The CTI is also an institution dedicated to boosting innovation in Switzerland. Established in 1943, it was known as the Commission for the Promotion of Scientific Research[1]. It was initially established for the purpose of boosting economy and raising the employment rate, and renamed after 1996. The CTI and SNSF are two major entities dedicated to funding scientific research in Switzerland, and the difference between both resides in that the CTI is dedicated to funding R&D of the application technology and industrial technology helpful to Switzerland’s economic development.
Upon enforcement of the amended RIPA 2011, the CTI was officially independent from the Federal Office for Professional Education and Technology (OEPT) and became an independent entity entitled to making decisions and subordinated to the Federal Department of Economic Affairs (FDEA) directly[2]. The CTI is subject to the council system, consisting of 65 professional members delegated from industrial, academic and research sectors. The members assume the office as a part time job. CTI members are entitled to making decisions on funding, utilization of resources and granting of CTI Start-up Label independently[3].
The CTI primarily carries out the mission including promotion of R&D of industrial technology, enhancement of the market-orientation innovation process and delivery of R&D energy into the market to boost industrial innovation. For innovation, the CTI's core mission is categorized into[4]:
The CTI invests considerable funds and resources in boosting the R&D of application technology and industrial technology. The CTI R&D Project is intended to fund private enterprises (particularly small-sized and medium-sized enterprises) to engage in R&D of innovation technology or product. The enterprises may propose their innovative ideas freely, and the CTI will decide whether the funds should be granted after assessing whether the ideas are innovative and potentially marketable[5].
CTI’s funding is conditioned on the industrial and academic cooperation. Therefore, the enterprises must work with at least one research institution (including a university, university of science and technology, or ETH) in the R&D. Considering that small-sized and medium-sized enterprises usually do not own enough working funds, technology and human resources to commercialize creative ideas, the CTI R&D Project is intended to resolve the problem about insufficient R&D energy and funds of small- and medium-sized enterprises by delivering the research institutions’ plentiful research energy and granting the private enterprises which work with research institutions (including university, university of science and technology, or ETH) the fund. Notably, CTI’s funding is applicable to R&D expenses only, e.g., research personnel’s salary and expenditure in equipment & materials, and allocated to the research institutions directly. Meanwhile, in order to enhance private enterprises' launch into R&D projects and make them liable for the R&D success or failure, CTI’s funding will be no more than 50% of the total R&D budget and, therefore, the enterprises are entitled to a high degree of control right in the process of R&D.
The industrial types which the CTI R&D Project may apply to are not limited. Any innovative ideas with commercial potential may be proposed. For the time being, the key areas funded by CTI include the life science, engineering science, Nano technology and enabling sciences, etc.[6] It intends to keep Switzerland in the lead in these areas. As of 2011, in order to mitigate the impact of drastic CHF revaluation to the industries, the CTI launched its new R&D project, the CTI Voucher[7]. Given this, the CTI is not only an entity dedicated to funding but also plays an intermediary role in the industrial and academic sectors. Enterprises may submit proposals before finding any academic research institution partner. Upon preliminary examination of the proposals, the CTI will introduce competent academic research institutions to work with the enterprises in R&D, subject to the enterprises' R&D needs. After the cooperative partner is confirmed, CTI will grant the fund amounting to no more than CHF3,500,000 per application[8], provided that the funding shall be no more than 50% of the R&D project expenditure.
The CTI R&D Project not only boosts innovation but also raises private enterprises’ willingness to participate in the academic and industrial cooperation, thereby narrowing the gap between the supply & demand of innovation R&D in the industrial and academic sectors. Notably, the Project has achieved remarkable effect in driving private enterprises’ investment in technology R&D. According to statistical data, in 2011, the CTI solicited additional investment of CHF1.3 from a private enterprise by investing each CHF1[9]. This is also one of the important reasons why the Swiss innovation system always acts vigorously.
Table 1 2005-2011 Passing rate of application for R&D funding
Year |
2011 |
2010 |
2009 |
2008 |
2007 |
2006 |
2005 |
Quantity of applications |
590 |
780 |
637 |
444 |
493 |
407 |
522 |
Quantity of funded applications |
293 |
343 |
319 |
250 |
277 |
227 |
251 |
Pass rate |
56% |
44% |
50% |
56% |
56% |
56% |
48% |
Data source: Prepared by the Study
Switzerland has learnt that high-tech start-ups are critical to the creation of high-quality employment and boosting of economic growth, and start-ups were able to commercialize the R&D results. Therefore, as of 2001, Switzerland successively launched the CTI Entrepreneurship and CTI Startup to promote entrepreneurship and cultivate high-tech start-ups.
The CTI Entrepreneurship was primarily implemented by the Venture Lab founded by CTI investment. The Venture Lab launched a series of entrepreneurship promotion and training courses, covering day workshops, five-day entrepreneurship intensive courses, and entrepreneurship courses available in universities. Each training course was reviewed by experts, and the experts would provide positive advice to attendants about innovative ideas and business models.
Data source: Venture Lab Site
Fig. 3 Venture Lab Startup Program
The CTI is dedicated to driving the economy by virtue of innovation as its priority mission. In order to cultivate the domestic start-ups with high growth potential in Switzerland, the CTI Startup project was launched in 1996[10] in order to provide entrepreneurs with the relevant guidance services. The project selected young entrepreneurs who provided innovative ideas, and guided them in the process of business start to work their innovative ideas and incorporate competitive start-ups.
