New Version of Personal Information Protection Act and Personal Information Protection & Administration System

The recent important regulation for supporting the biopharmaceutical industry in Taiwan has been the 「Statute for Upgrading Industries」 (hereinafter referred to as 「the Statute」).The main purpose of the Statue is for upgrading all industry for future economic development, so it applies to various industries, ranging from agriculture, industrial and service businesses. In other words, the Statute does not offer incentive measures to biopharmaceutical industry in particular, but focuses on promoting the industry development in general. Statute for Upgrading Industry and Related Regulations Generally speaking, the Statute has a widespread influence on industry development in Taiwan. The incentive measures provided in the Statute is complicated and covered other related regulations under its legal framework. Thus, the article will be taking a multi-facet perspective in discussing the how Statute relates to the biopharmaceutical industry. 1 、 Scope of Application According to Article 1 of the Statute, the term 「industries」 refers to agricultural, industrial and service businesses. Consequently, nearly all kinds of industries fall under this definition, and the Statute is applicable to all of them. Moreover, in order to promote the development and application of emerging technology as well as cultivating the recognized industry, the Statute provides much more favorable terms to these industries. These emerging and major strategic industries includes computer, communication and consumer electronics (3C), precise mechanics and automation, aerospace, biomedical and chemical production, green technology, material science, nanotechnology, security and other product or service recognized by the Executive Yuan. 2 、 Tax Benefits The Statute offers several types of tax benefits, so the industry could receive sufficient reward in every way it could, and promote a sound cycle in creating new values through these benefits. (1) Benefits for the purchase of automation equipment The said procured equipment and technology over NTD600, 000 may credit a certain percentage of the investment against the amount of profit-seeking enterprise income tax payable for the then current year. For the purchase of production technology, 5% may be credited. For the purchase of equipment, 7% may be credited. And any investment plan that includes the purchasing of equipment for automation can qualify for a low-interest preferential loan. Besides, for science-based industrial company imported overseas equipment that is not manufacture by local manufactures, from January 1, 2002, the imported equipment shall be exempted from import and business tax. And if the company is a bonded factory, the raw materials to be imported from abroad by it shall also be exempt from import duties and business tax. (2) Benefits for R&D expenditure Expenditure concurred for developing new products, improving production technology, or improving label-providing technology may credit 30%of the investment against the amount of profit-seeking enterprise income tax payable for the then current year. Research expenditures of the current year exceeding the average research expenditure for the past two years, the excess in research expenditure shall be 50% deductible. Instruments and equipments purchased by for exclusive R&D purpose, experimentation, or quality inspection may be accelerated to two years. At last, Biotech and New Pharmaceuticals Company engages in R&D activities, such as Contract research Organization (CRO), may credit 30% of the investment against the amount of profit-seeking enterprise income tax payable. (3) Personnel Training When a company trained staff and registered for business-related course, may credit 30% of the training cost against the amount of profit-seeking enterprise income tax payable for the then current year. Where training expenses for the current year exceeds the two-year average, 50% of the excess portion may be credited. (4) Benefit for Newly Emerging Strategic Industries Corporate shareholders invest in newly emerging strategic industries are entitled to select one of the following tax benefits: A profit seeking enterprise may credit up to 20% of the price paid for acquisition of such stock against the profit seeking enterprise income tax. An individual may credit up to 10%. As of January and once every year, there will be a 1% reduction of the price paid for acquisition of such stock against the consolidated income tax payable in the then current year. A company, within two years from the beginning date for payment of the stock price by its shareholders, selects, with the approval of its shareholder meeting, the application of an exemption from profit-seeking enterprise income tax and waives the shareholders investment credit against payable income tax as mentioned above. However, that once the selection is made, no changes shall be allowed. (5) Benefits for Investment in Equipment or Technology Used for Pollution Control To prevent our environment from further pollution, the Government offers tax benefits to reward companies in making improvements. Investment in equipment or technology used for pollution control may credit 7% of the equipment expenditure, and 5% of the expenditure on technology against the amount of profit-seeking enterprise income tax payable for the then current year. For any equipment that has been verified in use and specialized in air pollution control, noise pollution control, vibration control, water pollution control, environmental surveillance and waste disposal, shall be exempt from import duties and business tax. And for investment plans that planned implementation of energy saving systems can apply for a low interest loan. (6) Incentive for Operation Headquarter To encourage companies to utilize worldwide resources and set up international operation network, if they established operation headquarters within the territory of the Republic of China reaching