A Brief Introduction to Taiwan’s Legislations to Promote Industrial Innovations of the Digital Economy

A Brief Introduction to Taiwan’s Legislations to Promote Industrial Innovations of the Digital Economy

2023/05/15

I. Background

To encourage the development of digital industries in communications, information, cybersecurity, networking and communication, to centralize digital governance and digital infrastructure development and to assist in digital transformation of public and private sectors in Taiwan, the Ministry of Digital Affairs (“the MODA”) was created on August 27, 2022 to spearhead the national digital development policy, communications and digital resources; the development of digital technology use cases and the environment for innovations and talents; policies and regulations governing digital economy industries, national cybersecurity, the government’s digital services, open data and data governance, digital infrastructure, international exchange and cooperation and competence standards for the government’s professional personnel in IT and informational security. The Administration for Digital Industries (ADI) and the Administration for Cyber Security (ACS) have been established as the MODA’s subordinate agencies, to address challenges on all fronts in the digital wave.

As the central competent authority on the industrial development of the digital economy, the MODA may subsidize, incentify or support innovative activities of digital economy industries in accordance with Paragraph 1, Article 9 of the Statute for Industrial Innovation and determine relevant matters in accordance with Paragraph 2 of the same article. Hence, the MODA promulgated the Subsidy, Reward and Assistance Regulations for Promoting Industry Innovation (“the Regulations”) on December 23, 2022, to encourage innovation and R&D on software, services, integration and application in telecommunications, information, cybersecurity, networking, and communication. The purpose is to enhance the industry environment and to boost the industry competitiveness.

These Regulations serve as the MODA’s flagship efforts in promotion of industrial innovations and highlights Taiwan’s emphasis on digital economy industries. Below is a summary of the Regulations.

II. Scope

As stated in the overview described in Article 2, the Regulations aim to assist in the development of software products, digital services and infrastructure, system integration and vertical use cases in telecommunications, information, cybersecurity, networking and communication, so as to encourage innovations in digital economy industries such as ecommerce, digital contents, new types of digital services, communications and network deployment, to improve the industry environment and enhance the industry competitiveness.

In sum, the “digital economy industries” mentioned in the Regulations refer to software, digital services or digital infrastructure sectors in telecommunications, information, cybersecurity, networking and communication.

III. Policy measures

According to Paragraph 1, Article 3 of the Regulations, the MODA or its subordinate agencies may provide subsidies, rewards and assistance to the activities in digital economy industries such as promotion of innovation or R&D, supply of technologies and support in upgrade. This may involve the encouragement of creation of innovation of R&D centers by companies; assistance to establishment of innovation or R&D institutions; fostering of cooperation among industries, academia and research organizations; promotion of corporate engagement in talent development at schools and development of human resources in industries; support to innovations by local industries; advocacy of corporate use of big data and the government’s open data; enhancement of communications network resilience and network infrastructure prevalence and other relevant matters.

Moreover, the Regulations provide details of the policy measures for subsidies, rewards and support as follows:

1. Subsidies

The relevant details are provided from Article 4 to Article 17 of the Regulations.

(1) Eligibility

According to Paragraph 1, Article 4 of the Regulations, subsidy recipients in principle shall be engaged in activities of digital economy industries, shall be either a sole proprietorship, partnership, limited partnership, or corporation registered in accordance with domestic laws or a natural person who is national of the R.O.C., a natural person from Hong Kong or Macau or a foreign national with permanent residency and has never been listed as a refusal account by any bank. Flexibility can be granted in accordance with Paragraph 2 of the same article. If required for the development of digital economy industries, the MODA or its subordinate agencies may establish separate eligibility criteria for subsidy recipients. However, such eligibility criteria only take effect via public announcement and publication on the Executive Yuan Gazette.

Finally, according to Article 13 of the Regulations, no subsidy application may be submitted in event of violation of laws related to environmental protection, labor safety and health or food safety and hygiene during the most recent three years, as determined to be serious by central competent authority.

(2) Subsidy limits

According to Article 5 of the Regulations, different programs come with different ceilings measured in percentage. In principle, the subsidized amount shall not exceed 50% of the program budget if it is for promotion of industry innovation or R&D or encouragement of corporate use of big data and the government’s open data to develop and innovate commercial applications or service models. However, this does not apply to specific policy considerations or subsidy schemes above the budget and approved by the MODA or its subordinate agencies.

For example, the subsidized amount shall not exceed 50% of the course fees for corporate engagement in talent development on campus or enhancement of talent resources for industries. However, this limit does not apply to subsidies to indigenous people, persons with disabilities, low-income households, or the special circumstances approved by the MODA or its subordinate agencies.

Support schemes such as assistance to industrial technology and upgrade; encouragement of creation of innovation of R&D centers by companies; assistance to establishment of innovation or R&D institutions; fostering of cooperation among industries, academia and research organizations; support to innovations by local industries; enhancement of communications network resilience and network infrastructure prevalence and other projects shall be announced by the MODA or its subordinate agencies and published on the Executive Yuan Gazette.

(3) Subsidy programs

According to Articles 6 of the Regulations, there are no specific restrictions on subsidy categories, with two exceptions: (1) promotion of industry innovation or R&D – Subsidies are limited to six categories, i.e., innovation or R&D personnel expenses for approved projects; costs for consumables and raw materials; access and maintenance expenses for innovative or R&D equipment; introduction of intangible assets; commissioning and verification fees of research; and travel expenses. (2) advocacy of corporate use of big data and the government’s open data to develop and innovate commercial applications or service models or enhancement of communications network resilience and network infrastructure prevalence - Subsidies are limited to three categories, i.e., fees for commissioned services; training & education fees; and promotional campaign expenses.

(4) Application submission

According to Article 7 of the Regulations, an applicant should submit the application form, the project plan and relevant data to the MODA or its subordinate agencies. If the contents of the project plan or documents fail to meet requirements, the MODA or its subordinate agencies may request missing materials before a deadline of up to one month. The MODA or its subordinate agencies may not accept applications without missing materials supplied before deadlines.

(5) Acceptance and review

According to Article 8 of the Regulations, the MODA or its subordinate agencies shall convene review meetings to review applications, changes and irregularities in the execution of subsidy programs. Applicants may be asked to provide explanations or Personnel may be sent to conduct on-site inspections. If necessary, relevant authorities or institutions may be commissioned assist in financial reviews.

Additionally, according to Article 9 of the Regulations, the period from document readiness by an applicant to notification of the completed review to the applicant may not exceed three months. This may be extended by one month if necessary.

Finally, according to Article 17 of the Regulations, subsidized projects, subsidy recipients, approval dates, subsidized amounts (including cumulative amounts) and relevant information shall be announced on the websites of the MODA or its subordinate agencies each quarterly unless the disclosure should be restricted or is not provided according to Article 18 of the Freedom of Government Information Law.

(6) Contract signing

Once reviewed and approved, the applicant must sign the subsidy contract with the MODA or its subordinate agencies within the time period specified by Article 10 of the Regulations. Unless extension has been agreed by the MODA or its subordinate agencies, the approval of the application loses validity if a contract is not signed before the deadline.

(7) Matters of adherence by subsidy recipients

Once the subsidy contract has been signed, an applicant becomes a subsidy recipient under the Regulations and must abide by relevant terms and conditions. First, the recipient shall establish a separate account for subsidy funds and maintain a separate account book, according to Article 11 of the Regulations. All of the interest generated from the subsidy account and any balance remaining after the project completion shall be fully returned to the national treasury via the MODA or its subordinate agencies. Meanwhile, to examine whether there are any duplications of application, the use of subsidy funds and the effectiveness of project implementation, the MODA or its subordinate agencies may dispatch personnel or commission a fair and just organization to inspect the relevant documents, account books and status of project execution. The subsidy recipient shall not refuse such an examination, is obligated to respond and shall submit work reports and details about the use of funds by following the agreed-upon schedule. In event of breach, the disbursement of subsequent funds may be suspended, under the terms and conditions of the subsidy contract.

Second, according to Article 12 of the Regulations, if a recipient fails to execute the subsidized project as planned or the project experiences a significant delay in progress, or there is an overly large gap between the project results and the business plan, or the project fails to pass the review, inspection or acceptance by the MODA or its subordinate agencies and no improvement has been made before the specified deadline, or there is a breach of the Regulations Governing Procurements for Scientific and Technological Research and Development if the subsidized amount exceeds 50% of the recipient’s procurement and it meets the threshold for public announcements under the Government Procurement Act, the MODA or its subordinate agencies may suspend the next disbursement in accordance with the terms and conditions of the subsidy contract, claw back the disbursed subsidy and even stop any subsidy to the recipient for one to five years, depending on the severity of the circumstances.

Third, according to Article 14 of the Regulations, the MODA or its subordinate agencies must conduct a comprehensive assessment of effectiveness of subsidized projects and the recipient shall cooperate by providing data required for the assessment.

Fourth, according to Article 16 of the Regulations and unless otherwise specified by laws, if the subsidized amount exceeds 50% of the total budget for a technology project, the ownership and utilization of R&D results shall comply with the Government Scientific and Technological Research and Development Results Ownership and Utilization Regulation. In event of breach by the recipient violates, the MODA or its subordinate agencies may terminate the subsidy contract and shall refuse to accept any subsidy application from the recipient for five years from the date of completion of the innovation or R&D. If the reason is attributable to the recipient, the subsidy contract shall be canceled and the subsidies shall be refunded.

(8) Subsidy applications

According to Article 17 of the Regulations, a subsidy applicant shall declare to the MODA or its subordinate agencies the following:

1) No significant default in the execution of any government-sponsored science and technology projects during the past five years.

2) No suspension currently in force as a result of disciplinary actions in relation to execution of a government-sponsored science and technology project.

3) No tax incentives, rewards or subsidies for the same matter under other laws granted to the same subsidized project.

4) No taxes owed during the past three years. However, individuals who apply for the subsidy under Subparagraph 5 or 6, Paragraph 1, Article 3 are exempted.

5) No violation of laws related to environmental protection, labor safety and health or food safety and hygiene or the People with Disabilities Rights Protection Act during the most recent three years, as determined to be serious by central competent authority. However, this does not apply to circumstances that occurred prior to the enforcement of the Statute.

If the applicant refuses to declare the above, the MODA or its subordinate agencies may not accept the application. If any false statement is identified, the application may be rejected, or the subsidy may be withdrawn, the contract may be canceled and the disbursed funds shall be returned.

2. Rewards

According to Paragraph 1 of Article 18 of the Regulations, the MODA or its subordinate agencies will announce reward programs for digital economy industries with details on recipients, eligibility criteria, evaluation standards, application procedures, approving agencies and other related matters.

Moreover, reward applications are not accepted according to Paragraph 2 of Article 18 and the provisions of Article 13 and Article 15 shall apply mutatis mutandis. Article 17 regarding announcement of government information on subsidy applications shall also apply to reward applications.

3. Assistance

Relevant rules are primarily prescribed from Article 19 to Article 21 of the Regulations.

(1) Eligibility

According to Paragraph 1 of Article 19 of the Regulations, the rules prescribed in Subparagraph 1, Paragraph 1 of Article 4 also apply to the eligibility criteria for assistance to digital economy industries. In other words, assistance recipients in principle shall engage in activities of digital economy industries, either a sole proprietorship, partnership, limited partnership, or corporation registered in accordance with domestic laws or a natural person who is national of the R.O.C., a natural person from Hong Kong or Macau or a foreign national with permanent residency and has never been listed as a refusal account by any bank.

Flexibility can be granted outside the aforesaid limitations and in accordance with Paragraph 2 of Article 19. If required for the development of digital economy industries, the MODA or its subordinate agencies may establish separate eligibility criteria for assistance recipients via public announcement and publication on the Executive Yuan Gazette.

(2) Oversight of commissioned organizations

According to Article 20 of the Regulations, the MODA or its subordinate agencies may evaluate and assess the effectiveness of the assistance services provided by the commissioned organization(s) for recipients as an important basis for reviewing assistance projects.

