Hard Law or Soft Law? –Global AI Regulation Developments and Regulatory Considerations

Hard Law or Soft Law?
–Global AI Regulation Developments and Regulatory Considerations

2023/08/18

Since the launch of ChatGPT on November 30, 2022, the technology has been disrupting industries, shifting the way things used to work, bringing benefits but also problems. Several law suits were filed by artists, writers and voice actors in the US, claiming that the usage of copyright materials in training generative AI violates their copyright.[1] AI deepfake, hallucination and bias has also become the center of discussion, as the generation of fake news, false information, and biased decisions could deeply affect human rights and the society as a whole.[2]

To retain the benefits of AI without causing damage to the society, regulators around the world have been accelerating their pace in establishing AI regulations. However, with the technology evolving at such speed and uncertainty, there is a lack of consensus on which regulation approach can effectively safeguard human rights while promoting innovation. This article will provide an overview of current AI regulation developments around the world, a preliminary analysis of the pros and cons of different regulation approaches, and point out some other elements that regulators should consider.

I. An overview of the current AI regulation landscape around the world

The EU has its lead in legislation, with its parliament adopting its position on the AI ACT in June 2023, heading into trilogue meetings that aim to reach an agreement by the end of this year.[3] China has also announced its draft National AI ACT, scheduled to enter its National People's Congress before the end of 2023.[4] It already has several administration rules in place, such as the 2021 regulation on recommendation algorithms, the 2022 rules for deep synthesis, and the 2023 draft rules on generative AI.[5]

Some other countries have been taking a softer approach, preferring voluntary guidelines and testing schemes. The UK published its AI regulation plans in March, seeking views on its sectoral guideline-based pro-innovation regulation approach.[6] To minimize uncertainty for companies, it proposed a set of regulatory principles to ensure that government bodies develop guidelines in a consistent manner.[7] The US National Institute of Standards and Technology (NIST) released the AI Risk Management Framework in January[8], with a non-binding Blueprint for an AI Bill of Rights published in October 2022, providing guidance on the design and use of AI with a set of principles.[9] It is important to take note that some States have drafted regulations on specific subjects, such as New York City’s Final Regulations on Use of AI in Hiring and Promotion came into force in July 2023.[10] Singapore launched the world’s first AI testing framework and toolkit international pilot in May 2022, with the assistance of AWS, DBS Bank, Google, Meta, Microsoft, Singapore Airlines, etc. After a year of testing, it open-sourced the software toolkit in July 2023, to better develop the system.[11]

There are also some countries still undecided on their regulation approach. Australia commenced a public consultation on its AI regulatory framework proposal in June[12], seeking views on its draft AI risk management approach.[13] Taiwan’s government announced in July 2023 to propose a draft AI basic law by September 2023, covering topics such as AI-related definition, privacy protections, data governance, risk management, ethical principles, and industrial promotion.[14] However, the plan was recently postponed, indicating a possible shift towards voluntary or mandatory government principles and guidance, before establishing the law.[15]

II. Hard law or soft law? The pros and cons of different regulatory approaches

One of the key advantages of hard law in AI regulation is its ability to provide binding legal obligations and legal enforcement mechanisms that ensure accountability and compliance.[16] Hard law also provides greater legal certainty, transparency and remedies for consumers and companies, which is especially important for smaller companies that do not have as many resources to influence and comply with fast-changing soft law.[17] However, the legislative process can be time-consuming, slower to update, and less agile.[18] This poses the risk of stifling innovation, as hard law inevitably cannot keep pace with the rapidly evolving AI technology.[19]

In contrast, soft law represents a more flexible and adaptive approach to AI regulation. As the potential of AI still remains largely mysterious, government bodies can formulate principles and guidelines tailored to the regulatory needs of different industry sectors.[20] In addition, if there are adequate incentives in place for actors to comply, the cost of enforcement could be much lower than hard laws. Governments can also experiment with several different soft law approaches to test their effectiveness.[21] However, the voluntary nature of soft law and the lack of legal enforcement mechanisms could lead to inconsistent adoption and undermine the effectiveness of these guidelines, potentially leaving critical gaps in addressing AI's risks.[22] Additionally, in cases of AI-related harms, soft law could not offer effective protection on consumer rights and human rights, as there is no clear legal obligation to facilitate accountability and remedies.[23]

Carlos Ignacio Gutierrez and Gary Marchant, faculty members at Arizona State University (ASU), analyzed 634 AI soft law programs against 100 criteria and found that two-thirds of the program lack enforcement mechanisms to deliver its anticipated AI governance goals. He pointed out that credible indirect enforcement mechanisms and a perception of legitimacy are two critical elements that could strengthen soft law’s effectiveness.[24] For example, to publish stem cell research in top academic journals, the author needs to demonstrate that the research complies with related research standards.[25] In addition, companies usually have a greater incentive to comply with private standards to avoid regulatory shifts towards hard laws with higher costs and constraints.[26]

III. Other considerations

Apart from understanding the strengths and limitations of soft law and hard law, it is important for governments to consider each country’s unique differences. For example, Singapore has always focused on voluntary approaches as it acknowledges that being a small country, close cooperation with the industry, research organizations, and other governments to formulate a strong AI governance practice is much more important than rushing into legislation.[27] For them, the flexibility and lower cost of soft regulation provide time to learn from industries to prevent forming rules that aren’t addressing real-world issues.[28] This process allows preparation for better legislation at a later stage.

Japan has also shifted towards a softer approach to minimize legal compliance costs, as it recognizes its slower position in the AI race.[29] For them, the EU AI Act is aiming at regulating Giant Tech companies, rather than promoting innovation.[30] That is why Japan considers that hard law does not suit the industry development stage they’re currently in.[31] Therefore, they seek to address legal issues with current laws and draft relevant guidance.[32]

IV. Conclusion

As the global AI regulatory landscape continues to evolve, it is important for governments to consider the pros and cons of hard law and soft law, and also country-specific conditions in deciding what’s suitable for the country. Additionally, a regular review on the effectiveness and impact of their chosen regulatory approach on AI’s development and the society is recommended.

