Blockchain and General Data Protection Regulation (GDPR) compliance issues (2019)

Blockchain and General Data Protection Regulation (GDPR) compliance issues (2019)

I. Brief

  Blockchain technology can solve the problem of trust between data demanders and data providers. In other words, in a centralized mode, data demanders can only choose to believe that the centralized platform will not contain the false information. However, in the decentralized mode, data isn’t controlled by one individual group or organization[1], data demanders can directly verify information such as data source, time, and authorization on the blockchain without worrying about the correctness and authenticity of the data.

  Take the “immutable” for example, it is conflict with the right to erase (also known as the right to be forgotten) in the GDPR.With encryption and one-time pad (OTP) technology, data subjects can make data off-chain storaged or modified at any time in a decentralized platform, so the problem that data on blockchain not meet the GDPR regulation has gradually faded away.

II. What is GDPR?

  The purpose of the EU GDPR is to protect user’s data and to prevent large-scale online platforms or large enterprises from collecting or using user’s data without their permission. Violators will be punished by the EU with up to 20 million Euros (equal to 700 million NT dollars) or 4% of the worldwide annual revenue of the prior financial year.

  The aim is to promote free movement of personal data within the European Union, while maintaining adequate level of data protection. It is a technology-neutral law, any type of technology which is for processing personal data is applicable.

  So problem about whether the data on blockchain fits GDPR regulation has raise. Since the blockchain is decentralized, one of the original design goals is to avoid a large amount of centralized data being abused.

  Blockchain can be divided into permissioned blockchains and permissionless blockchains. The former can also be called “private chains” or “alliance chains” or “enterprise chains”, that means no one can join the blockchain without consent. The latter can also be called “public chains”, which means that anyone can participate on chain without obtaining consent.

  Sometimes, private chain is not completely decentralized. The demand for the use of blockchain has developed a hybrid of two types of blockchain, called “alliance chain”, which not only maintains the privacy of the private chain, but also maintains the characteristics of public chains. The information on the alliance chain will be open and transparent, and it is in conflict with the application of GDPR.

III. How to GDPR apply to blockchain ?

  First, it should be determined whether the data on the blockchain is personal data protected by GDPR. Second, what is the relationship and respective responsibilities of the data subject, data controller, and data processor? Finally, we discuss the common technical characteristics of blockchain and how it is applicable to GDPR.

1. Data on the blockchain is personal data protected by GDPR?

  First of all, starting from the technical characteristics of the blockchain, blockchain technology is commonly decentralized, anonymous, immutable, trackable and encrypted. The other five major characteristics are immutability, authenticity, transparency, uniqueness, and collective consensus.

  Further, the blockchain is an open, decentralized ledger technology that can effectively verify and permanently store transactions between two parties, and can be proved.

  It is a distributed database, all users on the chain can access to the database and the history record, also can directly verify transaction records. Each nodes use peer-to-peer transmission for upload or transfer information without third-party intermediation, which is the unique “decentralization” feature of the blockchain.

  In addition, the node or any user on the chain has a unique and identifiable set of more than 30 alphanumeric addresses, but the user may choose to be anonymous or provide identification, which is also a feature of transparency with pseudonymity[2]; Data on blockchain is irreversibility of records. Once the transaction is recorded and updated on the chain, it is difficult to change and is permanently stored in the database, that is to say, it has the characteristics of “tamper-resistance”[3].

  According to Article 4 (1) of the GDPR, “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  Therefore, if data subject cannot be identified by the personal data on the blockchain, that is an anonymous data, excluding the application of GDPR.

(1) What is Anonymization?

  According to Opinion 05/2014 on Anonymization Techniques by Article 29 Data Protection Working Party of the European Union, “anonymization” is a technique applied to personal data in order to achieve irreversible de-identification[4].

  And it also said the “Hash function” of blockchain is a pseudonymization technology, the personal data is possible to be re-identified. Therefore it’s not an “anonymization”, the data on the blockchain may still be the personal data stipulated by the GDPR.

  As the blockchain evolves, it will be possible to develop technologies that are not regulated by GDPR, such as part of the encryption process, which will be able to pass the court or European data protection authorities requirement of anonymization. There are also many compliance solutions which use technical in the industry, such as avoiding transaction data stored directly on the chain.

2. International data transmission

  Furthermore, in accordance with Article 3 of the GDPR, “This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union”.[5]

  In other words, GDPR applies only when the data on the blockchain is not anonymized, and involves the processing of personal data of EU citizens.

