Impact of Government Organizational Reform to Research Legal System and Response Thereto (2) – Observation of the Swiss Research Innovation System

The Key Elements for Data Intermediaries to Deliver Their Promise 2022/12/13 　　As human history enters the era of data economy, data has become the new oil. It feeds artificial intelligence algorithms that are disrupting how advertising, healthcare, transportation, insurance, and many other industries work. The excitement of having data as a key production input lies in the fact that it is a non-rivalrous good that does not diminish by consumption.[1] However, the fact that people are reluctant in sharing data due to privacy and trade secrets considerations has been preventing countries to realize the full value of data. [2] 　　To release more data, policymakers and researchers have been exploring ways to overcome the trust dilemma. Of all the discussions, data intermediaries have become a major solution that governments are turning to. This article gives an overview of relevant policy developments concerning data intermediaries and a preliminary analysis of the key elements that policymakers should consider for data intermediaries to function well. I. Policy and Legal developments concerning data intermediaries 　　In order to unlock data’s full value, many countries have started to focus on data intermediaries. For example, in 2021, the UK’s Department for Digital, Culture, Media and Sport (DCMS) commissioned the Centre for Data Ethics and Innovation (CDEI) to publish a report on data intermediaries[3] , in response to the 2020 National Data Strategy.[4] In 2020, the European Commission published its draft Data Governance Act (DGA)[5] , which aims to build up trust in data intermediaries and data altruism organizations, in response to the 2020 European Strategy for Data.[6] The act was adopted and approved in mid-2022 by the Parliament and Council; and will apply from 24 September 2023.[7] The Japanese government has also promoted the establishment of data intermediaries since 2019, publishing guidance to establish regulations on data trust and data banks.[8] II. Key considerations for designing effective data intermediary policy 1.Evaluate which type of data intermediary works best in the targeted country 　　From CDEI’s report on data intermediaries and the confusion in DGA’s various versions of data intermediary’s definition, one could tell that there are many forms of data intermediaries. In fact, there are at least eight types of data intermediaries, including personal information management systems (PIMS), data custodians, data exchanges, industrial data platforms, data collaboratives, trusted third parties, data cooperatives, and data trusts.[9] Each type of data intermediary was designed to combat data-sharing issues in specific countries, cultures, and scenarios. Hence, policymakers need to evaluate which type of data intermediary is more suitable for their society and market culture, before investing more resources to promote them. 　　For example, data trust came from the concept of trust—a trustee managing a trustor’s property rights on behalf of his interest. This practice emerged in the middle ages in England and has since developed into case law.[10] Thus, the idea of data trust is easily understood and trusted by the British people and companies. As a result, British people are more willing to believe that data trusts will manage their data on their behalf in their best interest and share their valuable data, compared to countries without a strong legal history of trusts. With more people sharing their data, trusts would have more bargaining power to negotiate contract terms that are more beneficial to data subjects than what individual data owners could have achieved. However, this model would not necessarily work for other countries without a strong foundation of trust law. 2.Quality signals required to build trust: A government certificate system can help overcome the lemon market problem 　　The basis of trust in data intermediaries depends largely on whether the service provider is really neutral in its actions and does not reuse or sell off other parties’ data in secret. However, without a suitable way to signal their service quality, the market would end up with less high-quality service, as consumers would be reluctant to pay for higher-priced service that is more secure and trustworthy when they have no means to verify the exact quality.[11] This lemon market problem could only be solved by a certificate system established by actors that consumers trust, which in most cases is the government. 　　The EU government clearly grasped this issue as a major obstacle to the encouragement of trust in data intermediaries and thus tackles it with a government register and verification system. According to the Data Government Act, data intermediation services providers who intend to provide services are required to notify the competent authority with information on their legal status, form, ownership structure, relevant subsidiaries, address, public website, contact details, the type of service they intend to provide, the estimated start date of activities…etc. This information would be provided on a website for consumers to review. In addition, they can request the competent authority to confirm their legal compliance status, which would in turn verify them as reliable entities that can use the ‘data intermediation services provider recognised in the Union’ label. 3.Overcoming trust issues with technology that self-enforces privacy: privacy-enhancing technologies (PETs) 　　Even if there are verified data intermediation services available, businesses and consumers might still be reluctant to trust human organizations. A way to boost trust is to adopt technologies that self-enforces privacy. A real-world example is OpenSAFELY, a data intermediary implementing privacy-enhancing technologies (PETs) to provide health data sharing in a secure environment. Through a federated analytics system, researchers are able to conduct research with large volumes of healthcare data, without the ability to observe any data directly. Under such protection, UK NHS is willing to share its data for research purposes. The accuracy and timeliness of such research have provided key insights to inform the UK government in decision-making during the COVID-19 pandemic. 　　