 

[1] ChatGPT and Deepfake-Creating Apps: A Running List of Key AI-Lawsuits, TFL, https://www.thefashionlaw.com/from-chatgpt-to-deepfake-creating-apps-a-running-list-of-key-ai-lawsuits/ (last visited Aug 10, 2023); Protection for Voice Actors is Artificial in Today’s Artificial Intelligence World, The National Law Review, https://www.natlawreview.com/article/protection-voice-actors-artificial-today-s-artificial-intelligence-world (last visited Aug 10, 2023).

[2] The politics of AI: ChatGPT and political bias, Brookings, https://www.brookings.edu/articles/the-politics-of-ai-chatgpt-and-political-bias/ (last visited Aug 10, 2023); Prospect of AI Producing News Articles Concerns Digital Experts, VOA, https://www.voanews.com/a/prospect-of-ai-producing-news-articles-concerns-digital-experts-/7202519.html (last visited Aug 10, 2023).

[3] EU AI Act: first regulation on artificial intelligence, European Parliament, https://www.europarl.europa.eu/news/en/headlines/society/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence (last visited Aug 10, 2023).

[4] 中國國務院發布立法計畫 年內審議AI法草案,經濟日報(2023/06/09),https://money.udn.com/money/story/5604/7223533 (last visited Aug 10, 2023).

[5] id

[6] A pro-innovation approach to AI regulation, GOV.UK, https://www.gov.uk/government/publications/ai-regulation-a-pro-innovation-approach/white-paper (last visited Aug 10, 2023).

[7] id

[8] AI RISK MANAGEMENT FRAMEWORK, NIST, https://www.nist.gov/itl/ai-risk-management-framework (last visited Aug 10, 2023).

[9] The White House released an ‘AI Bill of Rights’, CNN, https://edition.cnn.com/2022/10/04/tech/ai-bill-of-rights/index.html (last visited Aug 10, 2023).

[10] New York City Adopts Final Regulations on Use of AI in Hiring and Promotion, Extends Enforcement Date to July 5, 2023, Littler https://www.littler.com/publication-press/publication/new-york-city-adopts-final-regulations-use-ai-hiring-and-promotionv (last visited Aug 10, 2023).

[11] IMDA, Fact sheet - Open-Sourcing of AI Verify and Set Up of AI Verify Foundation (2023), https://www.imda.gov.sg/-/media/imda/files/news-and-events/media-room/media-releases/2023/06/7-jun---ai-annoucements---annex-a.pdf (last visited Aug 10, 2023).

[12] Supporting responsible AI: discussion paper, Australia Government Department of Industry, Science and Resources,https://consult.industry.gov.au/supporting-responsible-ai (last visited Aug 10, 2023).

[13] Australian Government Department of Industry, Science and Resources, Safe and responsible AI in Australia (2023), https://storage.googleapis.com/converlens-au-industry/industry/p/prj2452c8e24d7a400c72429/public_assets/Safe-and-responsible-AI-in-Australia-discussion-paper.pdf (last visited Aug 10, 2023).

[14] 張璦,中央通訊社,AI基本法草案聚焦隱私保護、應用合法性等7面向 擬設打假中心,https://www.cna.com.tw/news/ait/202307040329.aspx (最後瀏覽日:2023/08/10)。

[15] 蘇思云,中央通訊社,2023/08/01,鄭文燦:考量技術發展快應用廣 AI基本法延後提出,https://www.cna.com.tw/news/afe/202308010228.aspx (最後瀏覽日:2023/08/10)。

[16] supra, note 13, at 27.

[17] id.

[18] id., at 28.

[19] Soft law as a complement to AI regulation, Brookings, https://www.brookings.edu/articles/soft-law-as-a-complement-to-ai-regulation/ (last visited Aug 10, 2023).

[20] supra, note 5.

[21] Gary Marchant, “Soft Law” Governance of Artificial Intelligence (2019), https://escholarship.org/uc/item/0jq252ks (last visited Aug 10, 2023).

[22] How soft law is used in AI governance, Brookings,https://www.brookings.edu/articles/how-soft-law-is-used-in-ai-governance/ (last visited Aug 10, 2023).

[23] supra, note 13, at 27.

[24] Why Soft Law is the Best Way to Approach the Pacing Problem in AI, Carnegie Council for Ethics in International Affairs,https://www.carnegiecouncil.org/media/article/why-soft-law-is-the-best-way-to-approach-the-pacing-problem-in-ai (last visited Aug 10, 2023).

[25] id.

[26] id.

[28] id.

[29] Japan leaning toward softer AI rules than EU, official close to deliberations says, Reuters, https://www.reuters.com/technology/japan-leaning-toward-softer-ai-rules-than-eu-source-2023-07-03/ (last visited Aug 10, 2023).

[30] id.

[31] id.

[32] id.

 

※Hard Law or Soft Law? –Global AI Regulation Developments and Regulatory Considerations,STLI, https://stli.iii.org.tw/en/article-detail.aspx?no=105&tp=2&i=168&d=9051 (Date:2025/01/23)
Quote this paper
You may be interested
Research on Policies for building a digital nation in Recent Years (2016-2017)

