Impact of Government Organizational Reform to Research Legal System and Response Thereto (2) – Observation of the Swiss Research Innovation System

Research on Policies for building a digital nation in Recent Years (2016-2017) 　　Recent years, the government has already made some proactive actions, including some policies and initiatives, to enable development in the digital economy and fulfill the vision of Digital Nation. Those actions are as follows: 1. CREATING THE “FOOD CLOUD” FOR FOOD SAFETY CONTROLS 　　Government agencies have joined forces to create an integrated “food cloud” application that quickly alerts authorities to food safety risks and allows for faster tracing of products and ingredients. The effort to create the cloud was spearheaded by the Executive Yuan’s Office of Food Safety under the leadership of Vice Premier Chang San-cheng on January 12, 2016. 　　The “food cloud” application links five core systems (registration, tracing, reporting, testing, and inspection) from the Ministry of Health and Welfare (MOHW) with eight systems from the Ministry of Finance, Ministry of Economic Affairs, Ministry of Education (MOE), Council of Agriculture and Environmental Protection Administration. 　　The application gathers shares and analyzes information in a methodical and systematic manner by employing big data technology. To ensure the data can flow properly across different agencies, the Office of Food Safety came up with several products not intended for human consumption and had the MOHW simulate the flow of those products under import, sale and supply chain distribution scenarios. The interministerial interface successfully analyzed the data and generated lists of food risks to help investigators focus on suspicious companies. 　　Based on these simulation results, the MOHW on September 2, 2015, established a food and drug intelligence center as a mechanism for managing food safety risks and crises on the national level. The technologies for big data management and mega data analysis will enable authorities to better manage food sources and protect consumer health. 　　In addition, food cloud systems established by individual government agencies are producing early results. The MOE, for instance, rolled out a school food ingredient registration platform in 2014, and by 2015 had implemented the system across 22 countries and cities at 6,000 schools supplying lunches for 4.5 million students. This platform, which made school lunch ingredients completely transparent, received the 2015 eAsia Award as international recognition for the use of information technology in ensuring food safety. 2. REVISING DIGITAL CONVERGENCE ACTS 　　On 2016 May 5th, the Executive Yuan Council approved the National Communications Commission's (NCC) proposals, drafts of “Broadcasting Terrestrial and Channel Service Suppliers Administration Act”, “Multichannel Cable Platform Service Administration Act”, “Telecommunications Service Suppliers Act”, “Telecommunications Infrastructure and Resources Administration Act”, “Electronic Communications Act”, also the five digital convergence laws. They will be sent to the Legislature for deliberation. But in the end, this version of five digital convergence bills did not pass by the Legislature. 　　However, later on, November 16, 2017, The Executive Yuan approved the new drafts of “Digital Communication Act” and the “Telecommunication Service Management Act”. 　　The “Digital Communication Act” and the “Telecommunication Service Management Act” focused summaries as follows: 　　1. The digital communication bill 　　A. Public consultation and participation. 　　B. The digital communication service provider ought to use internet resource reasonability and reveal network traffic control measures. 　　C. The digital communication service provider ought to reveal business information and Terms of Service. 　　D. The responsibility of the digital communication service provider. 　　2. The telecommunication service management bill 　　A. The telecommunication service management bill change to use registration system. 　　B. The general obligation of telecommunications to provide telecommunication service and the special obligation of Specific telecommunications. 　　C. Investment, giving, receiving and merging rules of the telecommunication service. 　　Telecommunications are optimism of relaxing rules and regulations, and wish it would infuse new life and energy into the market. Premier Lai instructed the National Communications Commission and other agencies to elucidate the contents of the two communication bills to all sectors of society, and communicate closely with lawmakers of all parties to build support for a quick passage of the bills. 3. FOCUSING ON ICT SECURITY TO BUILD DIGITAL COUNTRIES 　　Ｔhe development of ICT has brought convenience to life but often accompanied by the threat of illegal use, especially the crimes with the use of new technologies such as Internet techniques and has gradually become social security worries. Minor impacts may cause inconvenience to life while major impacts may lead to a breakdown of government functions and effects on national security. To enhance the capability of national security protection and to avoid the gap of national security, the Executive Yuan on August 1st 2016 has upgraded the Office of Information and Communication Security into the Agency of Information and Communication Security, a strategic center of R.O.C security work, integrating the mechanism of the whole government governance of information security, through specific