a specific size and bringing about significant economic benefit, their following incomes shall be exempted from profit-seeking enterprise income tax: The income derived from provision of management services or R&D services. The royalty payment received under its investments to its affiliates abroad. The investment return and asset disposal received under its investment to its affiliates abroad. (7) Exchange of Technology for Stock Option The emerging-industrycompany recognized by government, upon adoption of a resolution by a majority voting of the directors present at a meeting of its board of directors attended by two-thirds of the directors of the company, may issue stock options to corporation or individual in exchange for authorization or transfer of patent and technologies. (8) Deferral of Taxes on the Exchange of Technology for Shares Taxes on income earned by investors from the acquisition of shares in emerging-industry companies in exchange for technology will be deferred for five years, on condition that the shares exchanged for technology amount to more than 20% of the company's total stock equity and that the number of persons who obtain shares in exchange for technology does not exceed five. 3 、 Technical Assistance and Capital Investment The rapid industry development has been closely tied to the infusion of funds. In addition to tax benefits, the Statute incorporates regulations especially for technical assistance and capital investment as below: (1) In order to introduce or transfer advanced technologies, technical organization formed with the contribution of government shall provide appropriate technical assistance as required. (2) In order to advance technologies, enhance R&D activities and further upgrade industries, the relevant central government authorities in charge of end enterprises may promote the implementation of industrial and technological projects by providing subsidies to such R&D projects. (3) In order to assist the start-up of domestic small-medium technological enterprises and the overall upgrading of the entire industries, guidance and assistance shall be provided for the development of venture capital enterprises.

The opening and sharing of scientific data- The Data Policy of the U.S. National Institutes of Health Li-Ting Tsai 　　Scientific research improves the well-being of all mankind, the data sharing on medical and health promote the overall amount of energy in research field. For promoting the access of scientific data and research findings which was supported by the government, the U.S. government affirmed in principle that the development of science was related to the retention and accesses of data. The disclosure of information should comply with legal restrictions, and the limitation by time as well. For government-sponsored research, the data produced was based on the principle of free access, and government policies should also consider the actual situation of international cooperation[1]Furthermore, the access of scientific research data would help to promote scientific development, therefore while formulating a sharing policy, the government should also consider the situation of international cooperation, and discuss the strategy of data disclosure based on the principle of free access. 　　In order to increase the effectiveness of scientific data, the U.S. National Institutes of Health (NIH) set up the Office of Science Policy (OSP) to formulate a policy which included a wide range of issues, such as biosafety (biosecurity), genetic testing, genomic data sharing, human subjects protections, the organization and management of the NIH, and the outputs and value of NIH-funded research. Through extensive analysis and reports, proposed emerging policy recommendations.[2] At the level of scientific data sharing, NIH focused on "genes and health" and "scientific data management". The progress of biomedical research depended on the access of scientific data; sharing scientific data was helpful to verify research results. Researchers integrated data to strengthen analysis, promoted the reuse of difficult-generated data, and accelerated research progress.[3] NIH promoted the use of scientific data through data management to verify and share research results. 　　For assisting data sharing, NIH had issued a data management and sharing policy (DMS Policy), which aimed to promote the sharing of scientific data funded or conducted by NIH.[4] DMS Policy defines “scientific data.” as “The recorded factual material commonly accepted in the scientific community as of sufficient quality to validate and replicate research findings, regardless of whether the data are used to support scholarly publications. Scientific data do not include laboratory notebooks, preliminary analyses, completed case report forms, drafts of scientific papers, plans for future research, peer reviews, communications with colleagues, or physical objects, such as laboratory specimens.”[5] In other words, for determining scientific data, it is not only based on whether the data can support academic publications, but also based on whether the scientific data is a record of facts and whether the research results can be repeatedly verified. 　　In addition, NIH, NIH research institutes, centers, and offices have had expected sharing of data, such as: scientific data sharing, related standards, database selection, time limitation, applicable and presented in the plan; if not applicable, the researcher should propose the data sharing and management methods in the plan. NIH also recommended that the management and sharing of data should implement the FAIR (Findable, Accessible, Interoperable and Reusable) principles. The types of data to be shared should first in general descriptions and estimates, the second was to list meta-data and other documents that would help to explain scientific data. NIH encouraged the sharing of scientific data as soon as possible, no later than the publication or implementation period.