Research on Policies for building a digital nation in Recent Years (2016-2017)   Recent years, the government has already made some proactive actions, including some policies and initiatives, to enable development in the digital economy and fulfill the vision of Digital Nation. Those actions are as follows: 1. CREATING THE “FOOD CLOUD” FOR FOOD SAFETY CONTROLS   Government agencies have joined forces to create an integrated “food cloud” application that quickly alerts authorities to food safety risks and allows for faster tracing of products and ingredients. The effort to create the cloud was spearheaded by the Executive Yuan’s Office of Food Safety under the leadership of Vice Premier Chang San-cheng on January 12, 2016.   The “food cloud” application links five core systems (registration, tracing, reporting, testing, and inspection) from the Ministry of Health and Welfare (MOHW) with eight systems from the Ministry of Finance, Ministry of Economic Affairs, Ministry of Education (MOE), Council of Agriculture and Environmental Protection Administration.   The application gathers shares and analyzes information in a methodical and systematic manner by employing big data technology. To ensure the data can flow properly across different agencies, the Office of Food Safety came up with several products not intended for human consumption and had the MOHW simulate the flow of those products under import, sale and supply chain distribution scenarios. The interministerial interface successfully analyzed the data and generated lists of food risks to help investigators focus on suspicious companies.   Based on these simulation results, the MOHW on September 2, 2015, established a food and drug intelligence center as a mechanism for managing food safety risks and crises on the national level. The technologies for big data management and mega data analysis will enable authorities to better manage food sources and protect consumer health.   In addition, food cloud systems established by individual government agencies are producing early results. The MOE, for instance, rolled out a school food ingredient registration platform in 2014, and by 2015 had implemented the system across 22 countries and cities at 6,000 schools supplying lunches for 4.5 million students. This platform, which made school lunch ingredients completely transparent, received the 2015 eAsia Award as international recognition for the use of information technology in ensuring food safety. 2. REVISING DIGITAL CONVERGENCE ACTS   On 2016 May 5th, the Executive Yuan Council approved the National Communications Commission's (NCC) proposals, drafts of “Broadcasting Terrestrial and Channel Service Suppliers Administration Act”, “Multichannel Cable Platform Service Administration Act”, “Telecommunications Service Suppliers Act”, “Telecommunications Infrastructure and Resources Administration Act”, “Electronic Communications Act”, also the five digital convergence laws. They will be sent to the Legislature for deliberation. But in the end, this version of five digital convergence bills did not pass by the Legislature.   However, later on, November 16, 2017, The Executive Yuan approved the new drafts of “Digital Communication Act” and the “Telecommunication Service Management Act”.   The “Digital Communication Act” and the “Telecommunication Service Management Act” focused summaries as follows:   1. The digital communication bill   A. Public consultation and participation.   B. The digital communication service provider ought to use internet resource reasonability and reveal network traffic control measures.   C. The digital communication service provider ought to reveal business information and Terms of Service.   D. The responsibility of the digital communication service provider.   2. The telecommunication service management bill   A. The telecommunication service management bill change to use registration system.   B. The general obligation of telecommunications to provide telecommunication service and the special obligation of Specific telecommunications.   C. Investment, giving, receiving and merging rules of the telecommunication service.   Telecommunications are optimism of relaxing rules and regulations, and wish it would infuse new life and energy into the market. Premier Lai instructed the National Communications Commission and other agencies to elucidate the contents of the two communication bills to all sectors of society, and communicate closely with lawmakers of all parties to build support for a quick passage of the bills. 3. FOCUSING ON ICT SECURITY TO BUILD DIGITAL COUNTRIES   The development of ICT has brought convenience to life but often accompanied by the threat of illegal use, especially the crimes with the use of new technologies such as Internet techniques and has gradually become social security worries. Minor impacts may cause inconvenience to life while major impacts may lead to a breakdown of government functions and effects on national security. To enhance the capability of national security protection and to avoid the gap of national security, the Executive Yuan on August 1st 2016 has upgraded the Office of Information and Communication Security into the Agency of Information and Communication Security, a strategic center of R.O.C security work, integrating the mechanism of the whole government governance of information security, through specific responsibility, professionalism, designated persons and permanent organization to establish the security system, together with the relevant provisions of the law so that the country's information and communication security protection mechanism will become more complete. The efforts to the direction could be divided into three parts:   First, strengthening the cooperation of government and private sectors of information security: In a sound basis of legal system, the government plans to strengthen the government and some private sectors’ information security protection abilities ,continue to study and modify the relevant amendments to the relevant provisions, strengthen public-private collaborative mechanism, deepen the training of human resources and enhance the protection of key information infrastructure of our country.   Second, improving the information and communication security professional capability: information and communication security business is divided into policy and technical aspects. While the government takes the responsibility for policy planning and coordination, the technical service lies in an outsourcing way. Based on a sound legal system, the government will establish institutionalized and long-term operation modes and plan appropriate organizational structures through the discussion of experts and scholars from all walks of life.   Third, formulating Information and Communication Safety Management Act and planning of the Fifth National Development Program for Information and Communication Security: The government is now actively promoting the Information and Communication Safety Management Act as the cornerstone for the development of the national digital security and information security industry. The main content of the Act provides that the applicable authorities should set up security protection plan at the core of risk management and the procedures of notification and contingency measures, and accept the relevant administrative check. Besides the vision of the Fifth National Development Program for Information and Communication Security which the government is planning now is to build a safe and reliable digital economy and establish a safe information and communication environment by completing the legal system of information and communication security environment, constructing joint defense system of the national Information and Communication security, pushing up the self-energy of the industries of information security and nurture high-quality human resources for elite talents for information security. 