The Key Elements for Data Intermediaries to Deliver Their Promise

The Key Elements for Data Intermediaries to Deliver Their Promise

2022/12/13

  As human history enters the era of data economy, data has become the new oil. It feeds artificial intelligence algorithms that are disrupting how advertising, healthcare, transportation, insurance, and many other industries work. The excitement of having data as a key production input lies in the fact that it is a non-rivalrous good that does not diminish by consumption.[1] However, the fact that people are reluctant in sharing data due to privacy and trade secrets considerations has been preventing countries to realize the full value of data. [2]

  To release more data, policymakers and researchers have been exploring ways to overcome the trust dilemma. Of all the discussions, data intermediaries have become a major solution that governments are turning to. This article gives an overview of relevant policy developments concerning data intermediaries and a preliminary analysis of the key elements that policymakers should consider for data intermediaries to function well.

I. Policy and Legal developments concerning data intermediaries

  In order to unlock data’s full value, many countries have started to focus on data intermediaries. For example, in 2021, the UK’s Department for Digital, Culture, Media and Sport (DCMS) commissioned the Centre for Data Ethics and Innovation (CDEI) to publish a report on data intermediaries[3] , in response to the 2020 National Data Strategy.[4] In 2020, the European Commission published its draft Data Governance Act (DGA)[5] , which aims to build up trust in data intermediaries and data altruism organizations, in response to the 2020 European Strategy for Data.[6] The act was adopted and approved in mid-2022 by the Parliament and Council; and will apply from 24 September 2023.[7] The Japanese government has also promoted the establishment of data intermediaries since 2019, publishing guidance to establish regulations on data trust and data banks.[8]

II. Key considerations for designing effective data intermediary policy

1.Evaluate which type of data intermediary works best in the targeted country

  From CDEI’s report on data intermediaries and the confusion in DGA’s various versions of data intermediary’s definition, one could tell that there are many forms of data intermediaries. In fact, there are at least eight types of data intermediaries, including personal information management systems (PIMS), data custodians, data exchanges, industrial data platforms, data collaboratives, trusted third parties, data cooperatives, and data trusts.[9] Each type of data intermediary was designed to combat data-sharing issues in specific countries, cultures, and scenarios. Hence, policymakers need to evaluate which type of data intermediary is more suitable for their society and market culture, before investing more resources to promote them.

  For example, data trust came from the concept of trust—a trustee managing a trustor’s property rights on behalf of his interest. This practice emerged in the middle ages in England and has since developed into case law.[10] Thus, the idea of data trust is easily understood and trusted by the British people and companies. As a result, British people are more willing to believe that data trusts will manage their data on their behalf in their best interest and share their valuable data, compared to countries without a strong legal history of trusts. With more people sharing their data, trusts would have more bargaining power to negotiate contract terms that are more beneficial to data subjects than what individual data owners could have achieved. However, this model would not necessarily work for other countries without a strong foundation of trust law.

2.Quality signals required to build trust: A government certificate system can help overcome the lemon market problem

  The basis of trust in data intermediaries depends largely on whether the service provider is really neutral in its actions and does not reuse or sell off other parties’ data in secret. However, without a suitable way to signal their service quality, the market would end up with less high-quality service, as consumers would be reluctant to pay for higher-priced service that is more secure and trustworthy when they have no means to verify the exact quality.[11] This lemon market problem could only be solved by a certificate system established by actors that consumers trust, which in most cases is the government.

  The EU government clearly grasped this issue as a major obstacle to the encouragement of trust in data intermediaries and thus tackles it with a government register and verification system. According to the Data Government Act, data intermediation services providers who intend to provide services are required to notify the competent authority with information on their legal status, form, ownership structure, relevant subsidiaries, address, public website, contact details, the type of service they intend to provide, the estimated start date of activities…etc. This information would be provided on a website for consumers to review. In addition, they can request the competent authority to confirm their legal compliance status, which would in turn verify them as reliable entities that can use the ‘data intermediation services provider recognised in the Union’ label.

3.Overcoming trust issues with technology that self-enforces privacy: privacy-enhancing technologies (PETs)

  Even if there are verified data intermediation services available, businesses and consumers might still be reluctant to trust human organizations. A way to boost trust is to adopt technologies that self-enforces privacy. A real-world example is OpenSAFELY, a data intermediary implementing privacy-enhancing technologies (PETs) to provide health data sharing in a secure environment. Through a federated analytics system, researchers are able to conduct research with large volumes of healthcare data, without the ability to observe any data directly. Under such protection, UK NHS is willing to share its data for research purposes. The accuracy and timeliness of such research have provided key insights to inform the UK government in decision-making during the COVID-19 pandemic.

  With the benefits it can bring, unsurprisingly, PETs-related policies have become quite popular around the globe. In June 2022, Singapore launched its Digital Trust Centre (DTC) for accelerating PETs development and also signed a Memorandum of Understanding with the International Centre of Expertise of Montreal for the Advancement of Artificial Intelligence (CEIMIA) to collaborate on PETs.[12] On September 7th, 2022, the UK Information Commissioners’ Office (ICO) published draft guidance on PETs.[13] Moreover, the U.K. and U.S. governments are collaborating on PETs prize challenges, announcing the first phase winners on November 10th, 2022.[14] We could reasonably predict that more PETs-related policies would emerge in the coming year.

[1] Yan Carrière-Swallow and Vikram Haksar, The Economics of Data, IMFBlog (Sept. 23, 2019), https://blogs.imf.org/2019/09/23/the-economics-of-data/#:~:text=Data%20has%20become%20a%20key,including%20oil%2C%20in%20important%20ways (last visited July 22, 2022).