[6] It was said that even each research project was not suitable for the existing sharing strategy, when planning a proposal, the research team should still develop a suitable method for sharing and management, and follow the FAIR principles. 　　The scientific research data which was provided by the research team would be stored in a database which was designated by the policy or funder. NIH proposed a list of recommended databases lists[7], and described the characteristics of ideal storage databases as “have unique and persistent identifiers, a long-term and sustainable data management plan, set up metadata, organizing data and quality assurance, free and easy access, broad and measured reuse, clear use guidance, security and integrity, confidentiality, common format, provenance and data retention policy”[8]. That is to say, the design of the database should be easy to search scientific data, and should maintain the security, integrity and confidentiality and so on of the data while accessing them. 　　In the practical application of NIH shared data, in order to share genetic research data, NIH proposed a Genomic Data Sharing (GDS) Policy in 2014, including NIH funding guidelines and contracts; NIH’s GDS policy applied to all NIHs Funded research, the generated large-scale human or non-human genetic data would be used in subsequent research. [9] This can effectively promote genetic research forward. 　　The GDS policy obliged researchers to provide genomic data; researchers who access genomic data should also abide by the terms that they used the Controlled-Access Data for research.[10] After NIH approved, researchers could use the NIH Controlled-Access Data for secondary research.[11] Reviewed by NIH Data Access Committee, while researchers accessed data must follow the terms which was using Controlled-Access Data for research reason.[12] The Genomic Summary Results (GSR) was belong to NIH policy,[13] and according to the purpose of GDS policy, GSR was defined as summary statistics which was provided by researchers, and non-sensitive data was included to the database that was designated by NIH.[14] Namely. NIH used the application and approval of control access data to strike a balance between the data of limitation access and scientific development. 　　For responding the COVID-19 and accelerating the development of treatments and vaccines, NIH's data sharing and management policy alleviated the global scientific community’s need for opening and sharing scientific data. This policy established data sharing as a basic component in the research process.[15] In conclusion, internalizing data sharing in the research process will help to update the research process globally and face the scientific challenges of all mankind together. [1]NATIONAL SCIENCE AND TECHNOLOGY COUNCIL, COMMITTEE ON SCIENCE, SUBCOMMITEE ON INTERNATIONAL ISSUES, INTERAGENCY WORKING GROUP ON OPEN DATA SHARING POLICY, Principles For Promoting Access To Federal Government-Supported Scientific Data And Research Findings Through International Scientific Cooperation (2016), 1, organized from Principles, at 5-8, https://obamawhitehouse.archives.gov/sites/default/files/microsites/ostp/NSTC/iwgodsp_principles_0.pdf (last visited December 14, 2020). [2]About Us, Welcome to NIH Office of Science Policy, NIH National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/about-us/ (last visited December 7, 2020). [3]NIH Data Management and Sharing Activities Related to Public Access and Open Science, NIH National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/scientific-sharing/nih-data-management-and-sharing-activities-related-to-public-access-and-open-science/ (last visited December 10, 2020). [4]Final NIH Policy for Data Management and Sharing, NIH National Institutes of Health Office of Extramural Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-013.html (last visited December 11, 2020). [5]Final NIH Policy for Data Management and Sharing, NIH National Institutes of Health Office of Extramural Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-013.html (last visited December 12, 2020). [6]Supplemental Information to the NIH Policy for Data Management and Sharing: Elements of an NIH Data Management and Sharing Plan, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-014.html (last visited December 13, 2020). [7]The list of databases in details please see：Open Domain-Specific Data Sharing Repositories, NIH National Library of Medicine, https://www.nlm.nih.gov/NIHbmic/domain_specific_repositories.html (last visited December 24, 2020). [8]Supplemental Information to the NIH Policy for Data Management and Sharing: Selecting a Repository for Data Resulting from NIH-Supported Research, Office of The Director, National Institutes of Health (OD), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-21-016.html (last visited December 13, 2020). [9]NIH Genomic Data Sharing, National Institutes of Health Office of Science Policy, https://osp.od.nih.gov/scientific-sharing/genomic-data-sharing/ (last visited December 15, 2020). [10]NIH Genomic Data Sharing Policy, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-14-124.html (last visited December 17, 2020). [11]NIH Genomic Data Sharing Policy, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-14-124.html (last visited December 17, 2020). [12]id. [13]NIH National Institutes of Health Turning Discovery into Health, Responsible Use of Human Genomic Data An Informational Resource, 1, at 6, https://osp.od.nih.gov/wp-content/uploads/Responsible_Use_of_Human_Genomic_Data_Informational_Resource.pdf (last visited December 17, 2020). [14]Update to NIH Management of Genomic Summary Results Access, National Institutes of Health (NIH), https://grants.nih.gov/grants/guide/notice-files/NOT-OD-19-023.html (last visited December 17, 2020). [15]Francis S. Collins, Statement on Final NIH Policy for Data Management and Sharing, National Institutes of Health Turning Discovery Into Health, https://www.nih.gov/about-nih/who-we-are/nih-director/statements/statement-final-nih-policy-data-management-sharing (last visited December 14, 2020).