3. Identification of data controllers and data processors

  Therefore, if the encryption technology involves the public storage of EU citizens' personal data and passes it to a third-party controller, it may be identified as the “data controller” under Article 4 of GDPR, and all nodes and miners of the platform may be deemed as the “co-controller” of the data, and be assumed joint responsibility with the data controller by GDPR. For example, the parties can claim the right to delete data from the data controller.

  In addition, a blockchain operator may be identified as a “processor”, for example, Backend as a Service (BaaS) products, the third parties provide network infrastructure for users, and let users manage and store personal data. Such Cloud Services Companies provide online services on behalf of customers, do not act as “data controllers”. Some commentators believe that in the case of private chains or alliance chains, such as land records transmission, inter-bank customer information sharing, etc., compared to public chain applications: such as cryptocurrencies (Bitcoin for example), is not completely decentralized, and more likely to meet GDPR requirements[6]. For example, in the case of a private chain or alliance chain, it is a closed platform, which contains only a small number of trusted nodes, is more effective in complying with the GDPR rules.

4. Data subject claims

  In accordance with Article 17 of the GDPR, The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay under some grounds.

  Off-chain storage technology can help the blockchain industry comply with GDPR rules, allowing offline storage of personal data, or allow trusted nodes to delete the private key of encrypted information, which leaving data that cannot be read and identified on the chain. If the data is in accordance with the definition of anonymization by GDPR, there is no room for GDPR to be applied.

IV. Conclusion

  In summary, it’s seem that the application of blockchain to GDPR may include: (a) being difficulty to identified the data controllers and data processors after the data subject upload their data. (b) the nature of decentralized storage is transnational storage, and Whether the country where the node is located, is meets the “adequacy decision” of Article 45 of the GDPR.

  If it cannot be met, then it needs to consider whether it conforms to the transfers subject to appropriate safeguards of Article 46, or the derogations for specific situations of Article 49 of the GDPR.

 

Reference:

[1] How to Trade Cryptocurrency: A Guide for (Future) Millionaires, https://wikijob.com/trading/cryptocurrency/how-to-trade-cryptocurrency

[2] DONNA K. HAMMAKER, HEALTH RECORDS AND THE LAW 392 (5TH ED. 2018).

[3] Iansiti, Marco, and Karim R. Lakhani, The Truth about Blockchain, Harvard Business Review 95, no. 1 (January-February 2017): 118-125, available at https://hbr.org/2017/01/the-truth-about-blockchain

[4] Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques (2014), https://www.pdpjournals.com/docs/88197.pdf

[5] Directive 95/46/EC (General Data Protection Regulation), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN

[6] Queen Mary University of London, Are blockchains compatible with data privacy law? https://www.qmul.ac.uk/media/news/2018/hss/are-blockchains-compatible-with-data-privacy-law.html

Links
Download
※Blockchain and General Data Protection Regulation (GDPR) compliance issues (2019),STLI, https://stli.iii.org.tw/en/article-detail.aspx?no=55&tp=2&i=168&d=8419 (Date:2024/10/05)
Quote this paper
You may be interested
Executive Yuan roll-out The Policy of “The Free Economic Pilot Zones”