With the benefits it can bring, unsurprisingly, PETs-related policies have become quite popular around the globe. In June 2022, Singapore launched its Digital Trust Centre (DTC) for accelerating PETs development and also signed a Memorandum of Understanding with the International Centre of Expertise of Montreal for the Advancement of Artificial Intelligence (CEIMIA) to collaborate on PETs.[12] On September 7th, 2022, the UK Information Commissioners’ Office (ICO) published draft guidance on PETs.[13] Moreover, the U.K. and U.S. governments are collaborating on PETs prize challenges, announcing the first phase winners on November 10th, 2022.[14] We could reasonably predict that more PETs-related policies would emerge in the coming year. [1] Yan Carrière-Swallow and Vikram Haksar, The Economics of Data, IMFBlog (Sept. 23, 2019), https://blogs.imf.org/2019/09/23/the-economics-of-data/#:~:text=Data%20has%20become%20a%20key,including%20oil%2C%20in%20important%20ways (last visited July 22, 2022). [2] Frontier Economics, Increasing access to data across the economy: Report prepared for the Department for Digital, Culture, Media, and Sport (2021), https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/974532/Frontier-access_to_data_report-26-03-2021.pdf (last visited July 22, 2022). [3] The Centre for Data Ethics and Innovation (CDEI), Unlocking the value of data: Exploring the role of data intermediaries (2021), https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1004925/Data_intermediaries_-_accessible_version.pdf (last visited June 17, 2022). [4] Please refer to the guidelines for the selection of sponsors of the 2022 Social Innovation Summit: https://www.gov.uk/government/publications/uk-national-data-strategy/national-data-strategy(last visited June 17, 2022). [5] Regulation of the European Parliament and of the Council on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act), 2020/0340 (COD) final (May 4, 2022). [6] Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and The Committee of the Regions— A European strategy for data, COM/2020/66 final (Feb 19, 2020). [7] Proposal for a Regulation on European Data Governance, European Parliament Legislative Train Schedule, https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-data-governance-act(last visited Aug 17, 2022). [8] 周晨蕙，〈日本資訊信託功能認定指引第二版〉，科技法律研究所，https://stli.iii.org.tw/article-detail.aspx?no=67&tp=5&d=8422（最後瀏覽日期︰2022/05/30）。 [9] CDEI, supra note 3. [10] Ada Lovelace Institute, Exploring legal mechanisms for data stewardship (2021), 30~31,https://www.adalovelaceinstitute.org/wp-content/uploads/2021/03/Legal-mechanisms-for-data-stewardship_report_Ada_AI-Council-2.pdf (last visited Aug 17, 2022). [11] George A. Akerlof, The Market for "Lemons": Quality Uncertainty and the Market Mechanism, THE QUARTERLY JOURNAL OF ECONOMICS, 84(3), 488-500 (1970). [12] IMDA, MOU Signing Between IMDA and CEIMIA is a Step Forward in Cross-border Collaboration on Privacy Enhancing Technology (PET) (2022),https://www.imda.gov.sg/-/media/Imda/Files/News-and-Events/Media-Room/Media-Releases/2022/06/MOU-bet-IMDA-and-CEIMIA---ATxSG-1-Jun-2022.pdf (last visited Nov. 28, 2022). [13] ICO publishes guidance on privacy enhancing technologies, ICO, https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/09/ico-publishes-guidance-on-privacy-enhancing-technologies/ (last visited Nov. 27, 2022). [14] U.K. and U.S. governments collaborate on prize challenges to accelerate development and adoption of privacy-enhancing technologies, GOV.UK, https://www.gov.uk/government/news/uk-and-us-governments-collaborate-on-prize-challenges-to-accelerate-development-and-adoption-of-privacy-enhancing-technologies (last visited Nov. 28, 2022); Winners Announced in First Phase of UK-US Privacy-Enhancing Technologies Prize Challenges, NIST, https://www.nist.gov/news-events/news/2022/11/winners-announced-first-phase-uk-us-privacy-enhancing-technologies-prize (last visited Nov. 28, 2022).

Taiwan Government passed The「Act for the Development of Biotech and New Pharmaceuticals Industry」for supporting the biopharmaceutical industry. The purpose of the Act is solely for biopharmaceutical industry, and building the leading economic force in Taiwan. To fulfill this goal, the Act has enacted regulations concerning funding, taxation and recruitment especially for the biopharmaceutical industry. The Act has been seen as the recent important law in the arena of upgrading industry regulation on the island. It is also a rare case where single legislation took place for particular industry. After the Act came into force, the government has promulgated further regulations to supplement the Act, including Guidance for MOEA-Approved Biotech and New Pharmaceuticals Company Issuing Stock Certificate, Deductions on Investments in R&D and Personnel Training of Biotech and New Pharmaceuticals Company, Guidance for Deduction Applicable to Shareholders of Profit-Seeking Enterprises -Biotech and New Pharmaceuticals Company etc. The following discussions are going to introduce the Act along with related incentive measures from an integrated standpoint. 1 、 Scope of Application According to Article 3 of the Act, 「Biotech and New Pharmaceuticals Industry」 refers to the industry that deals in New Rugs and High-risk Medical devices used by human beings, animals, and plants; 「Biotech and New Pharmaceuticals Company」 refers to a company in the Biotech and New Pharmaceuticals Industry that is organized and incorporated in accordance with the Company Act and engages in the research, development, and manufacture of new drugs and high-risk medical devices. Thus, the Act applies to company that conducts research and manufacture product in new drug or high-risk medical devices for human and animal use. Furthermore, to become a Biotech and New Pharmaceuticals Company stipulated in the Act, the Company must receive letter of approval to establish as a Biotech and New Pharmaceuticals Company valid for five years. Consequently, company must submit application to the authority for approval by meeting the following requirements: (1) Companies that conduct any R&D activities or clinical trials must receive permission, product registration, or proof of manufacture for such activities from a competent