responsibility, professionalism, designated persons and permanent organization to establish the security system, together with the relevant provisions of the law so that the country's information and communication security protection mechanism will become more complete. The efforts to the direction could be divided into three parts: 　　First, strengthening the cooperation of government and private sectors of information security: In a sound basis of legal system, the government plans to strengthen the government and some private sectors’ information security protection abilities ,continue to study and modify the relevant amendments to the relevant provisions, strengthen public-private collaborative mechanism, deepen the training of human resources and enhance the protection of key information infrastructure of our country. 　　Second, improving the information and communication security professional capability: information and communication security business is divided into policy and technical aspects. While the government takes the responsibility for policy planning and coordination, the technical service lies in an outsourcing way. Based on a sound legal system, the government will establish institutionalized and long-term operation modes and plan appropriate organizational structures through the discussion of experts and scholars from all walks of life. 　　Third, formulating Information and Communication Safety Management Act and planning of the Fifth National Development Program for Information and Communication Security: The government is now actively promoting the Information and Communication Safety Management Act as the cornerstone for the development of the national digital security and information security industry. The main content of the Act provides that the applicable authorities should set up security protection plan at the core of risk management and the procedures of notification and contingency measures, and accept the relevant administrative check. Besides the vision of the Fifth National Development Program for Information and Communication Security which the government is planning now is to build a safe and reliable digital economy and establish a safe information and communication environment by completing the legal system of information and communication security environment, constructing joint defense system of the national Information and Communication security, pushing up the self-energy of the industries of information security and nurture high-quality human resources for elite talents for information security. 4. THE DIGITAL NATION AND INNOVATIVE ECONOMIC DEVELOPMENT PLAN 　　The Digital Nation and Innovative Economic Development Plan (2017-2025) known as “DIGI+” plan, approved by the Executive Yuan on November 24, 2016. The plan wants to grow nation’s digital economy to NT $ 6.5 trillion (US$205.9 billion), improve the digital lifestyle services penetration rate to 80 %, increase broadband connections to 2 Gbps, ensure citizens’ basic rights to have 25 Mbps broadband access, and put our nation among the top 10 information technology nations worldwide by 2025. 　　The plan contains several important development strategies: DIGI+ Infrastructure: Build infrastructure conducive to digital innovation. DIGI+ Talent: Cultivate digital innovation talent. DIGI+ Industry: Support cross-industry transformation through digital innovation. DIGI+ Rights: Make R.O.C. an advanced society that respects digital rights and supports open online communities. DIGI+ Cities: Build smart cities through cooperation among central and local governments and the industrial, academic and research sectors. DIGI+ Globalization: Boost nation’s standing in the global digital service economy. 　　The plan also highlights few efforts: 　　First is to enrich “soft” factors and workforce to create an innovative environment for digital development. To construct this environment, the government will construct an innovation-friendly legal framework, cultivate interdisciplinary digital talent, strengthen research and develop advanced digital technologies. 　　Second is to enhance digital economy development. The government will incentivize innovative applications and optimize the environment for digital commerce. 　　Third, the government will develop an open application programming interface for government data and create demand-oriented, one-stop smart government cloud services. 　　Fourth, the government will ensure broadband access for the disadvantaged and citizens of the rural area, implement the participatory process, enhance different kinds of international cooperation, and construct a comprehensive humanitarian legal framework with digital development. 　　Five is to build a sustainable smart country. The government will use smart network technology to build a better living environment, promote smart urban and rural area connective governance and construction and use on-site research and industries innovation ecosystem to assist local government plan and promote construction of the smart country. 　　In order to achieve the overall effectiveness of the DIGI + program, interdisciplinary, inter-ministerial, inter-departmental and inter-departmental efforts will be required to collaborate with the newly launched Digital National Innovation Economy (DIGI +) Promotion Team. 5. ARTIFICIAL INTELLIGENCE SCIENTIFIC RESEARCH STRATEGY 　　The Ministry of Science and Technology (MOST) reported strategy plan for artificial intelligence (AI) scientific research at Cabinet meeting on August 24, 2017. Artificial intelligence is a powerful and inevitable trend, and it will be critical to R.O.C.’s competitiveness for the next 30 years. 　　