4. THE DIGITAL NATION AND INNOVATIVE ECONOMIC DEVELOPMENT PLAN   The Digital Nation and Innovative Economic Development Plan (2017-2025) known as “DIGI+” plan, approved by the Executive Yuan on November 24, 2016. The plan wants to grow nation’s digital economy to NT $ 6.5 trillion (US$205.9 billion), improve the digital lifestyle services penetration rate to 80 %, increase broadband connections to 2 Gbps, ensure citizens’ basic rights to have 25 Mbps broadband access, and put our nation among the top 10 information technology nations worldwide by 2025.   The plan contains several important development strategies: DIGI+ Infrastructure: Build infrastructure conducive to digital innovation. DIGI+ Talent: Cultivate digital innovation talent. DIGI+ Industry: Support cross-industry transformation through digital innovation. DIGI+ Rights: Make R.O.C. an advanced society that respects digital rights and supports open online communities. DIGI+ Cities: Build smart cities through cooperation among central and local governments and the industrial, academic and research sectors. DIGI+ Globalization: Boost nation’s standing in the global digital service economy.   The plan also highlights few efforts:   First is to enrich “soft” factors and workforce to create an innovative environment for digital development. To construct this environment, the government will construct an innovation-friendly legal framework, cultivate interdisciplinary digital talent, strengthen research and develop advanced digital technologies.   Second is to enhance digital economy development. The government will incentivize innovative applications and optimize the environment for digital commerce.   Third, the government will develop an open application programming interface for government data and create demand-oriented, one-stop smart government cloud services.   Fourth, the government will ensure broadband access for the disadvantaged and citizens of the rural area, implement the participatory process, enhance different kinds of international cooperation, and construct a comprehensive humanitarian legal framework with digital development.   Five is to build a sustainable smart country. The government will use smart network technology to build a better living environment, promote smart urban and rural area connective governance and construction and use on-site research and industries innovation ecosystem to assist local government plan and promote construction of the smart country.   In order to achieve the overall effectiveness of the DIGI + program, interdisciplinary, inter-ministerial, inter-departmental and inter-departmental efforts will be required to collaborate with the newly launched Digital National Innovation Economy (DIGI +) Promotion Team. 5. ARTIFICIAL INTELLIGENCE SCIENTIFIC RESEARCH STRATEGY   The Ministry of Science and Technology (MOST) reported strategy plan for artificial intelligence (AI) scientific research at Cabinet meeting on August 24, 2017. Artificial intelligence is a powerful and inevitable trend, and it will be critical to R.O.C.’s competitiveness for the next 30 years.   The ministry will devote NT$16 billion over the next five years to building an AI innovation ecosystem in R.O.C. According to MOST, the plan will promote five strategies:   1. Creating an AI platform to provide R&D services   MOST will devote NT$5 billion over the next four years to build a platform, integrating the resources, providing a shared high-speed computing environment and nurturing emerging AI industries and applications.   2. Establishing an AI innovative research center   MOST will four artificial intelligence innovation research centers across R.O.C. as part of government efforts to enhance the nation’s competitiveness in AI technology. The centers will support the development of new AI in the realms of financial technology, smart manufacturing, smart healthcare and intelligent transportation systems.   3. Setting up AI robot maker spaces   An NT$2 billion, four-year project assisting industry to develop the hardware-software integration of robots and innovative applications was announced by the Ministry of Science and Technology.   4. Subsidizing a semiconductor “moonshot” program to explore ambitious and groundbreaking smart technologies   This program will invest NT$4 billion from 2018 through 2021 into developing semiconductors and chip systems for edge devices as well as integrating the academic sector’s R&D capabilities and resources. the project encompasses cognitive computing and AI processor chips; next-generation memory designs; process technologies and materials for key components of sensing devices; unmanned vehicles, AR and VR; IoT systems and security.   5. Organizing Formosa Grand Challenge competitions   The program is held in competitions to engage young people in the development of AI applications.   The government hopes to extend R.O.C.’s industrial advantages and bolster the country’s international competitiveness, giving R.O.C. the confidence to usher in the era of AI applications. All of these efforts will weave people, technologies, facilities, and businesses into a broader AI innovation ecosystem. 6. INTELLIGENT TRANSPORTATION SYSTEM PLANS   Ministry of Transportation and Communications (MOTC) launched plans to develop intelligent transportation systems at March 7th in 2017. MOTC integrates transportation and information and communications technology through these plans to improve the convenience and reduce the congestion of the transportation. These plans combine traffic management systems for highways, freeways and urban roads, a multi-lane free-flow electronic toll collection system, bus information system that provides timely integrated traffic information services, and public transportation fare card readers to reduce transport accidence losses, inconvenience of rural area, congestion of main traffic arteries and improve accessibility of public transportation.   There are six plans are included: 1. Intelligent transportation safety plan; 2. Relieve congestion on major traffic arteries; 3. Make transportation more convenient in Eastern Taiwan and remote areas; 4. Integrate and share transportation resources; 5. Develop “internet-of-vehicles” technology applications; and 6. Fundamental R&D for smart transportation technology.   These plans promote research and development of smart vehicles and safety intersections, develop timely bus and traffic information tracking system, build a safe system of shared, safe and green-energy smart system, and subsidize the large vehicles to install the vision enhancement cameras to improve the safety of transportation. These plans also use eTag readers, vehicle sensors and info communication technologies to gather the traffic information and provide timely traffic guidance, reduce the congestion of the traffic flow. These plans try to use demand-responsive transit system with some measures such as combine public transportation and taxi, to improve the flexibility of the public traffic service and help the basic transportation needs of residents in eastern Taiwan and rural areas to be fulfilled. A mobile transport service interface and a platform that integrating booking and payment processes are also expected to be established to provide door-to-door transportation services and to integrate transportation resources. And develop demonstration projects of speed coordination of passenger coach fleets, vehicle-road interaction technology, and self-driving car to investigate and verify the issues in technological, operational, industrial, legal environments of internet-of-vehicles applications in our country. Last but not least, research and development on signal control systems that can be used in both two and four-wheeled vehicles, and deploy an internet-of-vehicles prototype platform and develop drones traffic applications.   These plans are expected to reduce 25% traffic congestion, 20% of motor vehicle incidence, leverage 10% using rate of public transportation, raise 20% public transportation service accessibility of rural area and create NT$30 billion production value. After accomplishing these targets, the government can establish a comprehensive transportation system and guide industry development of relating technology areas.   Through the aforementioned initiatives, programs, and plans, the government wants to construct the robust legal framework and policy environment for digital innovation development, and facilitate the quality of citizens in our society.