authority. However, for those conducted these activities outside the country will not apply. (2) When applied for funding for the previous year or in the same year, the expense on R&D in the previous year exceeds 5% of the total net revenue within the same year; or the expenses exceeds 10% of the total capital of the company. (3) Hired at least five R&D personnel majored in biotechnology. For New Drug and High-Risk Medical Device are confined in specific areas. New Drug provided in the Act refers to a drug that has a new ingredient, a new therapeutic effect or a new administration method as verified by the central competent authorities. And High-Risk Medical Device refers to a type of Class III medical devices implanted into human bodies as verified by the central competent authorities. Therefore, generic drug, raw materials, unimplanted medical device, and medical device are not qualified as type III, are all not within the scope of the Act and are not the subject matter the Act intends to reward. 2 、 Tax Benefits Article 5, 6 and 7 provided in the Act has followed the footsteps of Article 6 and 8 stipulated of the Statute, amending the rules tailored to the biopharmaceutical industry, and provided tax benefits to various entities as 「Biotech and New Pharmaceuticals Company」, 「Investors of Biotech and New Pharmaceuticals Industry」, 「Professionals and Technology Investors」. (1) Biotech and New Pharmaceuticals Company In an effort to advance the biopharmaceutical industry, alleviate financial burden of the companies and strengthen their R&D capacity. The Act has provided favorable incentive measures in the sector of R&D and personnel training. According to Article 5: 「For the purpose of promoting the Biotech and New Pharmaceuticals Industry, a Biotech and New Pharmaceuticals Company may, for a period of five years from the time it is subject to profit-seeking enterprise income tax payable, enjoy a reduction in its corporate income tax payable, for up to 35% of the total funds invested in research and development (R&D) and personnel training each year.」 Consequently, company could benefit through tax deduction and relieve from the stress of business operation. Moreover, in supporting Biotech and New Pharmaceutical Company to proceed in R&D and personnel training activities, the Act has set out rewards for those participate in ongoing R&D and training activities. As Article 5 provided that」 If the R&D expenditure of a particular year exceeds the average R&D expenditure of the previous two years, or if the personnel training expenditure of a particular year exceeds the average personnel training expenditure of the pervious two years, 50% of the exceed amount in excess of the average may be used to credit against the amount of profit-seeking enterprise income tax payable. 「However, the total amount of investment credited against by the payable corporate income tax in each year shall not exceed 50% of the amount of profit-seeking enterprise income tax payable by a Biotech and New Pharmaceuticals Company in a year, yet this restriction shall not apply to the amount to be offset in the last year of the aforementioned five-year period. Lastly, Article 5 of the Act shall not apply to Biotech and New Pharmaceutical Company that set up headquarters or branches outside of Taiwan. Therefore, to be qualified for tax deduction on R&D and personnel training, the headquarters or branches of the company must be located in Taiwan. (2) Investors of Biotech and New Pharmaceuticals Company To raise funding, expand business development, and attract investor continuing making investments, Article 6 of the Act has stated that 「In order to encourage the establishment or expansion of Biotech and New Pharmaceuticals Companies, a profit-seeking enterprise that subscribes for the stock issued by a Biotech and New Pharmaceuticals Company at the time of the latter's establishment or subsequent expansion; and has been a registered shareholder of the Biotech and New Pharmaceuticals Company for a period of 3 years or more, may, for a period of five years from the time it is subject to corporate income tax, enjoy a reduction in its profit-seeking enterprise income tax payable for up to 20% of the total amount of the price paid for the subscription of shares in such Biotech and New Pharmaceuticals Company.」 Yet 「If the afore-mentioned profit-seeking enterprise is a venture capital company (「VC」), such VC corporate shareholders may, for a period of five years from the fourth anniversary year of the date on which the VC becomes a registered shareholder of the subject Biotech and New Pharmaceuticals Company, enjoy a reduction in their profit-seeking enterprise income tax payable based on the total deductible amount enjoyed by the VC under Paragraph 1 hereof and the shareholders' respective shareholdings in the VC.」 The government enacted this regulation to encourage corporations and VC to invest in biotech and new pharmaceutical company, and thus provide corporate shareholders with 20% of profit-seeking enterprise income tax payable deduction, and provide VC corporate shareholders tax deduction that proportion to its shareholdings in the VC. (3) Top Executives and Technology Investors Top Executives refer to those with biotechnology background, and has experience in serving as officer of chief executive (CEO) or manager; Technology Investors refer to those acquire shares through exchange of technology. As biopharmaceutical industry possesses a unique business model that demands intensive technology, whether top executives and technology investors are willing to participate in a high risk business and satisfy the needs of industry becomes a critical issue. Consequently, Article 7 of the Act stated that 「In order to encourage top executives and technology investors to participate in the operation of Biotech and New Pharmaceuticals Companies and R&D activities, and to share their achievements, new shares issued by a Biotech and New Pharmaceuticals Company to top executives and technology investors (in return of their knowledge and technology) shall be excluded from the amount of their consolidated income or corporate income of the then current year for taxation purposes; provided, however, that if the title to the aforesaid shares is transferred with or without consideration, or distributed as estate, the total purchase price or the market value of the shares at the time of transfer as a gift or distribution as estate shall be deemed income generated in that tax year and such income less the acquisition cost shall be reported in the relevant income tax return.」 