The ministry will devote NT$16 billion over the next five years to building an AI innovation ecosystem in R.O.C. According to MOST, the plan will promote five strategies: 　　1. Creating an AI platform to provide R&D services 　　MOST will devote NT$5 billion over the next four years to build a platform, integrating the resources, providing a shared high-speed computing environment and nurturing emerging AI industries and applications. 　　2. Establishing an AI innovative research center 　　MOST will four artificial intelligence innovation research centers across R.O.C. as part of government efforts to enhance the nation’s competitiveness in AI technology. The centers will support the development of new AI in the realms of financial technology, smart manufacturing, smart healthcare and intelligent transportation systems. 　　3. Setting up AI robot maker spaces 　　An NT$2 billion, four-year project assisting industry to develop the hardware-software integration of robots and innovative applications was announced by the Ministry of Science and Technology. 　　4. Subsidizing a semiconductor “moonshot” program to explore ambitious and groundbreaking smart technologies 　　This program will invest NT$4 billion from 2018 through 2021 into developing semiconductors and chip systems for edge devices as well as integrating the academic sector’s R&D capabilities and resources. the project encompasses cognitive computing and AI processor chips; next-generation memory designs; process technologies and materials for key components of sensing devices; unmanned vehicles, AR and VR; IoT systems and security. 　　5. Organizing Formosa Grand Challenge competitions 　　The program is held in competitions to engage young people in the development of AI applications. 　　The government hopes to extend R.O.C.’s industrial advantages and bolster the country’s international competitiveness, giving R.O.C. the confidence to usher in the era of AI applications. All of these efforts will weave people, technologies, facilities, and businesses into a broader AI innovation ecosystem. 6. INTELLIGENT TRANSPORTATION SYSTEM PLANS 　　Ministry of Transportation and Communications (MOTC) launched plans to develop intelligent transportation systems at March 7th in 2017. MOTC integrates transportation and information and communications technology through these plans to improve the convenience and reduce the congestion of the transportation. These plans combine traffic management systems for highways, freeways and urban roads, a multi-lane free-flow electronic toll collection system, bus information system that provides timely integrated traffic information services, and public transportation fare card readers to reduce transport accidence losses, inconvenience of rural area, congestion of main traffic arteries and improve accessibility of public transportation. 　　There are six plans are included: 1. Intelligent transportation safety plan; 2. Relieve congestion on major traffic arteries; 3. Make transportation more convenient in Eastern Taiwan and remote areas; 4. Integrate and share transportation resources; 5. Develop “internet-of-vehicles” technology applications; and 6. Fundamental R&D for smart transportation technology. 　　These plans promote research and development of smart vehicles and safety intersections, develop timely bus and traffic information tracking system, build a safe system of shared, safe and green-energy smart system, and subsidize the large vehicles to install the vision enhancement cameras to improve the safety of transportation. These plans also use eTag readers, vehicle sensors and info communication technologies to gather the traffic information and provide timely traffic guidance, reduce the congestion of the traffic flow. These plans try to use demand-responsive transit system with some measures such as combine public transportation and taxi, to improve the flexibility of the public traffic service and help the basic transportation needs of residents in eastern Taiwan and rural areas to be fulfilled. A mobile transport service interface and a platform that integrating booking and payment processes are also expected to be established to provide door-to-door transportation services and to integrate transportation resources. And develop demonstration projects of speed coordination of passenger coach fleets, vehicle-road interaction technology, and self-driving car to investigate and verify the issues in technological, operational, industrial, legal environments of internet-of-vehicles applications in our country. Last but not least, research and development on signal control systems that can be used in both two and four-wheeled vehicles, and deploy an internet-of-vehicles prototype platform and develop drones traffic applications. 　　These plans are expected to reduce 25% traffic congestion, 20% of motor vehicle incidence, leverage 10% using rate of public transportation, raise 20% public transportation service accessibility of rural area and create NT$30 billion production value. After accomplishing these targets, the government can establish a comprehensive transportation system and guide industry development of relating technology areas. 　　Through the aforementioned initiatives, programs, and plans, the government wants to construct the robust legal framework and policy environment for digital innovation development, and facilitate the quality of citizens in our society.