In order to enable the funding and resources to be utilized effectively, the CTI Startup project enrolled entrepreneurs under very strict procedure, which may be categorized into four stages[11]:
Data source: CTI Startup Site
Fig. 4 Startup Plan Flow Chart
In the first stage, the CTI would preliminarily examine whether the applicant’s idea was innovative and whether it was technologically feasible, and help the applicant register with the CTI Startup project. Upon registration, a more concrete professional examination would be conducted at the second stage. The scope of examination included the technology, market, feasibility and management team’s competence. After that, at the stage of professional guidance, each team would be assigned a professional “entrepreneurship mentor”, who would help the team develop further and optimize the enterprise’s strategy, flow and business model in the process of business start, and provide guidance and advice on the concrete business issues encountered by the start-up. The stage of professional guidance was intended to guide start-ups to acquire the CTI Startup Label, as the CTI Startup Label was granted subject to very strict examination procedure. For example, in 2012, the CTI Startup project accepted 78 applications for entrepreneurship guidance, but finally the CTI Startup Label was granted to 27 applications only[12]. Since 1996, a total of 296 start-ups have acquired the CTI Startup Label, and more than 86% thereof are still operating now[13]. Apparently, the CTI Startup Label represents the certification for innovation and on-going development competence; therefore, it is more favored by investors at the stage of fund raising.
Table 2 Execution of start-up plans for the latest three years
|
Quantity of application |
Quantity of accepted application |
Quantity of CTI Label granted |
2012 |
177 |
78 |
27 |
2011 |
160 |
80 |
26 |
2010 |
141 |
61 |
24 |
Data source: CTI Annual Report, prepared by the Study
Meanwhile, the “CTI Invest” platform was established to help start-up raise funds at the very beginning to help commercialize R&D results and cross the valley in the process of R&D innovation. The platform is a private non-business-making organization, a high-tech start-up fund raising platform co-established by CTI and Swiss investors[14]. It is engaged in increasing exposure of the start-ups and contact with investors by organizing activities, in order to help the start-ups acquire investment funds.
KTT Support (Knowledge & Technology Transfer (KTT Support) is identified as another policy instrument dedicated to boosting innovation by the CTI. It is intended to facilitate the exchange of knowledge and technology between academic research institutions and private enterprises, in order to transfer and expand the innovation energy.
As of 2013, the CTI has launched a brand new KTT Support project targeting at small-sized and medium-sized enterprises. The new KTT Support project consisted of three factors, including National Thematic Networks (NTNs), Innovation Mentors, and Physical and web-based platforms. Upon the CTI’s strict evaluation and consideration, a total of 8 cooperative innovation subjects were identified in 2012, namely, carbon fiber composite materials, design idea innovation, surface innovation, food study, Swiss biotechnology, wood innovation, photonics and logistics network, etc.[15] One NTN would be established per subject. The CTI would fund these NTNs to support the establishment of liaison channels and cooperative relations between academic research institutions and industries and provide small- and medium-sized enterprises in Switzerland with more rapid and easy channel to access technologies to promote the exchange of knowledge and technology between both parties. Innovation Mentors were professionals retained by the CTI, primarily responsible for evaluating the small-sized and medium-sized enterprises’ need and chance for innovation R&D and helping the enterprises solicit competent academic research partners to engage in the transfer of technology. The third factor of KTT Support, Physical and web-based platforms, is intended to help academic research institutions and private enterprises establish physical liaison channels through organization of activities and installation of network communication platforms, to enable the information about knowledge and technology transfer to be more transparent and communicable widely.
In conclusion, the CTI has been dedicated to enhancing the link between scientific research and the industries and urging the industrial sector to involve and boost the R&D projects with market potential. The CTI’s business lines are all equipped with corresponding policy instruments to achieve the industrial-academic cooperation target and mitigate the gap between the industry and academic sectors in the innovation chain. The various CTI policy instruments may be applied in the following manner as identified in the following figure.
Data source: CTI Annual Report 2011
Fig. 5 Application of CTI Policy Instrument to Innovation Chain
The Swiss Federal Government has invested considerable expenditures in technology R&D. According to statistic data provided by Swiss Federal Statistical Office (FSO) and OECD, the Swiss research expenditures accounted for 2.37% of the Federal Government’s total expenditures, following the U.S.A. and South Korea (see Fig. 6). Meanwhile, the research expenditures of the Swiss Government grew from CHF2.777 billion in 2000 to CHF4.639 billion in 2010, an average yearly growth rate of 5.9% (see Fig. 7). It is clear that Switzerland highly values its technology R&D.
Data source: FSO and OECD
Fig. 6 Percentage of Research Expenditures in Various Country Governments’ Total Expenditures (2008)
Data source: FSO and OECD
Fig. 7 Swiss Government Research Expenditures 2000-2010
Swiss research expenditures are primarily allocated to the education, R&D and innovation areas, and play an important role in the Swiss innovation system. Therefore, a large part of the Swiss research expenditures are allocated to institutions of higher education, including ETH, universities, and UASs. The Swiss research expenditures are utilized by three hierarchies[16] (see Fig. 8):
Therefore, the Swiss Government research expenditures may be utilized by the Federal Government directly, or assigned to intermediary agencies, which will allocate the same to the R&D performing institutions. SERI will allocate the research expenditures to institutions of higher education and also hand a lot of the expenditures over to SNSF for consolidated funding to the basic science of R&D.
Data source: FSO
Fig. 8 Swiss Research Fund Utilization Mechanism
~to be continued~
[1] ORGANIZATION FOR ECONNOMIC CO-OPERATION AND DEVELOPMENT [OECD], OECD Reviews of Innovation Policy: Switzerland 27 (2006).
[2] As of January 1, 2013, the Federal Ministry of Economic Affairs was reorganized, and renamed into Federal Department of Economic Affairs, Education and Research (EAER).
[3] The Commission for Technology and Innovation CTI, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.kti.admin.ch/org/00079/index.html?lang=en (last visited Jun. 3, 2013).
[4] Id.
[5] CTI INVEST, Swiss Venture Guide 2012 (2012), at 44, http://www.cti-invest.ch/getattachment/7f901c03-0fe6-43b5-be47-6d05b6b84133/Full-Version.aspx (last visited Jun. 4, 2013).
[6] CTI, CTI Activity Report 2012 14 (2013), available at http://www.kti.admin.ch/dokumentation/00077/index.html?lang=en&download=NHzLpZeg7t,lnp6I0NTU042l2Z6ln1ad1IZn4Z2qZpnO2Yuq2Z6gpJCDen16fmym162epYbg2c_JjKbNoKSn6A-- (last visited Jun. 3, 2013).