Impact of Government Organizational Reform to Research Legal System and Response Thereto (2) – Observation of the Swiss Research Innovation System I. Foreword 　　Switzerland is a landlocked country situated in Central Europe, spanning an area of 41,000 km2, where the Alps occupy 60% of the territory, while it owns little cultivated land and poor natural resources. In 2011, its population was about 7,950,000 persons[1]. Since the Swiss Federal was founded, it has been adhering to a diplomatic policy claiming neutrality and peace, and therefore, it is one of the safest and most stable countries in the world. Switzerland is famous for its high-quality education and high-level technological development and is very competitive in biomedicine, chemical engineering, electronics and metal industries in the international market. As a small country with poor resources, the Swiss have learnt to drive their economic and social development through education, R&D and innovation a very long time ago. Some renowned enterprises, including Nestle, Novartis and Roche, are all based in Switzerland. Meanwhile, a lot of creative small-sized and medium-sized enterprises based in Switzerland are dedicated to supporting the export-orientation economy in Switzerland. 　　Switzerland has the strongest economic strength and plentiful innovation energy. Its patent applications, publication of essay, frequencies of quotation and private enterprises’ innovation performance are remarkable all over the world. According to the Global Competitiveness Report released by the World Economic Forum (WEF), Switzerland has ranked first among the most competitive countries in the world for four years consecutively since 2009[2]. Meanwhile, according to the Global Innovation Index (GII) released by INSEAD and the World Intellectual Property Organization (WIPO) jointly, Switzerland has also ranked first in 2011 and 2012 consecutively[3]. Obviously, Switzerland has led the other countries in the world in innovation development and economic strength. Therefore, when studying the R&D incentives and boosting the industrial innovation, we might benefit from the experience of Switzerland to help boost the relevant mechanism in Taiwan. 　　Taiwan’s government organization reform has been launched officially and boosted step by step since 2012. In the future, the National Science Council will be reformed into the “Ministry of Science and Technology”, and the Ministry of Economic Affairs into the “Ministry of Economy and Energy”, and the Department of Industrial Development into the “Department of Industry and Technology”. Therefore, Taiwan’s technology administrative system will be changed materially. Under the new government organizational framework, how Taiwan’s technology R&D and industrial innovation system divide work and coordinate operations to boost the continuous economic growth in Taiwan will be the first priority without doubt. Support of innovation policies is critical to promotion of continuous economic growth. The Swiss Government supports technological research and innovation via various organizations and institutions effectively. In recent years, it has achieved outstanding performance in economy, education and innovation. Therefore, we herein study the functions and orientation of the competent authorities dedicated to boosting research and innovation in Switzerland, and observe its policies and legal system applied to boost the national R&D in order to provide the reference for the functions and orientation of the competent authorities dedicated to boosting R&D and industrial innovation in Taiwan. II. Overview of Swiss Federal Technology Laws and Technology Administrative System 　　Swiss national administrative organization is subject to the council system. The Swiss Federal Council is the national supreme administrative authority, consisting of 7 members elected from the Federal Assembly and dedicated to governing a Federal Government department respectively. Switzerland is a federal country consisting of various cantons that have their own constitutions, councils and governments, respectively, entitled to a high degree of independence. 　　Article 64 of the Swiss Federal Constitution[4] requires that the federal government support research and innovation. The “Research and Innovation Promotion Act” (RIPA)[5] is dedicated to fulfilling the requirements provided in Article 64 of the Constitution. Article 1 of the RIPA[6] expressly states that the Act is enacted for the following three purposes: 1. Promoting the scientific research and science-based innovation and supporting evaluation, promotion and utilization of research results; 2. Overseeing the cooperation between research institutions, and intervening when necessary; 3. Ensuring that the government funding in research and innovation is utilized effectively. Article 4 of the RIPA provides that the Act shall apply to the research institutions dedicated to innovation R&D and higher education institutions which accept the government funding, and may serve to be the merit for establishment of various institutions dedicated to boosting scientific research, e.g., the National Science Foundation and Commission of Technology & Innovation (CTI). Meanwhile, the Act also provides detailed requirements about the method, mode and restriction of the government funding. 　　