Blockchain and General Data Protection Regulation (GDPR) compliance issues (2019) I. Brief 　　Blockchain technology can solve the problem of trust between data demanders and data providers. In other words, in a centralized mode, data demanders can only choose to believe that the centralized platform will not contain the false information. However, in the decentralized mode, data isn’t controlled by one individual group or organization[1], data demanders can directly verify information such as data source, time, and authorization on the blockchain without worrying about the correctness and authenticity of the data. 　　Take the “immutable” for example, it is conflict with the right to erase (also known as the right to be forgotten) in the GDPR.With encryption and one-time pad (OTP) technology, data subjects can make data off-chain storaged or modified at any time in a decentralized platform, so the problem that data on blockchain not meet the GDPR regulation has gradually faded away. II. What is GDPR? 　　The purpose of the EU GDPR is to protect user’s data and to prevent large-scale online platforms or large enterprises from collecting or using user’s data without their permission. Violators will be punished by the EU with up to 20 million Euros (equal to 700 million NT dollars) or 4% of the worldwide annual revenue of the prior financial year. 　　The aim is to promote free movement of personal data within the European Union, while maintaining adequate level of data protection. It is a technology-neutral law, any type of technology which is for processing personal data is applicable. 　　So problem about whether the data on blockchain fits GDPR regulation has raise. Since the blockchain is decentralized, one of the original design goals is to avoid a large amount of centralized data being abused. 　　Blockchain can be divided into permissioned blockchains and permissionless blockchains. The former can also be called “private chains” or “alliance chains” or “enterprise chains”, that means no one can join the blockchain without consent. The latter can also be called “public chains”, which means that anyone can participate on chain without obtaining consent. 　　Sometimes, private chain is not completely decentralized. The demand for the use of blockchain has developed a hybrid of two types of blockchain, called “alliance chain”, which not only maintains the privacy of the private chain, but also maintains the characteristics of public chains. The information on the alliance chain will be open and transparent, and it is in conflict with the application of GDPR. III. How to GDPR apply to blockchain ? 　　First, it should be determined whether the data on the blockchain is personal data protected by GDPR. Second, what is the relationship and respective responsibilities of the data subject, data controller, and data processor? Finally, we discuss the common technical characteristics of blockchain and how it is applicable to GDPR. 1. Data on the blockchain is personal data protected by GDPR? 　　First of all, starting from the technical characteristics of the blockchain, blockchain technology is commonly decentralized, anonymous, immutable, trackable and encrypted. The other five major characteristics are immutability, authenticity, transparency, uniqueness, and collective consensus. 　　Further, the blockchain is an open, decentralized ledger technology that can effectively verify and permanently store transactions between two parties, and can be proved. 　　It is a distributed database, all users on the chain can access to the database and the history record, also can directly verify transaction records. Each nodes use peer-to-peer transmission for upload or transfer information without third-party intermediation, which is the unique “decentralization” feature of the blockchain. 　　In addition, the node or any user on the chain has a unique and identifiable set of more than 30 alphanumeric addresses, but the user may choose to be anonymous or provide identification, which is also a feature of transparency with pseudonymity[2]; Data on blockchain is irreversibility of records. Once the transaction is recorded and updated on the chain, it is difficult to change and is permanently stored in the database, that is to say, it has the characteristics of “tamper-resistance”[3]. 　　According to Article 4 (1) of the GDPR, “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 　　Therefore, if data subject cannot be identified by the personal data on the blockchain, that is an anonymous data, excluding the application of GDPR. (1) What is Anonymization? 　　According to Opinion 05/2014 on Anonymization Techniques by Article 29 Data Protection Working Party of the European Union, “anonymization” is a technique applied to personal data in order to achieve irreversible de-identification[4]. 　　And it also said the “Hash function” of blockchain is a pseudonymization technology, the personal data is possible to be re-identified. Therefore it’s not an “anonymization”, the data on the blockchain may still be the personal data stipulated by the GDPR. 　　As the blockchain evolves, it will be possible to develop technologies that are not regulated by GDPR, such as part of the encryption process, which will be able to pass the court or European data protection authorities requirement of anonymization. There are also many compliance solutions which use technical in the industry, such as avoiding transaction data stored directly on the chain. 2. International data transmission 　　Furthermore, in accordance with Article 3 of the GDPR, “This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union”.