Post Brexit – An Update on the United Kingdom Privacy Regime

Post Brexit – An Update on the United Kingdom Privacy Regime

2021/9/10

  After lengthy talks, on 31 January 2020, the United Kingdom (‘UK’) finally exited the European Union (‘EU’). Then, the UK shifted into a transition period. The UK government was bombarded with questions from all stakeholders. In particular, the data and privacy industry yelled out the loudest – what am I going to do with data flowing from the EU to the UK? Privacy professionals queried – would the UK have a new privacy regime that significantly departs from the General Data Protection Regulation (‘GDPR’)?

Eventually, the UK made a compromise with all stakeholders – the British, the Europeans and the rest of the world – by bridging its privacy laws with the GDPR. On 28 June 2021, the UK obtained an adequacy decision from the EU.[1] This was widely anticipated but also widely known to be delayed, as it was heavily impacted by the aftermaths of the invalidation of the US- EU Privacy Shield.[2]

  While the rest of the world seems to silently observe the transition undertaken by the UK, post-Brexit changes to the UK’s privacy regime is not only a domestic or regional matter, it is an international matter. Global supply chains and cross border data flows will be affected, shuffling the global economy into a new order. Therefore, it is crucial as citizens of a digital economy to unpack and understand the current UK privacy regime.

This paper intends to give the reader a brief introduction to the current privacy regime of the UK. The author proposes to set out the structure of the UK privacy legislation, and to discuss important privacy topics. This paper only focuses on the general processing regime, which is the regime that is most relevant to general stakeholders.

UK Privacy Legislation

  There are two main privacy legislation in the UK – the Data Protection Act 2018 (‘DPA’) and the United Kingdom General Data Protection Act (‘UK GDPR’). These two acts must be read together in order to form a coherent understanding of the current UK privacy regime.

  The UK GDPR is the creature of Brexit. The UK government wanted a smooth transition out of the EU and acknowledged that they needed to preserve the GDPR in their domestic privacy regime to an extent that would allow them to secure an adequacy decision. The UK government also wanted to create less impact on private companies. Thus, the UK GDPR was born. Largely it aligns closely with the GDPR, supplemented by the DPA.

ICO

  The Information Commissioner’s Office (‘ICO’) is the independent authority supervising the compliance of privacy laws in the UK. Prior to Brexit, the ICO was the UK’s supervisory authority under the GDPR. A unique feature of the ICO’s powers and functions is that it adopts a notice system. The ICO has power to issue four types of notices: information notices, assessment notices, enforcement notices and penalty notices.[3] The information notice requires controllers or processors to provide information. The ICO must issue an assessment notice before conducting data protection audits. Enforcement is only exercisable by giving an enforcement notice. Administrative fines are only exercisable by giving a penalty notice.

Territorial Application

  Section 207(1A) of the DPA states that the DPA applies to any controller or processor established in the UK, regardless where the processing of personal data takes place. Like the GDPR, the DPA and the UK GDPR have an extraterritorial reach to overseas controllers or processors. The DPA and the UK GDPR apply to overseas controllers or processors who process personal data relating to data subjects in the UK, and the processing activities are related to the offering of goods or services, or the monitoring of data subjects’ behavior.[4]

Transfers of Personal Data to Third Countries

  On 28 June 2021, the UK received an adequacy decision from the EU.[5] This means that until 27 June 2025, data can continue to flow freely between the UK and the European Economic Area (‘EEA’).

  As for transferring personal data to third countries other than the EU, the UK has similar laws to the GDPR. Both the DPA and the UK GDPR restrict controllers or processors from transferring personal data to third countries. A transfer of personal data to a third country is permitted if it is based on adequacy regulations.[6] An EU adequacy decision is known as ‘adequacy regulations’ under the UK regime.

  If there is no adequacy regulations, then a transfer of personal data to a third country will only be permitted if it is covered by appropriate safeguards, including standard data protection clauses, binding corporate rules, codes of conduct, and certifications.[7] The ICO intends to publish UK standard data protection clauses in 2021.[8] In the meantime, the EU has published a new set of standard data protection clauses (‘SCCs’).[9] However, it must be noted that the EU SCCs are not accepted to be valid in the UK, and may only be used for reference purposes. It is also worth noting that the UK has approved three certification schemes to assist organizations in demonstrating compliance to data protection laws.[10]

Lawful Bases for Processing

  Basically, the lawful bases for processing in the UK regime are the same as the GDPR. Six lawful bases are set out in article 6 of the UK GDPR. To process personal data, at least one of the following lawful bases must be satisfied:[11]

  1. The data subject has given consent to the processing;
  2. The processing is necessary for the performance of a contract;
  3. The processing is necessary for compliance with a legal obligation;
  4. The processing is necessary to protect vital interests of an individual – that is, protecting an individual’s life;
  5. The processing is necessary for the performance of a public task;
  6. The processing is necessary for the purpose of legitimate interests, unless other interests or fundamental rights and freedoms override those legitimate interests.