According to the RIPA amended in 2011, the Swiss Federal Government’s responsibility for promoting innovation policies has been extended from “promotion of technology R&D” to “unification of education, research and innovation management”, making the Swiss national industrial innovation framework more well-founded and consistent[8] . Therefore, upon the government organization reform of Switzerland in 2013, most of the competent authorities dedicated to technology in Swiss have been consolidated into the Federal Department of Economic Affairs, Education and Research. 　　Under the framework, the Swiss Federal Government assigned higher education, job training, basic scientific research and innovation to the State Secretariat for Education, Research and Innovation (SERI), while the Commission of Technology & Innovation (CTI) was responsible for boosting the R&D of application scientific technology and industrial technology and cooperation between the industries and academy. The two authorities are directly subordinate to the Federal Department of Economic Affairs, Education and Research (EAER). The Swiss Science and Technology Council (SSTC), subordinate to the SERI is an advisory entity dedicated to Swiss technology policies and responsible for providing the Swiss Federal Government and canton governments with the advice and suggestion on scientific, education and technology innovation policies. The Swiss National Science Foundation (SNSF) is an entity dedicated to boosting the basic scientific R&D, known as the two major funding entities together with CTI for Swiss technology R&D. The organizations, duties, functions and operations of certain important entities in the Swiss innovation system are introduced as following. Date source: Swiss Federal Department of Economic Affairs, Education and Research official website Fig. 1　Swiss Innovation Framework Dedicated to Boosting Industries－Swiss Federal Economic, Education and Research Organizational Chart 1. State Secretariat of Education, Research and Innovation (SERI) 　　SERI is subordinate to the Department of Economic Affairs, Education and Research, and is a department of the Swiss Federal Government dedicated to managing research and innovation. Upon enforcement of the new governmental organization act as of January 1, 2013, SERI was established after the merger of the State Secretariat for Education and Research, initially subordinate to Ministry of Interior, and the Federal Office for Professional Education and Technology (OEPT), initially subordinated to Ministry of Economic Affairs. For the time being, it governs the education, research and innovation (ERI). The transformation not only integrated the management of Swiss innovation system but also unified the orientations toward which the research and innovation policy should be boosted. 　　SERI’s core missions include “enactment of national technology policies”, “coordination of research activities conducted by higher education institutions, ETH, and other entities of the Federal Government in charge of various areas as energy, environment, traffic and health, and integration of research activities conducted by various government entities and allocation of education, research and innovation resources. Its functions also extend to funding the Swiss National Science Foundation (SNSF) to enable SNSF to subsidize the basic scientific research. Meanwhile, the international cooperation projects for promotion of or participation in research & innovation activities are also handled by SERI to ensure that Switzerland maintains its innovation strength in Europe and the world. 　　The Swiss Science and Technology Council (SSTC) is subordinate to SERI, and also the advisory unit dedicated to Swiss technology policies, according to Article 5a of RIPA[9]. The SSTC is responsible for providing the Swiss Federal Government and canton governments with advice and suggestion about science, education and innovation policies. It consists of the members elected from the Swiss Federal Council, and a chairman is elected among the members. 2. Swiss National Science Foundation (SNSF) 　　The Swiss National Science Foundation (SNSF) is one of the most important institutions dedicated to funding research, responsible for promoting the academic research related to basic science. It supports about 8,500 scientists each year. Its core missions cover funding as incentives for basic scientific research. It grants more than CHF70 million each year. Nevertheless, the application science R&D, in principle, does not fall in the scope of funding by the SNSF. The Foundation allocates the public research fund under the competitive funding system and thereby maintains its irreplaceable identity, contributing to continuous output of high quality in Switzerland. 　　