Additionally, 「For the title transfer of shares under the preceding paragraph, the Biotech and New Pharmaceuticals Company concerned shall file a report with the local tax authorities within thirty 30 days from the following day of the title transfer.」 Purpose of this regulation is to attract top executives and technology personnel for the company in long-term through defer taxation. Moreover, the Biotech and New Pharmaceutical Company usually caught in a prolong period of losses, and has trouble financing through issuing new shares, as stipulated par value of each share cannot be less than NTD $10.Thus, in order to offer top executive and technology investors incentives and benefits under such circumstances, Article 8 has further provided that」Biotech and New Pharmaceutical Companies may issue subscription warrants to its top executives and technology investors, provided that the proposal for the issuance of the aforesaid subscription warrants shall pass resolution adopted by a majority votes of directors attended by at least two-thirds (2/3) of all the directors of the company; and be approved by the competent authorities. Holders of the subscription warrants may subscribe a specific number of shares at the stipulated price. The amount of stipulated price shall not be subject to the minimum requirement, i.e. par value of the shares, as prescribed under Article 140 of the Company Act. Subscription of the shares by exercising the subscription warrant shall be subject to income tax in accordance with Article 7 hereof. if a Biotech and New Pharmaceutical Company issue new shares pursuant to Article 7 hereof, Article 267 of the Company Act shall not apply. The top executives and technology investors shall not transfer the subscription warrant acquired to pursuant to this Article.」 These three types of tax benefits are detailed incentive measures tailor to the biopharmaceutical industry. However, what is noteworthy is the start date of the benefits provided in the Act. Different from the Statue, the Act allows company to enjoy these benefits when it begins to generate profits, while the Statute provides company tax benefits once the authority approved its application in the current year. Thus, Biotech and New Pharmaceuticals Company enjoys tax benefits as the company starts to make profit. Such approach reflects the actual business operation of the industry, and resolves the issue of tax benefits provided in the Statue is inapplicable to the biopharmaceutical industry. 3 、 Technical Assistance and Capital Investment Due to the R&D capacity and research personnel largely remains in the academic circle, in order to encourage these researchers to convert R&D efforts into commercial practice, the government intends to enhance the collaboration among industrial players, public institutions, and the research and academic sectors, to bolster the development of Biotech and New Pharmaceuticals Company. However, Article 13 of Civil Servants Service Act prohibits officials from engaging in business operation, the Act lifts the restriction on civil servants. According to Article 10 of the Act provided that」For a newly established Biotech and New Pharmaceuticals Company, if the person providing a major technology is a research member of the government research organization, such person may, with the consent of the government research organization, acquired 10% or more of the shares in the Biotech and New Pharmaceuticals Company at the time of its establishment, and act as founder, director, or technical adviser thereof. In such case, Article 13 of the Civil Servants Service Act shall not apply. And the research organization and research member referred to thereof shall be defined and identified by the Executive Yuan, in consultation with the Examination Yuan.」 This regulation was enacted because of the Civil Servants Services Act provided that public officials are not allowed to be corporate shareholders. However, under certain regulations, civil servants are allowed to be corporate shareholders in the sector of agriculture, mining, transportation or publication, as value of the shares cannot exceed 10% of the total value of the company, and the civil servant does not served in the institution. In Taiwan, official and unofficial research institution encompasses most of the biotechnology R&D capacity and research personnel. If a researcher is working for a government research institution, he would be qualified as a public servant and shall be governed by the Civil Servants Service Act. As a result of such restriction, the Act has lifted the restriction and encouraged these researchers to infuse new technologies into the industry. At last, for advancing the development of the industry, Article 11 also provided that 」R&D personnel of the academic and research sectors may, subject to the consent of their employers, served as advisors or consultants for a Biotech and New Pharmaceuticals Company.」 4 、 Other Regulations For introducing and transferring advanced technology in support of the biopharmaceutical industry, Article 9 stated that 「Organization formed with government funds to provide technical assistance shall provide appropriate technical assistance as may be necessary.」 Besides technical assistance, government streamlines the review process taken by various regulatory authorities, in order to achieve an improved product launch process result in faster time-to-market and time-to profit. As Article 12 provided that 「the review and approval of field test, clinical trials, product registration, and others, the central competent authorities shall establish an open and transparent procedure that unifies the review system.」