Executive Yuan roll-out The Policy of “The Free Economic Pilot Zones”1.Executive Yuan approved a Bill titled “The Free Economic Pilot Zones Special Act”The “Free Economic Demonstration Zones” (hereinafter as FEDZs) is a critical part to improve the liberalization and internationalization of the economy of Republic of China (R.O.C). By deregulation, FEDZs was conceived as trial zones. Once the results of the program were promising, it would be expanded to the entire country. In order to engage in the regional economic and trade integration, the Executive Yuan approved a Bill titled “The Free Economic Pilot Zones Special Act” (hereinafter as Bill) on April 26th, 2013.On Mar 6th, 2014, the Joint Economic, Internal Administration , and Finance Committee of the Legislation Yuan (the Congress) discussed the Bill for reports and questions. By the end of the March, 2014, the Congress will hold five public hearings. Not until the discussion of the Bill item by item and the passage in the Congress, the second stage of the FEDZ program would not be initiated. There are five main points, including the treatments on foreigners and people from mainland China, tax incentives for Taiwanese businessman, foreign professionals and foreign companies, regulations on untaxed goods and labor, regulations on industrial development, such as the agriculture and the medical, and certain new items on education and professional services.For the reason that the government considered the need of human resources to sustain the operation of the industries, the Executive Yuan is trying to promote innovative education in FEPZs. Since the education requirements for both of public and private universities are unified in local, colleges and universities were restrained and missed some great opportunities to discover their own niches in education. Hence, innovative education in FEPZs is trying to help higher education system to introduce foreign education resources and foresight concepts, and to attract more international students. The innovative educational projects within FEPZs will also facilitate the cooperations among domestic and foreign universities, and set up experimental branch campuses, colleges, degree programs or professional courses. Besides, the financial service sector is also included. Since FEDZs is an important pusher for R.O.C to move forward in regional economic integration, accordingly, the most significant liberate item for the financial industry in the FEPZs is to allow offshore banking units and offshore security units to provide financial products and service (e.g. OSU and OBU). Meanwhile, the financial industry is predicted to receive an NTD$140 billion or more in revenues over the next five year.In summary, FEPZs is regarded as a engine propelling liberalization and internationalization. To gain the international competitiveness, the government will continue to promote policies and measures. By establishing the free economic demonstration zone, it is expected to create innovative effects into the education system and to create more job opportunities.2.Legislation Yuan has reviewd “The Free Ecomonic Pilot Zones Special Act”The Republic of China (R.O.C) have been carried out “free economic” recent years, by promoting “Free Economic Pilot Zone” (hereinafter as FEPZs) to encourage every industrial and foreign investment. Besides, FEPZs will not only keep talents and technologies in R.O.C but also liberalize and internationalize our economic.The Executive Yuan had approved a Bill titled “The Free Economic Pilot Zones Special Act” (hereinafter as the Bill) on Dec. 26th, 2013. At the end of May, the Joint Economic, Internal Administration, and Finance Committee of the Legislation Yuan (the Congress) have taken five public hearings for the Bill, and amended the Bill according to the advices proposed by specialists. Not until the deliberation of the Bill item by item and its passage in the Congress, the second stage of the FEDZ program would not be initiated. There are five main points, including the treatments on foreigners, tax incentives for R.O.C businessman, foreign professionals and foreign companies, regulations on untaxed goods and labor, regulations on industrial development, such as the agriculture and the medical service, and certain new items on education and professional services.The government considers that there have to be enough human resource to sustain the opened industries, so Executive Yuan is trying to promote innovative education in FEPZs. The core concept of FEPZs is foresight, liberalization and internationalization, the premier said, and the higher education systems belong to high-end service and have much more marketability and variability compared to other education systems. Through innovative and efficient way to manage the school could let University being much more liberalized. Furthermore, the higher education systems in R.O.C. have to connect with international education to avoid being marginalized. Our first stage of education innovation will promote to set up “degree programs” and “professional courses”. The first phase for the Ministry of Education is going to found “degree programs” or “professional courses” through collaboration way. The Ministry of Education will also draw up related regulations or guidance on standards for school cooperation, co-regulation, setup conditions, supervision, enrolling new student, and recruiting staff.? Once the Bills pass, The Ministry of Education plans to establish “branch school” and “independence campus” helping R.O.C. higher education goes internationalized.On the other hand, Our medical service also has strong international competitiveness. R.O.C is engage in developing international medical and health industry. The premier said, the Ministry of Health and Welfare have proposed some measures, such as limitation to the number of medical centre, medical personnel working hours, and NHI is not allow to use in the zones.The premier added, on the extemporaneous sittings, “The Free Economic Pilot Zones Special Act” will be the priority bills and be deliberated in the end of June By establishing the free economic demonstration zone, it is expected to propel R.O.C take part in Trans-Pacific Partnership (TPP) and the Regional Comprehensive Economic Partnership (RCEP).3.Executive Yuan’s rapid roll-out of “The Free Economic Pilot Zones”, and has published a report concerning the legal and economic implications of its the BillThe “Free Economic Pilot Zones” (hereinafter as FEPZs) plays a pivotal role in promoting market liberalization, especially at an international level. Premier of the Executive