With the support from the Swiss Federal Government, the SNSF was established in 1952. In order to ensure independence of research, it was planned as a private institution when it was established[10]. Though the funding is provided by SERI, the SNSF still has a high degree of independence when performing its functions. The R&D funding granted by the SNSF may be categorized into the funding to free basic research, specific theme-oriented research, and international cooperative technology R&D, and the free basic research is granted the largest funding. The SNSF consists of Foundation Council, National Research Council and Research Commission[11]. Data source: prepared by the Study Fig. 2 　Swiss National Science Foundation Organizational Chart (1) Foundation Council 　　The Foundation Council is the supreme body of the SNSF[12], which is primarily responsible for making important decisions, deciding the role to be played by the SNSF in the Swiss research system, and ensuring SNSF’s compliance with the purpose for which it was founded. The Foundation Council consists of the members elected from the representatives from important research institutions, universities and industries in Swiss, as well as the government representatives nominated by the Swiss Federal Council. According to the articles of association of the SNSF[13], each member’s term of office should be 4 years, and the members shall be no more than 50 persons. The Foundation Council also governs the Executive Committee of the Foundation Council consisting of 15 Foundation members. The Committee carries out the mission including selection of National Research Council members and review of the Foundation budget. (2) National Research Council 　　The National Research Council is responsible for reviewing the applications for funding and deciding whether the funding should be granted. It consists of no more than 100 members, mostly researchers in universities and categorized, in four groups by major[14], namely, 1. Humanities and Social Sciences; 2. Math, Natural Science and Engineering; 3. Biology and Medical Science; and 4. National Research Programs (NRPs）and National Centers of Competence in Research (NCCRs). The NRPs and NCCRs are both limited to specific theme-oriented research plans. The funding will continue for 4~5years, amounting to CHF5 million~CHF20 million[15]. The specific theme-oriented research is applicable to non-academic entities, aiming at knowledge and technology transfer, and promotion and application of research results. The four groups evaluate and review the applications and authorize the funding amount. 　　Meanwhile, the representative members from each group form the Presiding Board dedicated to supervising and coordinating the operations of the National Research Council, and advising the Foundation Council about scientific policies, reviewing defined funding policies, funding model and funding plan, and allocating funding by major. (3) Research Commissions 　　Research Commissions are established in various higher education research institutions. They serve as the contact bridge between higher education academic institutions and the SNSF. The research commission of a university is responsible for evaluating the application submitted by any researcher in the university in terms of the school conditions, e.g., the school’s basic research facilities and human resource policies, and providing advice in the process of application. Meanwhile, in order to encourage young scholars to attend research activities, the research committee may grant scholarships to PhD students and post-doctor research[16]. ~to be continued~ [1] SWISS FEDERAL STATISTICS OFFICE, Switzerland's population 2011 (2012), http://www.bfs.admin.ch/bfs/portal/en/index/news/publikationen.Document.163772.pdf (last visited Jun. 1, 2013). [2] WORLD ECONOMIC FORUM [WEF], The Global Competiveness Report 2012-2013 (2012), http://www3.weforum.org/docs/WEF_GlobalCompetitivenessReport_2012-13.pdf (last visited Jun. 1, 2013); WEF, The Global Competiveness Report 2011-2012 (2011), http://www3.weforum.org/docs/WEF_GCR_Report_2011-12.pdf (last visited Jun. 1, 2013); WEF, The Global Competiveness Report 2010-2011 (2010), http://www3.weforum.org/docs/WEF_GlobalCompetitivenessReport_2010-11.pdf (last visited Jun. 1, 2013); WEF, The Global Competiveness Report 2009-2010 (2009),. http://www3.weforum.org/docs/WEF_GlobalCompetitivenessReport_2009-10.pdf (last visited Jun. 1, 2013). [3] INSEAD, The Global Innovation Index 2012 Report (2012), http://www.globalinnovationindex.org/gii/GII%202012%20Report.pdf (last visited Jun. 1, 2013); INSEAD, The Global Innovation Index 2011 Report (2011), http://www.wipo.int/freepublications/en/economics/gii/gii_2011.pdf (last visited Jun. 1, 2013). [4] SR 101 Art. 64: “Der Bund fördert die wissenschaftliche Forschung und die Innovation.” [5] Forschungs- und Innovationsförderungsgesetz, vom 7. Oktober 1983 (Stand am 1. Januar 2013). For the full text, please see www.admin.ch/ch/d/sr/4/420.1.de.pdf (last visited Jun. 3, 2013). [6] Id. [7] Id. [8] CTI, CTI Multi-year Program 2013-2016 7(2012), available at http://www.kti.admin.ch/?lang=en&download=NHzLpZeg7t,lnp6I0NTU042l2Z6ln1ad1IZn4Z2qZpnO2Yuq2Z6gpJCDeYR,hGym162epYbg2c_JjKbNoKSn6A-- (last visited Jun. 3, 2013). [9] Supra note 5. [10] Swiss National Science Foundation, http://www.snf.ch/E/about-us/organisation/Pages/default.aspx (last visited Jun. 3, 2013). [11] Id. [12] Foundation Council, Swiss National Science Foundation, http://www.snf.ch/E/about-us/organisation/Pages/foundationcouncil.aspx (last visited Jun. 3, 2013). [13] See Statutes of Swiss National Science Foundation Art.8 & Art. 9, available at http://www.snf.ch/SiteCollectionDocuments/statuten_08_e.pdf (last visited Jun. 3, 2013). [14] National Research Council, Swiss National Science Foundation, http://www.snf.ch/E/about-us/organisation/researchcouncil/Pages/default.aspx (last visted Jun.3, 2013). [15] Theres Paulsen, VISION RD4SD Country Case Study Switzerland (2011), http://www.visionrd4sd.eu/documents/doc_download/109-case-study-switzerland (last visited Jun.6, 2013). [16] Research Commissions, Swiss National Science Foundation, http://www.snf.ch/E/about-us/organisation/Pages/researchcommissions.aspx (last visted Jun. 6, 2013).