(3) Establishment of a single contact window

The assistance unit may establish a single contact window to provide assistance and counseling services, according to Article 21 of the Regulations.

4. General provisions

In addition to specific rules, the general provisions prescribed from Article 22 to Article 25 shall apply to subsidies, rewards or assistance provided by the MODA and its subordinate agencies.

First, all the funds required for policy measures shall come from the budgets allocated by the MODA or its subordinate agencies, according to Article 25 of the Regulations.

Second, the MODA or its subordinate agencies may commission a legal person or a group to handle the application acceptance, review, approval, inspection, subsidy disbursement and claw-back, rewards, assistance and other relevant matters, according to Article 22 of the Regulations.

Furthermore, according to Article 23 of the Regulations, the incoming and outgoing of funds for subsidy, reward and assistance projects are managed as follows:

1) The same project applying for subsidies with two or more organizations should list the details of all expenses and the breakdowns and amounts of subsidies, rewards and assistance under application with each government agency. The subsidy, reward and assistance program shall be canceled and the disbursed funds shall be returned in event of concealment or false statements.

2) If the review by each government agency on the use of funds identifies poor results, utilization not consistent with the subsidy purposes, or inflated or dishonest numbers, the subsidy, reward or assistance recipient shall return the disbursed funds. Meanwhile, no subsidy shall be granted to the subsidy, reward or assistance recipient in question for one to five years, depending on the severity of circumstances.

3) If procurement is involved in the subsidy, reward or assistance budget, the subsidy, reward or assistance recipient shall adhere to the Government Procurement Act.

4) When reporting on expenses, the subsidy, reward or assistance recipient shall enumerate in detail the utilization of expenditures and the total amount of spendings. The same project subsidized by two or more organizations shall list the actual sum of subsidies, rewards and assistance.

Finally, according to Article 24 of the Regulations, the approval, disbursement and reimbursement of subsidies, rewards and assistance are processed as follows:

1) Disbursement based on project progress: The number of instalments, the method, the amount (percentage) are specified in the contract by the MODA or its subordinate agencies, depending on the project and the timetable.

2) Reimbursement shall be based on the Management Guidelines for the Disposal of Government Expenditure Vouchers, the Matters of Attention Regarding Budget (Donation) Implementations by Central Government Agencies for Private Groups and Individuals and relevant contractual provisions.

IV. Conclusions

To accelerate the innovation and development of digital economy industries in Taiwan, the MODA has promogulated the Subsidy, Reward and Assistance Regulations for Promoting Industry Innovation in accordance with Paragraph 1, Article 9 of the Statute for Industrial Innovation. It is hoped that the subsidies, rewards and assistance provided by the MODA helps to enhance the competitiveness of digital economy industries and the effectiveness of the digital economy development in addition to the Statute.

The Regulations set out detailed rules on policy measures e.g., subsidies, rewards, and assistance. Key matters such as eligible recipients, application procedures, review mechanisms, responsibilities and obligations are clearly defined but certain flexibility is reserved by exceptions. A contract-centric approach provides manoeuvrability in practice specific to project circumstances. It is hoped that the MODA and its subordinate agencies can utilize these Regulations once in force, to enhance the business environment of the digital economy industries and continue to drive industry innovations.

※A Brief Introduction to Taiwan’s Legislations to Promote Industrial Innovations of the Digital Economy,STLI, https://stli.iii.org.tw/en/article-detail.aspx?no=105&tp=2&i=170&d=9041 (Date:2024/12/05)
Quote this paper
You may be interested
Online Digital Content Protection issues in Taiwan