[7] CTI Voucher, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.kti.admin.ch/projektfoerderung/00025/00135/index.html?lang=en (last visited Jun. 3, 2013).
[8] Id.
[9] CTI, CTI Activity Report 2011 20 (2012), available at http://www.kti.admin.ch/dokumentation/00077/index.html?lang=en&download=NHzLpZeg7t,lnp6I0NTU042l2Z6ln1ad1IZn4Z2qZpnO2Yuq2Z6gpJCDeYR,gWym162epYbg2c_JjKbNoKSn6A--(last visited Jun. 3, 2013).
[10] CTI Start-up Brings Science to Market, THE COMMISSION FOR TECHOLOGY AND INNOVATION CTI, http://www.ctistartup.ch/en/about/cti-start-/cti-start-up/ (last visited Jun. 5, 2013).
[11] Id.
[12] Supra note 8, at 45.
[13] Id.
[14] CTI Invest, http://www.cti-invest.ch/About/CTI-Invest.aspx (last visited Jun. 5, 2013).
[15] KTT Support, CTI, http://www.kti.admin.ch/netzwerke/index.html?lang=en (last visited Jun.5, 2013).
[16] Swiss Federal Statistics Office (SFO), Public Funding of Research in Switzerland 2000–2010 (2012), available at http://www.bfs.admin.ch/bfs/portal/en/index/themen/04/22/publ.Document.163273.pdf (last visited Jun. 20, 2013).
Blockchain and General Data Protection Regulation (GDPR) compliance issues (2019) I. Brief Blockchain technology can solve the problem of trust between data demanders and data providers. In other words, in a centralized mode, data demanders can only choose to believe that the centralized platform will not contain the false information. However, in the decentralized mode, data isn’t controlled by one individual group or organization[1], data demanders can directly verify information such as data source, time, and authorization on the blockchain without worrying about the correctness and authenticity of the data. Take the “immutable” for example, it is conflict with the right to erase (also known as the right to be forgotten) in the GDPR.With encryption and one-time pad (OTP) technology, data subjects can make data off-chain storaged or modified at any time in a decentralized platform, so the problem that data on blockchain not meet the GDPR regulation has gradually faded away. II. What is GDPR? The purpose of the EU GDPR is to protect user’s data and to prevent large-scale online platforms or large enterprises from collecting or using user’s data without their permission. Violators will be punished by the EU with up to 20 million Euros (equal to 700 million NT dollars) or 4% of the worldwide annual revenue of the prior financial year. The aim is to promote free movement of personal data within the European Union, while maintaining adequate level of data protection. It is a technology-neutral law, any type of technology which is for processing personal data is applicable. So problem about whether the data on blockchain fits GDPR regulation has raise. Since the blockchain is decentralized, one of the original design goals is to avoid a large amount of centralized data being abused. Blockchain can be divided into permissioned blockchains and permissionless blockchains. The former can also be called “private chains” or “alliance chains” or “enterprise chains”, that means no one can join the blockchain without consent. The latter can also be called “public chains”, which means that anyone can participate on chain without obtaining consent. Sometimes, private chain is not completely decentralized. The demand for the use of blockchain has developed a hybrid of two types of blockchain, called “alliance chain”, which not only maintains the privacy of the private chain, but also maintains the characteristics of public chains. The information on the alliance chain will be open and transparent, and it is in conflict with the application of GDPR. III. How to GDPR apply to blockchain ? First, it should be determined whether the data on the blockchain is personal data protected by GDPR. Second, what is the relationship and respective responsibilities of the data subject, data controller, and data processor? Finally, we discuss the common technical characteristics of blockchain and how it is applicable to GDPR. 1. Data on the blockchain is personal data protected by GDPR? First of all, starting from the technical characteristics of the blockchain, blockchain technology is commonly decentralized, anonymous, immutable, trackable and encrypted. The other five major characteristics are immutability, authenticity, transparency, uniqueness, and collective consensus. Further, the blockchain is an open, decentralized ledger technology that can effectively verify and permanently store transactions between two parties, and can be proved. It is a distributed database, all users on the chain can access to the database and the history record, also can directly verify transaction records. Each nodes use peer-to-peer transmission for upload or transfer information without third-party intermediation, which is the unique “decentralization” feature of the blockchain. In addition, the node or any user on the chain has a unique and identifiable set of more than 30 alphanumeric addresses, but the user may choose to be anonymous or provide identification, which is also a feature of transparency with pseudonymity[2]; Data on blockchain is irreversibility of records. Once the transaction is recorded and updated on the chain, it is difficult to change and is permanently stored in the database, that is to say, it has the characteristics of “tamper-resistance”[3]. According to Article 4 (1) of the GDPR, “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Therefore, if data subject cannot be identified by the personal data on the blockchain, that is an anonymous data, excluding the application of GDPR. (1) What is Anonymization? According to Opinion 05/2014 on Anonymization Techniques by Article 29 Data Protection Working Party of the European Union, “anonymization” is a technique applied to personal data in order to achieve irreversible de-identification[4]. And it also said the “Hash function” of blockchain is a pseudonymization technology, the personal data is possible to be re-identified. Therefore it’s not an “anonymization”, the data on the blockchain may still be the personal data stipulated by the GDPR. As the blockchain evolves, it will be possible to develop technologies that are not regulated by GDPR, such as part of the encryption process, which will be able to pass the court or European data protection authorities requirement of anonymization. There are also many compliance solutions which use technical in the industry, such as avoiding transaction data stored directly on the chain. 2. International data transmission Furthermore, in accordance with Article 3 of the GDPR, “This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union”.[5] In other words, GDPR applies only when the data on the blockchain is not anonymized, and involves the processing of personal data of EU citizens. 3. Identification of data controllers and data processors Therefore, if the encryption technology involves the public storage of EU citizens' personal data and passes it to a third-party controller, it may be identified as the “data controller” under Article 4 of GDPR, and all nodes and miners of the platform may be deemed as the “co-controller” of the data, and be assumed joint responsibility with the data controller by GDPR. For example, the parties can claim the right to delete data from the data controller. In addition, a blockchain operator may be identified as a “processor”, for example, Backend as a Service (BaaS) products, the third parties provide network infrastructure for users, and let users manage and store personal data. Such Cloud Services Companies provide online services on behalf of customers, do not act as “data controllers”. Some commentators believe that in the case of private chains or alliance chains, such as land records transmission, inter-bank customer information sharing, etc., compared to public chain applications: such as cryptocurrencies (Bitcoin for example), is not completely decentralized, and more likely to meet GDPR requirements[6]. For example, in the case of a private chain or alliance chain, it is a closed platform, which contains only a small number of trusted nodes, is more effective in complying with the GDPR rules. 