Post Brexit – An Update on the United Kingdom Privacy Regime

Post Brexit – An Update on the United Kingdom Privacy Regime 2021/9/10   After lengthy talks, on 31 January 2020, the United Kingdom (‘UK’) finally exited the European Union (‘EU’). Then, the UK shifted into a transition period. The UK government was bombarded with questions from all stakeholders. In particular, the data and privacy industry yelled out the loudest – what am I going to do with data flowing from the EU to the UK? Privacy professionals queried – would the UK have a new privacy regime that significantly departs from the General Data Protection Regulation (‘GDPR’)? Eventually, the UK made a compromise with all stakeholders – the British, the Europeans and the rest of the world – by bridging its privacy laws with the GDPR. On 28 June 2021, the UK obtained an adequacy decision from the EU.[1] This was widely anticipated but also widely known to be delayed, as it was heavily impacted by the aftermaths of the invalidation of the US- EU Privacy Shield.[2]   While the rest of the world seems to silently observe the transition undertaken by the UK, post-Brexit changes to the UK’s privacy regime is not only a domestic or regional matter, it is an international matter. Global supply chains and cross border data flows will be affected, shuffling the global economy into a new order. Therefore, it is crucial as citizens of a digital economy to unpack and understand the current UK privacy regime. This paper intends to give the reader a brief introduction to the current privacy regime of the UK. The author proposes to set out the structure of the UK privacy legislation, and to discuss important privacy topics. This paper only focuses on the general processing regime, which is the regime that is most relevant to general stakeholders. UK Privacy Legislation   There are two main privacy legislation in the UK – the Data Protection Act 2018 (‘DPA’) and the United Kingdom General Data Protection Act (‘UK GDPR’). These two acts must be read together in order to form a coherent understanding of the current UK privacy regime.   The UK GDPR is the creature of Brexit. The UK government wanted a smooth transition out of the EU and acknowledged that they needed to preserve the GDPR in their domestic privacy regime to an extent that would allow them to secure an adequacy decision. The UK government also wanted to create less impact on private companies. Thus, the UK GDPR was born. Largely it aligns closely with the GDPR, supplemented by the DPA. ICO   The Information Commissioner’s Office (‘ICO’) is the independent authority supervising the compliance of privacy laws in the UK. Prior to Brexit, the ICO was the UK’s supervisory authority under the GDPR. A unique feature of the ICO’s powers and functions is that it adopts a notice system. The ICO has power to issue four types of notices: information notices, assessment notices, enforcement notices and penalty notices.[3] The information notice requires controllers or processors to provide information. The ICO must issue an assessment notice before conducting data protection audits. Enforcement is only exercisable by giving an enforcement notice. Administrative fines are only exercisable by giving a penalty notice. Territorial Application   Section 207(1A) of the DPA states that the DPA applies to any controller or processor established in the UK, regardless where the processing of personal data takes place. Like the GDPR, the DPA and the UK GDPR have an extraterritorial reach to overseas controllers or processors. The DPA and the UK GDPR apply to overseas controllers or processors who process personal data relating to data subjects in the UK, and the processing activities are related to the offering of goods or services, or the monitoring of data subjects’ behavior.[4] Transfers of Personal Data to Third Countries   On 28 June 2021, the UK received an adequacy decision from the EU.[5] This means that until 27 June 2025, data can continue to flow freely between the UK and the European Economic Area (‘EEA’).   As for transferring personal data to third countries other than the EU, the UK has similar laws to the GDPR. Both the DPA and the UK GDPR restrict controllers or processors from transferring personal data to third countries. A transfer of personal data to a third country is permitted if it is based on adequacy regulations.[6] An EU adequacy decision is known as ‘adequacy regulations’ under the UK regime.   If there is no adequacy regulations, then a transfer of personal data to a third country will only be permitted if it is covered by appropriate safeguards, including standard data protection clauses, binding corporate rules, codes of conduct, and certifications.[7] The ICO intends to publish UK standard data protection clauses in 2021.[8] In the meantime, the EU has published a new set of standard data protection clauses (‘SCCs’).[9] However, it must be noted that the EU SCCs are not accepted to be valid in the UK, and may only be used for reference purposes. It is also worth noting that the UK has approved three certification schemes to assist organizations in demonstrating compliance to data protection laws.[10] Lawful Bases for Processing   Basically, the lawful bases for processing in the UK regime are the same as the GDPR. Six lawful bases are set out in article 6 of the UK GDPR. To process personal data, at least one of the following lawful bases must be satisfied:[11] The data subject has given consent to the processing; The processing is necessary for the performance of a contract; The processing is necessary for compliance with a legal obligation; The processing is necessary to protect vital interests of an individual – that is, protecting an individual’s life; The processing is necessary for the performance of a public task; The processing is necessary for the purpose of legitimate interests, unless other interests or fundamental rights and freedoms override those legitimate interests. Rights & Exemptions   The UK privacy regime, like the GDPR, gives data subjects certain rights. Most of the rights granted under the UK privacy regime is akin to the GDPR and can be found under the UK GDPR. Individual rights under the UK privacy regime is closely linked with its exemptions, this may be said to be a unique feature of the UK privacy regime which sets it apart from the GDPR. Under the DPA and the UK GDPR, there are certain exemptions, meaning organizations are exempted from certain obligations, most of them are associated with individual rights. For example, if data is processed for scientific or historical research purposes, or statistical purposes, organizations are exempted from provisions on the right of access, the right to rectification, the right to restrict processing and the right to object in certain circumstances.[12] Penalties   The penalty for infringement of the UK GDPR is the amount specified in article 83 of the UK GDPR.[13] If an amount is not specified, the penalty is the standard maximum amount.[14] The standard maximum amount, at the time of writing, is £8,700,000 (around 10 million Euros) or 2% of the undertaking’s total annual worldwide turnover in the preceding financial year.[15] In any other case, the standard maximum amount is £8,700,000 (around 10 million Euros).[16] Conclusion   The UK privacy regime closely aligns with the GDPR. However it would be too simple of a statement to say that the UK privacy regime is almost identical to the GDPR. The ICO’s unique enforcement powers exercised through a notice system is a distinct feature of the UK privacy regime. Recent legal trends show that the UK while trying to preserve its ties with the EU is gradually developing an independent privacy persona. The best example is that in regards to transfers to third countries, the UK has developed its first certification scheme and is attempting to develop its own standard data protection clauses. The UK’s transition out of the EU has certainly been interesting; however, the UK’s transformation from the EU is certainly awaited with awe. [1] Commission Implementing Decision of 28.6.2021, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom, C(2021) 4800 final,https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf.. [2] Judgment of 16 July 2020, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems, C-311/18, EU:C:2020:559, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62018CJ0311. [3] Data Protection Act 2018, §115. [4] Data Protection Act 2018, §207(1A); REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 3. [5] supra note 1. [6] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 44-50. [7] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 46-47. [8]International transfers after the UK exit from the EU Implementation Period, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/ (last visited Sep. 10, 2021). [9] Standard contractual clauses for international transfers, European Commission, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en (last visited Sep. 10, 2021). [10] ICO, New certification schemes will “raise the bar” of data protection in children’s privacy, age assurance and asset disposal, ICO, Aug. 19, 2021, https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/08/ico-approves-the-first-uk-gdpr-certification-scheme-criteria/ (last visited Sep. 10, 2021). [11] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 6(1)-(2); Lawful basis for processing, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ (last visited Sep. 10, 2021). [12] Data Protection Act 2018, sch 2, part 6, para 27. [13] id. at §157. [14] id. [15] id. [16] id.