Yuan, Mr. Jiang Yi-Hua has stated that the “market economy” and “innovation economy” allows for tremendous economic prosperity to be embraced by the Republic of China (hereinafter as R.O.C). The seizing of such opportunity has been the goal of government efforts, which can be attested by the recent proposal of the “The Free Economic Pilot Zones Special Act” (hereinafter as the Bill), currently undergoing review and consultation proceedings. The Premier further stressed that the national economy should not be left excluded from international commerce, on the other hand, it is imperative that closer economic bonds with other nations are forged, therefore allowing itself open up to wider scope of opportunities for growth. The key in rendering this possible is through the enactment of laws. At a time, when Trans-Pacific nations, including the United States of America, Japan and countries from Southeast Asia, are working towards regional economic cooperation, if R.O.C. is to be left out, it is feared that its position in the global market would further be marginalized.The core innovative strengths of the FEPZs include “Smart Logistics”, “International healthcare services”, “Value added agriculture”, “Financial Services”, “Education Innovation”, all of which are implemented by employing R.O.C.’s finest workforce, knowledge, information and communications technology (ICT), geographical position and cross-strait relationship advantages, leading way for an advantageous basis for pioneering economic development. The first stage of development will be based on 6 locations proximal to the sea (including Keelung Port, Taipei Port, Kaohsiung Port, Suao Harbor, Anping Port, Taichung Port) and Taoyuan Aerotropolis and Pingtung Agricultural Biotech Park. The second stage of development would only commence after the Bill have been approved by the legislative Yuan, which would attract much capital investment, hence boosting high employment rates. Presently, besides the aforementioned regions opened up for the FEPZs, other cities and industrial sites (including those from offshore islands), are striving to gain membership of the FEPZs, or applying for empirical research of the FEPZs.The Executive Yuan has published a report concerning the legal and economic implications of its the Bill on May 2014. The report largely consists of assessments made by varying governing bodies, such as Ministry of Home Affairs, Financial Supervisory Commission etc., on the implications of the draft concerning real estate, employment, fiscal income, logistics, conditions for medical care, agriculture, higher education, social environment and social wealth redistribution etc.Furthermore, international attention has been closely centered on the progress of FEPZs. During the “The third review of the trade policies and practices of Chinese Taipei” after R.O.C accession to the World Trade Organization (WTO) held on the 17th of September 2014 in Geneva, each member state has demonstrated expectations arising out of the direction and planning undertaken for the FEPZs. National economic and international commercial reforms are under way and have seen much progress in further promoting the overall strength of the economic system, in an effort to respond to the rapid global political and economic developments, for example, through the signing of Economic Cooperation Framework Agreement (ECFA), and the implementation of FEPZs policies. In the future, it will be expected that R.O.C. will strive for a more integral international commercial system, allowing much capital investment inflows as well as the cultivating of high-caliber human resources.To promote more liberal and internationalized development of Taiwan economy, government of Republic of China (R.O.C) approved the “Free Economic Pilot Zone (FEPZ) Plan,” which the Bill is currently censored in Legislation Yuan and the measures would be implemented in two phases. The first phase of FEPZs would be initiated within six free trade ports, Taoyuan airport free trade zone, and Pingtung Agricultural Biotechnology Park; other industries that match up with the idea of liberalization, internationalization and foresight can all be incorporated into FEPZ through continuing examination under Execution Yuan. After this special legislation is passed, the set-ups of demonstration zones can be applied by authorities either of central or of local government and the related promotion works of the second phase will be unfolded immediately.Heading to the target of becoming Kin-Xiao (Kinmen and Xiaomen) Free Trade Zone, Kinmen government planned to apply to be one of the FEPZs and thus cooperated with Taiwan Institute of Economic Research (TIER) on December 11, for a commissioned research (which was later released on the conference of accelerating Kin-Xia FTZ on December 19) on evaluating if Kinmen is qualified for an application of FEPZs. Kinmen’s critical location and the featured industries have composed a perfect environment complying with the ideas such as value-added agriculture, international healthcare and innovative education for FEPZ. For instance, the white liquor industry in Kinmen represents the international management and promotion of agricultural products, and is the best example for value-added agriculture. “Long-term Healthcare Village in Kinmen,” which is currently developing in Kinmen, would also be a drive for international healthcare industry. Based on the Taiwan-featured culture, “International Education City” could be developed with a liberal and innovative atmosphere, which would attract famous schools in world to set up their branch school in Kinmen. Above all, Kinmen County vice Mayor, Wu Yo-Chin, indicated that Kinmen would be the first choice for FEPZ and would hold the key to open a new gate for the Cross-Strait. The vice Mayor emphasized that Kinmen government has well budgeting and financial management, which needn’t the extra aids from central government, yet Kinmen was excluded in the first phase of FEPZs. Although Kinmen would apply to be a FEPZ in the second phase after the special legislation passed, Kinmen still strived for taking part in the first phase of FEPZs due to the uncertain schedule for implementation of regulations on FEPZs.National Development Council (NDC), however, gave an opinion on issue of Kinmen applying to be in the first phase of FEPZs, which declared again the original plan for the first phase only included six free trade ports, Taoyuan airport free trade zone, and Pingtung Agricultural Biotechnology Park. NDC also suggested Kinmen could still follow after the first phase and apply to be a FEPZ in the second phase.