By Ying-Hsi Chiu, Project Manager Science and Technology Law Center Institute for Information Industry Taiwan , Republic of China English Conference Paper of The 6 th PDMC International Seminar on Software and Digital Content IPR Protection in Digital Environment, Korea In recent years, there is a phenomenon that governments in various countries launched different programs or action plans to stimulate the development and use of digital content, with the hope to boost a new economy based upon this promising industry. The rise of digital content signifies the shift of economy from manufacture of physical items to high value intangibles. However, the nature of digital content such as easy-copy, low-cost and high-quality, render the new industry even more vulnerable to piracy. Furthermore the threats to lose profits and even the future of the whole industry pose a severe challenge to governments. In order to support digital content industry to continue thriving in a healthy and sound environment, proper legal protection and stringent enforcement measures, especially for on-line digital content, will definitely have a profound impact in the long run. Taiwan Government also put digital content as one of the most promising industries for the next generation. Human resources and financial supports have been allocated, and we have seen more and more talents and companies joining this industry. However, in the meanwhile, in addition to the continuous task on cracking down piracy, our Government has been working on amending relevant laws and regulations in order to provide a solid legal infrastructure for digital content industry. In this paper, I would like to introduce you the major achievements regarding our recent amendments of Copyright Law, Rating system for digital content and the draft of “Digital Content Industry Promotion Act”. Of course, two local peer to peer cases and other legislative proposals regarding ISP responsibility will also be discussed. A. the Impact of Copyright Law amendments in 2003 and 2004 on Digital Content With Taiwan 's accession to World Trade Organization, Taiwan is under the obligation to amend her domestic intellectual property laws to be in line with the minimum standards as required in TRIPs. Besides, the society of Taiwan , at the same time, is experiencing a knowledge-based revolution. Almost every kind of information is digitalized, but relevant laws offer little or inadequate legal protections which in turn arouse more piracy on internet and greatly reduce our confidence in internet creativity. Copyright Law is the existing law that has been confronted with the most impacts from the progress of scientific and technological development. Therefore, c opyright law has been amended successively in July 2003 and August 2004 so as to cope with the increasing application of digital science and technology. The key amendments that have profound impact on digital contents are summarized as follows: a. The Right of Temporary Reproduction 1: Whether “temporary reproduction” is a type of reproduction under copyright law has been a issue of discussion for years, and finally in 2003, the amendment gave an positive answer. Temporary reproduction of copyrighted works is deemed a type of reproduction, but is not protected under copyright law if the temporary reproduction is transient, incidental, an essential part of a technology process, and without independent economic significance, where solely for the purpose of lawful network relay transmission, or for the lawful use of a work. A “lawful network relay transmission” includes technically unavoidable phenomena of the computer or machine occurring in network browsing, caching, or other processes for enhancing transmission efficiency. For the above amendment,, the definition of "reproduction" was also amended to include the "direct, indirect, permanent and/or temporary reproduction activities" 2. b. The Right of Public Transmission 3 One of the most important amendments regarding the protection of digital content is the new article about “public transmission”. The term is defined as “to make available or communicate to the public the content of a work through sounds or images by wire or wireless network, or through other means of communication, including enabling the public to receive the content of such work by any of the above means at a time or place individually chosen by them.” The act of public transmission is characterized in its mode of operation by means of interactive computerized or Internet transmission which is different from the mode of operation of transmitting the contents of copyrighted works in a unilateral manner such as public oral transmission, public broadcasting, or public performance etc. To confer the new added definition of “public transmission” 4, the Article 3-1-7 regarding the definition of "public broadcast" 5 was also amended 6, so as to distinguish the operation modes of "public transmission" and "public broadcast" in order to avoid confusion while using these two different terms. c. Protection of Electronic Rights Management Information When copyright law confers the “public transmission” right to authors, the introduction of “Electronic Rights Management Information” will definitely facilitate the author to be easily accessed and encourage more exploitation of digital contents. The term " electronic rights management information" refers to the electronic information which is used to identify a copyrighted work, the title of the work, author, economic rights holder or person licensed thereby, and the period or conditions of exploitation of the work, including numbers or symbols that represent such information 7. Anyone who removes or alters the electronic rights management information without authorization shall be imposed civil liability for damages and criminal liability for sentence up to one year imprisonment, detention or fine. d. Technology Protection Measures 8 The term "technology protection measures", that is, the "anti-circumvention measures", means the equipments, devices, components, technology or other technological means employed by copyright owners to prohibit or restrict, in effective manner, others from accessing or utilizing his/her work without prior authorization. Anyone who disarms, destroys or by any other means circumvents the technological protection measures employed by the copyright owner shall be subject to civil liability for damages. The new amendment further specifies that any equipment, device, component, technology or information for disarming, destroying, or circumventing technological protection measures shall not, without legal authorization, be manufactured, imported, offered to the public for use, or offered in services to the public. Violation of this article shall be imposed criminal liability for sentence up to one year imprisonment, detention or fine. e. Specific Punishment for Use of Pirated Software 9 Before the 2004 amendment, the use of pirated software for commercial purposes shall be deemed an infringement of copyright only if the user has “actual knowledge” that he is using pirated software for that purpose. The application of this article, however, was controversial because it was difficult to prove that the user did have “actual knowledge” of the contended facts. Hence in the 2004 amendment, the requirement of “actual knowledge” was deleted, and therefore, as long as there is the fact of using pirated software, the user shall have no excuse to running away form civil liability for damages and criminal liability for sentence of up to two years imprisonment or detention, or in lieu thereof or in addition thereto, a fine of no more than five hundred thousand New Taiwan Dollars (hereinafter called NT Dollars). f. Increasing the magnitude of criminal liability for illegal optical disk copyright infringement Owing to the massive harmful power on digital content by illegal optical disks, the amendment increases the magnitude of criminal liability for illegal optical disk copyright infringement. A person who infringes on the economic rights of another person by means of reproducing a work onto an optical disk shall be subject to imprisonment ranging from six months to five years, and in addition thereto, may be fined ranging from five hundred thousand to five million NT Dollars. Besides, heavy criminal liability is also imposed on a person who distributes or with intent to distribute publicly displays or possesses a copy of optical disk knowing that it infringes on the economic rights shall be subject to imprisonment ranging from six months to three years and, in addition thereto, may be fined ranging from two hundred thousand to two million NT Dollars. Both offenses are actionable not upon complaint. B. Local P2P case analysis and possible solution No matter we accept it or not, Internet has changes our life style in many ways . People find that many real-life activities could now find their counterparts “on line”, which bring us not only convenience and exciting experiences, but sometimes also raise problems. Downloading on-line music has drawn much attention during recent years. This newly flourishing business model provides music lovers a wide range of selections on-line, through peer to peer technology at relatively low cost. However, this new business did not receive supports from record companies and music right holders. On the contrary, these P2P companies were accused of the main cause for the sharp drop in profits for the past few years. Although it is difficult to prove the direct relationship between lost of profits and the downloading services, we have seen many copyright infringement cases were brought to courts in the United States (Napster/Groster cases), Holland /Australia (Kazaa case) and Japan (MMO case) and the judgments, even with similar facts, were opposite! This situation just reflects the complexity of the whole issue and arouses more discussion on this topic. In August 2003, International Federation of the Phonographic Industry, Taiwan Branch (hereinafter referred to as IFPI Taiwan) brought complaints against two local P2P companies in Taipei and the courts also reached opposite judgments. It is the main purpose of this paper to discuss the two judgments and possible solution in the future. Before we start to discuss the two cases, I would like to take this opportunity to briefly clarify our copyright law liability system. Unlike American legal system, where liability for violation of copyright law is civil liability in nature, the legal responsibility for copyright infringement in Taiwan is criminal liability, and therefore, courts in Taiwan will apply stricter standard in deciding whether violation of copyright is intentional. a. ezPeer case This is the first P2P case in Taiwan and Taipei Shihlin District Court found in June 2005 that the defendant, ezPeer company, is not guilty of copyright violation charges for the following reasons: In the indictment, the prosecutor claimed that ezPeer provides on-line music downloading services through a “centralized P2P framwork”, so it is reasonable to conclude that ezPeer has “actural knowledge” about the fact of copyright infringement by its members. With such knowledge in mind, ezPeer still provides file-exchange services, and therefore, ezPeer is suspecious of violating copyright of the record companies. The Court, however, held that ezPeer is in fact a “decentralized P2P framwork”, and further held that it is not important to decide the type of P2P framework in this case because the original structure of P2P was not designed for the purpose of violating copyright. The Court maintained that the downloading and transmission of musical files by individual member might satisfay fair-use circumstances or other requirements for legal exploitation of the works. From the evidences submitted by the prosecutor, the Court is not able to ascertain if ezPeer is able to distinguish the legality of conducts acted by its members. Under such circumstances, the Court helded that it is also impossible to conclude that ezPeer is an accomplice in this case. Under present relevant laws, ezPeer is under no legal obligation to take active actions to provide special devices or measures to filter off the downloading and transmission of musical files that are suspecious of violating copyright law. Of course, ezPeer judement ignited another pro and con debate in Taiwan . It is interesting to note that the judgment of ezPeer case was rendered on the 30 th of June, 2005, only three days after the Groster judgment which was rendered on the 27 th of June 2005. We are not sure if the Groster judgment has any impact on the Kuro case, but as we will see below, the judgment of Kuro case is just totally opposite to ezPeer. b. Kuro case On the 9 th of September , 2005, Taipei District Court reached its judgment on Kuro case, and held that the defendant, providing unauthorized music downloading services for the purpose of making profits, is jointly responsible as conspiracy with its individual member for infringing plaintiff's copyright. The CEO and General Manager of Kuro were sentenced for three-years' imprisonment separately, and both were fined three million NT Dollars; the responsible person (chairman) of Kuro was sentenced for two-years' imprisonment and Kuro's member, Miss Chen, was also sentenced for four-months' imprisonment, which could be substituted by fine, and which also obtained a respite for three years. In addition to criminal action, IFPI also filed a civil lawsuit claiming for compensation, and this case finally reached a peaceful settlement on the 15 th of September, 2006. Kuro promised to pay IFPI Taiwan 3 millions and 5 hundred thousand NTD as compensation. A new company /will be incorporated to continue the legal music platform business. The members' list, brand name and the employees of Kuro will be transferred to the new company under a license agreement. In the future, the new company will provide downloading services not with P2P technology, but with streaming model, and the member fee will have a jump from the present 99 NTD/month to 150 NTD/month. A brief comparison can be made between the two local cases: Taipei Court found that when Kuro's server is under normal operation, and when Kuro's member would like to download a specific music file from another member, Kuro's server will provide IP address, route and establish connection in order to facilitate its member to conduct fast search and to download the music file; If the connection is interrupted during transmission, Kuro's server will automatically locate other member's IP to resume the transmission. The Court was convinced under these facts that Kuro was a “centralized P2P framework”. The Court further found that Kuro published a great deal of commercial advertisements on various media to increase its membership; Kuro also established “feed-back mechanism” on its own website to encourage the users to download music file. Given all these evidences, The court was convinced that Kuro, who had actual knowledge that the P2P technology it provided will be utilized by others as a tool to carry out criminal activities, should induce the general public to pay or buy its membership to infringe other's copyright in order to pursue its own commercial benefits. In doing so, the court held that Kuro has already foreseen that its member will use P2P technology to conduct unauthorized music downloading, the copyright holder's damages and the causation between the two, and the result of causing lost of profits on plaintiff is not against Kuro's intent. Therefore, Kuro must be responsible for violating copyright liability. We found that the supporting evidences really play important roles in helping the Court to reach its final judgment and that is one major reason why we have two cases with similar facts but having opposite results. The P2P issue, with the settlement between Kuro and IFPI Taiwan, is at rest for the time being, but efforts trying to have legislative solution are just begun. There was suggestion to amend Copyright Law to have a “compensation system” to solve the P2P problems. This proposal, however, did not receive much support among scholars and legislators. Recently another proposal was brought to our attention that our Copyright Law shall adopt a procedure similar to the one adopted in DMCA. This new proposal arouses another big issue: how should we regulate ISP? This issue has been in debate for years in Taiwan , and so far there is still no consensus on this point. As a matter of fact, ISP relates not only to copyright issues, privacy protection, anti-porn/violence for minors on internet are also important topics needed to address our concerns. So far, it is too early to