still held that the property rights of removed cells were not suitable to be claimed by their donor, so as to avoid the burden for researcher to clarify whether the use of cells violates the wishes of the donors and therefore decrease the legal risk for R&D activities. United Kingdom Medical Research Council(MRC)also noted in 2019 that the donated human material is usually described as ‘gifts’, and donors of samples are not usually regarded as having ownership or property rights in these[5]. Accordingly, both USA and UK tends to believe that it is not suitable for cell donors to claim ownership. 2. The ownership of cell therapy products in the lens of Taiwan’s Civil Code In Taiwan, Article 766 of Civil Code stipulated: “Unless otherwise provided by the Act, the component parts of a thing and the natural profits thereof, belong, even after their separation from the thing, to the owner of the thing.” Accordingly, many scholars believe that the ownership of separated body parts of the human body belong to the person whom the parts were separated from. Therefore, it should be considered that the ownership of the cells obtained from the donor still belongs to the donor. In addition, since it is stipulated in Article 406 of Civil Code that “A gift is a contract whereby the parties agree that one of the parties delivers his property gratuitously to another party and the latter agrees to accept it.”, if the act of donation can be considered as a gift relationship, then the ownership of the cells has been delivered from donor to other party who accept it accordingly. However, in the different versions of Regenerative Medicine Biologics Regulation (draft) proposed by Taiwan legislators, some of which replace the term “donor” with “provider”. Therefore, for cell providers, instead of cell donors, after providing cells, whether they can claim ownership of cell therapy product still needs further discussion. According to Article 69 of the Civil Code, it is stipulated that “Natural profits are products of the earth, animals, and other products which are produced from another thing without diminution of its substance.” In addition, Article 766 of the Civil Code stipulated that “Unless otherwise provided by the Act, the component parts of a thing and the natural profits thereof, belong, even after their separation from the thing, to the owner of the thing.” Thus, many scholars believe that when the product is organic, original substance and the natural profits thereof are all belong to the owner of the original substance. For example, when proteins are produced from isolated cells, the proteins can be deemed as natural profits and the ownership of proteins and isolated cells all belong to the owner of the cells[6]. Nevertheless, according to Article 814 of the Civil Code, it is stipulated that “When a person has contributed work to a personal property belonging to another, the ownership of the personal property upon which the work is done belongs to the owner of the material thereof. However, if the value of the contributing work obviously exceeds the value of the material, the ownership of the personal property upon which the work is done belongs to the contributing person.” Thus, scholar believes that since regenerative medical technology, which induces cell differentiation, involves quite complex biotechnology technology, and should be deemed as contributing work. Therefore, the ownership of cell products after contributing work should belongs to the contributing person[7]. Thus, if the provider provides the cells to the researcher, after complex biotechnology contributing work, the original ownership of the cells should be deemed to have been eliminated, and there is no basis for providers to claim ownership. However, since the development of cell therapy products involves a series of R&D activities, it still need to be clarified that who is entitled to the ownership of the final cell therapy products. According to Taiwan’s Civil Code, the ownership of product after contributing work should belongs to the contributing person. However, when there are numerous contributing persons, which person should the ownership belong to, might be determined on a case-by-case basis. 3. Conclusion The biggest difference between cell therapy products and all other small molecule drugs or biologics is that original cell materials are provided by donors or providers, and the whole development process involves numerous contributing persons. Hence, ownership disputes are prone to arise. In addition to the above-discussed disputes, United Kingdom Co-ordinating Committee on Cancer Research(UKCCCR)also noted that there is a long list of people and organizations who might lay claim to the ownership of specimens and their derivatives, including the donor and relatives, the surgeon and pathologist, the hospital authority where the sample was taken, the scientists engaged in the research, the institution where the research work was carried out, the funding organization supporting the research and any collaborating commercial company. Thus, the ultimate control of subsequent ownership and patent rights will need to be negotiated[8]. Since the same issues might also occur in Taiwan, while developing cell therapy products, carefully clarifying the ownership between stakeholders is necessary for avoiding possible dispute. [1]American Medical Association [AMA], Commercial Use of Human Biological Materials, Code of Medical Ethics Opinion 7.3.9, Nov. 14, 2016, https://www.ama-assn.org/delivering-care/ethics/commercial-use-human-biological-materials (last visited Jan. 3, 2021). [2]Moore v. Regents of University of California, 793 P.2d 479 (Cal. 1990) [3]Greenberg v. Miami Children's Hospital Research Institute, 264 F. Suppl. 2d, 1064 (SD Fl. 2003) [4]Washington University v. Catalona, 490 F 3d 667 (8th Cir. 2007) [5]Medical Research Council [MRC], Human Tissue and Biological Samples for Use in Research: Operational and Ethical Guidelines, 2019, https://mrc.ukri.org/publications/browse/human-tissue-and-biological-samples-for-use-in-research/ (last visited Jan. 3, 2021). [6]Wen-Hui Chiu, The legal entitlement of human body, tissue and derivatives in civil law, Angle Publishing, 2016, at 327. [7]id, at 341. [8]Okano, M., Takebayashi, S., Okumura, K., Li, E., Gaudray, P., Carle, G. F., & Bliek, J. UKCCCR guidelines for the use of cell lines in cancer research.Cytogenetic and Genome Research,86(3-4), 1999, https://europepmc.org/backend/ptpmcrender.fcgi?accid=PMC2363383&blobtype=pdf (last visited Jan. 3, 2021).