Post Brexit – An Update on the United Kingdom Privacy Regime 2021/9/10 　　After lengthy talks, on 31 January 2020, the United Kingdom (‘UK’) finally exited the European Union (‘EU’). Then, the UK shifted into a transition period. The UK government was bombarded with questions from all stakeholders. In particular, the data and privacy industry yelled out the loudest – what am I going to do with data flowing from the EU to the UK? Privacy professionals queried – would the UK have a new privacy regime that significantly departs from the General Data Protection Regulation (‘GDPR’)? Eventually, the UK made a compromise with all stakeholders – the British, the Europeans and the rest of the world – by bridging its privacy laws with the GDPR. On 28 June 2021, the UK obtained an adequacy decision from the EU.[1] This was widely anticipated but also widely known to be delayed, as it was heavily impacted by the aftermaths of the invalidation of the US- EU Privacy Shield.[2] 　　While the rest of the world seems to silently observe the transition undertaken by the UK, post-Brexit changes to the UK’s privacy regime is not only a domestic or regional matter, it is an international matter. Global supply chains and cross border data flows will be affected, shuffling the global economy into a new order. Therefore, it is crucial as citizens of a digital economy to unpack and understand the current UK privacy regime. This paper intends to give the reader a brief introduction to the current privacy regime of the UK. The author proposes to set out the structure of the UK privacy legislation, and to discuss important privacy topics. This paper only focuses on the general processing regime, which is the regime that is most relevant to general stakeholders. UK Privacy Legislation 　　There are two main privacy legislation in the UK – the Data Protection Act 2018 (‘DPA’) and the United Kingdom General Data Protection Act (‘UK GDPR’). These two acts must be read together in order to form a coherent understanding of the current UK privacy regime. 　　The UK GDPR is the creature of Brexit. The UK government wanted a smooth transition out of the EU and acknowledged that they needed to preserve the GDPR in their domestic privacy regime to an extent that would allow them to secure an adequacy decision. The UK government also wanted to create less impact on private companies. Thus, the UK GDPR was born. Largely it aligns closely with the GDPR, supplemented by the DPA. ICO 　　The Information Commissioner’s Office (‘ICO’) is the independent authority supervising the compliance of privacy laws in the UK. Prior to Brexit, the ICO was the UK’s supervisory authority under the GDPR. A unique feature of the ICO’s powers and functions is that it adopts a notice system. The ICO has power to issue four types of notices: information notices, assessment notices, enforcement notices and penalty notices.[3] The information notice requires controllers or processors to provide information. The ICO must issue an assessment notice before conducting data protection audits. Enforcement is only exercisable by giving an enforcement notice. Administrative fines are only exercisable by giving a penalty notice. Territorial Application 　　Section 207(1A) of the DPA states that the DPA applies to any controller or processor established in the UK, regardless where the processing of personal data takes place. Like the GDPR, the DPA and the UK GDPR have an extraterritorial reach to overseas controllers or processors. The DPA and the UK GDPR apply to overseas controllers or processors who process personal data relating to data subjects in the UK, and the processing activities are related to the offering of goods or services, or the monitoring of data subjects’ behavior.[4] Transfers of Personal Data to Third Countries 　　On 28 June 2021, the UK received an adequacy decision from the EU.[5] This means that until 27 June 2025, data can continue to flow freely between the UK and the European Economic Area (‘EEA’). 　　As for transferring personal data to third countries other than the EU, the UK has similar laws to the GDPR. Both the DPA and the UK GDPR restrict controllers or processors from transferring personal data to third countries. A transfer of personal data to a third country is permitted if it is based on adequacy regulations.[6] An EU adequacy decision is known as ‘adequacy regulations’ under the UK regime. 　　If there is no adequacy regulations, then a transfer of personal data to a third country will only be permitted if it is covered by appropriate safeguards, including standard data protection clauses, binding corporate rules, codes of conduct, and certifications.[7] The ICO intends to publish UK standard data protection clauses in 2021.[8] In the meantime, the EU has published a new set of standard data protection clauses (‘SCCs’).[9] However, it must be noted that the EU SCCs are not accepted to be valid in the UK, and may only be used for reference purposes. It is also worth noting that the UK has approved three certification schemes to assist organizations in demonstrating compliance to data protection laws.[10] Lawful Bases for Processing 　　Basically, the lawful bases for processing in the UK regime are the same as the GDPR. Six lawful bases are set out in article 6 of the UK GDPR. To process personal data, at least one of the following lawful bases must be satisfied:[11] The data subject has given consent to the processing; The processing is necessary for the performance of a contract; The processing is necessary for compliance with a legal obligation; The processing is necessary to protect vital interests of an individual – that is, protecting an individual’s life; The processing is necessary for the performance of a public task; The processing is necessary for the purpose of legitimate interests, unless other interests or fundamental rights and freedoms override those legitimate interests. Rights & Exemptions 　　The UK privacy regime, like the GDPR, gives data subjects certain rights. Most of the rights granted under the UK privacy regime is akin to the GDPR and can be found under the UK GDPR. Individual rights under the UK privacy regime is closely linked with its exemptions, this may be said to be a unique feature of the UK privacy regime which sets it apart from the GDPR. Under the DPA and the UK GDPR, there are certain exemptions, meaning organizations are exempted from certain obligations, most of them are associated with individual rights. For example, if data is processed for scientific or historical research purposes, or statistical purposes, organizations are exempted from provisions on the right of access, the right to rectification, the right to restrict processing and the right to object in certain circumstances.