comment the future of this new proposal, but we will keep close watch of its future development. From III's point of view, a single legislation encompassing all issues regarding ISP will be a better solution. C. Rating system for digital contents With the rapid advances of technology and the widespread use of computers, Internet has become an indispensable part in our daily lives. When we enjoy the convenience of having easy and quick access to almost all kinds of information, we are exposing ourselves, at the same time, to a world which is flooded with impoper or even indecent contents. Those contents deliver either wrongful or harmful messages to the viewers and sometimes cause negative impacts on their minds forever. This situation poses a quite serious problem especially for children and teenagers who are encouraged to acquaint themslves with the cyber space but do not equipped with proper knowledge and ability to distinguish healthy and useful contents from unhealthy and harmful ones. Hence, in addition to protectingof the right of digital content, while in the process of promoting digital content industry, setting clear rules to regulate content providers to protect minors are also very important. In order to insure the sound development of the physical and mental status of the minors, Article 27, Paragraph III of the “Children and Youth Welfare Act 10” requires that “the competent authority should publish rating regulations for publication 11, compouter software and internet content”. This is not to impose any restrictions on the freedom of speech on internet, but rather a protection measure by providing a basic reference for parents and the minors to decide which content is appropriate for them. a.Regulations of Internet Content Rating The “Regulations of Internet Content Rating” was first published by Government Information Office (hereinafter referred to as GIO) on the 26 th of April, 2004. The regulation provides a grace period of 18 months in order to avoid rushness and, therefore, the exact enforcement date was the 26 th of October, 2005. This Regulation was further amended in October 2005. The most important spirit of the Regulation is “self discipline” principle. According to the amended regulation, content providers shall classify the contents either “restricted” or “non-restricted” by themselves. Restricted contents providers are required by the Regulation to put a “restricted” label on the homepage or relevant web pages in a conspicuous manner. Before the amendment, the rating system was classified as “common for all”, “protected” (which means the content is not suitable for children under 6), “parents guide” (which means that the content is not suitable for children under 12; for the youth between 12 to 18, parents guide is needed) and “restricted” (not suitable for people under 18). So under the present classification, Internet content that is not rated as “restricted” may be viewed by children under guidance or under the discretion of parents, guardians or others taking care of them 12. In order to carry out the functions specified in the regulation, the “Taiwan Internet Content Rating Promotion Foundation 13” (hereinafter referred to as TICRF) was established by GIO on the 7 th of January, 2005 . This will facilitate the development of Internet-related industry while protecting freedom of speech online and regulate user behavior. b. Regulations of Computer Software Rating The “Regulations of Computer Software Rating” was published by Industry Development Bureau (hereinafter referred to as IDB) of Ministry of Economic affairs on the 6 th of July, 2006 and will be enforced on the 5 th of January of 2007. Following the Internet Content Rating Regulation, this regulation adopts the “self-discipline” principle, and “four tiers” rating classification. However, there a re some points to be noted: 1. The term “computer software” in this Regulation refers only to “computer games”, excluding other kinds of software like searching engine, data mining, tool or educational software. 2. Only the game software that can be played through “computer” shall be the subject under this regulation. Games played on other devices, such as mobile phone, PDA, television or other devices. As a result, video games do not fall within the definition of “computer game” under this regulation and, therefore, is not regulated so far. 3. The competent authority for the new Regulation is IDB. Not like GIO establishing a foundation under its donation, IDB will encourage the private sector to organize professional groups to provide consultation services regarding any question or misunderstanding arising from this regulation. Anyone who would like to challenge the rating label marked by the computer software providers, may also bring their cases to any of those professional groups for opinions. 5. The new Regulation requires that the computer software providers must put the label not only on the web page providing downloading services but also on the package in a conspicuous manner. It further requires that for “restricted” software, a warning sentence like “This software is intended for use for persons above 18” must be properly marked. D. The “Digital Content Industry Promotional Act” (Draft) a.To restore the copyright pledge recordation system As we have pointed out that copyright and other intangible assets are playing a more and more important role in the knowledge based economy. Therefore, the purposes of copyright law are no longer limited in protecting the rights of the authors, but are extended to facilitate the maximum exploitation of these works in order to manifest their potential economic values. As we all know that the most valuable assets for digital content companies are their intangibles, such as patents, copyrights or trademarks. In the early stage, those start-up companies might rely heavily on government's financial supports. However, when digital content companies are becoming more mature and try to make use of their intellectual properties as collateral to reach a loan agreement with the banks, they will find that the banks are not willing to accept these intangibles as collateral 14. The situation for copyright is even worse in Taiwan since our copyright competent authority no longer provides copyright recordation services to the public 15, and therefore, the banks are even less interested in accepting copyright as collateral because they are not able to estimate their risks with accuracy in any particular case when those important information regarding the “intangible collateral” is not available from any trustworthy government agency or private organization. In order to provide a formal channel of disclosure and to ignite the economic potential in intellectual properties in the future, our government is planning to restore the copyright pledge recordation system in the draft of “Digital Content Industry Promotional Act”, aiming that this will offer the digital content companies a better position to negotiate with the bank and other financial institutions for loan agreements. b. Exploitation of Work Whose Authorship is Unknown At a higher level of the panorama, Copyright Law encourages the exploitation of other's works in order to facilitate further idea exchange and culture development. However, such a privilege is granted by law only when the users obtain author's authorization in advance, except in some specified fair-use circumstances or using works which already in public domain. However, author's authorization is sometimes difficult or even impossible to obtain when the author's whereabouts is unknown 16. This is especially true in the internet environment when the flow of information is so fast and the amount of information is enormous. This situation undoubtedly creates a big hurdle for content users and impedes their willingness to continue creative activities on internet . In order to solve this problem and to reach full utilization of digital contents, our Government is planni ng to bring this licensing deadlock to an end by setting a procedure which allows the users to submit sufficient evidences to the copyright competent authority to prove that he/she has exhausted all possible means but still fail to locate the author. After reviewing all the documents and evidences, copyright competent authority will grant the authorization on a non-exclusive basis, and the user has to deposit the license fee as prescribed in the approval letter and then use the work in the manner as prescribed therein. Taiwan Government is hoping that in the internet era, authors are urged to exercise their rights granted under Copyright Law in a much more positive manner by using “electronic rights management information” to enable others to share authors' wisdom and to help the whole society to benefit from the wisdom-sharing process. Conclusion The whole world is facing a new digital era that nobody has ever experienced before, especially the Internet world. Traditional legal system is no longer enough to deal with problems related to the creativities of intangible assets. Members of modern society, need to find the best solution to irrigate and protect these digital fruits, and, at the same time, to resolve or prevent problems or expected harm from the development of digital content industry. To set up a new legal system along with various industrial policies is deemed a good solution to build up sound environment for the growth of digital industry. Challenges and hurdles will be confronting us every single day. They come to existence even faster than before. Their existences just send us clear messages that it is time to submit more proposals to promote digital industry, to create maximum profit to the digital society as a whole and to prevent harmful results from this trend of digital tide. We believe that Taiwan Government is now well prepared to face this new age and to overcome all the expected or unexpected challenges. Major changes of legal structure will be achieved step by step within the following years and it is expected that when cases relating to digital content are accumulated to certain amount , the consensus to solve those legal issues will become much clear. When we reach this point, our society will be more comfortable and confident in using and creating digital contents and the digital industry in Taiwan will be mature. 1. This amendment is made pursuant to Article 9 of the TRIPs which provides that every member of the WTO shall adhere to the provisions set out in Article 1 through Article 21 of the 1971 Berne Copyright Convention. Article 9 of the Berne Convention entitles the authors of the literary and art works protected by the Convention the exclusive right to licensing, in any manner or form, the reproduction of his/her copyrighted works. 2. The ROC Copyright Law Article 3-1-5 3. This amendment was made by making reference to Article 8 of the WCT and Article 10 and Article 14 of the "WPPT", and Article 2, and Article 2 –1 and 2-2 of the EU 2001 Copyright Directives 4. "Public transmission" means to make available or communicate to the public the of a work' content through sounds or images by wire or wireless network, or through other means of communication, including enabling the public to receive the content by any of the above means at a time or place individually chosen by them 5. "Public broadcast" means to communicate to the public the a work's content through sounds or images by means of transmission of information by a broadcasting system of wire, wireless, or other equipment, where such communication is for the purpose of direct listening reception or viewing reception by the public. This includes any communication, by transmission of information via a broadcasting system of wire, wireless, or other equipment, to the public of an original broadcast of sounds or images by any person other than the original broadcaster 6. The amendment was referenced to the provisions set out respectively in Article 8 of the WIPO Copyright Treaty (hereinafter referred to as "WCT") and Article 10 and Article 14 of "The WIPO Performance and Phonograms Treaty" (hereinafter referred to as "WPPT") 7. The ROC Copyright Law Article 3-1-17 , The definition of the term " electronic rights management information" was added with reference to the provisions set out respectively in Article 12 of the WCT, and Article 19 of the WPPT which requires all signatory countries to provide full protection and remedies to the integrity of electronic rights management information, Article 7 of the EU 2001 Copyright Directives, Article 1202 of the US Copyright Act, and Article 2-1-21 of the Japanese Copyright Law. 8. The ROC Copyright law Article 3-1-18 , this item was added in 2004 amendment. The definition of the term "technology protection measures" are added to the 2004 Copyright Law pursuant to in Article 11 of the WCT and Article 18 of the WPPT respectively, requiring the mandatory and adequate legal protection to the "anti-circumvention measures". And, the Article also makes reference to the relevant provisions provided in Article 6 of the EU 2001 Copyright Directives"; Article 1201 of the US Copyright Act; Article 20,1,20 of the Japanese Copyright Law; Article 18 of the "On-line Digital Contents Industry Development Act" and Article 30 of the "Computer Programs Protection Act" of Korea respectively. 9. The ROC Copyright Law Article 87-5 and 87-6 10. The Act was put in force on the 28th of May, 2003 11. ROC Government has already enacted rating regulations for publication (books, magazines, etc.) and movies/TV programs. 12. Many teachers and parents group are criticizing the new rating classification. They agree that it is sometimes difficult for the content providers to mark correct label for contents which are either “protected” or “parent guide”. However, they argue that it is irresponsible to shift the whole burden to parents who do not have enough profession or simply do not have time to do so. 13. For more detailed information, please visit TICRF's website at http://www.ticrf.org.tw/ 14. The conservative attitude of the banks and other financial institutions are understandable. First of all, the market for intangibles as collateral is just not mature for the time being, and we do not have enough experiences in the area of intangible assets evaluation. Secondly, banks are more familiar with traditional collateral, like lands, houses, etc. In fact, they are quite confused about how to deal with all these intangible assets in their hands. Thirdly, an effective mechanism for the withdrawal of banks and financial institutions from the market is still lacking, which greatly increases the risks for banks, and in turn, will render banks more hesitated to reach any loan agreement with digital content companies from the very beginning. 15. The Copyright Law of Republic of China was first promulgated in 1928. At that time, copyright protection would be obtained only if the author fulfilled the strict “registration” process. In 1985, Copyright Law was undergoing an overall review, and an internationally accepted principle that “copyright protection will be automatically obtained upon completion of the work” was adopted. However, copyright registration system was still maintained for voluntary application for registration and the issuance of copyright registration certificate. In 1992, a more loose “copyright recordation system” was adopted to replace the “copyright registration system” to avoid any confusion. In 1998, after many years' debates, copyright recordation system was finally abolished for the following reasons: 1). The existence of “copyright recordation system” always delivers wrong information to the public that copyright law still requires registration for protection of a work. So it would be better to abolish the recordation system to avoid any misunderstanding in the future. 2). In a copyright lawsuit, the courts, instead of conducting substantial fact-finding procedure to ascertain who the copyright holder is, very often require the party claiming copyright protection to submit copyright registration certificate or recordation transcript to prove that he/she is the copyright holder. In doing so, the spirit of copyright law was led to such a distortion that would render the public even more confused about the true meaning of copyright law. 3). Due to limited manpower in our copyright competent authority, services for applications either for copyright registration or recordation will consume a lot of administrative resources , and the crowding-out effect would have negative influence on the allocation of resources to other pending copyright issues or basic researches at hand. 16. This is termed “orphan works” by Professor Lawrence Lessig.