The opening and sharing of scientific data- The Data Policy of the U.S. National Institutes of Health

The opening and sharing of scientific data- The Data Policy of the U.S. National Institutes of Health Li-Ting Tsai   Scientific research improves the well-being of all mankind, the data sharing on medical and health promote the overall amount of energy in research field. For promoting the access of scientific data and research findings which was supported by the government, the U.S. government affirmed in principle that the development of science was related to the retention and accesses of data. The disclosure of information should comply with legal restrictions, and the limitation by time as well. For government-sponsored research, the data produced was based on the principle of free access, and government policies should also consider the actual situation of international cooperation[1]Furthermore, the access of scientific research data would help to promote scientific development, therefore while formulating a sharing policy, the government should also consider the situation of international cooperation, and discuss the strategy of data disclosure based on the principle of free access.   In order to increase the effectiveness of scientific data, the U.S. National Institutes of Health (NIH) set up the Office of Science Policy (OSP) to formulate a policy which included a wide range of issues, such as biosafety (biosecurity), genetic testing, genomic data sharing, human subjects protections, the organization and management of the NIH, and the outputs and value of NIH-funded research. Through extensive analysis and reports, proposed emerging policy recommendations.[2] At the level of scientific data sharing, NIH focused on "genes and health" and "scientific data management". The progress of biomedical research depended on the access of scientific data; sharing scientific data was helpful to verify research results. Researchers integrated data to strengthen analysis, promoted the reuse of difficult-generated data, and accelerated research progress.[3] NIH promoted the use of scientific data through data management to verify and share research results.   For assisting data sharing, NIH had issued a data management and sharing policy (DMS Policy), which aimed to promote the sharing of scientific data funded or conducted by NIH.[4] DMS Policy defines “scientific data.” as “The recorded factual material commonly accepted in the scientific community as of sufficient quality to validate and replicate research findings, regardless of whether the data are used to support scholarly publications. Scientific data do not include laboratory notebooks, preliminary analyses, completed case report forms, drafts of scientific papers, plans for future research, peer reviews, communications with colleagues, or physical objects, such as laboratory specimens.”[5] In other words, for determining scientific data, it is not only based on whether the data can support academic publications, but also based on whether the scientific data is a record of facts and whether the research results can be repeatedly verified.   In addition, NIH, NIH research institutes, centers, and offices have had expected sharing of data, such as: scientific data sharing, related standards, database selection, time limitation, applicable and presented in the plan; if not applicable, the researcher should propose the data sharing and management methods in the plan. NIH also recommended that the management and sharing of data should implement the FAIR (Findable, Accessible, Interoperable and Reusable) principles. The types of data to be shared should first in general descriptions and estimates, the second was to list meta-data and other documents that would help to explain scientific data. NIH encouraged the sharing of scientific data as soon as possible, no later than the publication or implementation period.[6] It was said that even each research project was not suitable for the existing sharing strategy, when planning a proposal, the research team should still develop a suitable method for sharing and management, and follow the FAIR principles.   The scientific research data which was provided by the research team would be stored in a database which was designated by the policy or funder. NIH proposed a list of recommended databases lists[7], and described the characteristics of ideal storage databases as “have unique and persistent identifiers, a long-term and sustainable data management plan, set up metadata, organizing data and quality assurance, free and easy access, broad and measured reuse, clear use guidance, security and integrity, confidentiality, common format, provenance and data retention policy”[8]. That is to say, the design of the database should be easy to search scientific data, and should maintain the security, integrity and confidentiality and so on of the data while accessing them.   In the practical application of NIH shared data, in order to share genetic research data, NIH proposed a Genomic Data Sharing (GDS) Policy in 2014, including NIH funding guidelines and contracts; NIH’s GDS policy applied to all NIHs Funded research, the generated large-scale human or non-human genetic data would be used in subsequent research. [9] This can effectively promote genetic research forward.   The GDS policy obliged researchers to provide genomic data; researchers who access genomic data should also abide by the terms that they used the Controlled-Access Data for research.[10] After NIH approved, researchers could use the NIH Controlled-Access Data for secondary research.[11] Reviewed by NIH Data Access Committee, while researchers accessed data must follow the terms which was using Controlled-Access Data for research reason.[12] The Genomic Summary Results (GSR) was belong to NIH policy,[13] and according to the purpose of GDS policy, GSR was defined as summary statistics which was provided by researchers, and non-sensitive data was included to the database that was designated by NIH.[14] Namely. NIH used the application and approval of control access data to strike a balance between the data of limitation access and scientific development.   For responding the COVID-19 and accelerating the development of treatments and vaccines, NIH's data sharing and management policy alleviated the global scientific community’s need for opening and sharing scientific data. This policy established data sharing as a basic component in the research process.[15] In conclusion, internalizing data sharing in the research process will help to update the research process globally and face the scientific challenges of all mankind together. [1]NATIONAL SCIENCE AND TECHNOLOGY COUNCIL, COMMITTEE ON SCIENCE, SUBCOMMITEE ON INTERNATIONAL ISSUES, INTERAGENCY WORKING GROUP ON OPEN DATA SHARING POLICY, Principles For Promoting Access To Federal Government-Supported Scientific Data And Research Findings Through International Scientific Cooperation (2016), 1, organized from Principles, at 5-8, https://obamawhitehouse.archives.gov/sites/default/files/microsites/ostp/NSTC/iwgodsp_principles_0.pdf (last visited December 14, 2020). [2]About Us, Welcome to NIH Office of Science Policy, NIH National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/about-us/ (last visited December 7, 2020). [3]NIH Data Management and Sharing Activities Related to Public Access and Open Science, NIH National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/scientific-sharing/nih-data-management-and-sharing-activities-related-to-public-access-and-open-science/ (last visited December 10, 2020). [4]Final NIH Policy for Data Management and Sharing, NIH National Institutes of Health Office of Extramural Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-013.html (last visited December 11, 2020). [5]Final NIH Policy for Data Management and Sharing, NIH National Institutes of Health Office of Extramural Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-013.html (last visited December 12, 2020). [6]Supplemental Information to the NIH Policy for Data Management and Sharing: Elements of an NIH Data Management and Sharing Plan, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-014.html (last visited December 13, 2020). [7]The list of databases in details please see:Open Domain-Specific Data Sharing Repositories, NIH National Library of Medicine, https://www.nlm.nih.gov/NIHbmic/domain_specific_repositories.html (last visited December 24, 2020). [8]Supplemental Information to the NIH Policy for Data Management and Sharing: Selecting a Repository for Data Resulting from NIH-Supported Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-016.html (last visited December 13, 2020). [9]NIH Genomic Data Sharing, National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/scientific-sharing/genomic-data-sharing/ (last visited December 15, 2020). [10]NIH Genomic Data Sharing Policy, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-14-124.html (last visited December 17, 2020). [11]NIH Genomic Data Sharing Policy, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-14-124.html (last visited December 17, 2020). [12]id. [13]NIH National Institutes of Health Turning Discovery into Health, Responsible Use of Human Genomic Data An Informational Resource, 1, at 6, https://osp.od.nih.gov/wp-content/uploads/Responsible_Use_of_Human_Genomic_Data_Informational_Resource.pdf (last visited December 17, 2020). [14]Update to NIH Management of Genomic Summary Results Access, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-19-023.html (last visited December 17, 2020). [15]Francis S. Collins, Statement on Final NIH Policy for Data Management and Sharing, National Institutes of Health Turning Discovery Into Health, https://www.nih.gov/about-nih/who-we-are/nih-director/statements/statement-final-nih-policy-data-management-sharing (last visited December 14, 2020).