4. Data subject claims In accordance with Article 17 of the GDPR, The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay under some grounds. Off-chain storage technology can help the blockchain industry comply with GDPR rules, allowing offline storage of personal data, or allow trusted nodes to delete the private key of encrypted information, which leaving data that cannot be read and identified on the chain. If the data is in accordance with the definition of anonymization by GDPR, there is no room for GDPR to be applied. IV. Conclusion In summary, it’s seem that the application of blockchain to GDPR may include: (a) being difficulty to identified the data controllers and data processors after the data subject upload their data. (b) the nature of decentralized storage is transnational storage, and Whether the country where the node is located, is meets the “adequacy decision” of Article 45 of the GDPR. If it cannot be met, then it needs to consider whether it conforms to the transfers subject to appropriate safeguards of Article 46, or the derogations for specific situations of Article 49 of the GDPR. Reference: [1] How to Trade Cryptocurrency: A Guide for (Future) Millionaires, https://wikijob.com/trading/cryptocurrency/how-to-trade-cryptocurrency [2] DONNA K. HAMMAKER, HEALTH RECORDS AND THE LAW 392 (5TH ED. 2018). [3] Iansiti, Marco, and Karim R. Lakhani, The Truth about Blockchain, Harvard Business Review 95, no. 1 (January-February 2017): 118-125, available at https://hbr.org/2017/01/the-truth-about-blockchain [4] Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques (2014), https://www.pdpjournals.com/docs/88197.pdf [5] Directive 95/46/EC (General Data Protection Regulation), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN [6] Queen Mary University of London, Are blockchains compatible with data privacy law? https://www.qmul.ac.uk/media/news/2018/hss/are-blockchains-compatible-with-data-privacy-law.html
Executive Yuan Promotes Free Economic Demonstration ZoneI.Background To promote more liberal and internationalized development of Taiwan economy, Premier of Executive Yuan approved the “Free Economic Demonstration Zone Plan” on April 26, 2013. Meanwhile, an Executive Yuan Working Group on Promotion of Economic Demonstration Zone is set up to accelerate the mapping out of the promotion programs as well as detailed action plans. The first phase of the Free Economic Demonstration Zone is to be officially initiated in July. According to the “Free Economic Demonstration Zone Plan”, the relevant laws and provisions regarding the flowing of human and financial capitals, and of logistics, will be loosen up to a great degree, based on the core ideas of liberalization, internationalization, and forwardness. Other related measures such as offering of lands and taxation would also be made, in order to attract capitals from both the inside and outside of the country. In addition, the Free Economic Demonstration Zone will first develop economic activities such as intelligent computing, international medicine services, value-added agriculture and cooperation among industries, to accelerate the transformation of the industrial structure of Taiwan. In order to construe an excellent environment for business of full liberalization and internationalization, the promotion strategies will be focused on “break-through of legal frameworks and innovations of management mechanisms”. II.Content of the Plan To accelerate the promotion process, the Free Economic Demonstration Zone will be conducted in two phases. The first phase is centered on the existing free trade port areas, including five ports and one airport, incorporated with the nature of “being inside the country border but outside the tariff zone”. All the industrial parks in the near counties and cities will also be integrated. The promotion will be set out simultaneously in the north, middle and south of Taiwan. The effects of the promotion are expected to be magnified by fully utilizing the resources and the unique characters of industries of each region. Moreover, the promulgation of a special legislation on the Free Economic Demonstration Zone would be facilitated in the future. After this special legislation is passed, the set-ups of demonstration zones can be applied by authorities either of central or of local government and the related promotion works of the second phase will be unfolded immediately. According to the Executive Yuan, the Free Economic Demonstration Zone will be beneficial in terms of creating positive conditions for Taiwan to participate in regional trade organizations and attract both local and foreign investment, injecting new movement into the economic growth of Taiwan. III.Recent Development In addition, on August 8, 2013, relevant discussions on “Furtherance Plan for Free Economic Demonstration Zone Phase One” are further unfolded in the Executive Yuan conference. In addition, the Premier also indicates, that the furtherance of the Free Economic Demonstration Zone (hereafter: FEDZ) is divided into two phases. The first phase starts from the moment that the Plan is approved till the related special legislation is passed and promulgated. In this phase, the relevant tasks can be achieved through the ways of promulgation of administrative orders. On the other hand, the tasks concerning taxation benefits and other parts that involve legislation will not able to be initiated till the second phase of the Plan. For those tasks, the Council for Economic Planning and Development is asked to complete the drafting of this special legislation and related procedures for registering it into the Executive Yuan, together with the Ministry of Economic Affairs and other concerned agencies, in the hope that the related legislation works of the Executive Yuan can be completed before the end of this year. In respect of “Furtherance Plan for Free Economic Demonstration Zone Phase One”, Premier Jiang further points out, that FEDZ is a model incorporates the concept of “being inside the country border but outside the tariff zone” and the idea of “combining the stores upfront and the factories behind, outsourcing manufactures”. In this way, the hinterland of a port can be expended and magnified effects to be achieved through using the resources provided by the factory in behind. Under this pattern, the expansion effects that cities and counties such as New Taipei City and Changhua Country fight for, can be further extended by this concept of “factories in the back”. As for Port of Anping, over which Tainan City government has proactively fought for, can be listed as a demonstration zone once the Executive Yuan approved it as free trade port zone. In the future, other places that are with forward-looking industry and suitable can still be enlisted. Premier Jiang further expresses that, there are four demonstration industries in the first phase, including intelligent computing, international medicine services, value-added agriculture and cooperation among industries. Yet, he also points out that the demonstration of liberalized economy is a concept of “4+N”. It means that the demonstration will not be limited to the scope of these four industries. Other industries that match up with the idea of liberalization, internationalization and foresight can all be incorporated into FEDZ through continuing examination. Moreover, Premier Jiang later mentions on August 14th, that FEDZ is a crucial task for the government at this moment. He thus requests the Ministry of Economic Affairs, Ministry of Transportation and Communications, Ministry of Health and Welfare, and the Council of Agriculture, to enhance the training and service quality of staffers of the single service window of furtherance of