Post Brexit – An Update on the United Kingdom Privacy Regime 2021/9/10 　　After lengthy talks, on 31 January 2020, the United Kingdom (‘UK’) finally exited the European Union (‘EU’). Then, the UK shifted into a transition period. The UK government was bombarded with questions from all stakeholders. In particular, the data and privacy industry yelled out the loudest – what am I going to do with data flowing from the EU to the UK? Privacy professionals queried – would the UK have a new privacy regime that significantly departs from the General Data Protection Regulation (‘GDPR’)? Eventually, the UK made a compromise with all stakeholders – the British, the Europeans and the rest of the world – by bridging its privacy laws with the GDPR. On 28 June 2021, the UK obtained an adequacy decision from the EU.[1] This was widely anticipated but also widely known to be delayed, as it was heavily impacted by the aftermaths of the invalidation of the US- EU Privacy Shield.[2] 　　While the rest of the world seems to silently observe the transition undertaken by the UK, post-Brexit changes to the UK’s privacy regime is not only a domestic or regional matter, it is an international matter. Global supply chains and cross border data flows will be affected, shuffling the global economy into a new order. Therefore, it is crucial as citizens of a digital economy to unpack and understand the current UK privacy regime. This paper intends to give the reader a brief introduction to the current privacy regime of the UK. The author proposes to set out the structure of the UK privacy legislation, and to discuss important privacy topics. This paper only focuses on the general processing regime, which is the regime that is most relevant to general stakeholders. UK Privacy Legislation 　　There are two main privacy legislation in the UK – the Data Protection Act 2018 (‘DPA’) and the United Kingdom General Data Protection Act (‘UK GDPR’). These two acts must be read together in order to form a coherent understanding of the current UK privacy regime. 　　The UK GDPR is the creature of Brexit. The UK government wanted a smooth transition out of the EU and acknowledged that they needed to preserve the GDPR in their domestic privacy regime to an extent that would allow them to secure an adequacy decision. The UK government also wanted to create less impact on private companies. Thus, the UK GDPR was born. Largely it aligns closely with the GDPR, supplemented by the DPA. ICO 　　The Information Commissioner’s Office (‘ICO’) is the independent authority supervising the compliance of privacy laws in the UK. Prior to Brexit, the ICO was the UK’s supervisory authority under the GDPR. A unique feature of the ICO’s powers and functions is that it adopts a notice system. The ICO has power to issue four types of notices: information notices, assessment notices, enforcement notices and penalty notices.[3] The information notice requires controllers or processors to provide information. The ICO must issue an assessment notice before conducting data protection audits. Enforcement is only exercisable by giving an enforcement notice. Administrative fines are only exercisable by giving a penalty notice. Territorial Application 　　Section 207(1A) of the DPA states that the DPA applies to any controller or processor established in the UK, regardless where the processing of personal data takes place. Like the GDPR, the DPA and the UK GDPR have an extraterritorial reach to overseas controllers or processors. The DPA and the UK GDPR apply to overseas controllers or processors who process personal data relating to data subjects in the UK, and the processing activities are related to the offering of goods or services, or the monitoring of data subjects’ behavior.[4] Transfers of Personal Data to Third Countries 　　On 28 June 2021, the UK received an adequacy decision from the EU.[5] This means that until 27 June 2025, data can continue to flow freely between the UK and the European Economic Area (‘EEA’). 　　As for transferring personal data to third countries other than the EU, the UK has similar laws to the GDPR. Both the DPA and the UK GDPR restrict controllers or processors from transferring personal data to third countries. A transfer of personal data to a third country is permitted if it is based on adequacy regulations.[6] An EU adequacy decision is known as ‘adequacy regulations’ under the UK regime. 　　If there is no adequacy regulations, then a transfer of personal data to a third country will only be permitted if it is covered by appropriate safeguards, including standard data protection clauses, binding corporate rules, codes of conduct, and certifications.[7] The ICO intends to publish UK standard data protection clauses in 2021.