[5] 　　In other words, GDPR applies only when the data on the blockchain is not anonymized, and involves the processing of personal data of EU citizens. 3. Identification of data controllers and data processors 　　Therefore, if the encryption technology involves the public storage of EU citizens' personal data and passes it to a third-party controller, it may be identified as the “data controller” under Article 4 of GDPR, and all nodes and miners of the platform may be deemed as the “co-controller” of the data, and be assumed joint responsibility with the data controller by GDPR. For example, the parties can claim the right to delete data from the data controller. 　　In addition, a blockchain operator may be identified as a “processor”, for example, Backend as a Service (BaaS) products, the third parties provide network infrastructure for users, and let users manage and store personal data. Such Cloud Services Companies provide online services on behalf of customers, do not act as “data controllers”. Some commentators believe that in the case of private chains or alliance chains, such as land records transmission, inter-bank customer information sharing, etc., compared to public chain applications: such as cryptocurrencies (Bitcoin for example), is not completely decentralized, and more likely to meet GDPR requirements[6]. For example, in the case of a private chain or alliance chain, it is a closed platform, which contains only a small number of trusted nodes, is more effective in complying with the GDPR rules. 4. Data subject claims 　　In accordance with Article 17 of the GDPR, The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay under some grounds. 　　Off-chain storage technology can help the blockchain industry comply with GDPR rules, allowing offline storage of personal data, or allow trusted nodes to delete the private key of encrypted information, which leaving data that cannot be read and identified on the chain. If the data is in accordance with the definition of anonymization by GDPR, there is no room for GDPR to be applied. IV. Conclusion 　　In summary, it’s seem that the application of blockchain to GDPR may include: (a) being difficulty to identified the data controllers and data processors after the data subject upload their data. (b) the nature of decentralized storage is transnational storage, and Whether the country where the node is located, is meets the “adequacy decision” of Article 45 of the GDPR. 　　If it cannot be met, then it needs to consider whether it conforms to the transfers subject to appropriate safeguards of Article 46, or the derogations for specific situations of Article 49 of the GDPR. Reference: [1] How to Trade Cryptocurrency: A Guide for (Future) Millionaires, https://wikijob.com/trading/cryptocurrency/how-to-trade-cryptocurrency [2] DONNA K. HAMMAKER, HEALTH RECORDS AND THE LAW 392 (5TH ED. 2018). [3] Iansiti, Marco, and Karim R. Lakhani, The Truth about Blockchain, Harvard Business Review 95, no. 1 (January-February 2017): 118-125, available at https://hbr.org/2017/01/the-truth-about-blockchain [4] Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques (2014), https://www.pdpjournals.com/docs/88197.pdf [5] Directive 95/46/EC (General Data Protection Regulation), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN [6] Queen Mary University of London, Are blockchains compatible with data privacy law? https://www.qmul.ac.uk/media/news/2018/hss/are-blockchains-compatible-with-data-privacy-law.html

The Research on ownership of cell therapy products 1. Issues concerning ownership of cell therapy products 　　Regarding the issue of ownership interests, American Medical Association(AMA)has pointed out in 2016 that using human tissues to develop commercially available products raises question about who holds property rights in human biological materials[1]. In United States, there have been several disputes concern the issue of the whether the donor of the cell therapy can claim ownership of the product, including Moore v. Regents of University of California(1990)[2], Greenberg v. Miami Children's Hospital Research Institute(2003)[3], and Washington University v. Catalona(2007)[4]. The courts tend to hold that since cells and tissues were donated voluntarily, the donors had already lost their property rights of their cells and tissues at the time of the donation. In Moore case, even if the researchers used Moore’s cells to obtain commercial benefits in an involuntary situation, the court still held that the property rights of removed cells were not suitable to be claimed by their donor, so as to avoid the burden for researcher to clarify whether the use of cells violates the wishes of the donors and therefore decrease the legal risk for R&D activities. United Kingdom Medical Research Council(MRC)also noted in 2019 that the donated human material is usually described as ‘gifts’, and donors of samples are not usually regarded as having ownership or property rights in these[5]. Accordingly, both USA and UK tends to believe that it is not suitable for cell donors to claim ownership. 