Rights & Exemptions

  The UK privacy regime, like the GDPR, gives data subjects certain rights. Most of the rights granted under the UK privacy regime is akin to the GDPR and can be found under the UK GDPR. Individual rights under the UK privacy regime is closely linked with its exemptions, this may be said to be a unique feature of the UK privacy regime which sets it apart from the GDPR. Under the DPA and the UK GDPR, there are certain exemptions, meaning organizations are exempted from certain obligations, most of them are associated with individual rights. For example, if data is processed for scientific or historical research purposes, or statistical purposes, organizations are exempted from provisions on the right of access, the right to rectification, the right to restrict processing and the right to object in certain circumstances.[12]

Penalties

  The penalty for infringement of the UK GDPR is the amount specified in article 83 of the UK GDPR.[13] If an amount is not specified, the penalty is the standard maximum amount.[14] The standard maximum amount, at the time of writing, is £8,700,000 (around 10 million Euros) or 2% of the undertaking’s total annual worldwide turnover in the preceding financial year.[15] In any other case, the standard maximum amount is £8,700,000 (around 10 million Euros).[16]

Conclusion

  The UK privacy regime closely aligns with the GDPR. However it would be too simple of a statement to say that the UK privacy regime is almost identical to the GDPR. The ICO’s unique enforcement powers exercised through a notice system is a distinct feature of the UK privacy regime. Recent legal trends show that the UK while trying to preserve its ties with the EU is gradually developing an independent privacy persona. The best example is that in regards to transfers to third countries, the UK has developed its first certification scheme and is attempting to develop its own standard data protection clauses. The UK’s transition out of the EU has certainly been interesting; however, the UK’s transformation from the EU is certainly awaited with awe.

 

 

[1] Commission Implementing Decision of 28.6.2021, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom, C(2021) 4800 final, https://ec.europa.eu/info/sites/default/files/decision_on_the_adequate_protection_of_personal_data_by_the_united_kingdom_-_general_data_protection_regulation_en.pdf..

[2] Judgment of 16 July 2020, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems, C-311/18, EU:C:2020:559, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62018CJ0311.

[3] Data Protection Act 2018, §115.

[4] Data Protection Act 2018, §207(1A); REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 3.

[5] supra note 1.

[6] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 44-50.

[7] Data Protection Act 2018, §17A-18; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 46-47.

[8]International transfers after the UK exit from the EU Implementation Period, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/ (last visited Sep. 10, 2021).

[10] ICO, New certification schemes will “raise the bar” of data protection in children’s privacy, age assurance and asset disposal, ICO, Aug. 19, 2021, https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/08/ico-approves-the-first-uk-gdpr-certification-scheme-criteria/ (last visited Sep. 10, 2021).

[11] REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), art 6(1)-(2); Lawful basis for processing, ICO, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ (last visited Sep. 10, 2021).

[12] Data Protection Act 2018, sch 2, part 6, para 27.

[13] id. at §157.

[14] id.

[15] id.

[16] id.

 

 

Links
Download
※Post Brexit – An Update on the United Kingdom Privacy Regime,STLI, https://stli.iii.org.tw/en/article-detail.aspx?no=55&tp=2&i=168&d=8722 (Date:2023/12/02)
Quote this paper
You may be interested
Executive Yuan Yuan Promoted “Productivity 4.0” to Boost Global Competitiveness