An Analysis of the Recusal Mechanism in the Latest Revision of the Government Procurement Act and Regulations Governing Procurements for Scientific and Technological Research and Development

An Analysis of the Recusal Mechanism in the Latest Revision of the Government Procurement Act and Regulations Governing Procurements for Scientific and Technological Research and Development 1. Introduction   Article 1 of the Government Procurement Act (hereinafter referred to as the Act) reveals that “This Act is enacted to establish a government procurement system that has fair and open procurement procedures, promotes the efficiency and effectiveness of government procurement operation, and ensures the quality of procurement.” Therefore, a recusal mechanism for reviewing qualification/disqualification of tenders and bidders is highly essential, for example, the head of the agency or its related persons should disclose the conflict of interests. After amended and promulgated on May 22, 2019 (Presidential Decree Hua-tzung-1 Yi No. 10800049691), the Act was revised with the identical legislative principle of the Act on Recusal of Public Servants Due to Conflicts of Interest. In other words, a more flexible and transparent mechanism has been adopted, which is more advanced and ideal for both procurement authority and external supervisors. 2. The New Recusal Mechanism of the Act Enhances the Flexibility and Transparency   The revision struck out the Paragraph 4, Article 15 of the Act, and the regulation related to the recusal mechanism shall be comply with the Act on Recusal of Public Servants Due to Conflicts of Interest, especially the qualification/disqualification provision of the “related persons.” The new government procurement procedure adopted a more flexible and transparent practice, “disclosure in advance and publication afterwards.” The detailed analysis is as follows. (1) Before the Act amended, the personnel of a procuring entity and its related persons shall withdraw themselves from the procurement.   Before the Act amended, the personnel of a procuring entity and its related persons shall withdraw themselves from the procurement. According to the previous Paragraph 4 of Article 15 (4), “Suppliers or persons in charge shall not participate in the procurement if they have connections with the agency’s head described in Paragraph 2. However, if the implementation of this paragraph is against fair competition or public interest, the exclusion can be exempted with the authority’s approval.” The Paragraph 2 mentioned specified, “The personnel of a procuring entity shall withdraw themselves from procurement and all related matters thereof if they or their spouses, relatives by blood or by marriage within three degrees, or family members living together with them have interests involved therein.” Simply put, legislators considered that suppliers or persons in charge shall not participate in an agency's procurement if they have conflict of interests with its head. For instance, the spouses, all the relatives within the third degree by consanguinity (blood) or by affinity (marriage), or family members living together with the head of the agency, cannot involve in the procurement of the agency. Furthermore, if a legal entity or an organization is directed by the relatives of the head of a government agency mentioned, it is disqualified from the procurement. (2) After the Act amended, the recusal of related persons substituted by self-disclosure and information publication norms   According to the Amendment, the Act was amended because the content of the article is existed in Article 9 of Act on Recusal of Public Servants Due to Conflicts of Interest; thus, Article 15 of the Act is hereby deleted. Recalling Article 9 of the previous Act on Recusal of Public Servants Due to Conflicts of Interest, “A public servant and his related persons shall not conduct transactions such as subsidizing, sales, lease, contracting, or other transactions conducted with consideration with the organ with which the public servant serves or the organs under his supervision.” For this reason, the amendment to Article 15 of Government Procurement Act is to regulate the mechanism of withdrawal of relevant parties by Article 14 of the existing Act on Recusal of Public Servants Due to Conflicts of Interest. However, the amendment of this article is greatly affected by the interpretation of judicial court no. 716, so it is necessary to briefly describe its key points as follows.   On the basis of the Judicial Yuan Justice Interpretation No. 716 [Transactions between public officials and their associates and service agencies shall be prohibited), adopting a constitutional interpretation of Article 9 of Act on Recusal of Public Servants Due to Conflicts of Interest, grand justice agreed this article does not contradict the proportion principle of article 23 of Constitution of the Republic of China (Taiwan), and it does not violate Article 15 “The right of existence, the right of work, and the right of property shall be guaranteed to the people” and Article 22 “All other freedoms and rights of the people that are not detrimental to social order or public welfare shall be guaranteed under the Constitution”, either. However, for public officials, if they are not allowed to participate in trading competition, it will result in the monopoly of other minority traders, which is not conducive to the public interest. Therefore, this interpretation holds that if the agency has conducted open and fair procedures in the transaction process, and there is sufficient anti-fraud regulation, whether there is still a risk of improper benefit transmission or conflict of interest, and it is necessary to prohibit the transaction of public officials' associates, the relevant authorities should make comprehensive review and improvement as soon as possible.   