An Introduction to Taiwan’s Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries

An Introduction to Taiwan’s Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries 2023/11/29 I. Preface The Personal Data Protection Act (below, the “Act”), Article 27, paragraph 3 authorizes all central government authorities in charge of specific industries to formulate regulations regarding security standards and maintenance plans for their concerned industries. Beginning August 27, 2022, Taiwan transferred authority over information services, software publishers, businesses that do retail sales of goods purely via the Internet, third-party payment providers, and other businesses in digital economy industries from the Ministry of Economic Affairs to the newly-established Ministry of Digital Affairs (MODA). Businesses in the digital economy industries collect, process, and use large amounts of important personal data, and therefore bear a relatively heavy responsibility for maintaining the security of personal data. In light of this, and in accordance with the Act, Article 27, paragraph 3, the MODA therefore promulgated the Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries (below, the “Regulations”) on October 12, 2023. These Regulations specify the standards for digital economy industries’ personal data file security maintenance plans and rules governing the handling of personal data following a business termination (below, “security and maintenance plans”, or “SMPs”). These regulations apply to all businesses in the digital economy industries. In order to reinforce responsibility for personal data security maintenance in the digital economy industries, tiered management is applied to businesses at different scales. The key points of these Regulations are introduced below. II. Where the Regulations apply As stipulated in the Regulations, Article 2, the “digital economy industries” that these Regulations apply to refer to any natural person, private juridical person, or other group, that engages in any of the following business operations: 4871 Retail Sale via Internet (industries that engage in retail sales to others via the Internet, but not including television, radio, phone, or other electronic means, nor postal sales); 582 Software Publishing; 620 Computer Programming, Consultancy and Related Activities; 6312 Data Processing, Hosting and Related Activities (industries that engage in processing customers’ data, server & website hosting, and other related services, but not including online audio/video streaming services); 639 Other Information Service Activities; or 6699 Other Activities Auxiliary to Financial Service Activities Not Elsewhere Classified (third-party payment industries, but not including other fund management activities). For the specific industries covered, see Attachment 1 of the Regulations. III. Security maintenance and management measures The relevant measures are stipulated in Articles 3 to 17 of the Regulations. In consideration that the businesses so regulated may collect, process, or use large amounts of personal data as part of their business activities, they bear a larger responsibility for maintaining the security of personal data than does the average enterprise. In compliance with the Regulations, every such enterprise is required to formulate an SMP, the content of which shall comply with the specifications in Articles 5 to 17. This includes putting in place management personnel and relevant resources; defining and inventorying the scope of personal data; risk assessment; putting internal management procedures in place; and other such matters. These Regulations also adopt tiered management for businesses based on their capital levels, in order to reinforcement the frequency at which security maintenance measures are performed. The specific regulations for security maintenance measures are introduced below. 1. Formulating an SMP In accordance with the Regulations, Article 3, and in order to maintain the security of personal data, each enterprise shall, within three months of the date the Regulations take effect, plan and formulate their SMP. Every enterprise shall also cause all staff members to understand and fully implement the SMP. In order to monitor implementation, the MODA may require that each enterprise submit its implementation of SMP; the enterprise shall then submit their implementation status information in written form within the specified time limit. 2. Making the protection policy known internally In accordance with the Regulations, Article 4, and to make sure that everyone in the enterprise comprehends and implements personal data protection, each enterprise shall make its personal data protection policies known to all personnel within the enterprise. Matters that must be explained include Taiwan’s legal regulations and orders on personal data protection; how personal data may only be collected, processed, and used for specific purposes and in a reasonable, secure way; that protective technology must be at a level of security that could be reasonably expected; points of contact for rights relating to personal data; personal data contingency plans; and proper monitoring of outsourced service providers to whom personal data is outsourced. All of this must be done to make sure that every enterprise carries out their duty for comprehensive, continuous SMP implementation. 3. SMP content (1) Putting in place management personnel with relevant resources In accordance with the Regulations, Article 5; in accordance with both the Regulations as a whole and other laws and orders regarding the protection of personal data; and in order to implement personal data protection, each enterprise shall do the following things: Weigh the size and characteristics of their business to reasonably allocate operating resources; take responsibility for the personal data protection and management policy; and formulate, revise, and implement their SMP. Also, the enterprise’s representative or the representative’s authorized personnel shall carry out formulation and revision, in order to make sure that the SMP’s content is fully carried out. (2) Establishing the scope of personal data In accordance with the Regulations, Article 6, in order to define the scope of personal data to be included in the SMP, each enterprise shall periodically check the status of personal data that is collected, processed, or used. (3) Risk assessment and management mechanisms for personal data In accordance with the Regulations, Article 7, in a timely manner, and in accordance with their already-established personal data scopes and the processes in which their business involves the collection, processing, or use of personal data, each enterprise shall evaluate risks that may arise within their scope and processes. Based on the risk evaluation results, each enterprise shall then adopt appropriate security management and response measures. (4) Incident prevention, reporting, and response mechanisms In accordance with the Regulations, Article 8, and in order to reduce/control damages to data subjects resulting from personal data theft, tampering, damage, destruction, leakage, or other such security incidents, each enterprise shall formulate response, reporting, and prevention mechanisms: 1. Response mechanism: Methods to be followed after a security incident has occurred, to reduce/control damages to data subjects, and appropriate ways to notify data subjects after an incident investigation, as well as what such notifications shall contain. 2. Notification mechanism: Post-incident notifications to data subjects, in a form (such as email, text message, phone call, etc.) that makes it convenient for such subjects to learn what has occurred and what the incident handling status is; also, providing data subjects with a hotline or other way of seeking information later on. 3. Prevention mechanism: A post-incident mechanism for discussing and adjusting the prevention measures. Within 72 hours after an enterprise learns that a personal data security incident has occurred, the enterprise shall use Attachment 2, the Enterprise Personal Data Leak Reporting Form, to notify the MODA of matters such as: A description of what caused the incident; an incident summary; the damage status; possible results from the personal data leakage; proposed response measures; proposed method and time for notifying data subjects; etc. Alternately, the enterprise may notify the special municipality or county/city government to then notify the MODA. If the enterprise is unable to report the incident within the time limit or is unable to supply complete reporting information all at once, the enterprise shall attach explanation of the reasons for the delay, or provide the information in stages. After the MODA or the special municipality or county/city government receives a report, they may implement reasonable handling in accordance with Articles 22 to 25 of the Act. (5) Internal management procedures for personal data collection, processing, and usage In accordance with the Regulations, Article 9, in order to ensure that their collection, processing, and use of personal data complies with the laws and orders regarding the protection of personal data, each enterprise shall do the following: Formulate internal management procedures; assess whether the use, processing, or collection of special categories of personal data are involved; assess data subjects’ consent has been obtained; assess whether the legal circumstances create an exemption from the obligation to inform; etc. The internal management measures shall also include providing data subjects with information on their rights in accordance with the Act, Article 3; putting in place mechanisms for ensuring the accuracy of and inquiring regarding personal data; and periodically reviewing whether the specific purposes for collecting personal data still exist or have expired. (6) Limits, notifications, and monitoring for international transfers In accordance with Article 10 of the Regulations and Article 21 of the Act, when an enterprise’s transfer of personal data across a national border affects data subjects to the extent that there is a major national interests concern, the enterprise shall assess whether MODA restrictions apply to the transfer. The enterprise shall also notify the data subjects of the region(s) that the data is transferred to; perform appropriate monitoring of the data recipient; and provide the data subjects with information on their rights in accordance with the Act, Article 3. (7) Data, personnel, and equipment security management measures 1. Data security management measures: In accordance with the Regulations, Article 11, and when personal data is backup, kept confidential, or transferred by various means based on the risk assessment results, each enterprise shall put in place protective measures against abnormal access behaviors. When an enterprise provides information/communication technology services, the enterprise shall also put in place and regularly monitor intrusion countermeasures, abnormal access monitoring and contingencies, anti-malware mechanisms, account password verification, system testing, and other such data security management measures. 2. Personnel security management measures: In accordance with the Regulations, Article 12, each enterprise shall contractually specify the obligation to maintain confidentiality with all staff members; identify personnel who job duties involve collecting, processing, or using personal data; and periodically assess the appropriateness and necessity of personnel’s permissions to access personal data. 3. Equipment security management measures: In accordance with the Regulations, Article 14, and to prevent personal data being stolen, tampered with, damaged, destroyed, or leaked, each enterprise shall put in place appropriate media protection for personal data storage devices. The protection requirements include management measures such as technology, equipment and secured environments that meet a specific level of security. (8) Education and training In accordance with the Regulations, Article 13, each enterprise shall periodically use education and training to ensure that all staff members understand the following things: The laws and regulations pertaining to personal data protection; their personal duties and roles within their scopes of responsibility; and the requirements for all SMP management procedures, mechanisms, and measures. For any enterprise that engages in retail sales via the Internet, their SMP shall include user training and education regarding personal data protection and management; and the enterprise shall also formulate personal data protection rules for compliance. (9) Continuous audit, recording, and improvement mechanisms 1. Data security auditing mechanisms: In accordance with the Regulations, Article 15, each enterprise shall periodically do internal audits of personal data, then put the audit results into an evaluation report that reviews improvements to the enterprise’s protection policy, SMP, etc. If there are any deficiencies, the enterprise shall make corrections. 2. Use of records, tracking data, and retention of evidence: In accordance with the Regulations, Article 16, and as part of carrying out its SMP, each enterprise shall retain a minimum of five years of records on the collection, processing, and use of personal data; tracking data for automated machinery; and evidence of having implemented the SMP. After an enterprise’s operations cease, it shall retain records of the destruction, transfer, or other deletion of personal data for a minimum of five years. 3. Comprehensive, continuous improvement for personal data security maintenance: In accordance with the Regulations, Article 17, any time an enterprise’s SMP is not implemented, the enterprise shall adopt corrective and preventive measures. Also, based on the SMP’s implementation status, its handling methods/implementation status, developments in data technology, adjustments to the enterprise’s business, and changes in the law and regulations, each enterprise shall periodically review and amend its SMP. 4. Tiered management In accordance with the Regulations, Article 18, and to prevent relatively small businesses having to take on excessive personal data management costs, tiered management is applied. For an enterprise with a specific business scale (having capital of NT$10 million or more, or holding 5,000 or more personal data records), stronger security measure implementation is required, namely, the personal data security measures shall be implemented, reviewed, and improved at least once every twelve months. If an enterprise reaches NT$10 million or more in capital after the Regulations take effect, or if an enterprise’s number of personal data records held reaches 5,000 or more as a result of direct or indirect data collection, then within six months of meeting those conditions, the enterprise shall implement and review the improvement measures at least once every twelve months. 5. Outsourced personal data Commercial outsourcing in the digital economy comes in many forms. In light of this, and in order to make clear each enterprise’s security management obligations with regard to the collection, processing, and use of personal data, Article 19 of the Regulations clearly spells out what duties shall be carried out with regard to any outsourcing that touches on personal data. When an enterprise outsources the collection, processing, or use of personal data, it is considered equivalent to the enterprise’s own activity. Thus, the enterprise shall understand and follow the legal orders and regulations on personal data set by the central government authorities in charge of the outsourcing party’s industries. Any oversight responsibilities arising from outsourcing the collection, processing, or use of others’ personal data shall be clearly stipulated in the outsourcing contract or other such documents. IV. Conclusion The Regulations Regarding the Security Maintenance and Administration of Personal Information Files in in Digital Economy Industries are designed to balance development for Taiwan’s digital economy industries with comprehensive, continuous improvement of personal data security maintenance. In pursuit of those goals, the Regulations clarify what each enterprise must do: Plan, formulate, and carry out security maintenance plans for personal data that falls within the bounds of the enterprise’s business; ensure that all staff members receive training on personal data protection; provide personal data subjects with channels to file complaints and seek consultation on their rights; and inform the government authorities in charge of the digital economy about the enterprise’s SMP, including the status of any personal data security incidents. All this is done in hopes that the security measures will continuously improve the security of personal data in Taiwan’s digital economy industries.