Executive Yuan Yuan Promoted “Productivity 4.0” to Boost Global Competitiveness 1.Executive Yuan held the “Productivity 4.0: Strategy Review Board Meeting” to boost industrial transformation The Executive Yuan held the “Productivity 4.0: Strategy Review Board Meeting” on June 4-5th , 2015. The GDP per capita of manufacturing and service industries, including machinery, metal processing, transportation vehicles, 3C, food, textile, logistics, health care, and agriculture, are expected to be over 10 million NT dollars by 2024. This meeting focuses on three topics: Productivity 4.0 industry and technology development strategy, advanced development strategy on advanced manufacturing and innovation application, and strategy on engineering smart tech talents cultivation and Industry-academic Cooperation. The three main themes to be used to put the advanced manufacturing into force are smart automation and robots, sensing and control technologies from Internet of Things (IoT), and technologies used in analyzing the big data. As a result, the digitalization of small- and medium-sized business and smart operation of big business are as the cornerstones to build service-oriented systems and develop advanced manufacturing in R.O.C.. Facing challenges of labor shortages and aging labor forces, the Executive Yuan is planning to implement “Productivity 4.0” to stimulate the process of industry transformation of value-added innovation and provide new products and services in global market. In implementing the above-mentioned policy goals, the Executive Yuan is planning three directions to be followed. First, global competitiveness is depended upon key technologies. As OEMs, manufacturing industry in R.O.C. is unable to provide products of self-owned brand and is vulnerable while facing challenges from other transnational companies. Second, the Premier, Dr. Mao Chi-kuo, made reference of the bicycle industry’s successful development model as an example for the Productivity 4.0 “A-Team” model. Through combining technologies and organizations, the aim is to build competitive supply chains across all the small- and medium-sized business. Finally, the new skills training and the cultivation of talents are more urgent than ever before. While technical and vocational schools, universities and postgraduate studies are needed to be equipped with sufficient fundamental knowledge, those already in the job market have to learn the skills and knowledge necessary for industrial transformation so that they could contribute their capabilities and wisdom for Ourfuture. 2.Executive Yuan Approved “Productivity 4.0 Initiative” to Promote Industry Innovation and Transformation The Executive Yuan has approved the Productivity 4.0 Initiative on September 17, 2015. Before its approval, the Office of Science and Technology (OST) gave a presentation on the Draft of the Productivity 4.0 Initiative on July 23, 2015 detailing the underlying motives behind the program. Confronted with the challenges our traditional industries and OEMs meet, including labor shortages (the national laboring population ranging from age 15 to 65 has seen a substantial decrease of 0.18 to 0.2 million annually) and a aging labor force, the the Productivity 4.0 Initiative sets the directions for industrial development tackling these issues through six main strategies: enhancing and fine-tuning flagship industries’ smart-supply-chain ecosystems, encouraging the establishing of startups, localizing production and services, securing autonomy in key technologies, cultivating practical and technical talents and injection of industrial policy tools. After hearing the presentation on the Initiative, the Premier, Mao Chi-kuo, made reference to the core ideas of the Productivity 4.0 Initiative in his concluding remarks. “The core concept of the Productivity 4.0 Initiative is to propel R.O.C. to a pivotal position in the global manufacturing supply chain by capitalizing on the nation’s core strength in industrial technology, while fostering an outstanding work environment stimulating synergy between employees and automotive systems in order to cope with R.O.C.’s imminent labor shortage,” Mao said Also focusing on the Productivity 4.0 Initiative, the Premier gave a keynote speech titled ‘Views on the current economic and social issues’ at the Third Wednesday Club. He takes the view that the GDP downslide is of a structural nature and the government is going to guide the economy towards an upward path by assisting industries to innovate and transform. In an effort to remove the three major obstacles to innovation and entrepreneurship— discouraging laws and regulations, difficulty in raising capital and gathering financing as well as lack of international partnerships, the government has been diligently promoting the Third Party Payment Act as well as setting-up R.O.C. Rapid Innovation Prototyping League for Enterprises. Among these measures, Industry 4.0 has been at the core of the Initiative, in which cyber-physical production system (CPS) would be introduced by integrating Cloud-computing and Internet of Things technology to spur industrial transformations, specifically industrial manufacturing, added-value services and agricultural production. The Productivity 4.0 Initiative is an imperative measure in dealing with R.O.C.’s imminent issues of labor shortage, and the aging society, its promising effects are waiting to unfold. 3.Executive Yuan’s Further Addendum to “Productivity 4.0 Plan”: Attainment of Core Technologies and the Cultivation of Domestic Technical Talents In an continual effort to put in place the most integrated infrastructural setting for the flourishing of its “Productivity 4.0 Plan”, Executive Yuan Premier Mao Chi-Kuo announced on the 22nd October that the overhaul infrastructural set-up will be focused on the development of core technologies and the cultivation of skilled technical labor. To this end, the Executive Yuan is gathering participation and resources from the Ministry of Economic Affairs (hereafter MOEA), Ministry of Education, Ministry of Science and Technology, Ministry of Labor, the Council of Agriculture, among other governmental bodies, collecting experiences and knowledge from academia and researchers, in order to improve the development of pivotal technologies, the training of skilled technical labor and consequently to improve and reform the present education system so as to meet the aforementioned goals. Premier Mao Chi-Kuo pointed out that Productivity 4.0 is a production concept in which the industry is evolved from mere automation- to intelligent-based manufacturing, shifting towards a “small-volume, large-variety” production paradigm, closing the gaps between production and consumption sides through direct communication, hence allowing industry to push itself further on changing its old efficiency-based production model to an innovation-driven one. Apart from the Research and Development efforts geared towards key technologies, Premier Mao stressed that the people element, involved in this transformative process, is what dictates Productivity 4.0 Plan’s success. The cross-over or multi-disciplinary capability of the labor force is especially significant. In order to bring up the necessary work force needed for Productivity 4.0, besides raising support for the needed Research and Development, an extensive effort should be placed in reforming and upgrading the current educational system, as well as the technical labor and internal corporate educational structure. Moreover, an efficient platform should be implemented so that opinions and experiences could be pooled out, thus fostering closer ties between industry, academia and research. The MOEA stated that the fundamental premise behind the Productivity 4.0 strategy is that by way of systematic, brand-orientated formation of technical support groups, constituted by members of industry, academia and research, will we able to develop key sensor, internet and core technologies for our manufacturing, business and agriculture sector. It is estimated that by the end of year 2016, the Executive Yuan will have completed 6 major Productivity 4.0 production lines; supported the development of technical personnel in smart manufacturing, smart business and smart agriculture, amounting to 2,500 persons; established 4 inter-university, inter-disciplinary strategic partnerships in order to prepare much needed labor force for the realization of the Productivity 4.0 Plan. It is estimated that by the year 2020, industry has already developed the key technologies through the Productivity 4.0 platform, aiding to decrease by 50% the time currently needed to for Research and Development, increasing the technological sovereignty by 50% and accrue production efficiency by 15% and above. Furthermore, through the educational reforms, the nation will be able to lay solid foundations for its future labor talents, as well as connecting them to the world at large, effectively making them fit to face the global markets and to upgrade their production model.

An Analysis of the Recusal Mechanism in the Latest Revision of the Government Procurement Act and Regulations Governing Procurements for Scientific and Technological Research and Development