FEDZ. Moreover, Premier Jiang additionally indicated in November, that the scope of the FEDZ will include Pingtung Agricultural Biotechnology Park and Kaohsiung Free Trade Port Area. The combination of the two will facilitate adding value to the agriculture in Taiwan and put momentum into quality agriculture, making the high-quality agricultural products of our country being sold to all over the world with swift logistic services. Premier Jiang also mentioned, that in order to avoid Taiwan being marginalized amid regional integrations of global economies, the government is facilitating industries of potentials by proactively promote the FEDZ. The current approach is to expend the original free trade port area with legislative bases, creating the demonstration zones of free economy by combing original establishments such as Pingtung Agricultural Biotechnology Park. If this approach and system is proved feasible, the next step would be promoting it to island-wide, making the whole nation open-up. IV.Conclusion In the past decade, the economic development in Taiwan, compared to neighboring economic zones such as Hong Kong, Korean or Singapore, was indeed stagnant. It is thus a positive move for the government to put great efforts in promoting FEDZ, in the hope that the liberalization and internationalization of the economy of this country can therefore be significantly improved. Yet, some commentators are of slightly more skeptical opinions, reminding that in terms of the tax relaxation in the Plan, similar approach was already taken by the government before, which did not lead to the expected outcome. In sum, it still remains as a continuing task for us and for the administration as well, to ponder on how Taiwan can find out its own unique strength in the face of global competition. How we can attract more international partners, to create mutual economic benefits. The FEDZ is undoubtedly a first step. Nevertheless, challenges are still ahead of the government, as to how to take many more steps in the future, in order to make Taiwan to march on the stage of the world again.
Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022Reviews on Taiwan Constitutional Court's Judgment no. 13 of 2022 2022/11/24 I.Introduction In 2012, the Taiwan Human Rights Promotion Association and other civil groups believe that the National Health Insurance Administration released the national health insurance database and other health insurance data for scholars to do research without consent, which may be unconstitutional and petitioned for constitutional interpretation. Taiwan Human Rights Promotion Association believes that the state collects, processes, and utilizes personal data on a large scale with the "Personal Data Protection Law", but does not set up another law of conduct to control the exercise of state power, which has violated the principle of legal retention; the data is provided to third-party academic research for use, and the parties involved later Excessive restrictions on the right to withdraw go against the principle of proportionality. The claimant criticized that depriving citizens of their prior consent and post-control rights to medical data is like forcing all citizens to unconditionally contribute data for use outside the purpose before they can use health insurance. The personal data law was originally established to "avoid the infringement of personality rights and promote the rational use of data", but in the insufficient and outdated design of the regulations, it cannot protect the privacy of citizens' information from infringement, and it is easy to open the door to the use of data for other purposes. In addition, even if the health insurance data is de-identified, it is still "individual data" that can distinguish individuals, not "overall data." Health insurance data can be connected with other data of the Ministry of Health and Welfare, such as: physical and mental disability files, sexual assault notification files, etc., and you can also apply for bringing in external data or connecting with other agency data. Although Taiwan prohibits the export of original data, the risk of re-identification may also increase as the number of sources and types of data concatenated increases, as well as unspecified research purposes. The constitutional court of Taiwan has made its judgment on the constitutionality of the personal data usage of National Health Insurance research database. The judgment, released on August 12, 2022, states that Article 6 of Personal Data Protection Act(PDPA), which asks“data pertaining to a natural person's medical records, healthcare, genetics, sex life, physical examination and criminal records shall not be collected, processed or used unless where it is necessary for statistics gathering or academic research by a government agency or an academic institution for the purpose of healthcare, public health, or crime prevention, provided that such data, as processed by the data provider or as disclosed by the data collector, may not lead to the identification of a specific data subject”does not violate Intelligible principle and Principle of proportionality. Therefore, PDPA does not invade people’s right to privacy and remains constitutional. However, the judgment finds the absence of independent supervisory authority responsible for ensuring Taiwan institutions and bodies comply with data protection law, can be unconstitutional, putting personal data protection system on the borderline to failure. Accordingly, laws and regulations must be amended to protect people’s information privacy guaranteed by Article 22 of Constitution of the Republic of China (Taiwan). In addition, the judgment also states it is unconstitutional that Articles 79 and 80 of National Health Insurance Law and other relevant laws lack clear provisions in terms of store, process, external transmission of Personal health insurance data held by Central Health Insurance Administration of the Ministry of Health and Welfare. Finally, the Central Health Insurance Administration of the Ministry of Health and Welfare provides public agencies or academic research institutions with personal health insurance data for use outside the original purpose of collection. According to the overall observation of the relevant regulations, there is no relevant provision that the parties can request to “opt-out”; within this scope, it violates the intention of Article 22 of the Constitution to protect people's right to information privacy. II.Independent supervisory authority According to Article 3 of Central Regulations and Standards Act, government agencies can be divided into independent agencies that can independently exercise their powers and operate autonomously, and non- independent agencies that must obey orders from their superiors. In Taiwan, the so-called "dedicated agency"(專責機關) does not fall into any type of agency defined by the Central Regulations and Standards Act. Dedicated agency should be interpreted as an agency that is responsible for a specific business and here is no other agency to share the business. The European Union requires member states to set up independent regulatory agencies (refer to Articles 51 and 52 of General Data Protection Regulation (GDPR)). In General Data Protection Regulation and the adequacy reference guidelines, the specific requirements for personal data supervisory agencies are as follows: the country concerned should have one or more independent supervisory agencies; they should perform their duties completely independently and cannot seek or accept instructions; the supervisory agencies should have necessary and practicable powers, including the power of investigation; it should be considered whether its staff and budget can effectively assist its implementation. Therefore, in order to pass the EU's adequacy certification and implement the protection of people's privacy and information autonomy, major countries have set up independent