[12] Penalties 　　The penalty for infringement of the UK GDPR is the amount specified in article 83 of the UK GDPR.[13] If an amount is not specified, the penalty is the standard maximum amount.[14] The standard maximum amount, at the time of writing, is £8,700,000 (around 10 million Euros) or 2% of the undertaking’s total annual worldwide turnover in the preceding financial year.[15] In any other case, the standard maximum amount is £8,700,000 (around 10 million Euros).[16] Conclusion 　　The UK privacy regime closely aligns with the GDPR. However it would be too simple of a statement to say that the UK privacy regime is almost identical to the GDPR. The ICO’s unique enforcement powers exercised through a notice system is a distinct feature of the UK privacy regime. Recent legal trends show that the UK while trying to preserve its ties with the EU is gradually developing an independent privacy persona. The best example is that in regards to transfers to third countries, the UK has developed its first certification scheme and is attempting to develop its own standard data protection clauses. The UK’s transition out of the EU has certainly been interesting; however, the UK’s transformation from the EU is certainly awaited with awe. [1] Commission Implementing Decision of 28.6.2021, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom, C(2021) 4800 final,https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf.. [2] Judgment of 16 July 2020, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems, C-311/18, EU:C:2020:559, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62018CJ0311. [3] Data Protection Act 2018, §115. [4] Data Protection Act 2018, §207(1A); REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 3. [5] supra note 1. [6] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 44-50. [7] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 46-47. [8]International transfers after the UK exit from the EU Implementation Period, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/ (last visited Sep. 10, 2021). [9] Standard contractual clauses for international transfers, European Commission, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en (last visited Sep. 10, 2021). [10] ICO, New certification schemes will “raise the bar” of data protection in children’s privacy, age assurance and asset disposal, ICO, Aug. 19, 2021, https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/08/ico-approves-the-first-uk-gdpr-certification-scheme-criteria/ (last visited Sep. 10, 2021). [11] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 6(1)-(2); Lawful basis for processing, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ (last visited Sep. 10, 2021). [12] Data Protection Act 2018, sch 2, part 6, para 27. [13] id. at §157. [14] id. [15] id. [16] id.

3.Commission of Technology and Innovation (CTI) 　　The CTI is also an institution dedicated to boosting innovation in Switzerland. Established in 1943, it was known as the Commission for the Promotion of Scientific Research[1]. It was initially established for the purpose of boosting economy and raising the employment rate, and renamed after 1996. The CTI and SNSF are two major entities dedicated to funding scientific research in Switzerland, and the difference between both resides in that the CTI is dedicated to funding R&D of the application technology and industrial technology helpful to Switzerland’s economic development. 　　Upon enforcement of the amended RIPA 2011, the CTI was officially independent from the Federal Office for Professional Education and Technology (OEPT) and became an independent entity entitled to making decisions and subordinated to the Federal Department of Economic Affairs (FDEA) directly[2]. The CTI is subject to the council system, consisting of 65 professional members delegated from industrial, academic and research sectors. The members assume the office as a part time job. CTI members are entitled to making decisions on funding, utilization of resources and granting of CTI Start-up Label independently[3]. 　　The CTI primarily carries out the mission including promotion of R&D of industrial technology, enhancement of the market-orientation innovation process and delivery of R&D energy into the market to boost industrial innovation. For innovation, the CTI's core mission is categorized into[4]: (1)Funding technology R&D activities with market potential 　　The CTI invests considerable funds and resources in boosting the R&D of application technology and industrial technology. The CTI R&D Project is intended to fund private enterprises (particularly small-sized and medium-sized enterprises) to engage in R&D of innovation technology or product. The enterprises may propose their innovative ideas freely, and the CTI will decide whether the funds should be granted after assessing whether the ideas are innovative and potentially marketable[5]. 　　CTI’s funding is conditioned on the industrial and academic cooperation. Therefore, the enterprises must work with at least one research institution (including a university, university of science and technology, or ETH) in the R&D. Considering that small-sized and medium-sized enterprises usually do not own enough working funds, technology and human resources to commercialize creative ideas, the CTI R&D Project is intended to resolve the problem about insufficient R&D energy and funds of small- and medium-sized enterprises by delivering the research institutions’ plentiful research energy and granting the private enterprises which work with research institutions (including university, university of science and technology, or ETH) the fund. Notably, CTI’s funding is applicable to R&D expenses only, e.g., research personnel’s salary and expenditure in equipment & materials, and allocated to the research institutions directly. Meanwhile, in order to enhance private enterprises' launch into R&D projects and make them liable for the R&D success or failure, CTI’s funding will be no more than 50% of the total R&D budget and, therefore, the enterprises are entitled to a high degree of control right in the process of R&D. 　　