An Analysis of the Recusal Mechanism in the Latest Revision of the Government Procurement Act and Regulations Governing Procurements for Scientific and Technological Research and Development 1. Introduction   Article 1 of the Government Procurement Act (hereinafter referred to as the Act) reveals that “This Act is enacted to establish a government procurement system that has fair and open procurement procedures, promotes the efficiency and effectiveness of government procurement operation, and ensures the quality of procurement.” Therefore, a recusal mechanism for reviewing qualification/disqualification of tenders and bidders is highly essential, for example, the head of the agency or its related persons should disclose the conflict of interests. After amended and promulgated on May 22, 2019 (Presidential Decree Hua-tzung-1 Yi No. 10800049691), the Act was revised with the identical legislative principle of the Act on Recusal of Public Servants Due to Conflicts of Interest. In other words, a more flexible and transparent mechanism has been adopted, which is more advanced and ideal for both procurement authority and external supervisors. 2. The New Recusal Mechanism of the Act Enhances the Flexibility and Transparency   The revision struck out the Paragraph 4, Article 15 of the Act, and the regulation related to the recusal mechanism shall be comply with the Act on Recusal of Public Servants Due to Conflicts of Interest, especially the qualification/disqualification provision of the “related persons.” The new government procurement procedure adopted a more flexible and transparent practice, “disclosure in advance and publication afterwards.” The detailed analysis is as follows. (1) Before the Act amended, the personnel of a procuring entity and its related persons shall withdraw themselves from the procurement.   Before the Act amended, the personnel of a procuring entity and its related persons shall withdraw themselves from the procurement. According to the previous Paragraph 4 of Article 15 (4), “Suppliers or persons in charge shall not participate in the procurement if they have connections with the agency’s head described in Paragraph 2. However, if the implementation of this paragraph is against fair competition or public interest, the exclusion can be exempted with the authority’s approval.” The Paragraph 2 mentioned specified, “The personnel of a procuring entity shall withdraw themselves from procurement and all related matters thereof if they or their spouses, relatives by blood or by marriage within three degrees, or family members living together with them have interests involved therein.” Simply put, legislators considered that suppliers or persons in charge shall not participate in an agency's procurement if they have conflict of interests with its head. For instance, the spouses, all the relatives within the third degree by consanguinity (blood) or by affinity (marriage), or family members living together with the head of the agency, cannot involve in the procurement of the agency. Furthermore, if a legal entity or an organization is directed by the relatives of the head of a government agency mentioned, it is disqualified from the procurement. (2) After the Act amended, the recusal of related persons substituted by self-disclosure and information publication norms   According to the Amendment, the Act was amended because the content of the article is existed in Article 9 of Act on Recusal of Public Servants Due to Conflicts of Interest; thus, Article 15 of the Act is hereby deleted. Recalling Article 9 of the previous Act on Recusal of Public Servants Due to Conflicts of Interest, “A public servant and his related persons shall not conduct transactions such as subsidizing, sales, lease, contracting, or other transactions conducted with consideration with the organ with which the public servant serves or the organs under his supervision.” For this reason, the amendment to Article 15 of Government Procurement Act is to regulate the mechanism of withdrawal of relevant parties by Article 14 of the existing Act on Recusal of Public Servants Due to Conflicts of Interest. However, the amendment of this article is greatly affected by the interpretation of judicial court no. 716, so it is necessary to briefly describe its key points as follows.   On the basis of the Judicial Yuan Justice Interpretation No. 716 [Transactions between public officials and their associates and service agencies shall be prohibited), adopting a constitutional interpretation of Article 9 of Act on Recusal of Public Servants Due to Conflicts of Interest, grand justice agreed this article does not contradict the proportion principle of article 23 of Constitution of the Republic of China (Taiwan), and it does not violate Article 15 “The right of existence, the right of work, and the right of property shall be guaranteed to the people” and Article 22 “All other freedoms and rights of the people that are not detrimental to social order or public welfare shall be guaranteed under the Constitution”, either. However, for public officials, if they are not allowed to participate in trading competition, it will result in the monopoly of other minority traders, which is not conducive to the public interest. Therefore, this interpretation holds that if the agency has conducted open and fair procedures in the transaction process, and there is sufficient anti-fraud regulation, whether there is still a risk of improper benefit transmission or conflict of interest, and it is necessary to prohibit the transaction of public officials' associates, the relevant authorities should make comprehensive review and improvement as soon as possible.   Accordingly, following interpretation no. 716, Act on Recusal of Public Servants Due to Conflicts of Interest was amended and published with 23 articles on 13 June, 2018. The withdrawal of interested parties is provided for in Article 14 and an additional six exceptions are provided, including: (1) The procurement carried out by public notice under the Government Procurement Act or pursuant to Article 105 of the same Act. (2) The property right in interest created for the procurement, sale by tender, lease by tender or tender solicitation carried out by public notice in a fair competitive manner pursuant to laws. (3) Subsidy requested in the legal capacity under laws; the subsidy to the public servant’s related person in an open and fair manner pursuant to laws, or the subsidy which might be against the public interest if it is prohibited and is granted subject to the competent authority’s approval. (4) The subject matter of the transaction is provided by the organ with which the public servant serves or the organs under his supervision, and traded at the official price. (5) The lease, acquisition, discretionary management, improvement and utilization of national non-public real estate requested by the state-owned enterprise in order to execute the national construction projects or public policies, or for the purpose of public welfare. (6) The subsidy and transaction under the specific amount.   The above amendments make the transactions between public officials and related parties that should be avoided in the past partially flexible now. In accordance with Paragraph 2 of the same article, in the case of the first three paragraphs of the proviso of Paragraph 1, the applicant or bidder shall voluntarily state his/her identity in the application or tender documents. After the subsidy or transaction is established, the agency shall disclose it together with its identity. That is to say, the self-disclosure is required beforehand and the information will go public afterwards to meet public expectations of transparency. This is also conducive to the supervision of all sectors, and conforms to the intention of the grand justice’s interpretation.   The reason why there is no need for government procurement to withdrawal is that the announcement process of the procurement is made in accordance with Government Procurement Act (including open tendering, selective tendering and restricted tendering through the announcement). There are strict procedures to follow and there is no conflict between the conflict of interest of public officials and the spirit of legislation. As to Paragraph 2 of other legal orders, the property right in interest created for the procurement, sale by tender, lease by tender or tender solicitation carried out by public notice in a fair competitive manner pursuant to laws. The legislative explanations are exemplified by the procurement (e.g. procurements for scientific and technological research and development) handled by the announcement in accordance with Fundamental Science and Technology Act. 3. Conclusion: It is suggested that relevant withdrawal regulations should be amended as soon as possible in procurements for scientific and technological research and development   The strike-out of the recusal provision of the Act does not mean that government procurement stoke out the recusal mechanism. The recusal mechanism is still stated in Article 14 of Act on Recusal of Public Servants Due to Conflicts of Interest. In addition to the advantages of the same regulations on the prohibition of transactions between related parties, it also enables the regulators with open and fair procedures and sufficient prevention of fraud, such as government procurement, to avoid evading so as not to harm the public interest. At the same time, supplemented by open and transparent disclosure, the amendment is a positive change of legislation.   Meanwhile, this paper believes that Government Procurement Act has adopted the mechanism of flexibility and transparency requirements for the procurement object avoidance regulations, and procurements for scientific and technological research and development should revise relevant withdrawal regulations as soon as possible. In accordance with Paragraph 4 of Article 6 of Fundamental Science and Technology Act and the authorization, Regulations Governing Procurements for Scientific and Technological Research and Development (hereinafter referred to as the regulatory regulations) is established. According to Article 8 (2) and (3) of the regulation, a responsible person, partner, or representative of the public school, public research institute (organization), or juristic person or entity performing the scientific research procurement may not serve as a responsible person, partner, or representative of the supplier. The supplier and the juristic person or entity performing the scientific research procurement may not at the same time be affiliated with each other, or affiliated to the same other enterprise. From the perspective of the article structure, the withdrawal regulation for scientific research procurement is within the norm of Article 15 of Government Procurement Act before the amendment, but it includes regulations for affiliated enterprises, which is not included in Article 15. The amendment to Article 14 of Act on Recusal of Public Servants Due to Conflicts of Interest also states that the proviso of Paragraph 1 of scientific research procurement “other procurements that are regulated by fair competition and by means of an announcement procedure” can also prove that the mechanism for scientific research procurement should adopt this provision. Therefore, it is recommended that the original procurements for scientific and technological research that is independent from Government Procurement Act should be amended by the competent authority as soon as possible in order to comply with the relevant provisions of Article 8 of Regulations Governing Procurements for Scientific and Technological Research and Development and to comply with the original intention of the Regulations Governing Procurements for Scientific and Technological Research and Development, and to avoid stricter regulations on scientific procurement than government procurement. Meanwhile, it is in accordance with the spirit of the grand justice’s interpretation No. 716.