supervisory agencies for personal data protection based on the GDPR standards. According to this research, most countries have 5 to 10 commissioners that independently exercise their powers to supervise data exchange and personal data protection. In order to implement the powers and avoid unnecessary conflicts of interests among personnel, most of the commissioners are full-time professionals. Article 3 of Basic Code Governing Central Administrative Agencies Organizations defines independent agency as "A commission-type collegial organization that exercises its powers and functions independently without the supervision of other agencies, and operates autonomously unless otherwise stipulated." It is similar to Japan, South Korea, and the United States. III.Right to Opt-out The judgment pointed out that the parties still have the right to control afterwards the personal information that is allowed to be collected, processed and used without the consent of the parties or that meets certain requirements. Although Article 11 of PDPA provides for certain parties to exercise the right to control afterwards, it does not cover all situations in which personal data is used, such as: legally collecting, processing or using correct personal data, and its specific purpose has not disappeared, In the event that the time limit has not yet expired, so the information autonomy of the party cannot be fully protected, the subject, cause, procedure, effect, etc. of the request for suspension of use should be clearly stipulated in the revised law, and exceptions are not allowed. The United Kingdom is of great reference. In 2017, after the British Information Commissioner's Office (ICO) determined that the data sharing agreement between Google's artificial intelligence DeepMind and the British National Health Service (NHS) violated the British data protection law, the British Department of Health and Social Care proposed National data opt-out Directive in May, 2018. British health and social care-related institutions may refer to the National Data Opt-out Operational Policy Guidance Document published by the National Health Service in October to plan the mechanism for exercising patient's opt-out right. The guidance document mainly explains the overall policy on the exercise of the right to opt-out, as well as the specific implementation of suggested practices, such as opt-out response measures, methods of exercising the opt-out right, etc. National Data Opt-out Operational Policy Guidance Document also includes exceptions and restrictions on the right to opt-out. The Document stipulates that exceptions may limit the right to Opt-out, including: the sharing of patient data, if it is based on the consent of the parties (consent), the prevention and control of infectious diseases (communicable disease and risks to public health), major public interests (overriding) Public interest), statutory obligations, or cooperation with judicial investigations (information required by law or court order), health and social care-related institutions may exceptionally restrict the exercise of the patient's right to withdraw. What needs to be distinguished from the situation in Taiwan is that when the UK first collected public information and entered it into the NHS database, there was already a law authorizing the NHS to search and use personal information of the public. The right to choose to enter or not for the first time; and after their personal data has entered the NHS database, the law gives the public the right to opt-out. Therefore, the UK has given the public two opportunities to choose through the enactment of special laws to protect public's right to information autonomy. At present, the secondary use of data in the health insurance database does not have a complete legal basis in Taiwan. At the beginning, the data was automatically sent in without asking for everyone’s consent, and there was no way to withdraw when it was used for other purposes, therefore it was s unconstitutional. Hence, in addition to thinking about what kind of provisions to add to the PDPA as a condition for "exception and non-request for cessation of use", whether to formulate a special law on secondary use is also worthy of consideration by the Taiwan government. IV.De-identification According to the relevant regulations of PDPA, there is no definition of "de-identification", resulting in a conceptual gap in the connotation. In other words, what angle or standard should be used to judge that the processed data has reached the point where it is impossible to identify a specific person. In judicial practice, it has been pointed out that for "data recipients", if the data has been de-identified, the data will no longer be regulated by PDPA due to the loss of personal attributes, and it is even further believed that de-identification is not necessary. However, the Judgment No. 13 of Constitutional Court, pointed out that through de-identification measures, ordinary people cannot identify a specific party without using additional information, which can be regarded as personal data of de-identification data. Therefore, the judge did not give an objective standard for de-identification, but believed that the purpose of data utilization and the risk of re-identification should be measured on a case-by-case basis, and a strict review of the constitutional principle of proportionality should be carried out. So far, it should be considered that the interpretation of the de-identification standard has been roughly finalized. V.Conclusions The judge first explained that if personal information is processed, the type and nature of the data can still be objectively restored to indirectly identify the parties, no matter how simple or difficult the restoration process is, if the data is restored in a specific way, the parties can still be identified. personal information. Therefore, the independent control rights of the parties to such data are still protected by Article 22 of the Constitution. Conversely, when the processed data objectively has no possibility to restore the identification of individuals, it loses the essence of personal data, and the parties concerned are no longer protected by Article 22 of the Constitution. Based on this, the judge declared that according to Article 6, Item 1, Proviso, Clause 4 of the PDPA, the health insurance database has been processed so that the specific party cannot be identified, and it is used by public agencies or academic research institutions for medical and health purposes. Doing necessary statistical or academic research complies with the principles of legal clarity and proportionality, and does not violate the Constitution. However, the judge believes that the current personal data law or other relevant regulations still lack an independent supervision mechanism for personal data protection, and the protection of personal information privacy is insufficient. In addition, important matters such as personal health insurance data can be stored, processed, and transmitted externally by the National Health Insurance Administration in a database; the subject, purpose, requirements, scope, and method of providing external use; and organizational and procedural supervision and protection mechanisms, etc. Articles 79 and 80 of the Health Insurance Law and other relevant laws lack clear provisions, so they are determined to be unconstitutional. In the end, the judge found that the relevant laws and regulations lacked the provisions that the parties can request to stop using the data, whether it is the right of the parties to request to stop, or the procedures to be followed to stop the use, there is no relevant clear text, obviously the protection of information privacy is insufficient. Therefore, regarding unconstitutional issues, the Constitutional Court ordered the relevant agencies to amend the Health Insurance Law and related laws within 3 years, or formulate specific laws.