The industrial types which the CTI R&D Project may apply to are not limited. Any innovative ideas with commercial potential may be proposed. For the time being, the key areas funded by CTI include the life science, engineering science, Nano technology and enabling sciences, etc.[6] It intends to keep Switzerland in the lead in these areas. As of 2011, in order to mitigate the impact of drastic CHF revaluation to the industries, the CTI launched its new R&D project, the CTI Voucher[7]. Given this, the CTI is not only an entity dedicated to funding but also plays an intermediary role in the industrial and academic sectors. Enterprises may submit proposals before finding any academic research institution partner. Upon preliminary examination of the proposals, the CTI will introduce competent academic research institutions to work with the enterprises in R&D, subject to the enterprises' R&D needs. After the cooperative partner is confirmed, CTI will grant the fund amounting to no more than CHF3,500,000 per application[8], provided that the funding shall be no more than 50% of the R&D project expenditure. 　　The CTI R&D Project not only boosts innovation but also raises private enterprises’ willingness to participate in the academic and industrial cooperation, thereby narrowing the gap between the supply & demand of innovation R&D in the industrial and academic sectors. Notably, the Project has achieved remarkable effect in driving private enterprises’ investment in technology R&D. According to statistical data, in 2011, the CTI solicited additional investment of CHF1.3 from a private enterprise by investing each CHF1[9]. This is also one of the important reasons why the Swiss innovation system always acts vigorously. Table 1 　2005-2011 Passing rate of application for R&D funding Year 2011 2010 2009 2008 2007 2006 2005 Quantity of applications 590 780 637 444 493 407 522 Quantity of funded applications 293 343 319 250 277 227 251 Pass rate 56% 44% 50% 56% 56% 56% 48% Data source: Prepared by the Study (2)Guiding high-tech start-up 　　Switzerland has learnt that high-tech start-ups are critical to the creation of high-quality employment and boosting of economic growth, and start-ups were able to commercialize the R&D results. Therefore, as of 2001, Switzerland successively launched the CTI Entrepreneurship and CTI Startup to promote entrepreneurship and cultivate high-tech start-ups. 1.CTI Entrepreneurship 　　The CTI Entrepreneurship was primarily implemented by the Venture Lab founded by CTI investment. The Venture Lab launched a series of entrepreneurship promotion and training courses, covering day workshops, five-day entrepreneurship intensive courses, and entrepreneurship courses available in universities. Each training course was reviewed by experts, and the experts would provide positive advice to attendants about innovative ideas and business models. Data source: Venture Lab Site Fig. 3 　Venture Lab Startup Program 2.CTI Startup 　　The CTI is dedicated to driving the economy by virtue of innovation as its priority mission. In order to cultivate the domestic start-ups with high growth potential in Switzerland, the CTI Startup project was launched in 1996[10] in order to provide entrepreneurs with the relevant guidance services. The project selected young entrepreneurs who provided innovative ideas, and guided them in the process of business start to work their innovative ideas and incorporate competitive start-ups. 　　In order to enable the funding and resources to be utilized effectively, the CTI Startup project enrolled entrepreneurs under very strict procedure, which may be categorized into four stages[11]: Data source: CTI Startup Site Fig. 4 　Startup Plan Flow Chart 　　In the first stage, the CTI would preliminarily examine whether the applicant’s idea was innovative and whether it was technologically feasible, and help the applicant register with the CTI Startup project. Upon registration, a more concrete professional examination would be conducted at the second stage. The scope of examination included the technology, market, feasibility and management team’s competence. After that, at the stage of professional guidance, each team would be assigned a professional “entrepreneurship mentor”, who would help the team develop further and optimize the enterprise’s strategy, flow and business model in the process of business start, and provide guidance and advice on the concrete business issues encountered by the start-up. The stage of professional guidance was intended to guide start-ups to acquire the CTI Startup Label, as the CTI Startup Label was granted subject to very strict examination procedure. For example, in 2012, the CTI Startup project accepted 78 applications for entrepreneurship guidance, but finally the CTI Startup Label was granted to 27 applications only[12]. Since 1996, a total of 296 start-ups have acquired the CTI Startup Label, and more than 86% thereof are still operating now[13]. Apparently, the CTI Startup Label represents the certification for innovation and on-going development competence; therefore, it is more favored by investors at the stage of fund raising. Table 2 　Execution of start-up plans for the latest three years Quantity of application Quantity of accepted application Quantity of CTI Label granted 2012 177 78 27 2011 160 80 26 2010 141 61 24 Data source: CTI Annual Report, prepared by the Study 　　Meanwhile, the “CTI Invest” platform was established to help start-up raise funds at the very beginning to help commercialize R&D results and cross the valley in the process of R&D innovation. The platform is a private non-business-making organization, a high-tech start-up fund raising platform co-established by CTI and Swiss investors[14]. It is engaged in increasing exposure of the start-ups and contact with investors by organizing activities, in order to help the start-ups acquire investment funds. (3)Facilitating transfer of knowledge and technology between the academic sector and industrial sector 　　KTT Support (Knowledge & Technology Transfer (KTT Support) is identified as another policy instrument dedicated to boosting innovation by the CTI. It is intended to facilitate the exchange of knowledge and technology between academic research institutions and private enterprises, in order to transfer and expand the innovation energy. 　　