Suggestions for MOEA Trial Program of Voluntary Base Green Electricity Framework

On March 6, 2014, The Energy Bureau of Ministry of Economic Affairs has published a pre-announcement on a Trial Program of Voluntary Base Green Electricity Framework (hereafter the Trial Program) and consulted on public opinion. In light of the content of the Trial Program, STLI provide the following suggestions for future planning of related policy structure. The institution of green electricity as established by the Trial Program is one of the policies for promoting renewable energy. Despite its nature of a trial, it is suggested that a policy design with a more options will be beneficial to the promotion of renewable energy, in light of various measures that have been undertaken by different countries. According to the Trial Program, the planned price rate of the green electricity is set on the basis of the total sum that the electricity subsidy to be paid by the Renewable Energy Development Fund divided by the total sum of electricity generated reported by Tai Power Company. The Ministry of Economic Affairs will adjust the price rate of the green electricity on the base of both how many users subscribe to the green electricity and the price rate of international green electricity market rate and, then announce the price rate in October of each year if not otherwise designated. In addition, according to the planned Trial Program, the unit for the subscription of green electricity is 100 kW·h. It is further reported that the current planned price rate for green electricity is 1.06 NTD/ kW·h. And it shall be 3.95 NTD/ kW·h if adding up with the original price rate, with an 37% increase in price per kW·h. In terms of the existing content of the Trial Program, only single price rate will be offered during the trial period. In this regard, we take the view that it would be beneficial to take into account similar approaches that have been taken by other countries. In Germany, for instance, the furtherance of renewable energy is achieved by the obligatory charge(EEG Umlage)together with the voluntary green electricity program provided by the private electricity retail sectors. According to German Ministry of Economics and Energy (BMWi), the electricity price that the German public pays includes three parts: (1)the cost of the purchase and distribution of the electricity, including the margin of the electricity provider(2)regulated network fees, including those for the operation as well as for the measurement works of the meters(3)charges imposed by the government, including tax and the abovementioned obligatory charge for renewable energy(EEG Umlage), as prescribed by the Act on Renewable Energy (Gesetz für den Vorrang Erneuerbarer Energien, also known as Erneuerbare-Energien-Gesetz - EEG). In terms of how it is implemented on the ground, an example of the green electricity price menu program from the German electricity retail company, Vattenfall, is given in the following. In all price menu programs provided by Vattenfall in Berlin, for instance, 29.4% of the electricity comes from renewable energy as a result of the implementation of the Act on Renewable Energy. Asides from the abovementioned percentage as facilitated by the existing obligatory measures, the electricity retail companies in Germany further provide the price menus that are “greener”. For example, among the options provided by Vattenfall(Chart I), in terms of the 12-month program, one can choose the menu which consist of 39.4% of renewable energy, with the price of 0.2642 Euro/ kW·h(about 10.96 NTD/ kW·h). One can also opt for a menu of which the energy supply comes from 100% of renewable energy, with the price of 0.281 Euro/ kW·h(about 11.66 NTD/ kW·h) Chart I : Green Electricity Price Menus provided by Vattenfall in Berlin, Germany Percentage of Renewable Energy Supply Percentage of Renewable Energy Supply Electricity Price 12-month program 39.4% 0.2642 Euro/ kW·h(about 10.96 NTD/ kW·h) All renewable energy program 100% 0.281 Euro/ kW·h(about 11.66 NTD/ kW·h) Source:Vattenfall website, translated and reorganized by STLI, April 214. In addition, Australia also has similar programs on green electricity that is voluntary-base and with the goal of promoting renewable energy, reducing carbon emission, and transforming energy economy. Since 1997, the GreenPower in Australia is in charge of audition and certification of the retail companies and power plants on green electricity. The Australian model uses the certification mechanism conducted by independent third party, to ensure the green electricity purchased by end users in compliance with specific standards. As for the options for the price menu, take the programs of green electricity offered by the Australian retail company Origin Energy for example, user can choose 6 kinds of different programs, which are composed by renewable energy supply of respectively 10%, 20%, 25%, 50%, 75%, and 100%, at various price rates (shown in Chart II). Chart II Australian Green Electricity Programs provided by Origin Energy Percentage of renewable Energy Electricity Price per kW·h 0 0.268 AUD(About 7.52 NTD) 10% 0.274868 AUD(About 7.69 NTD) 20% 0.28006 AUD(About 7.84 NTD) 25% 0.28292 AUD(About 7.92 NTD) 50% 0.2838 AUD(About 7.95 NTD) 100% 0.2992 AUD(About 8.37 NTD) Source:Origin Energy website, translated and reorganized by STLI, April 214. Given the information above, it can thus be inferred that the international mechanism for the promotion of green electricity often include a variety of price menus, providing the user more options. Such as two difference programs offered by Vattenfall in Germany and six various rates for green electricity offered by Origin Energy in Australia. It is the suggestion of present brief that the Trial Program can reference these international examples and try to offer the users a greater flexibility in choosing the most suitable programs for themselves.