Legal Considerations of E-commerce of Taiwan: Development and the Status Quo

I. Preamble 1. Current Situation of E-Commerce Along with rapid developments of the information and the Internet, what follows in suit is inevitably the electronicalization in general industries. Nowadays, countries around the world accelerate exploitation of information technologies and management methods to enhance their capability of competition. Developments in digitalization have brought traditional business concerns to face rigorous challenge as regards both the nature of the business and the context of same, as well, in more recent years incidents such as Internet data exposition and on-line fraud have happened over and over again. Contentions of on-line transaction have also increased a great deal while some illegal websites proclaimed themselves to be legal ones. All these situations point to the importance of building up legislation on e-commerce and cyber environment. No less important is the buildup of more reliable environments friendly to electronic trades as to which the government should take into account the needs voiced from both suppliers and buyers in an effort to put into effects relevant implementations conducive to benignant developments of e-commerce. In the meantime, the entire B2C e-commerce market is going through unprecedented fusion, ongoing merging and cross application is seen in varied on-line transactions including TV shopping, Internet shopping, mobile shopping, e-mail shopping and so on, growing more tense than ever are integration in the context of http://bilingualdb.rdec.gov.tw/BilingWeb/bl_showworddetails.asplogistics,cash flow, exchange of information, and transactions, in addition, interchange of platforms and horizontal consolidation of varied equipments are indication enough that looking into the future, what looms ahead is a service-oriented, attention-intensive era of economy; by taking into good account consumers' actual needs, convenience and economies, these supplemented with customized service delivery, the intending party can realize phenomenal profits well beyond estimation; considering that the B2C business world is continually renovating its latest technology or application (the Skype, for example) better yet management model is required to strike profits (such as diggings of killer APs, Killer access Devices, Killer channels, Killer business models and their applications), and therein lies the orientation for efforts to be spent in so far as the future of the B2C e-commerce is concerned. By the outcome of the B2C Business Strategy Conference closing as of both 2004 and 2005,the current B2C e-commerce of Taiwan is fighting hard to cross the gap of lag in family Internet shopping rates (13% in 2003, grown up to 19.6% by 2005), if relevant technology matures and breaks various obstacles against B2C e-commerce, it is safe to say that by 2007 will come the mainstream epoch for Internet shopping vogue, and that is good enough for what one could envision for the B2C e-commerce. Reliable survey conducted for relevant projects indicates that the on-line shopping market over the year 2005 is estimated at approx. NT$51,073,000,000, reflecting a growth of 47% over the correspondent field of NT$34,720,000,000 realized in 2004, hopefully the growth may hit around 43% by the year 2006, estimation: NT$73,146,000,000; in the year 2005 the overall retail market realized a revenue of approx. NT$3,090,297,000,000 of which roughly 1.65% was due to contribution from on-line retail sales, estimation shows that by the year 2009 the on-line shopping market will expand to around NT$154,475,000,000. All of the survey digits clearly show that there is still much to expect of our domestic electronically subordinated markets, for which a growth potential always exists. 2. Implementation strategies and policy directions Over the nearly twenty years in the past the US has been strategically employed varied technologies associated with e-commerce at large, for the promotion of e-commerce and that has fetched a hit over Japanese business industry that was long-timed noted for their high quality struck at relatively low-profile cost image, and at the same time switched the fading stage of the US economy up to the rosy side. What makes e-commerce so much a marvel? Well, the secret is in fact simple enough, for in the wake of contemporary atmosphere for competition centering on internationalization and globalization, the only recipe for success and survival for any business is simply the triplicate: “Speed”, “Flexibility” and “Creativity”; e-commerce not only timely satisfied these needs, it plays a key role in this respect all at once, such that any responsive and responsible business executive would but have to admit that “Without getting electronic, you can expect no more orders”. In awe of this wake trend going for entrepreneurial electronic synonymous with e-commerce, our government has been keeping a keen eye on the position of modern e-commerce around the world. In addition, it has charged relevant departmental agencies to attend to the development and planning of domestic e-commerce to begin with the Ministry of Economic Affairs firstly accomplished Electronic Commerce Model System recommended for Business-to-Business (B2B) in the Informative Segment, the indicial system for electronic industry for our country is thereby established, and this by and by has extended to other kinds of industry; in the meantime, efforts have been shed to expel lots of bottlenecks facing the electronic of all and sundry industries as regards the environmental nods and the institutional node. Years of governmental efforts in this concern have seen results in the context of our domestic industries vying one another in the startup of getting involved in electronic operation. It is safe and fair to say that up to this date the e-commerce development in this country, already soundly founded, and is still growing avidly and rapidly. Because of the application of information has already become a sharp tool for advanced countries in upgrading their competitive margin in global markets, the premise being as such, countries have one by one promulgated their national information expertise development projects with a view to get going infrastructures information and communication constructions on a national scale. Here in this country relevant constructions have begun as early as back in the year 1994, the Executive Yuan has ratified the “National Information/Communication Infrastructure Implementation Plan” in the year 1997; in June 1999 the “Industrial Automation Plan” ratified previously was upgraded to a combined “Industrial Automation and Electronicalization Plan” for the purpose of promoting industrial competition margin. By the year 2001 our government, in view of societal need for general information as well as technical renovation that comes as a result of advances in information/communication technology, and through collective consultation and resource consolidation, founded a National Information and Communication Initiative Team (NICI Team) whose mission is to implement NICI Projects, while the priory founded Industrial Automation and Electronicalization Plan continued to function in the name of the “Industrial Electronic” Work Group under said NICI Project, in addition, a consensus has been reached that the implementation of information/communication know-how be regarded as playing a key role in the promotion of overall national competitive competency. II. Legislative Demands for the Development of e-Commerce in Taiwan 1. Trend of international legislation Under the ongoing trend of globalization and internationalization, transnational communication and transaction blooms fervently, a universal expectation shared by nations around the world is that concrete and clear-cut legislations be adopted to rule out obstacles to developments of electronic transactions due to inadequacy of statutory provisions or proscriptions. Whatever the contents of legislation from one state to another, the primary object is unexceptionally to promote developments of electronic transactions by the institutional introduction and intervention in all respects concerned. Phrased otherwise, the key role played by laws governing electronic transactions lies in presentation as enabling or supplemental laws to serve as legal basis with respect to issues where conventional institution fails to see or proves inept; whereas issues or legal interactions facing common transactions equivalent to traditional trades will still abide by conventional statutes, still, the ongoing trend respecting the same electronic trades on international communities calls not for the creation of new laws, but in installing legislation on issues not being covered in currently enforced statutes. Other countries facing issues relating to electronic transactions will not reason with reference exclusively to traditional civil or commercial codes by ignoring electronic trade codes or vice versa, instead they will rely upon both traditional codes and relatively regulations related to electronicalization, at the same time. 2. Legislation of e-commerce: Necessity and Orientation for Deliberation Speaking of legal concerns possibly facing application of electronic trades, with legal effects to the extent acknowledged according to laws governing transactions executed by “Electronic Signatures ACT” with respect to electronic documents being excepted, party autonomy and the principle of freedom to contract will prevail, still, contractual contentions otherwise occurring in the course of transaction will be subjected to relevant civil or commercial codes all the same, and that having nothing to do with pertinent electronicalization legislations. Considering the practical aspects, competency of legal intervention in the course of concluding of contracts involving electronic transactions deserves deliberation in the context of practical needs. Apart from relevant issues seen in a contract, matters such as competency of law respecting trades of digitalized merchandises, respecting protection of consumers in respect of which the law is already there, and respecting privacy protection, are all of vital interest to parties in executing any electronic transactions. Other issues which warrant close inspections considering a piece of electronic trade include; legislation with respect to cash flow, to material flow and practices, to whatever affects the proper rights of parties to a trade, to attempts to use the Internet as a criminal means, to situations where violation of safety of trade or order of trade arises; to issues relevant to competency of proof considering electronic documents, electronic signatures in the event of dispute out of a piece of electronic trade; and eventually, responsibilities on the part of ISP who forms a part of a piece of electronic trade, as well as electronic jump mail (spam), because all of them could undermine the development of electronic transactions. III. Taiwan Legislation on Electronic Commerce: the Status Quo and the Outlook in the Future The arrival of digital era has broken down the fence by which the world for ages has been defended, the e-commerce is taking up the place of traditional marketing scheme and outlets in giant strides, and has virtually become the focus of economy in the current era, Still, new fangled trade modes emerging from day to day in step with electronic modern business operators are impinging upon existent legal systems here in this country and that without any letup, such that the traditional philosophy of legislation is compelled to reorient itself to meet the impending challenge of our times. The most important of interest to a wholesome development of e-commerce lies in the creation of a benignant legislation structure. However, it is a pity that the creation of electronic commercial codes is a very complicated institutionalized project, considering that apart from electronic documents and electronic signature, the electronic transaction by and large will involve legislation specific to civil, criminal and otherwise legal fields, encompassing key issues including: contractual relationship, electronic taxation, electronic cash flow, network jurisdiction and protection extended to consumers. Given the foregoing disclosure, it is rightly with a view to attend to smooth developments of electronic trades, to secure a wholesome transaction environment, and to safeguard the proper interests of network users, that the importance of a wholesome legislation structure is set off all the more obviously. Seeing that the crucial key to nationwide practicing of so-called electronic transaction or trade and to the meaningful functioning of an electronic government lies indispensably in the creation of a safe and reliable network environment, so that information in the process of internet transmission is ensured against falsification, fabrication or theft, will allow for identifying of the identity of both parties to the transaction, and henceforth, preclusion of denying by either party of the transaction afterwards, that therein lies the key to the universality of an electronic government and of the implementation of electronic transaction, as a matter of fact here in Taiwan the “Electronic Signature Act” was ratified in 2001, and the same put into practice in April, the year next to 2001, This code accords electronic documents and e-signatures which fulfill prescribed requirements the same legal effects as would be granted to traditional paper documents or signatures, and specifies certifying agents based on low-profile control means. Next in both 2003 and 2004 respectively, the competent authorities have put into effect subordinating statutes including: “The Enforcement Rules of Electronic Signature Act”, “Regulations on Required Information for Certification Practice Statements” and “Regulations Governing Permission of Foreign Certification Service Providers”, with a view to comprehensive coverage of codes specifying control of electronic signatures, to the safeguarding of environments for credible electronic signatures, and all these meant for access with international counterparts. The Electronic Signature Act specifies essentially “electronic documents” which carry information specified as electronic transactions (the specification includes what is known as electronic government), and “electronic signatures” produced by parties thereto and as appearing thereon. Electronic transaction is based on computerized network and electronic technology bear advantages over traditional commences in terms of convenience, effectiveness, scope of coverage, low-profile trade costs, among other considerations, for all these reasons will better meet the information age that is ours today and the challenge for globalization of trade and economy everywhere, that is why they develop so fast and find wider and wider application from day to day. Legislation of electronic transaction is not meant to establish a rule of regulations that will totally replace correspondent laws erected earlier in years bygone, it starts out in the beginning to address unique legal complications that arose because of substantial change having taken place as regards means and manner of transaction. The newly arisen legal problems originated from the unique feature of electronic transaction itself, what comes in suit is the global, universal, international, technical and inter-territorial nature of codifications governing electronic commences, Currently legislation of e-commerce around the world is classifiable into those which relates to promotion or macroscopically policy of electronic transactions, synoptic codification of electronic transactions, codification of electronic signatures, codification of environments friendly to electronic commences. (Comprising: protection of consumers, protection of privacy) After reviewing different specifications of electronic transactions from international sources, one is convinced that differentiation in legislation of electronic trades from one state to another is much more a result of policy election than that of pure legislates. Notwithstanding that over the last decade legislation of electronic commerce that is seen globally ran fast, every state tries hard to bring up a full set of codes on electronic commerce/transaction in the shortest possible period so as to effect timely control of electronic transactions which themselves are renovating with no less fast a speed, however, it is a pity that electronic commerce goes deep into a number of specific fields, crossing legal, scientific and technical realms, and its application extends deep into varied day-to-day layer, such that the scope of legislation of electronic commerce/transaction has run afar to limits beyond imagination, forcing international organizations and economic entities to issue model codes and directives for their member states to adopt as norms for comparable legislations. Nevertheless, after being cut into effect for several years, problems emerged one after another with electronic commerce/transaction codes, including electronic signatures act; the situation is the same in countries all over the world, in Hong Kong, where Electronic Transactions Ordinance as amended have been promulgated in 2004, in Singapore, where triplicate-phased public inquiry in written form have been proffered successively in 2003 and 2005, whereby public suggestions are solicited as references to subsequent revisions; whereas on the other hand, the United Nations have erected protocols addressed to issues arising in the course of concluding of international electronic contracts to complement the “UNCITRAL Model Law on Electronic Commerce of 1996” and the “UNCITRAL Model Law on Electronic Signatures of 2000”. A common guideline for legislation at Legislature Agency is: “Adequate Regulation, Leaving Leverage, Conducing to Development”, in order to provide suitable legislation frame as soon as possible, a Legislature Agency would but offer sketchy outline to allow for space appropriate for future development of the newly emerging