Taiwan Announced the Biobanks Regulations and Management Practices

Taiwan Has Passed “Statute of Human Biobank Management” to Maintain Privacy and Improve Medicine Industries Due to lack of regulations, divergent opinions abounded about the establishment of Biobanks and collection of human biological specimen. For example, a researcher in an academic research organization and a hospital-based physician collected biospecimens from native Taiwanese. Although they insisted that the collections were for research only, human rights groups, ethics researchers, and groups for natives´ benefits condemned the collections as an invasion of human rights. Consequently, the Taiwanese government recognized the need for Biobanks regulation. To investigate the relationship between disease and multiple factors and to proceed with possible prevention, The Legislative Yuan Social Welfare and Healthy Environment Committee has passed "the draft statute of human biobank management" through primary reviewing process on December 30, 2009 and subsequently passed through entire three-reading procedure on January 7, 2010. Therefore, the medical and research institute not only can set up optimal gene database for particular disease curing, but also can collect blood sample for database establishment, legally. However, the use of sample collections will be excluded from the use of judiciary purpose. In the light of to establish large scale biobank is going to face the fundamental human right issue, from the viewpoint of biobank management, it is essential not only to set up the strict ethics regulation for operational standard, but also to make the legal environment more complete. For instance, the Department of Health, Executive Yuan had committed the earlier planning of Taiwan biobank establishment to the Academic Sinica in 2006, and planned to collect bio-specimen by recruiting volunteers. However, it has been criticized by all circles that it might be considered violating the Constitution article 8 provision 1 front paragraph, and article 22 rules; moreover, it might also infringe the personal liberty or body information privacy. Therefore, the Executive Yuan has passed the draft statute of human biobank management which was drafted and reviewed by Department of Health during the 3152nd meeting, on July 16, 2009, to achieve the goal of protecting our nation’s privacy and promoting the development of medical science by management biomedical research affairs in more effective ways. Currently, the draft statute has been passed through the primary review procedure by the Legislative Yuan. About the draft statute, there are several important points as following: (1) Sample Definition: Types of collected sample include human somatic cell, tissues, body fluids, or other derivatives; (2) Biobank Establishment: It requires not only to be qualified and permitted, but also to set up the ethical reviewing mechanism to strengthen its management and application; (3)Sample Collection and Participant Protection: In accordance with the draft statute, bio-specimen collecting should respect the living ethics during the time and refer to the "Medical Law" article 64 provision 1; before sample collection, all related points of attention should be kept in written form , the participant should be notified accordingly, and samples can only be collected with the participant’s consent. Furthermore, regarding the restrained read right and setting up participants’ sample process way if there were death or lost of their capacity; (4) Biobank Management: The safety regulation, obligation of active notification, free to retreat, data destruction, confidentiality and obligation, and termination of operation handling are stipulated; and (5) Biobank Application: According to the new draft statute, that the biological data can’t be used for other purposes, for example, the use of inquisition result for the "Civil law", article 1063, provision 2, prosecution for denying the parent-child relationship law suit", or according to the "Criminal law", article 213, provision 6. This rule not only protects the participants’ body information and their privacy right, but also clearly defines application limits, as well as to set up the mechanism for inner control and avoid conflict of interests to prevent unnecessary disputes. Finally, the Department of Health noted that, as many medical researches has shown that the occurrence of diseases are mostly co-effected by various factors such as multiple genes and their living environment, rather than one single gene, developed countries have actively devoted to human biological sample collection for their national biobank establishment. The construction and usage of a large-scale human bank may bring up the critical issue such as privacy protection and ethical problems; however, to meet the equilibrium biomedical research promotion and citizen privacy issue will highly depend on the cooperation and trust between the public and private sectors. Taiwan Department of Health Announced the Human Biobanks Information Security Regulation The field of human biobanks will be governed by the Act of Human Biobanks (“Biobanks Act”) after its promulgation on February 3, 2010 in Taiwan. According to Article 13 of the Biobanks Act, a biobank owner should establish its directive rules based on the regulation of information security of biobanks announced by the competent authority. Thus the Department of Health announced the draft of the Human Biobanks Information Security Regulation (“Regulation”) for the due process requirement. According to the Biobanks Act, only the government institutes, medical institutes, academic institutes, and research institutes are competent to establish biobanks (Article 4). In terms of the collecting of organisms, the participants should be informed of the relevant matters by reasonable patterns, and the collecting of organisms may be conducted after obtaining the written consent of the participants (Article 6). The relative information including the organisms and its derivatives are not allowed to be used except for biological and medical research. After all the protection of biobanks relative information above, the most important thing is the safety regulations and directive rules of the database administration lest all the restrictions of biobanks owners and the use be in vain. The draft Regulation aims to strengthen the safety of biobanks database and assure the data, the systems, the equipments, and the web circumstances are safe for the sake of the participants’ rights. The significant aspects of the draft are described as below. At first, the regulation should refer to the ISO27001, ISO27002 and other official rules. Concerning the personnel management, the security assessment is required and the database management personnel and researchers may not serve concurrently. In case some tasks are outsourced, the contractor should be responsible for the information security; the nondisclosure agreement and auditing mechanism are required. The application system should update periodically including the anti-virus and firewall programs. The biobanks database should be separated physically form internet connection, including the prohibition of information transforming by email or any other patterns through internet. The authorizing protocol of access to the biobanks should be established and all log files should be preserved in a period. The system establishment and maintenance should avoid remote control. In case the database system is physically out of the owner’s control, the authorization of the officer in charge is required. If an information security accident occurred, the bionbanks owner should contact the competent authority immediately and inform the participants by adequate tunnel. The biobanks owner should establish annual security auditing program and the project auditing will be conducted subject to the necessity. To sum up, while the biobanks database security regulation is fully established, the biobanks owners will have the sufficient guidance in connection with the biobank information security to comply with in the future.