Introduction to Taiwan’s Guidelines for Implementing Decentralized Elements in Medicinal Product Clinical TrialsIntroduction to Taiwan’s Guidelines for Implementing Decentralized Elements in Medicinal Product Clinical Trials 2023/12/15 The development of digital tools such as the internet, apps, and wearable devices have meant major breakthroughs for clinical trials. These advances have the potential to reduce the frequency of trial subject visits, accelerate research timelines, and lower the costs of drug development. The COVID-19 pandemic has further accelerated the use of digital tools, prompting many countries to adopt decentralized measures that enable trial subjects to participate in clinical trials regardless of their physical location. In step with the transition into the post-pandemic era, the Taiwan Food and Drug Administration (TFDA) issued the Guidelines for Implementing Decentralized Elements in Medicinal Product Clinical Trials in June, 2023[1]. The Guidelines are intended to cover a wide array of decentralized measures; they aim to increase trial subjects’ willingness to participate in trials, reduce the need for in-person visits to clinical trial sites, enhance real-time data acquisition during trials, and enable clinic sponsors and contract research organizations to process data remotely. I. Key Points of Taiwan’s Guidelines for Implementing Decentralized Elements in Medicinal Product Clinical Trials The Guidelines cover primarily the following matters: General considerations for implementing decentralized measures; trial subject recruitment and electronic informed consent; delivery and provision of investigational medicinal products; remote monitoring of trial subject safety; trial subject reporting of adverse events; remote data monitoring; and information systems and electronic data collection/processing/storage. 1. General Considerations for Implementing Decentralized Measures (1) During clinical trial execution, a reduction in trial subject in-person visits may present challenges to medical observation. It is recommended that home visits for any given trial subject be conducted by the principal investigator, sub-investigator, or a single, consistent delegated study nurse. (2) Sponsors must carefully evaluate all of the trial design’s decentralization measures to ensure data integrity. (3) Sponsors must conduct risk assessments for each individual trial, and must confirm the rationality of choosing decentralized measures. These decentralized measures must also be incorporated into the protocol. (4) When electronically collecting data, sponsors must ensure information system reliability and data security. Artificial intelligence may be considered for use in decentralized clinical trials; sponsors must carefully evaluate such systems, especially when they touch on determinations for critical data or strategies. (5) As the design of decentralized clinical trials is to ensure equal access to healthcare services, it must provide patients with a variety of ways to participate in clinical trials. (6) When implementing any decentralized measures, it is essential to ensure that the principal investigator and sponsor adhere to the Regulations for Good Clinical Practice and bear their respective responsibilities for the trial. (7) The use of decentralized measures must be stated in the regulatory application, and the Checklist of Decentralized Elements in Medicinal Product Clinical Trials must be included in the submission. 2. Subject Recruitment and Electronic Informed Consent (1) Trial subject recruitment through social media or established databases may only be implemented after the Institutional Review Board reviews and approves of the recruitment methods and content. (2) Must comply with the Principles for Recruiting Clinical Trial Subjects in medicinal product trials, the Personal Data Protection Act, and other regulations. (3) Regarding clinical trial subject informed consent done through digital software or devices, if it complies with Article 4, Paragraph 2 of the Electronic Signatures Act, that is, if the content can be displayed in its entirety and continues to be accessible for subsequent reference, then so long as the trial subject agrees to do so, the signature may be done via a tablet or other electronic device. The storage of signed electronic Informed Consent Forms (eICF) must align with the aforementioned Principles and meet the competent authority’s access requirements. 3. Delivery and Provision of Investigational Medicinal Products (1) The method of delivering and providing investigational medicinal products and whether trial subjects can use them on their own at home depends to a high degree on the investigational medicinal product’s administration route and safety profile. (2) When investigational medicinal products are delivered and provided through decentralized measures to trial subjects, this must be documented in the protocol. The process of delivering and providing said products must also be clearly stated in the informed consent form; only after being explained to a trial subject by the trial team, and after the trial subject’s consent is obtained, may such decentralized measures be used. (3) Investigational products prescribed by the principal investigator/sub-investigator must be reviewed by a delegated pharmacist to confirm that the investigational products’ specific items, dosage, duration, total quantity, and labeling align with the trial design. The pharmacist must also review each trial subject’s medication history, to ensure there are no medication-related issues; only then, and only in a manner that ensures the investigational product’s quality and the subject’s privacy, may delegated and specifically-trained trial personnel provide the investigational product to the subject. (4) Compliance with relevant regulations such as the Pharmaceutical Affairs Act, Pharmacists Act, Regulations on Good Practices for Drug Dispensation, and Regulations for Good Clinical Practice is required. 4. Remote Monitoring of Subject Safety (1) Decentralized trial designs involve trial subjects performing relatively large numbers of trial-related procedures at home. The principal investigator must delegate trained, qualified personnel to perform tasks such as collecting blood samples, administering investigational products, conducting safety monitoring, doing adverse event tracking, etc. (2) If trial subjects receive protocol-prescribed testing at nearby medical facilities or laboratories rather than at the original trial site, these locations must be authorized by the trial sponsor and must have relevant laboratory certification; only then may they collect or analyze samples. Such locations must provide detailed records to the principal investigator, to be archived in the trial master file. (3) The trial protocol and schedule must clearly specify which visits must be conducted at the trial site; which can be conducted via phone calls, video calls, or home visits; which tests must be performed at nearby laboratories; and whether trial subjects have multiple or single options at each visit. 