e-commerce world. So there is little wonder that Taiwan's electronic signature relevant rules have been cited as the most succinctly structured electronic signature code anywhere on the globe, as such, its contents are restricted but to controls of electronic signatures, failing largely to deal with the highly mutable electronically transacted business activities and trades. Four years have elapsed since the implementation of the electronic signature code, in view of the ever-changing environments of e-commerce, statutes currently in force have proved inadequate or behind time, if only present status and future demands of e-commerce are to be taken into account in step with emerging trends in global legislation as well as newly arisen commercial modes, it is truly time to review and amend current codes. To build a wholesome environment for the e-commerce industry, local competent authorities have already effected general review of current electronic signature rules by taking into account: how the current regulations have been working, international developmental trends, the latest development of relevant technology, and put forth recommendations on amendments of current codes after reviewing ongoing trends of legislation seen in Singapore, Hong Kong and the United Nations. Their amendments to their existent codes included, underway are our amending of scope of application of current codes so that a good match is possible with practical reality, such that the code is renamed to read as “Electronic Signature and Transaction Act”, the keynote being to enlarge scope of application of both electronic documents and electronic signatures, inclusion of regulations relevant to electronic trades and strengthening of currently existent authentication agencies in terms of their management capabilities, Also, to lay firm practice of electronic signature and transaction norms, amendments where necessary of relevant by-laws are being prosecuted at the same time, in this connection drafts in progress includes: “Amendments of The Enforcement Rules of Electronic Signature Act (Draft)”, “The Regulations for the Examination of Eligibility of Executive Agencies Exempt from the Application of Electronic Signature Act (Draft)”, “The Regulations on Certification Authority Agency (Draft)”, and “The Regulations of Guidance to Electronic Signatures and Transactions (Draft)”. So in short competent governmental agencies by now have begun to earnestly review current laws, drafting amendments thereto or considering legislation of new laws, whilst comprehensive planning addressed to future trends of our electronic transaction codes is also on the agenda. Without touching the prime framework of the Electronic Signatures Act that is currently in force, we are working on amendments of that code, for the reason that such is a way that incurs the least possible costs, so to say, all issues which electronic trades will or might face are titleogether included in the codification process, this serving to rule out overlapping of statutory provisions, what is made possible all at once is elucidation as to any amendment or draft incurred on the basis of current codes, backed with policy directive or de facto needs, and that effort conducive to collateral correlation with international reality. Issues as to which and what topics should be included in the scope of protocol for amendment of the Electronic Signature Act, including, for example, exemption eligibility and periodical review, as to those that would warrant enactment of dependent codes by competent authority authorized pursuant to said protocol, those which should be left to competent authorities in charge of other object enterprises to exercise their options as to erection of new laws or more preferably, amendment of current laws, ISP relevant provisions, for example, would have to be jointly deliberated and coordinated by and among experts representing respectively the government, the industry concerned, the academic circle, and the researching elites, that being a necessary requisite procedure to the setup of a milestone marking the structuring of an irreproachable electronic transaction mechanism here in this country. Up to the present day, trailing tight behind the development of electronic trade industry this country is equipped with substantially adequate codes, in the foreseeable future, current laws will still be reviewed with reference to the many unique features of the electronic trade industry to make amendments where justifiable, so as to make our codes more perfect. The orientation for future efforts can roughly be summed up in 7 points outlined below: 1. Guideline of Legal Mechanism to Resolve Electronic Transaction/Commerce Issues The legislation theme considering the electronicalized dominant reality today in our country is set on the keynote of the electronic signature codes,in so far as a legal action is committed by reason of electronic operation, to the extent that what is provided in currently enforced law is thus involved, then any jurisprudent discussion in that context will honor as principal the freedom to contract as provided in civil codes, and regard as exceptional legally required act, this being the premise, in the process of law enactments, principles that must be met include: Firstly, the market oriented principle, it seems that the leading position ought to be taken by private enterprises where the matter relates to development of e-commerce, that business need not be a constrained industry; Secondly, refraining from imposing any restraint on the e-commerce transaction, what a government must do is to participate an seldom as possible, and to refrain from meddling to the extent appropriate, it follows then that it should avoid imposing additional or unnecessary restriction upon commercial activities prosecuted via world wide web or electronic trades, considered as such are; troublesome procedures or formalities, tax duties additionally levied or additional fees; Thirdly, the sole reason for governmental intervention would be; to reinforce and back up a predictable, a most simple, easy, and contextually consistent environment in which to legally bind electronic commercial activities; Fourthly, understanding the unique features that characterize electronic commerce, effect earnest review and amendment where justified, of that part of current laws or ordinances susceptible of obstructing development of electronic trades, or titleernatively effect new order or scheme, regulation to adapt to possible development of electronic trades; Lastly, implementation of electronic trade activities are globally motivated, the establishment of a globally unified unique code to govern electronic trade activities to put aside traditional legal systems varying from one country to the next, will boost up confidence on the part of those engaged in electronic trade activities. 2. Legislation be concerned with International Paralleling As having been stated hereinabove, a guideline for legislation is: adequate regulation, leaving leverage, conducing to development. Since after having been put into practice for years, multiple problems emerged one by one, is almost a rule for many nations where legislation of electronic commerce/transaction or electronic signature codes was introduced, and that evidenced by the publication of the amended Electronic Transactions Ordinance, 2004, Hong Kong; open invitation to the public for suggestions, 2003 and 2005, Singapore, for reference for amendments; the UN Protocol drafted to deal with interrelated problems arising out of the processes of concluding of international electronically related contracts. A common keynote in the institutionalizing of electronic transaction codes among international communities is that in addition to the legal status invested upon electronic documents, electronic signatures, provisions are made to protect fair trade principle, fair competition, consumer’s proper interests, intellectual proprieties and privacy, paralleled with means and measures to encourage supervision, effective mediation and discourage criminal undertakings, while the governmental policy tends to assume a non-restrictive, market-oriented tune, to keep to the minimum any governmental intervention, and unwarranted constraints, the same is, just as it should be the guideline for the instituting of electronic transaction codes here in this country so as to keep abreast with international realities, and that conducive to making out the utmost of advantages possible out of electronic transaction activities on the worldwide stage. 3. Deliberation of the Electronicalized Dominance Legalization be in Parallel with Newly Emerged Applications and Development of Transaction Modes Due to the technology involved in striking a deal executed electronically, one piece of electronic trade on the point of conclusion is not as simple as traditional modes of transaction by virtue of the preclusion of both time and space restrictions, so to speak, application of electronic mode of transaction may very well result in situations beyond restriction through traditional legal constraints or theoretic reasoning. Such trade modes, by reason of its unique transaction feature, gave way to contention as to incompatibility with traditional statutory constraints, this is briefly a common dilemma facing all the nations around the world, and they all betake themselves in the working for whatever is possible to regulate and control electronic transactions through legislative means and innovations. Not to mention the complexity of legal intervention in case of transnational transactions prosecuted electronically, again, by reason of the unique feature characterizing electronic transaction, so a basic tune for the working toward the formulation of electronic trade legislation is the buildup of consensus so as to being domestic effort in alignment with international reality. 4. Studies on the Topics of Digitalized Merchandise Any trade of digitalized goods, without regard to whether such is taken as a commodity pursuant to civil codes, would hardly quality for being categorized as sort of authorization or anonymous contract, they would more appropriately be ascribed as like purchase vs. sale and be detitle with accordingly. Given that on-line delivery or downloading, albeit differing from the transfer delivery that is specified in civil codes, still, want of material delivery would not necessarily mean want of legally deemed transfer or delivery. That intangible network transmission would grant the purchaser de facto control of the object in question, then ascertaining of the point of time of transfer of risk, may very well be prosecuted in accordance with provisions in the civil code. As regards assumption of responsibility for flaw, trade of commercial software against on-line payment may reasonably be regarded as categorized debt against which buyer is entitled to delivery of flawless commodity; as to reinstatement of obligations upon dissolution of contract, the point lies not with returning of the object as received, but with returning of the right to use the software concerned, In the event of virus being entrained with the purchase which is an object in question, damage incurred to the buyer is usually in the form of damaged hardware or falsification, deletion of files, that of loss of inherent interests, as to such forms of damage or loss buyer may exercise multiple means of indemnifications, still, the legal status of filed date and principle to quantify such loss in view of indemnification will have to be defined commensurate with evolution of both theory and practice. Overall, as far as transactions of software against on-line payment are concerned, civil law as is still adequate without much ado. As to the question whether digitalized commodities qualify for postal trades where Consumer Protection Law applies, to balance the proper interests claimable to both consumers and the entrepreneur, and to rule out consumer's abuse of rights where ethics is at risk, it is fit and proper to restrict or rule out the transaction of certain commodities under specified categories, For one thing, considering the risks of digital date or digitalized commodities containing digitalized information, in respect of which copying or reproduction is as easy an pie, as to which it is not easy to ascertain whether the consumer has indeed returned the utility right, there is reason to doubt the suitability of granting unilaterally the consumer the right of rejection. Still, in so far as the digitalized commodity remains unopened, or that it is supplied with copying or reproduction procedures, product initiation means, then the risk of copying or reproduction is ruled out and in this instance Consumer Protection Law should apply notwithstanding. 5. Topics Relating to Consumer Protection and Privacy Protection The latest amendment to Consumer Protection Law with respect to electronic trades by including postal purchase on the Internet under Article 2 Section 10, and by the addition of Article 19-1 to allow for the application of the Hesitation Period respecting postal purchase trades, means more comprehensive protection for on-line consumers all right, still, due to the riddling complexity of the operation of electronic commerce at least a portion of the contents of transaction hardly fit the latest provisions in Consumer Protection Law, such that conflict seems to have emerged between protection for the consumers and reasonable risks borne by the entrepreneur. It is therefore suggested that the competent authorities consult the “Distance Marketing of Consumer Financial Services Directive (Directive 97/7/EC)” issued by the European Union with regard to the exclusion of contractual obligations, and conduct a comprehensive review of contents possible for inclusion in a piece of electronic transaction so as to delete commodities or services inappropriate for stipulation under Article 19 and article 19-1 by amendments to existent legislation, both administration and legislature ought to reinforce efforts in relevant protection mechanism to meet the challenging the Internet Age of our times paralleled with efforts to go in line with ongoing trends for consumer's protection on the international scenario. Next, responding to the point of key interest to consumers regarding protection of personal date entangled in B2C electronic transactions, the Ministry of Justice has publicized the protocol of amendments to Personal Date Act, whereby the scope of coverage extend to overall latitudes without discrimination, incorporating the obligation to serve notice respecting the collection and use of data, restriction on the collection of children's data and of sensitive data, group litigation, and increase of indemnity amounts. Upon legislative ratification of amendments to Personal Data Protection Act in the future, operators of electronic trades will have to face certain restrictions collecting data on websites in addition to being charged with duty of notice, so that without securing consent from the person whose data is being solicited for collection, the operator may not engage in inappropriate use, let alone selling of personal data in question, it is anticipated that our existent on-line marketing mode would hence go through substantial change. To prevent operators of electronic transactions in this country from frustrations adapting to the forthcoming statutory amendments, it is suggested that the competent authorities upon legislation of said amendments prepare models of policy for protection of personal privacy confronting operation of electronic transactions. 6. Topics Relating to Cash Flow titlehough respecting electronic transactions, safe payment scheme has already been established for the market; further to that, the Banking Bureau of the Financial Supervisory Commission, Executive Yuan, has published aimed at web banking operations “Pattern Contracts for Personal Computerized Banking Services and Web Banking Service” and stipulated “Criterion for Banking Institution's Operation and Safety Control of Electronic Banking Services”, to ascertain safeguarding of web payments; as regards petty payments amendment has been made to Banking Law by the introduction of Article 42-1, whereby cash buildup cards derive their legality basis, along with Procedures governing Bank's issue of cash buildup cards implemented such that such cards are available for on-line transactions, these are much in the promotion phase, yet distant to universal application. In practice, it is common and popular for credit cards to be used in on-line transactions, still, such form of payment could strike a potential risk for the card owners, to effectively protect card owners' safety at consumption and proper interests, it is suggested that the competent authorities promptly institute “Pattern Contract Terms Respecting Web Transactions Using Credit Cards” to meet inadequacies of stipulation on credit card operation over on-line transactions. Concurrent with the increased frequency of cash flow via the internet, there may develop more of payment tools in the foreseeable future, and more funds may come and go via the Net, however, the existent legislation respecting electronic transfer of funds currently is far from adequate, it is appealed that the competent authorities institute relevant legislation in time to help build a sound and wholesome environment for out net financial industry as well. 7. Tax Related Topics Internationally there has not reached, to this day, unified consensus respecting complicated net taxing policy, since that taxation with respect to on-line transactions is not as simplistic as would suffice the notion that “as long as there is income, there is duty”, it involves by and large concerns such as development of the Internet industry, fairness of taxation and even national competition, so in so far as net taxation is concerned, the concern should extend to deliberation of complementally measures apart from just reviewing if existent taxation laws are adequate for exploitation and in the negative case, if ad hoc stipulation is required