As of 2013, the CTI has launched a brand new KTT Support project targeting at small-sized and medium-sized enterprises. The new KTT Support project consisted of three factors, including National Thematic Networks (NTNs), Innovation Mentors, and Physical and web-based platforms. Upon the CTI’s strict evaluation and consideration, a total of 8 cooperative innovation subjects were identified in 2012, namely, carbon fiber composite materials, design idea innovation, surface innovation, food study, Swiss biotechnology, wood innovation, photonics and logistics network, etc.[15] One NTN would be established per subject. The CTI would fund these NTNs to support the establishment of liaison channels and cooperative relations between academic research institutions and industries and provide small- and medium-sized enterprises in Switzerland with more rapid and easy channel to access technologies to promote the exchange of knowledge and technology between both parties. Innovation Mentors were professionals retained by the CTI, primarily responsible for evaluating the small-sized and medium-sized enterprises’ need and chance for innovation R&D and helping the enterprises solicit competent academic research partners to engage in the transfer of technology. The third factor of KTT Support, Physical and web-based platforms, is intended to help academic research institutions and private enterprises establish physical liaison channels through organization of activities and installation of network communication platforms, to enable the information about knowledge and technology transfer to be more transparent and communicable widely. 　　In conclusion, the CTI has been dedicated to enhancing the link between scientific research and the industries and urging the industrial sector to involve and boost the R&D projects with market potential. The CTI’s business lines are all equipped with corresponding policy instruments to achieve the industrial-academic cooperation target and mitigate the gap between the industry and academic sectors in the innovation chain. The various CTI policy instruments may be applied in the following manner as identified in the following figure. Data source: CTI Annual Report 2011 Fig. 5 　Application of CTI Policy Instrument to Innovation Chain III. Swiss Technology R&D Budget Management and Allocation 　　The Swiss Federal Government has invested considerable expenditures in technology R&D. According to statistic data provided by Swiss Federal Statistical Office (FSO) and OECD, the Swiss research expenditures accounted for 2.37% of the Federal Government’s total expenditures, following the U.S.A. and South Korea (see Fig. 6). Meanwhile, the research expenditures of the Swiss Government grew from CHF2.777 billion in 2000 to CHF4.639 billion in 2010, an average yearly growth rate of 5.9% (see Fig. 7). It is clear that Switzerland highly values its technology R&D. Data source: FSO and OECD Fig. 6 Percentage of Research Expenditures in Various Country Governments’ Total Expenditures (2008) Data source: FSO and OECD Fig. 7 　Swiss Government Research Expenditures 2000-2010 1.Management of Swiss Technology R&D Budget 　　Swiss research expenditures are primarily allocated to the education, R&D and innovation areas, and play an important role in the Swiss innovation system. Therefore, a large part of the Swiss research expenditures are allocated to institutions of higher education, including ETH, universities, and UASs. The Swiss research expenditures are utilized by three hierarchies[16] (see Fig. 8): Government R&D funding agencies: The Swiss research budget is primarily executed by three agencies, including SERI, Federal Department of Economic Affairs, Education and Research, and Swiss Agency for Development and Cooperation (SDC). Intermediary R&D funding agencies: Including SNSC and CTI. Funding of R&D performing institutions: Including private enterprises, institutions of higher education and private non-profit-making business, et al. 　　Therefore, the Swiss Government research expenditures may be utilized by the Federal Government directly, or assigned to intermediary agencies, which will allocate the same to the R&D performing institutions. SERI will allocate the research expenditures to institutions of higher education and also hand a lot of the expenditures over to SNSF for consolidated funding to the basic science of R&D. Data source: FSO Fig. 8 　Swiss Research Fund Utilization Mechanism ~to be continued~ [1] ORGANIZATION FOR ECONNOMIC CO-OPERATION AND DEVELOPMENT [OECD], OECD Reviews of Innovation Policy: Switzerland 27 (2006). [2] As of January 1, 2013, the Federal Ministry of Economic Affairs was reorganized, and renamed into Federal Department of Economic Affairs, Education and Research (EAER). [3] The Commission for Technology and Innovation CTI, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.kti.admin.ch/org/00079/index.html?lang=en (last visited Jun. 3, 2013). [4] Id. [5] CTI INVEST, Swiss Venture Guide 2012 (2012), at 44, http://www.cti-invest.ch/getattachment/7f901c03-0fe6-43b5-be47-6d05b6b84133/Full-Version.aspx (last visited Jun. 4, 2013). [6] CTI, CTI Activity Report 2012 14 (2013), available at http://www.kti.admin.ch/dokumentation/00077/index.html?lang=en&download=NHzLpZeg7t,lnp6I0NTU042l2Z6ln1ad1IZn4Z2qZpnO2Yuq2Z6gpJCDen16fmym162epYbg2c_JjKbNoKSn6A-- (last visited Jun. 3, 2013). [7] CTI Voucher, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.kti.admin.ch/projektfoerderung/00025/00135/index.html?lang=en (last visited Jun. 3, 2013). [8] Id. [9] CTI, CTI Activity Report 2011 20 (2012), available at http://www.kti.admin.ch/dokumentation/00077/index.html?lang=en&download=NHzLpZeg7t,lnp6I0NTU042l2Z6ln1ad1IZn4Z2qZpnO2Yuq2Z6gpJCDeYR,gWym162epYbg2c_JjKbNoKSn6A--(last visited Jun. 3, 2013). [10] CTI Start-up Brings Science to Market, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.ctistartup.ch/en/about/cti-start-/cti-start-up/ (last visited Jun. 5, 2013). [11] Id. [12] Supra note 8, at 45. [13] Id. [14] CTI Invest, http://www.cti-invest.ch/About/CTI-Invest.aspx (last visited Jun. 5, 2013). [15] KTT Support, CTI, http://www.kti.admin.ch/netzwerke/index.html?lang=en (last visited Jun.5, 2013). [16] Swiss Federal Statistics Office (SFO), Public Funding of Research in Switzerland 2000–2010 (2012), available at http://www.bfs.admin.ch/bfs/portal/en/index/themen/04/22/publ.Document.163273.pdf (last visited Jun. 20, 2013).