The use of automated facial recognition technology and supervision mechanism in UK

The use of automated facial recognition technology and supervision mechanism in UK I. Introduction   Automatic facial recognition (AFR) technology has developed rapidly in recent years, and it can identify target people in a short time. The UK Home Office announced the "Biometrics Strategy" on June 28, 2018, saying that AFR technology will be introduced in the law enforcement, and the Home Office will also actively cooperate with other agencies to establish a new oversight and advisory board in order to maintain public trust. AFR technology can improve law enforcement work, but its use will increase the risk of intruding into individual liberty and privacy.   This article focuses on the application of AFR technology proposed by the UK Home Office. The first part of this article describes the use of AFR technology by the police. The second part focuses on the supervision mechanism proposed by the Home Office in the Biometrics Strategy. However, because the use of AFR technology is still controversial, this article will sort out the key issues of follow-up development through the opinions of the public and private sectors. The overview of the discussion of AFR technology used by police agencies would be helpful for further policy formulation. II. Overview of the strategy of AFR technology used by the UK police   According to the Home Office’s Biometrics Strategy, the AFR technology will be used in law enforcement, passports and immigration and national security to protect the public and make these public services more efficient[1]. Since 2017 the UK police have worked with tech companies in testing the AFR technology, at public events like Notting Hill Carnival or big football matches[2].   In practice, AFR technology is deployed with mobile or fixed camera systems. When a face image is captured through the camera, it is passed to the recognition software for identification in real time. Then, the AFR system will process if there is a ‘match’ and the alarm would solicit an operator’s attention to verify the match and execute the appropriate action[3]. For example, South Wales Police have used AFR system to compare images of people in crowds attending events with pre-determined watch lists of suspected mobile phone thieves[4]. In the future, the police may also compare potential suspects against images from closed-circuit television cameras (CCTV) or mobile phone footage for evidential and investigatory purposes[5].   The AFR system may use as tools of crime prevention, more than as a form of crime detection[6]. However, the uses of AFR technology are seen as dangerous and intrusive by the UK public[7]. For one thing, it could cause serious harm to democracy and human rights if the police agency misuses AFR technology. For another, it could have a chilling effect on civil society and people may keep self-censoring lawful behavior under constant surveillance[8]. III. The supervision mechanism of AFR technology   To maintaining public trust, there must be a supervision mechanism to oversight the use of AFR technology in law enforcement. The UK Home Office indicates that the use of AFR technology is governed by a number of codes of practice including Police and Criminal Evidence Act 1984, Surveillance Camera Code of Practice and the Information Commissioner’s Office (ICO)’s Code of Practice for surveillance cameras[9]. (I) Police and Criminal Evidence Act 1984   The Police and Criminal Evidence Act (PACE) 1984 lays down police powers to obtain and use biometric data, such as collecting DNA and fingerprints from people arrested for a recordable offence. The PACE allows law enforcement agencies proceeding identification to find out people related to crime for criminal and national security purposes. Therefore, for the investigation, detection and prevention tasks related to crime and terrorist activities, the police can collect the facial image of the suspect, which can also be interpreted as the scope of authorization of the  PACE. (II) Surveillance Camera Code of Practice   The use of CCTV in public places has interfered with the rights of the people, so the Protection of Freedoms Act 2012 requires the establishment of an independent Surveillance Camera Commissioner (SCC) for supervision. The Surveillance Camera Code of Practice  proposed by the SCC sets out 12 principles for guiding the operation and use of surveillance camera systems. The 12 guiding principles are as follows[10]: A. Use of a surveillance camera system must always be for a specified purpose which is in pursuit of a legitimate aim and necessary to meet an identified pressing need. B. The use of a surveillance camera system must take into account its effect on individuals and their privacy, with regular reviews to ensure its use remains justified. C. There must be as much transparency in the use of a surveillance camera system as possible, including a published contact point for access to information and complaints. D. There must be clear responsibility and accountability for all surveillance camera system activities including images and information collected, held and used. E. Clear rules, policies and procedures must be in place before a surveillance camera system is used, and these must be communicated to all who need to comply with them. F. No more images and information should be stored than that which is strictly required for the stated purpose of a surveillance camera system, and such images and information should be deleted once their purposes have been discharged. G. Access to retained images and information should be restricted and there must be clearly defined rules on who can gain access and for what purpose such access is granted; the disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes. H. Surveillance camera system operators should consider any approved operational, technical and competency standards relevant to a system and its purpose and work to meet and maintain those standards. I. Surveillance camera system images and information should be subject to appropriate security