The Research on ownership of cell therapy products

The Research on ownership of cell therapy products 1. Issues concerning ownership of cell therapy products   Regarding the issue of ownership interests, American Medical Association(AMA)has pointed out in 2016 that using human tissues to develop commercially available products raises question about who holds property rights in human biological materials[1]. In United States, there have been several disputes concern the issue of the whether the donor of the cell therapy can claim ownership of the product, including Moore v. Regents of University of California(1990)[2], Greenberg v. Miami Children's Hospital Research Institute(2003)[3], and Washington University v. Catalona(2007)[4]. The courts tend to hold that since cells and tissues were donated voluntarily, the donors had already lost their property rights of their cells and tissues at the time of the donation. In Moore case, even if the researchers used Moore’s cells to obtain commercial benefits in an involuntary situation, the court still held that the property rights of removed cells were not suitable to be claimed by their donor, so as to avoid the burden for researcher to clarify whether the use of cells violates the wishes of the donors and therefore decrease the legal risk for R&D activities. United Kingdom Medical Research Council(MRC)also noted in 2019 that the donated human material is usually described as ‘gifts’, and donors of samples are not usually regarded as having ownership or property rights in these[5]. Accordingly, both USA and UK tends to believe that it is not suitable for cell donors to claim ownership. 2. The ownership of cell therapy products in the lens of Taiwan’s Civil Code   In Taiwan, Article 766 of Civil Code stipulated: “Unless otherwise provided by the Act, the component parts of a thing and the natural profits thereof, belong, even after their separation from the thing, to the owner of the thing.” Accordingly, many scholars believe that the ownership of separated body parts of the human body belong to the person whom the parts were separated from. Therefore, it should be considered that the ownership of the cells obtained from the donor still belongs to the donor. In addition, since it is stipulated in Article 406 of Civil Code that “A gift is a contract whereby the parties agree that one of the parties delivers his property gratuitously to another party and the latter agrees to accept it.”, if the act of donation can be considered as a gift relationship, then the ownership of the cells has been delivered from donor to other party who accept it accordingly.   However, in the different versions of Regenerative Medicine Biologics Regulation (draft) proposed by Taiwan legislators, some of which replace the term “donor” with “provider”. Therefore, for cell providers, instead of cell donors, after providing cells, whether they can claim ownership of cell therapy product still needs further discussion.   According to Article 69 of the Civil Code, it is stipulated that “Natural profits are products of the earth, animals, and other products which are produced from another thing without diminution of its substance.” In addition, Article 766 of the Civil Code stipulated that “Unless otherwise provided by the Act, the component parts of a thing and the natural profits thereof, belong, even after their separation from the thing, to the owner of the thing.” Thus, many scholars believe that when the product is organic, original substance and the natural profits thereof are all belong to the owner of the original substance. For example, when proteins are produced from isolated cells, the proteins can be deemed as natural profits and the ownership of proteins and isolated cells all belong to the owner of the cells[6].   