[8] In the meantime, the EU has published a new set of standard data protection clauses (‘SCCs’).[9] However, it must be noted that the EU SCCs are not accepted to be valid in the UK, and may only be used for reference purposes. It is also worth noting that the UK has approved three certification schemes to assist organizations in demonstrating compliance to data protection laws.[10] Lawful Bases for Processing 　　Basically, the lawful bases for processing in the UK regime are the same as the GDPR. Six lawful bases are set out in article 6 of the UK GDPR. To process personal data, at least one of the following lawful bases must be satisfied:[11] The data subject has given consent to the processing; The processing is necessary for the performance of a contract; The processing is necessary for compliance with a legal obligation; The processing is necessary to protect vital interests of an individual – that is, protecting an individual’s life; The processing is necessary for the performance of a public task; The processing is necessary for the purpose of legitimate interests, unless other interests or fundamental rights and freedoms override those legitimate interests. Rights & Exemptions 　　The UK privacy regime, like the GDPR, gives data subjects certain rights. Most of the rights granted under the UK privacy regime is akin to the GDPR and can be found under the UK GDPR. Individual rights under the UK privacy regime is closely linked with its exemptions, this may be said to be a unique feature of the UK privacy regime which sets it apart from the GDPR. Under the DPA and the UK GDPR, there are certain exemptions, meaning organizations are exempted from certain obligations, most of them are associated with individual rights. For example, if data is processed for scientific or historical research purposes, or statistical purposes, organizations are exempted from provisions on the right of access, the right to rectification, the right to restrict processing and the right to object in certain circumstances.[12] Penalties 　　The penalty for infringement of the UK GDPR is the amount specified in article 83 of the UK GDPR.[13] If an amount is not specified, the penalty is the standard maximum amount.[14] The standard maximum amount, at the time of writing, is £8,700,000 (around 10 million Euros) or 2% of the undertaking’s total annual worldwide turnover in the preceding financial year.[15] In any other case, the standard maximum amount is £8,700,000 (around 10 million Euros).[16] Conclusion 　　The UK privacy regime closely aligns with the GDPR. However it would be too simple of a statement to say that the UK privacy regime is almost identical to the GDPR. The ICO’s unique enforcement powers exercised through a notice system is a distinct feature of the UK privacy regime. Recent legal trends show that the UK while trying to preserve its ties with the EU is gradually developing an independent privacy persona. The best example is that in regards to transfers to third countries, the UK has developed its first certification scheme and is attempting to develop its own standard data protection clauses. The UK’s transition out of the EU has certainly been interesting; however, the UK’s transformation from the EU is certainly awaited with awe. [1] Commission Implementing Decision of 28.6.2021, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom, C(2021) 4800 final,https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf.. [2] Judgment of 16 July 2020, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems, C-311/18, EU:C:2020:559, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62018CJ0311. [3] Data Protection Act 2018, §115. [4] Data Protection Act 2018, §207(1A); REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 3. [5] supra note 1. [6] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 44-50. [7] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 46-47. [8]International transfers after the UK exit from the EU Implementation Period, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/ (last visited Sep. 10, 2021). [9] Standard contractual clauses for international transfers, European Commission, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en (last visited Sep. 10, 2021). [10] ICO, New certification schemes will “raise the bar” of data protection in children’s privacy, age assurance and asset disposal, ICO, Aug. 19, 2021, https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/08/ico-approves-the-first-uk-gdpr-certification-scheme-criteria/ (last visited Sep. 10, 2021). [11] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 6(1)-(2); Lawful basis for processing, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ (last visited Sep. 10, 2021). [12] Data Protection Act 2018, sch 2, part 6, para 27. [13] id. at §157. [14] id. [15] id. [16] id.