measures to safeguard against unauthorised access and use. J. There should be effective review and audit mechanisms to ensure legal requirements, policies and standards are complied with in practice, and regular reports should be published. K. When the use of a surveillance camera system is in pursuit of a legitimate aim, and there is a pressing need for its use, it should then be used in the most effective way to support public safety and law enforcement with the aim of processing images and information of evidential value. L. Any information used to support a surveillance camera system which compares against a reference database for matching purposes should be accurate and kept up to date. (III) ICO’s Code of Practice for surveillance cameras   It must need to pay attention to the personal data and privacy protection during the use of surveillance camera systems and AFR technology. The ICO issued its Code of Practice for surveillance cameras under the Data Protection Act 1998 to explain the legal requirements operators of surveillance cameras. The key points of ICO’s Code of Practice for surveillance cameras are summarized as follows[11]: A. The use time of the surveillance camera systems should be carefully evaluated and adjusted. It is recommended to regularly evaluate whether it is necessary and proportionate to continue using it. B. A police force should ensure an effective administration of surveillance camera systems deciding who has responsibility for the control of personal information, what is to be recorded, how the information should be used and to whom it may be disclosed. C. Recorded material should be stored in a safe way to ensure that personal information can be used effectively for its intended purpose. In addition, the information may be considered to be encrypted if necessary. D. Disclosure of information from surveillance systems must be controlled and consistent with the purposes for which the system was established. E. Individuals whose information is recoded have a right to be provided with that information or view that information. The ICO recommends that information must be provided promptly and within no longer than 40 calendar days of receiving a request. F. The minimum and maximum retention periods of recoded material is not prescribed in the Data Protection Act 1998, but it should not be kept for longer than is necessary and should be the shortest period necessary to serve the purposes for which the system was established. (IV) A new oversight and advisory board   In addition to the aforementioned regulations and guidance, the UK Home Office mentioned that it will work closely with related authorities, including ICO, SCC, Biometrics Commissioner (BC), and Forensic Science Regulator (FSR) to establish a new oversight and advisory board to coordinate consideration of law enforcement’s use of facial images and facial recognition systems[12].   To sum up, it is estimated that the use of AFR technology by law enforcement has been abided by existing regulations and guidance. Firstly, surveillance camera systems must be used on the purposes for which the system was established. Secondly, clear responsibility and accountability mechanisms should be ensured. Thirdly, individuals whose information is recoded have the right to request access to relevant information. In the future, the new oversight and advisory board will be asked to consider issues relating to law enforcement’s use of AFR technology with greater transparency. IV. Follow-up key issues for the use of AFR technology   Regarding to the UK Home Office’s Biometrics Strategy, members of independent agencies such as ICO, BC, SCC, as well as civil society, believe that there are still many deficiencies, the relevant discussions are summarized as follows: (I) The necessity of using AFR technology   Elizabeth Denham, ICO Commissioner, called for looking at the use of AFR technology carefully, because AFR is an intrusive technology and can increase the risk of intruding into our privacy. Therefore, for the use of AFR technology to be legal, the UK police must have clear evidence to demonstrate that the use of AFR technology in public space is effective in resolving the problem that it aims to address[13].   The Home Office has pledged to undertake Data Protection Impact Assessments (DPIAs) before introducing AFR technology, including the purpose and legal basis, the framework applies to the organization using the biometrics, the necessity and proportionality and so on. (II)The limitations of using facial image data   The UK police can collect, process and use personal data based on the need for crime prevention, investigation and prosecution. In order to secure the use of biometric information, the BC was established under the Protection of Freedoms Act 2012. The mission of the BC is to regulate the use of biometric information, provide protection from disproportionate enforcement action, and limit the application of surveillance and counter-terrorism powers.   However, the BC’s powers do not presently extend to other forms of biometric information other than DNA or fingerprints[14]. The BC has expressed concern that while the use of biometric data may well be in the public interest for law enforcement purposes and to support other government functions, the public benefit must be balanced against loss of privacy. Hence, legislation should be carried to decide that crucial question, instead of depending on the BC’s case feedback[15].   Because biometric data is especially sensitive and most intrusive of individual privacy, it seems that a governance framework should be required and will make decisions of the use of facial images by the police. (III) Database management and transparency   For the application of AFR technology, the scope of biometric database is a dispute issue in the UK. It is worth mentioning that the British people feel distrust of the criminal database held by the police. When someone is arrested and detained by the police, the police will take photos of the suspect’s face. However, unlike fingerprints and DNA, even if the person is not sued, their facial images are not automatically deleted from the police biometric database[16].   