Nevertheless, according to Article 814 of the Civil Code, it is stipulated that “When a person has contributed work to a personal property belonging to another, the ownership of the personal property upon which the work is done belongs to the owner of the material thereof. However, if the value of the contributing work obviously exceeds the value of the material, the ownership of the personal property upon which the work is done belongs to the contributing person.” Thus, scholar believes that since regenerative medical technology, which induces cell differentiation, involves quite complex biotechnology technology, and should be deemed as contributing work. Therefore, the ownership of cell products after contributing work should belongs to the contributing person[7]. Thus, if the provider provides the cells to the researcher, after complex biotechnology contributing work, the original ownership of the cells should be deemed to have been eliminated, and there is no basis for providers to claim ownership.   However, since the development of cell therapy products involves a series of R&D activities, it still need to be clarified that who is entitled to the ownership of the final cell therapy products. According to Taiwan’s Civil Code, the ownership of product after contributing work should belongs to the contributing person. However, when there are numerous contributing persons, which person should the ownership belong to, might be determined on a case-by-case basis. 3. Conclusion   The biggest difference between cell therapy products and all other small molecule drugs or biologics is that original cell materials are provided by donors or providers, and the whole development process involves numerous contributing persons. Hence, ownership disputes are prone to arise.   In addition to the above-discussed disputes, United Kingdom Co-ordinating Committee on Cancer Research(UKCCCR)also noted that there is a long list of people and organizations who might lay claim to the ownership of specimens and their derivatives, including the donor and relatives, the surgeon and pathologist, the hospital authority where the sample was taken, the scientists engaged in the research, the institution where the research work was carried out, the funding organization supporting the research and any collaborating commercial company. Thus, the ultimate control of subsequent ownership and patent rights will need to be negotiated[8].   Since the same issues might also occur in Taiwan, while developing cell therapy products, carefully clarifying the ownership between stakeholders is necessary for avoiding possible dispute. [1]American Medical Association [AMA], Commercial Use of Human Biological Materials, Code of Medical Ethics Opinion 7.3.9, Nov. 14, 2016, https://www.ama-assn.org/delivering-care/ethics/commercial-use-human-biological-materials (last visited Jan. 3, 2021). [2]Moore v. Regents of University of California, 793 P.2d 479 (Cal. 1990) [3]Greenberg v. Miami Children's Hospital Research Institute, 264 F. Suppl. 2d, 1064 (SD Fl. 2003) [4]Washington University v. Catalona, 490 F 3d 667 (8th Cir. 2007) [5]Medical Research Council [MRC], Human Tissue and Biological Samples for Use in Research: Operational and Ethical Guidelines, 2019, https://mrc.ukri.org/publications/browse/human-tissue-and-biological-samples-for-use-in-research/ (last visited Jan. 3, 2021). [6]Wen-Hui Chiu, The legal entitlement of human body, tissue and derivatives in civil law, Angle Publishing, 2016, at 327. [7]id, at 341. [8]Okano, M., Takebayashi, S., Okumura, K., Li, E., Gaudray, P., Carle, G. F., & Bliek, J. UKCCCR guidelines for the use of cell lines in cancer research.Cytogenetic and Genome Research,86(3-4), 1999, https://europepmc.org/backend/ptpmcrender.fcgi?accid=PMC2363383&blobtype=pdf (last visited Jan. 3, 2021).

After the European Union's Artificial Intelligence Law, the draft of AI Basic Law is announced in Taiwan.