2. The ownership of cell therapy products in the lens of Taiwan’s Civil Code 　　In Taiwan, Article 766 of Civil Code stipulated: “Unless otherwise provided by the Act, the component parts of a thing and the natural profits thereof, belong, even after their separation from the thing, to the owner of the thing.” Accordingly, many scholars believe that the ownership of separated body parts of the human body belong to the person whom the parts were separated from. Therefore, it should be considered that the ownership of the cells obtained from the donor still belongs to the donor. In addition, since it is stipulated in Article 406 of Civil Code that “A gift is a contract whereby the parties agree that one of the parties delivers his property gratuitously to another party and the latter agrees to accept it.”, if the act of donation can be considered as a gift relationship, then the ownership of the cells has been delivered from donor to other party who accept it accordingly. 　　However, in the different versions of Regenerative Medicine Biologics Regulation (draft) proposed by Taiwan legislators, some of which replace the term “donor” with “provider”. Therefore, for cell providers, instead of cell donors, after providing cells, whether they can claim ownership of cell therapy product still needs further discussion. 　　According to Article 69 of the Civil Code, it is stipulated that “Natural profits are products of the earth, animals, and other products which are produced from another thing without diminution of its substance.” In addition, Article 766 of the Civil Code stipulated that “Unless otherwise provided by the Act, the component parts of a thing and the natural profits thereof, belong, even after their separation from the thing, to the owner of the thing.” Thus, many scholars believe that when the product is organic, original substance and the natural profits thereof are all belong to the owner of the original substance. For example, when proteins are produced from isolated cells, the proteins can be deemed as natural profits and the ownership of proteins and isolated cells all belong to the owner of the cells[6]. 　　Nevertheless, according to Article 814 of the Civil Code, it is stipulated that “When a person has contributed work to a personal property belonging to another, the ownership of the personal property upon which the work is done belongs to the owner of the material thereof. However, if the value of the contributing work obviously exceeds the value of the material, the ownership of the personal property upon which the work is done belongs to the contributing person.” Thus, scholar believes that since regenerative medical technology, which induces cell differentiation, involves quite complex biotechnology technology, and should be deemed as contributing work. Therefore, the ownership of cell products after contributing work should belongs to the contributing person[7]. Thus, if the provider provides the cells to the researcher, after complex biotechnology contributing work, the original ownership of the cells should be deemed to have been eliminated, and there is no basis for providers to claim ownership. 　　However, since the development of cell therapy products involves a series of R&D activities, it still need to be clarified that who is entitled to the ownership of the final cell therapy products. According to Taiwan’s Civil Code, the ownership of product after contributing work should belongs to the contributing person. However, when there are numerous contributing persons, which person should the ownership belong to, might be determined on a case-by-case basis. 3. Conclusion 　　The biggest difference between cell therapy products and all other small molecule drugs or biologics is that original cell materials are provided by donors or providers, and the whole development process involves numerous contributing persons. Hence, ownership disputes are prone to arise. 　　In addition to the above-discussed disputes, United Kingdom Co-ordinating Committee on Cancer Research(UKCCCR)also noted that there is a long list of people and organizations who might lay claim to the ownership of specimens and their derivatives, including the donor and relatives, the surgeon and pathologist, the hospital authority where the sample was taken, the scientists engaged in the research, the institution where the research work was carried out, the funding organization supporting the research and any collaborating commercial company. Thus, the ultimate control of subsequent ownership and patent rights will need to be negotiated[8]. 　　Since the same issues might also occur in Taiwan, while developing cell therapy products, carefully clarifying the ownership between stakeholders is necessary for avoiding possible dispute. [1]American Medical Association [AMA], Commercial Use of Human Biological Materials, Code of Medical Ethics Opinion 7.3.9, Nov. 14, 2016, https://www.ama-assn.org/delivering-care/ethics/commercial-use-human-biological-materials (last visited Jan. 3, 2021). [2]Moore v. Regents of University of California, 793 P.2d 479 (Cal. 1990) [3]Greenberg v. Miami Children's Hospital Research Institute, 264 F. Suppl. 2d, 1064 (SD Fl. 2003) [4]Washington University v. Catalona, 490 F 3d 667 (8th Cir. 2007) [5]Medical Research Council [MRC], Human Tissue and Biological Samples for Use in Research: Operational and Ethical Guidelines, 2019, https://mrc.ukri.org/publications/browse/human-tissue-and-biological-samples-for-use-in-research/ (last visited Jan. 3, 2021). [6]Wen-Hui Chiu, The legal entitlement of human body, tissue and derivatives in civil law, Angle Publishing, 2016, at 327. [7]id, at 341. [8]Okano, M., Takebayashi, S., Okumura, K., Li, E., Gaudray, P., Carle, G. F., & Bliek, J. UKCCCR guidelines for the use of cell lines in cancer research.Cytogenetic and Genome Research,86(3-4), 1999, https://europepmc.org/backend/ptpmcrender.fcgi?accid=PMC2363383&blobtype=pdf (last visited Jan. 3, 2021).