South Wales Police have used AFR technology to compare facial images of people in crowds attending major public events with pre-determined watch lists of suspected mobile phone thieves in the AFR field test. Although the watch lists are created for time-limited and specific purposes, the inclusion of suspects who could possibly be innocent people still causes public panic.   Elizabeth Denham warned that there should be a transparency system about retaining facial images of those arrested but not charged for certain offences[17]. Therefore, in the future the UK Home Office may need to establish a transparent system of AFR biometric database and related supervision mechanism. (IV) Accuracy and identification errors   In addition to worrying about infringing personal privacy, the low accuracy of AFR technology is another reason many people oppose the use of AFR technology by police agencies. Silkie Carlo, director of Big Brother Watch, said the police must immediately stop using the AFR technology and avoid mistaking thousands of innocent citizens as criminals; Paul Wiles, Biometrics Commissioner, also called for legislation to manage AFR technology because of its accuracy is too low and the use of AFR technology should be tested and passed external peer review[18].   In the Home Office’s Biometric Strategy, the scientific quality standards for AFR technology will be established jointly with the FSR, an independent agency under the Home Office. In other words, the Home Office plans to extend the existing forensics science regime to regulate AFR technology.   Therefore, the FSR has worked with the SCC to develop standards relevant to digital forensics. The UK government has not yet seen specific standards for regulating the accuracy of AFR technology at the present stage. V. Conclusion   From the discussion of the public and private sectors in the UK, we can summarize some rules for the use of AFR technology. Firstly, before the application of AFR technology, it is necessary to complete the pre-assessment to ensure the benefits to the whole society. Secondly, there is the possibility of identifying errors in AFR technology. Therefore, in order to maintain the confidence and trust of the people, the relevant scientific standards should be set up first to test the system accuracy. Thirdly, the AFR system should be regarded as an assisting tool for police enforcement in the initial stage. In other words, the information analyzed by the AFR system should still be judged by law enforcement officials, and the police officers should take the responsibilities.   In order to balance the protection of public interest and basic human rights, the use of biometric data in the AFR technology should be regulated by a special law other than the regulations of surveillance camera and data protection. The scope of the identification database is also a key point, and it may need legislators’ approval to collect and store the facial image data of innocent people. Last but not least, the use of the AFR system should be transparent and the victims of human rights violations can seek appeal. [1] UK Home Office, Biometrics Strategy, Jun. 28, 2018, https://www.gov.uk/government/publications/home-office-biometrics-strategy (last visited Aug. 09, 2018), at 7. [2] Big Brother Watch, FACE OFF CAMPAIGN: STOP THE MET POLICE USING AUTHORITARIAN FACIAL RECOGNITION CAMERAS, https://bigbrotherwatch.org.uk/all-campaigns/face-off-campaign/ (last visited Aug. 16, 2018). [3] Lucas Introna & David Wood, Picturing algorithmic surveillance: the politics of facial recognition systems, Surveillance & Society, 2(2/3), 177-198 (2004). [4] Supra note 1, at 12. [5] Id, at 25. [6] Michael Bromby, Computerised Facial Recognition Systems: The Surrounding Legal Problems (Sep. 2006)(LL.M Dissertation Faculty of Law University of Edinburgh), http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.197.7339&rep=rep1&type=pdf , at 3. [7] Owen Bowcott, Police face legal action over use of facial recognition cameras, The Guardian, Jun. 14, 2018, https://www.theguardian.com/technology/2018/jun/14/police-face-legal-action-over-use-of-facial-recognition-cameras (last visited Aug. 09, 2018). [8] Martha Spurrier, Facial recognition is not just useless. In police hands, it is dangerous, The Guardian, May 16, 2018, https://www.theguardian.com/commentisfree/2018/may/16/facial-recognition-useless-police-dangerous-met-inaccurate (last visited Aug. 17, 2018). [9] Supra note 1, at 12. [10] Surveillance Camera Commissioner, Surveillance camera code of practice, Oct. 28, 2014, https://www.gov.uk/government/publications/surveillance-camera-code-of-practice (last visited Aug. 17, 2018). [11] UK Information Commissioner’s Office, In the picture: A data protection code of practice for surveillance cameras and personal information, Jun. 09, 2017, https://ico.org.uk/for-organisations/guide-to-data-protection/encryption/scenarios/cctv/ (last visited Aug. 10, 2018). [12] Supra note 1, at 13. [13] Elizabeth Denham, Blog: facial recognition technology and law enforcement, Information Commissioner's Office, May 14, 2018, https://ico.org.uk/about-the-ico/news-and-events/blog-facial-recognition-technology-and-law-enforcement/ (last visited Aug. 14, 2018). [14] Monique Mann & Marcus Smith, Automated Facial Recognition Technology: Recent Developments and Approaches to Oversight, Automated Facial Recognition Technology, 10(1), 140 (2017). [15] Biometrics Commissioner, Biometrics Commissioner’s response to the Home Office Biometrics Strategy, Jun. 28, 2018, https://www.gov.uk/government/news/biometrics-commissioners-response-to-the-home-office-biometrics-strategy (last visited Aug. 15, 2018). [16] Supra note 2. [17] Supra note 13. [18] Jon Sharman, Metropolitan Police's facial recognition technology 98% inaccurate, figures show, INDEPENDENT, May 13, 2018, https://www.independent.co.uk/news/uk/home-news/met-police-facial-recognition-success-south-wales-trial-home-office-false-positive-a8345036.html (last visited Aug. 09, 2018).

TOP