5. Subject Reporting of Adverse Events (1) If the trial uses a digital platform to enhance adverse event reporting, trial subjects must be able to report adverse events through the digital platform, such as via a mobile phone app; that is, the principal investigator must be able to immediately access such adverse event information. (2) The principal investigator must handle such reports using risk-based assessment methods. The principal investigator must validate the adverse event reporting platform’s effectiveness, and must develop procedures to identify potential duplicate reports. 6. Remote Data Monitoring (1) If a sponsor chooses to implement remote monitoring, it must perform a reasonability assessment to confirm the appropriateness of such monitoring and establish a remote monitoring plan. (2) The monitoring plan must include monitoring strategies, monitoring personnel responsibilities, monitoring methods, rationale for such implementation, and critical data and processes that must be monitored. It must also generate comprehensive monitoring reports for audit purposes. (3) The sponsor is responsible for ensuring the implementation of remote monitoring, and must conduct risk assessments regarding the implementation process’ data protection and information confidentiality. 7. Information Systems and Electronic Data Collection, Processing, and Storage (1) In accordance with the Regulations for Good Clinical Practice, data recorded in clinical trials must be trustworthy, reliable, and verifiable. (2) It must be ensured that all organizations participating in the clinical trial have a full picture of the data flow. It is recommended that the trial protocol and trial-related documents include data flow diagrams and additional explanations. (3) Define the types and scopes of subject personal data that will be collected, and ensure that every step in the process properly protects their data in accordance with the Personal Data Protection Act. II. A Comparison with Decentralized Trial Regulations in Other Countries Denmark became the first country in the world to release regulatory measures on decentralized trials, issuing the “Danish Medicines Agency’s Guidance on the Implementation of Decentralized Elements in Clinical Trials with Medicinal Products” in September 2021[2]. In December 2022, the European Union as a whole released its “Recommendation Paper on Decentralized Elements in Clinical Trials”[3]. The United States issued the draft “Decentralized Clinical Trials for Drugs, Biological Products, and Devices” document in May 2023[4]. The comparison in Table 1 shows that Taiwan’s guidelines a relatively similar in structure to those of Denmark and the EU; the US guidelines also cover medical device clinical trials. Table 1: Summary of Decentralized Clinical Trial Guidelines in Taiwan, Denmark, the European Union as a whole, and the United States Taiwan Denmark European Union as a whole United States What do the guidelines apply to? Medicinal products Medicinal products Medicinal products Medicinal products and medical devices Trial subject recruitment and electronic informed consent Covers informed consent process; informed consent interview; digital information sheet; trial subject consent form signing; etc. Covers informed consent process; informed consent interview; trial subject consent form signing; etc. Covers informed consent process; informed consent interview; digital information sheet; trial subject consent form signing; etc. Covers informed consent process; informed consent interview; etc. Delivery and provision of investigational medicinal products Delegated, specifically-trained trial personnel deliver and provide investigational medicinal products. The investigator or delegated personnel deliver and provide investigational medicinal products. The investigator, delegated personnel, or a third-party, Good Distribution Practice-compliant logistics provider deliver and provide investigational medicinal products. The principal investigator, delegated personnel, or a distributor deliver and provide investigational products. Remote monitoring of trial subject safety Trial subjects may do return visits at trial sites, via phone calls, via video calls, or via home visits, and may undergo testing at nearby laboratories. Trial subjects may do return visits at trial sites, via phone calls, via video calls, or via home visits, and may undergo testing at nearby laboratories. Trial subjects may do return visits at trial sites, via phone calls, via video calls, or via home visits. Trial subjects may do return visits at trial sites, via phone calls, via video calls, or via home visits, and may undergo testing at nearby laboratories. Trial subject reporting of adverse events Trial subjects may self-report adverse events through a digital platform. Trial subjects may self-report adverse events through a digital platform. Trial subjects may self-report adverse events through a digital platform. Trial subjects may self-report adverse events through a digital platform. Remote data monitoring The sponsor may conduct remote data monitoring. The sponsor may conduct remote data monitoring. The sponsor may conduct remote data monitoring (not permitted in some countries). The sponsor may conduct remote data monitoring. Information systems and electronic data collection, processing, and storage The recorded data must be credible, reliable, and verifiable. Requires an information system that is validated, secure, and user-friendly. The recorded data must be credible, reliable, and verifiable. Must ensure data reliability, security, privacy, and confidentiality. III. Conclusion The implementation of decentralized clinical trials must be approached with careful assessment of risks and rationality, with trial subject safety, rights, and well-being as top priorities. Since Taiwan’s Guidelines for Implementing Decentralized Elements in Medicinal Product Clinical Trials were just announced in June of this year, the status of decentralized clinical trial implementation is still pending industry feedback to confirm feasibility. The overall goal is to enhance and optimize the clinical trial environment in Taiwan. [1] 衛生福利部食品藥物管理署,〈藥品臨床試驗執行分散式措施指引〉,2023/6/12,https://www.fda.gov.tw/TC/siteListContent.aspx?sid=9354&id=43548(最後瀏覽日:2023/11/2)。 [2] [DMA] DANISH MEDICINES AGENCY, The Danish Medicines Agency’s guidance on the Implementation of decentralised elements in clinical trials with medicinal products (2021),https://laegemiddelstyrelsen.dk/en/news/2021/guidance-on-the-implementation-of-decentralised-elements-in-clinical-trials-with-medicinal-products-is-now-available/ (last visited Nov. 2, 2023). [3] [HMA] HEADS OF MEDICINES AGENCIES, [EC] EUROPEAN COMMISSION & [EMA] EUROPEAN MEDICINES AGENCY, Recommendation paper on decentralised elements in clinical trials (2022),https://health.ec.europa.eu/latest-updates/recommendation-paper-decentralised-elements-clinical-trials-2022-12-14_en (last visited Nov. 2, 2023). [4] [US FDA] US FOOD AND DRUG ADMINISTRATION, Decentralized Clinical Trials for Drugs, Biological Products, and Devices (draft, 2023),https://www.fda.gov/regulatory-information/search-fda-guidance-documents/decentralized-clinical-trials-drugs-biological-products-and-devices (last visited Nov. 2, 2023).