The Key Elements for Data Intermediaries to Deliver Their Promise 2022/12/13 　　As human history enters the era of data economy, data has become the new oil. It feeds artificial intelligence algorithms that are disrupting how advertising, healthcare, transportation, insurance, and many other industries work. The excitement of having data as a key production input lies in the fact that it is a non-rivalrous good that does not diminish by consumption.[1] However, the fact that people are reluctant in sharing data due to privacy and trade secrets considerations has been preventing countries to realize the full value of data. [2] 　　To release more data, policymakers and researchers have been exploring ways to overcome the trust dilemma. Of all the discussions, data intermediaries have become a major solution that governments are turning to. This article gives an overview of relevant policy developments concerning data intermediaries and a preliminary analysis of the key elements that policymakers should consider for data intermediaries to function well. I. Policy and Legal developments concerning data intermediaries 　　In order to unlock data’s full value, many countries have started to focus on data intermediaries. For example, in 2021, the UK’s Department for Digital, Culture, Media and Sport (DCMS) commissioned the Centre for Data Ethics and Innovation (CDEI) to publish a report on data intermediaries[3] , in response to the 2020 National Data Strategy.[4] In 2020, the European Commission published its draft Data Governance Act (DGA)[5] , which aims to build up trust in data intermediaries and data altruism organizations, in response to the 2020 European Strategy for Data.[6] The act was adopted and approved in mid-2022 by the Parliament and Council; and will apply from 24 September 2023.[7] The Japanese government has also promoted the establishment of data intermediaries since 2019, publishing guidance to establish regulations on data trust and data banks.[8] II. Key considerations for designing effective data intermediary policy 1.Evaluate which type of data intermediary works best in the targeted country 　　From CDEI’s report on data intermediaries and the confusion in DGA’s various versions of data intermediary’s definition, one could tell that there are many forms of data intermediaries. In fact, there are at least eight types of data intermediaries, including personal information management systems (PIMS), data custodians, data exchanges, industrial data platforms, data collaboratives, trusted third parties, data cooperatives, and data trusts.[9] Each type of data intermediary was designed to combat data-sharing issues in specific countries, cultures, and scenarios. Hence, policymakers need to evaluate which type of data intermediary is more suitable for their society and market culture, before investing more resources to promote them. 　　For example, data trust came from the concept of trust—a trustee managing a trustor’s property rights on behalf of his interest. This practice emerged in the middle ages in England and has since developed into case law.[10] Thus, the idea of data trust is easily understood and trusted by the British people and companies. As a result, British people are more willing to believe that data trusts will manage their data on their behalf in their best interest and share their valuable data, compared to countries without a strong legal history of trusts. With more people sharing their data, trusts would have more bargaining power to negotiate contract terms that are more beneficial to data subjects than what individual data owners could have achieved. However, this model would not necessarily work for other countries without a strong foundation of trust law. 2.Quality signals required to build trust: A government certificate system can help overcome the lemon market problem 　　The basis of trust in data intermediaries depends largely on whether the service provider is really neutral in its actions and does not reuse or sell off other parties’ data in secret. However, without a suitable way to signal their service quality, the market would end up with less high-quality service, as consumers would be reluctant to pay for higher-priced service that is more secure and trustworthy when they have no means to verify the exact quality.[11] This lemon market problem could only be solved by a certificate system established by actors that consumers trust, which in most cases is the government. 　　The EU government clearly grasped this issue as a major obstacle to the encouragement of trust in data intermediaries and thus tackles it with a government register and verification system. According to the Data Government Act, data intermediation services providers who intend to provide services are required to notify the competent authority with information on their legal status, form, ownership structure, relevant subsidiaries, address, public website, contact details, the type of service they intend to provide, the estimated start date of activities…etc. This information would be provided on a website for consumers to review. In addition, they can request the competent authority to confirm their legal compliance status, which would in turn verify them as reliable entities that can use the ‘data intermediation services provider recognised in the Union’ label. 