Product Liability of Living Lab Products

I. Forward Only about 18% of the products or services continue to create good sales and have long product life cycles after entering the stream of commerce. This might denote that mass investing in the R&D does not necessary guarantee to develop popular goods and services. In order to overcome this obstacle, many experts and scholars from different research areas propose different R&D mechanisms to solve this problem. The so called “open innovation” is one of the most dynamic R&D mechanisms in recent years, which is created to compensate the weakness of “closed innovation”. By introducing the concept of “open innovation”, Living Lab invites real users join the projects of un-launched products and services for every possible R&D process to obtain the real interaction wherefrom, to fulfill the goal of “user centric” innovation. However, if users or any third party is injured or damaged from the trial products or services, to what extent Living Labs is liable for is one important question to further future innovation environment. This article will first gives a brief introduction and the development of living labs in Taiwan, follow by applying national laws and analysising obstacles to the liability issue caused by defective Living Lab products. Then, the article will continue to refer to foreign legislation and Living Lab practice, and conclude by suggestions and recommendations to the Living Labs practice in Taiwan. II. Brief Introduction of Living Labs A. Composition of Living Labs The concept of Living Labs was developed by Professor William J. Mitchell from the MIT Media Lab and School of Architecture. Professor Mitchell proposed applying the user-centric research method by using Living Lab as a R&D platform and bring together stockholders (co-creators), including public sectors, companies, universities and research fellows, and the most important, the end-users communities, both professional or non-professionals from various backgrounds, to join the R&D process. B. Operation Mode of Living Labs Living Lab invites end users to join the real world testing either in a digital, physical or virtual environment. Un-launched products or services are provided for testing and users are required to give feedbacks either experience, opinions, suggestions or even ideas to the products or services in return. Living Lab then collets and utilizes the feedbacks and observe the behavior patterns for product or service modification and improvement, future R&D plans and market analysis. C. Benefits of Living Labs Lirving Lab could effectively converse different backgrounds and levels of empirical environment, enhance the efficiency in R&D and bring about different benefits to the stakeholders. By participating in the R&D process, users could give feedbacks to Living Labs to further up the un-launched products and services (on the marketplace) to fit consumers’ needs. For industry, Living Lab provides platforms to get together stakeholders, speed up the integration of stakeholders of different size or from different fields and promote the R&D efficiency. For universities and research institutes, the public-private-people (user)-partnership (PPPP), could further more flexible services or R&D ecosystem and not only to have user-centric innovation, but also user-driven innovation.1 D. Development of Living Labs Living Labs has been energetically developed in Europe. Through the integration of project resources, individual Living Lab forms into Living Labs networks and actively engaging in cross-border or cross-project co-operation. 2 The concept of Living Labs has been introduced into Taiwan, there are several Living Labs in Taiwan so far, for example, Living Labs Taiwan from Institute for Information Industry (III), 3Touch Center (Center for Technology of Ubiquitous Computing and Humanity) from National Cheng Kung University, 4 Insight (Center of Innovation and Synergy for Intelligent Home and Living Technology) from National Taiwan University, 5 and Eco City from National Chiao Tung University. 6 The Living Labs aim to bring about the user-centric and user-driven model and bring new elements to R&D innovation. III. Liability of Losses, Damages, or Injuries Caused by Living Lab Products In order to encourage more end users join the Living Labs experiment, Living Labs usually provide the un-launched products or services as gifts or lend it for free. However, if products or services caused injury, economic loss or property damages to the users or third party during the experiment, to what extent should the Living Lab be liable for. A. Legal Status Upon on discussing of legal liability of Living Labs, the first prong to review is the legal status of Living Labs under the legal system in Taiwan. Although it is called “Lab”, but it is not necessarily to be a lab with “physical facility”, it could also be “virtual Labs”, for example, HP and Firebox are both launch for virtual Living Labs online to invite users join their open innovation projects. The concept of open innovation within the Living Labs environment, where Living Labs play as a role of a cook pot which gather personnel, equipment, and technology from parties from different working fields, integrate resources and creativeness to catalyze innovative ideas for new products and services. Normally, each Living Lab can be viewed as an independent "legal entity". In other words, it can exercise rights ad bear responsibility/liabilities under the law, and therefore, to response to needs for R&D, increase efficiency and contribute matters of legal compliance. B. User’s Legal Claims Against Living Labs 1. Contractual Liability Living Labs often use “user agreements” as legal documents to regulate the legal relationship between Living Labs and users. If there is any injury, damages or losses occurred during the experiment, users can sue Living Labs for breach of contract and sue for liability, warranty or violation of justice of contract. If the product is defective, such as manufacture defect, design defect or lack of proper warning, the injured user can sue Living Labs based on warranty. However under the provisions of Article 411 of the Civil Code, 7 if the product is offered for trial free for charge, if the gift is defective and caused injury, damages or losses to the users, Living Lab is not liable for breach of warranty. Unless the Living Lab intentionally conceal the defects and not information the user, or represent to the user that the product is guaranteed flawlessness and free from defects. Under this situation, Living Lab will be liable for damages caused by the defect. In the situation that when Living Lab only lend the products for trial, with the provisions of Article 466 of the Civil Code, 8 only when Living Lab intentionally conceal the defect, then is liable for the injuries and damages resulting there from. However, the purpose of the Living Labs experiment is to implement the open innovation, through the operation of the mechanism, by inviting potential users to join the experiment and require them to give feedbacks, ideas and recommendations for future product improvement. In addition to that, in most of the situations, it is difficult for Living Labs to foresee the existence of potential risks of their products or intentionally conceal the defects or guarantee the products are without defects; therefore it will be even harder for the injured users to bear the burden to proof the above situations. It is worth to address that, Living Labs and users shall enjoy contract autonomy as long as the provisions and terms of contract are not violating laws, public order and good morals, but not without any restriction. When parties have right of freedom of contract, at the mean time, their contract shall not exceed the boundaries of contractual justice. Especially, the burden and allocation of risks needs to be measured and assessed by the status and interests of the parties on rational bases. Because one of the special characteristics of Living Lab is open to general users to participate the experiment voluntarily, Living Lab usually adapts fill-in standard form contracts for convenience. But for the protection of the users, Living Lab shall pay more attention to the provisions and terms of contract which must not violate Article 247-1 of the Civil Code, 9 for example, provisions of contract shall not waive, decrease or increase liabilities of the parties, waive or limit any party to exercise his/her rights, or significant detriment one another’s’ interests, otherwise that part of the provision shall be void. 2. Tortious Liability When damages are caused by defective Living Lab products, users may be able to sue Living Labs and based his/her causes of action on Consumer Protection Law Article 7 business operator’s liability, 10 The Civil Code Article 191-1 manufacturer’s liability 11 and as well as The Civil Code Article 184 (1) tortious liability. 12 Yet, in order to provide motivations and incentives for users to join the open innovation, Living Labs usually gratuitous lending or gifting products or services to the users, at least in this stage, Living Labs are not conform with the definition of “business operators” 13 in the Consumer Protection Law, in designing, producing, manufacturing, importing or distributing goods, or providing services design, manufacturing, inputs, distribution of goods or the provision of services for business enterprise operators. Nor the Living Labs users are under the same definition of “consumer” 14 protected under the definition of the Consumer Protection Law, as those who enter into transactions, use goods or accept services for the purpose of consumption. Therefore, the relationship between Living Labs and the users are not “consumer relationship” 15 for sale of goods or provision of services, for which the Consumer Protection Law might not be applicable to offer protection to the users. Reviewing from the legislative history, Article 191-1 of the Civil Code was amended after the Consumer Protection Law. The reason for amendment was to maintain the completeness of the torts liability in the Civil Code and in supplement to the inadequacy of the Consumer Protection Law. 16 In referred from the above, the definition of “goods” is synonymous with the definition in the Consumer Protection Law. In order to apply the provisions, parties must be in the “consumer relationship” as regulated in Article 2 (3) of the Consumer Protection Law. As mentioned above, usually, Living Labs provide the products free of use or as gifts, it is really difficult to say there is “consumer relationship” between the parties. The first clause of Article 184 of the Civil Code states, “A person who, intentionally or negligently, has wrongfully damaged the rights of another is bound to compensate him for any injury arising there from. The same rule shall be applied when the injury is done intentionally in a manner against the rules of morals.” Hence, in this situation the burden of proof will lay on the users to prove that Living Labs is either with negligent or intent to damage the users by the defective products. Living Labs adapt open innovation to encourage users to participate into the every possible R&D process and obtain feedbacks or recommendations in return. Therefore, most of the time, Living Labs do not have “intent” to cause damages to the users, but whether Living Labs are with “negligence” will often be difficult to prove by the users. C. Third Party’s Legal Claim Against Living Labs 1. Contractual Liability In the case when a third party, who is not associated with the Living Labs experiment, sustains injury or damage from the defective Living Labs products, he or she might not be able to sue under the terms of contract because there is no contractual relationship exists between the parties. The possible cause of action for the third party might be able to sue Living Labs based on torts liability for damages. 2. Tortious Liability Although Article 7 of the Consumer Protection Law does provide cause of action for the third party to sue against the business operator for defective products, the third party must base his or her claim on the “consumer relationship” between the Living Labs or users. However, as mention as above, the relationship between Living Labs and the users are not under the “consumer relationship” as prescribed in the Consumer Protection Law, thus third party cannot sue Living Labs for damages in accordance with the Consumer Protection Law. As to the application process of provisions prescribed in Article 191-1 and 184 (1) of the Civil Code, the result is as the same as above. IV. Foreign Legislation and Practice A. American Jurisprudence 2d In the Comment of the 63A Am. Jur. 2d Products Liability §1142 states, “[s]trict liability covers not only products which have been sold, but also products that have been designed to be sold, have been produced to be sold, or are offered to be sold or marketed”. Furthermore, introduction into the stream of commerce does not require a transfer of possession; strict liability rests on “foreseeability”, and not on esoteric concepts relating to transfer or delivery of possession. Furthermore, the Comment extends the scope of application of strict liability to the “Transaction Other than Sales”. Strict liability also applies to the distribution products in a commercial transaction other than a sale, one provides the product to another either for use or consumption or as a preliminary step leading to ultimate use or consumption. For products made available for demonstration, testing or trial regulated in 63A Am. Jur. 2d Products Liability §1147, where a product-caused injury has taken place while the product is being tested or used for trial purposes by the prospective buyer, prior to the completion of a sales transaction, the person or entity who placed the product into the stream of commerce by providing it to the prospective buyer may be strictly liable. Strict liability also applies to those who manufacture and supply products to consumers on an investigational basis, even though the "supplying" does not technically amount to a sale. In the Observation of §1147 states that “[a] manufacturer who enters the marketing cycle by way of a demonstration, lease, free sample, or sale is in the best position to know and correct defects in its product, and as between the manufacturer and its prospective consumers, should bear the risk of injury to those prospective consumers when any such defects enter the market uncorrected. In sum, if one sustained injury, damages or economic losses by Living Labs products, he or she may sue Living Labs for product strict liability prescribes in §1142 & §1147. B. Living Labs Practice in Foreign Countries Referring to provisions of “Standard Contract” used between Living Labs and the users in other countries, most of the time, Living Labs might disclaim damages to property, but cannot disclaim legal protection or injury compensation. At the mean time, most of the Living Labs also adapt public safety insurance and product liability insurance to protect themselves and the users. V. Conclusion and Recommendation In conclude, the legal norms in Taiwan seems not be able to offer proper protection to Living Labs and the users. This article suggests that in order to form the ecosystem for the open innovation model of Living Labs, Living Labs shall provide proper protection to the users in order to balance the interests between Living Labs and users and catalyze the motive for the users to join the experiment. In referring to the “Guidelines for Good Clinical Practice for Trials on Pharmaceutical Products” 17 from the Department of Health, besides the proper duty, the main purpose of the guideline is to ensure the safety of the human participants. In the provisions prescribe in Article 22 of the “Good Clinical Guidelines”, the clinical trial agreement or related document shall provide participants with proper compensation or treatment when damage occurs. The “Model Clinical Trail Agreement” also provides provisions of damage compensation and insurance in the template which state the application to the assumption of risks and consumer protection. However, because the pharmaceutical clinical trial is with higher risk, the competent authorities, Department of Health, particularly get involved within the regulations and mechanisms of clinical trials to protect the human participants. In sum, whether the similar mechanism can be applied directly between the Living Labs and users needs for further consideration. Finally, for the continuous operating environment, it is necessary for Living Labs to adapt related laws and measures for the open innovation operating model. It is suggested that Living Labs shall enter contracts in the terms with proper risk allocation in accordance to contract justice and possibly with public safety or product insurance to share their liabilities. 1.EUROPEAN COMMISSION INFORMATION SOCIETY AND MEDIA, Living Labs for User-Driven Open Innovation:An Overview of the Living Labs Methodology, Activities and Achievements, European Commission(2009),at7,availableat http://ec.europa.eu/information_society/activities/livinglabs/docs/brochure_jan09_en.pdf (last accessed on Dec. 31, 2012). 2. Id., at 11-12 & 14. 3.Living Lab Taiwan, http://www.livinglabs.com.tw/index.html (Last accessed Dec. 26, 2012). 4. Touch Center from National Cheng Kung University, http://touch.ncku.edu.tw/touch/?q=node/52 (Last accessed Dec. 26, 2012). 5.Insight from National Taiwan University, http://insight.ntu.edu.tw/zh-tw/node/662 (Last accessed Dec. 26, 2012). 6.Eco City from National Chiao Tung University, http://www.ecocity.org.tw (Last accessed Dec. 26, 2012). 7.Civil Code Article 411, “The donor is not liable for a defect in the thing or right given. But, if he has intentionally concealed the defect or expressly guaranteed that the thing was free from such defect, he is bound to compensate the donee for any injury arising therefrom.” 8.Civil Code Article 466, “If the lender intentionally conceals a defect in the thing lent, he is responsible to the borrower for any injury resulting therefrom.” 9.Civil Code Article 247-1, “If a contract has been constituted according to the provisions which were prepared by one of the parties for contracts of the same kind, the agreements which include the following agreements and are obviously unfair under that circumstance are void. (1) To release or to reduce the responsibility of the party who prepared the entries of the contract. (2) To increase the responsibility of the other party. (3) To make the other party waive his right or to restrict the exercise of his right. (4) Other matters gravely disadvantageous to the other party. 10.Consumer Protection Law Article 7, “ business operators engaging in the design, production or manufacture of goods or in the provisions of services shall ensure that goods and services provided by them meet and comply with the contemporary technical and professional standards of the reasonably expected safety prior to the sold goods launched into the market, or at the time of rendering services. Where goods or services may endanger the lives, bodies, health or properties of consumers, a warning and the methods for emergency handling of such danger shall be labeled at a conspicuous place. Business operators violating the two foregoing two paragraphs and thus causing injury to consumers or third parties shall be jointly and severally liable therefore, provided that if business operators can prove that they are not guilty of negligence, the court may reduce their liability for damages.” 11.Civil Code Article 191-1, “The manufacturer is liable for the injury to another arising from the common use or consumption of his merchandise, unless there is no defectiveness in the production, manufacture, process, or design of the merchandise, or the injury is not caused by the defectiveness, or the manufacturer has exercised reasonable care to prevent the injury. The manufacturer mentioned in the preceding paragraph is the person who produces, manufactures, or processes the merchandise. Those, who attach the merchandise with the service mark, or other characters, signs to the extent enough to show it was produced, manufactured, or processed by them, shall be deemed to be the manufacturer. If the production, manufacture, process, or design of the merchandise is inconsistent with the contents of its manual or advertisement, it is deemed to be defective. The importer shall be as liable for the injury as the manufacturer.” 12.Civil Code Article 184 (1), “A person who, intentionally or negligently, has wrongfully damaged the rights of another is bound to compensate him for any injury arising there from. The same rule shall be applied when the injury is done intentionally in a manner against the rules of morals.” Consumer Protection Law Article 2 (2), “business operators" means those who are engaged in the business of designing, producing, manufacturing, importing or distributing goods, or providing services. Consumer Protection Law Article 2 (1), “consumers" means those who enter into transactions, use goods or accept services for the purpose of consumption. Consumer Protection Law Article 2 (3), “consumer relationship” means the legal relationship arising between consumers and business operators for sale of goods or provision of services. 16.王澤鑑,侵權行為法第二冊:特殊侵權行為,第313-314頁 (出版日期2006年7月) 17.DEPARTMENT OF HEALTH, Guidelines for Good Clinical Practice for Trials on Pharmaceutical Products, http://www.6law.idv.tw/6law/law3/%E8%97%A5%E5%93%81%E5%84%AA%E8%89%AF%E8%87%A8%E5%BA%8A%E8%A9%A6%E9%A9%97%E6%BA%96%E5%89%87.htm (last visited Dec. 31, 2012)

TOP