Accordingly, following interpretation no. 716, Act on Recusal of Public Servants Due to Conflicts of Interest was amended and published with 23 articles on 13 June, 2018. The withdrawal of interested parties is provided for in Article 14 and an additional six exceptions are provided, including: (1) The procurement carried out by public notice under the Government Procurement Act or pursuant to Article 105 of the same Act. (2) The property right in interest created for the procurement, sale by tender, lease by tender or tender solicitation carried out by public notice in a fair competitive manner pursuant to laws. (3) Subsidy requested in the legal capacity under laws; the subsidy to the public servant’s related person in an open and fair manner pursuant to laws, or the subsidy which might be against the public interest if it is prohibited and is granted subject to the competent authority’s approval. (4) The subject matter of the transaction is provided by the organ with which the public servant serves or the organs under his supervision, and traded at the official price. (5) The lease, acquisition, discretionary management, improvement and utilization of national non-public real estate requested by the state-owned enterprise in order to execute the national construction projects or public policies, or for the purpose of public welfare. (6) The subsidy and transaction under the specific amount.   The above amendments make the transactions between public officials and related parties that should be avoided in the past partially flexible now. In accordance with Paragraph 2 of the same article, in the case of the first three paragraphs of the proviso of Paragraph 1, the applicant or bidder shall voluntarily state his/her identity in the application or tender documents. After the subsidy or transaction is established, the agency shall disclose it together with its identity. That is to say, the self-disclosure is required beforehand and the information will go public afterwards to meet public expectations of transparency. This is also conducive to the supervision of all sectors, and conforms to the intention of the grand justice’s interpretation.   The reason why there is no need for government procurement to withdrawal is that the announcement process of the procurement is made in accordance with Government Procurement Act (including open tendering, selective tendering and restricted tendering through the announcement). There are strict procedures to follow and there is no conflict between the conflict of interest of public officials and the spirit of legislation. As to Paragraph 2 of other legal orders, the property right in interest created for the procurement, sale by tender, lease by tender or tender solicitation carried out by public notice in a fair competitive manner pursuant to laws. The legislative explanations are exemplified by the procurement (e.g. procurements for scientific and technological research and development) handled by the announcement in accordance with Fundamental Science and Technology Act. 3. Conclusion: It is suggested that relevant withdrawal regulations should be amended as soon as possible in procurements for scientific and technological research and development   The strike-out of the recusal provision of the Act does not mean that government procurement stoke out the recusal mechanism. The recusal mechanism is still stated in Article 14 of Act on Recusal of Public Servants Due to Conflicts of Interest. In addition to the advantages of the same regulations on the prohibition of transactions between related parties, it also enables the regulators with open and fair procedures and sufficient prevention of fraud, such as government procurement, to avoid evading so as not to harm the public interest. At the same time, supplemented by open and transparent disclosure, the amendment is a positive change of legislation.   Meanwhile, this paper believes that Government Procurement Act has adopted the mechanism of flexibility and transparency requirements for the procurement object avoidance regulations, and procurements for scientific and technological research and development should revise relevant withdrawal regulations as soon as possible. In accordance with Paragraph 4 of Article 6 of Fundamental Science and Technology Act and the authorization, Regulations Governing Procurements for Scientific and Technological Research and Development (hereinafter referred to as the regulatory regulations) is established. According to Article 8 (2) and (3) of the regulation, a responsible person, partner, or representative of the public school, public research institute (organization), or juristic person or entity performing the scientific research procurement may not serve as a responsible person, partner, or representative of the supplier. The supplier and the juristic person or entity performing the scientific research procurement may not at the same time be affiliated with each other, or affiliated to the same other enterprise. From the perspective of the article structure, the withdrawal regulation for scientific research procurement is within the norm of Article 15 of Government Procurement Act before the amendment, but it includes regulations for affiliated enterprises, which is not included in Article 15. The amendment to Article 14 of Act on Recusal of Public Servants Due to Conflicts of Interest also states that the proviso of Paragraph 1 of scientific research procurement “other procurements that are regulated by fair competition and by means of an announcement procedure” can also prove that the mechanism for scientific research procurement should adopt this provision. Therefore, it is recommended that the original procurements for scientific and technological research that is independent from Government Procurement Act should be amended by the competent authority as soon as possible in order to comply with the relevant provisions of Article 8 of Regulations Governing Procurements for Scientific and Technological Research and Development and to comply with the original intention of the Regulations Governing Procurements for Scientific and Technological Research and Development, and to avoid stricter regulations on scientific procurement than government procurement. Meanwhile, it is in accordance with the spirit of the grand justice’s interpretation No. 716.

TOP