3.Overcoming trust issues with technology that self-enforces privacy: privacy-enhancing technologies (PETs) 　　Even if there are verified data intermediation services available, businesses and consumers might still be reluctant to trust human organizations. A way to boost trust is to adopt technologies that self-enforces privacy. A real-world example is OpenSAFELY, a data intermediary implementing privacy-enhancing technologies (PETs) to provide health data sharing in a secure environment. Through a federated analytics system, researchers are able to conduct research with large volumes of healthcare data, without the ability to observe any data directly. Under such protection, UK NHS is willing to share its data for research purposes. The accuracy and timeliness of such research have provided key insights to inform the UK government in decision-making during the COVID-19 pandemic. 　　With the benefits it can bring, unsurprisingly, PETs-related policies have become quite popular around the globe. In June 2022, Singapore launched its Digital Trust Centre (DTC) for accelerating PETs development and also signed a Memorandum of Understanding with the International Centre of Expertise of Montreal for the Advancement of Artificial Intelligence (CEIMIA) to collaborate on PETs.[12] On September 7th, 2022, the UK Information Commissioners’ Office (ICO) published draft guidance on PETs.[13] Moreover, the U.K. and U.S. governments are collaborating on PETs prize challenges, announcing the first phase winners on November 10th, 2022.[14] We could reasonably predict that more PETs-related policies would emerge in the coming year. [1] Yan Carrière-Swallow and Vikram Haksar, The Economics of Data, IMFBlog (Sept. 23, 2019), https://blogs.imf.org/2019/09/23/the-economics-of-data/#:~:text=Data%20has%20become%20a%20key,including%20oil%2C%20in%20important%20ways (last visited July 22, 2022). [2] Frontier Economics, Increasing access to data across the economy: Report prepared for the Department for Digital, Culture, Media, and Sport (2021), https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/974532/Frontier-access_to_data_report-26-03-2021.pdf (last visited July 22, 2022). [3] The Centre for Data Ethics and Innovation (CDEI), Unlocking the value of data: Exploring the role of data intermediaries (2021), https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1004925/Data_intermediaries_-_accessible_version.pdf (last visited June 17, 2022). [4] Please refer to the guidelines for the selection of sponsors of the 2022 Social Innovation Summit: https://www.gov.uk/government/publications/uk-national-data-strategy/national-data-strategy(last visited June 17, 2022). [5] Regulation of the European Parliament and of the Council on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act), 2020/0340 (COD) final (May 4, 2022). [6] Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and The Committee of the Regions— A European strategy for data, COM/2020/66 final (Feb 19, 2020). [7] Proposal for a Regulation on European Data Governance, European Parliament Legislative Train Schedule, https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-data-governance-act(last visited Aug 17, 2022). [8] 周晨蕙，〈日本資訊信託功能認定指引第二版〉，科技法律研究所，https://stli.iii.org.tw/article-detail.aspx?no=67&tp=5&d=8422（最後瀏覽日期︰2022/05/30）。 [9] CDEI, supra note 3. [10] Ada Lovelace Institute, Exploring legal mechanisms for data stewardship (2021), 30~31,https://www.adalovelaceinstitute.org/wp-content/uploads/2021/03/Legal-mechanisms-for-data-stewardship_report_Ada_AI-Council-2.pdf (last visited Aug 17, 2022). [11] George A. Akerlof, The Market for "Lemons": Quality Uncertainty and the Market Mechanism, THE QUARTERLY JOURNAL OF ECONOMICS, 84(3), 488-500 (1970). [12] IMDA, MOU Signing Between IMDA and CEIMIA is a Step Forward in Cross-border Collaboration on Privacy Enhancing Technology (PET) (2022),https://www.imda.gov.sg/-/media/Imda/Files/News-and-Events/Media-Room/Media-Releases/2022/06/MOU-bet-IMDA-and-CEIMIA---ATxSG-1-Jun-2022.pdf (last visited Nov. 28, 2022). [13] ICO publishes guidance on privacy enhancing technologies, ICO, https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/09/ico-publishes-guidance-on-privacy-enhancing-technologies/ (last visited Nov. 27, 2022). [14] U.K. and U.S. governments collaborate on prize challenges to accelerate development and adoption of privacy-enhancing technologies, GOV.UK, https://www.gov.uk/government/news/uk-and-us-governments-collaborate-on-prize-challenges-to-accelerate-development-and-adoption-of-privacy-enhancing-technologies (last visited Nov. 28, 2022); Winners Announced in First Phase of UK-US Privacy-Enhancing Technologies Prize Challenges, NIST, https://www.nist.gov/news-events/news/2022/11/winners-announced-first-phase-uk-us-privacy-enhancing-technologies-prize (last visited Nov. 28, 2022).