After the European Union's Artificial Intelligence Law, the draft of AI Basic Law is announced in Taiwan. 2024/09/19 Countries around the world are currently seeking to establish AI governance principles. The U.S. currently has only AI executive orders and state bills, and the European Union (EU) first AI law came into effect in August 2024. Taiwan has announced a draft of AI Basic Law for public comments on July 15, 2024, which, if passed by the Legislative Yuan, will become the world's second special legislation on AI. Taiwan's Coming AI Basic Law - Legislative Development and Progress With the successful conclusion of the 2024 Paris Olympics, AI technology has demonstrated its potential on the global stage, bringing new experiences to the public in varied areas, such as sport competition analysis, athlete training, and referee assisting, and showing that AI has also crossed over into the sports industry, in addition to its known applications in areas such as healthcare, finance, transportation, arts and culture fields. As AI will be apply in various industries, it may also bring new risks or impacts to individuals or society. Countries are seeking to establish guidelines and principles for AI governance. The EU’s Artificial Intelligence Act, which was announced to take effect in August 2024. Even in the AI pioneer, the U.S., there are currently only U.S. President’s AI Executive Orders and bills introduced by Congress or state governments. When Taiwan President Lai announced the promotion of the Island of Artificial Intelligence, Taiwan also had a draft of the AI Basic Law announced for public comments by the National Science and Technology Council (NSTC) on July 15, 2024, proposing the principles of basic values for the development of AI in Taiwan. What is the Basic Law in Taiwan? There are 11 basic laws/acts in Taiwan, including the Fundamental Science and Technology Act, and the Ocean Basic Act, etc. A basic law/act is a legislative model of principle, progress, or guideline for a specific important matter. The AI Basic Law serves as a declaration of policy integration, reveals the government's goals and principles, and regulates the executive branch without directly regulating the people, or deriving the rights for substantive claims. Why Taiwan need a Basic Law on Artificial Intelligence? AI is evolving rapidly, and its applications are spreading to a wider range of areas. If all sectors and administrations have different values, there will be no way for a country to develop AI. NSTC has announced a total of 18 articles in the draft, in Article 3 first set out 7 common principles, such as human autonomy, from the AI research and development to the final market application must comply with the basic values; and in the following provisions of Article 4 to declare that the government's 4 major promotional focuses. The most important provision is found in Article 17, which requires that government ministries should review and adjust the functions, businesses and regulations under their scope in accordance with the Basic Law, so as to enable the executive branch to accelerate its response to the changes brought about by AI, and to share a common set of values: the promotion of innovation while taking human rights into consideration. 7 basic principles The draft AI Basic Law in the announcement contains the following 7 basic principles: 1. Sustainable development and well-being: Social equity and environmental sustainability should be taken into account. Appropriate education and training should be provided to minimize the possible digital gap, so that people can adapt to the changes brought about by AI. 2. Human autonomy: It shall support human autonomy, respect for fundamental human rights and cultural values such as the right to personal integrity, and allow for human oversight, thereby implementing a human-based approach that upholds the rule of law and democratic values. 3. Privacy Protection and Data Governance: The privacy of personal data should be properly protected to avoid the risk of data leakage, and the principle of data minimization should be adopted; at the same time, the opening and reuse of non-sensitive data should be promoted. 4. Security and safety: In the process of AI research and development and application, security measures should be established to prevent security threats and attacks and to ensure the robustness and safety of the system. 5. Transparency and explainability: The output of AI should be appropriately disclosed or labeled to facilitate the assessment of possible risks and the understanding of the impact on related rights and interests, thereby enhancing the trustworthiness of AI. 6. Fairness and non-discrimination: In the process of AI research and development and application, the risks of bias and discrimination in algorithms should be avoided as much as possible, and should not lead to discriminatory results for specific groups. 7. Accountability: Ensure the assumption of corresponding responsibilities, including internal governance responsibilities and external social responsibilities. 4 key areas of promotion 1. Innovative Collaboration and Talent Cultivation: Ensuring the resources and talent needed for AI. 2. Risk management and application responsibility: Risks must be identified and managed before AI systems can be safely applied. 3. Protection of rights and access to data: People's basic rights, such as privacy, cannot be compromised. 4. Regulatory Adaptation and Business Review: Policies and regulations must be agile to keep pace with AI development. The AI Basic Law is paving the way for Taiwan's future opportunities and challenges. AI development requires sufficient resources, data and a friendly environment; to ensure the safe application of AI, it is necessary to first identify and plan for different possible risks, and the draft AI Basic Law has initially drawn a blueprint for the above innovative development and safe application. In the future, various government ministries will need to work together to keep up with the wave of AI innovation in terms of business and legal regulations for multiple fields and industries. It is believed that Taiwan can leverage the advantages in the semiconductor industry and talent resources to gain a favorable global strategic position for the development of AI, as well as to help achieve the goal of "AI for good" to enhance the well-being of Taiwan people through a sound legal environment.

TOP