[2] Frontier Economics, Increasing access to data across the economy: Report prepared for the Department for Digital, Culture, Media, and Sport (2021), https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/974532/Frontier-access_to_data_report-26-03-2021.pdf (last visited July 22, 2022).

[3] The Centre for Data Ethics and Innovation (CDEI), Unlocking the value of data: Exploring the role of data intermediaries (2021), https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1004925/Data_intermediaries_-_accessible_version.pdf (last visited June 17, 2022).

[4] Please refer to the guidelines for the selection of sponsors of the 2022 Social Innovation Summit: https://www.gov.uk/government/publications/uk-national-data-strategy/national-data-strategy (last visited June 17, 2022).

[5] Regulation of the European Parliament and of the Council on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act), 2020/0340 (COD) final (May 4, 2022).

[6] Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and The Committee of the Regions— A European strategy for data, COM/2020/66 final (Feb 19, 2020).

[7] Proposal for a Regulation on European Data Governance, European Parliament Legislative Train Schedule, https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-data-governance-act(last visited Aug 17, 2022).

[8] 周晨蕙,〈日本資訊信託功能認定指引第二版〉,科技法律研究所,https://stli.iii.org.tw/article-detail.aspx?no=67&tp=5&d=8422(最後瀏覽日期︰2022/05/30)。

[9] CDEI, supra note 3.

[10] Ada Lovelace Institute, Exploring legal mechanisms for data stewardship (2021), 30~31,https://www.adalovelaceinstitute.org/wp-content/uploads/2021/03/Legal-mechanisms-for-data-stewardship_report_Ada_AI-Council-2.pdf (last visited Aug 17, 2022).

[11] George A. Akerlof, The Market for "Lemons": Quality Uncertainty and the Market Mechanism, THE QUARTERLY JOURNAL OF ECONOMICS, 84(3), 488-500 (1970).

[12] IMDA, MOU Signing Between IMDA and CEIMIA is a Step Forward in Cross-border Collaboration on Privacy Enhancing Technology (PET) (2022),https://www.imda.gov.sg/-/media/Imda/Files/News-and-Events/Media-Room/Media-Releases/2022/06/MOU-bet-IMDA-and-CEIMIA---ATxSG-1-Jun-2022.pdf (last visited Nov. 28, 2022).

[13] ICO publishes guidance on privacy enhancing technologies, ICO, https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/09/ico-publishes-guidance-on-privacy-enhancing-technologies/ (last visited Nov. 27, 2022).

[14] U.K. and U.S. governments collaborate on prize challenges to accelerate development and adoption of privacy-enhancing technologies, GOV.UK, https://www.gov.uk/government/news/uk-and-us-governments-collaborate-on-prize-challenges-to-accelerate-development-and-adoption-of-privacy-enhancing-technologies (last visited Nov. 28, 2022); Winners Announced in First Phase of UK-US Privacy-Enhancing Technologies Prize Challenges, NIST, https://www.nist.gov/news-events/news/2022/11/winners-announced-first-phase-uk-us-privacy-enhancing-technologies-prize (last visited Nov. 28, 2022).

※The Key Elements for Data Intermediaries to Deliver Their Promise,STLI, https://stli.iii.org.tw/en/article-detail.aspx?no=55&tp=2&i=168&d=8923 (Date:2024/06/23)
Quote this paper
You may be interested
Finland’s Technology Innovation System

I. Introduction   When, Finland, this country comes to our minds, it is quite easy for us to associate with the prestigious cell-phone company “NOKIA”, and its unbeatable high technology communication industry. However, following the change of entire cell-phone industry, the rise of smart phone not only has an influence upon people’s communication and interaction, but also makes Finland, once monopolized the whole cell-phone industry, feel the threat and challenge coming from other new competitors in the smart phone industry. However, even though Finland’s cell-phone industry has encountered frustrations in recent years in global markets, the Finland government still poured many funds into the area of technology and innovation, and brought up the birth of “Angry Birds”, one of the most popular smart phone games in the world. The Finland government still keeps the tradition to encourage R&D, and wishes Finland’s industries could re-gain new energy and power on technology innovation, and indirectly reach another new competitive level.   According to the Statistics Finland, 46% Finland’s enterprises took innovative actions upon product manufacturing and the process of R&D during 2008-2010; also, the promotion of those actions not merely existed in enterprises, but directly continued to the aspect of marketing and manufacturing. No matter on product manufacturing, the process of R&D, the pattern of organization or product marketing, we can observe that enterprises or organizations make contributions upon innovative activities in different levels or procedures. In the assignment of Finland’s R&D budgets in 2012, which amounted to 200 million Euros, universities were assigned by 58 million Euros and occupied 29% R&D budgets. The Finland Tekes was assigned by 55 million Euros, and roughly occupied 27.5% R&D budgets. The Academy of Finland (AOF) was assigned by 32 million Euros, and occupied 16% R&D budges. The government’s sectors were assigned by 3 million Euros, and occupied 15.2% R&D budgets. Other technology R&D expenses were 2.1 million Euros, and roughly occupied 10.5% R&D. The affiliated teaching hospitals in universities were assigned by 0.36 million Euros, and occupied 1.8% R&D budgets. In this way, observing the information above, concerning the promotion of technology, the Finland government not only puts more focus upon R&D innovation, but also pays much attention on education quality of universities, and subsidizes various R&D activities. As to the Finland government’s assignment of budges, it can be referred to the chart below.   As a result of the fact that Finland promotes industries’ innovative activities, it not only made Finland win the first position in “Growth Competitiveness Index” published by the World Economic Forum (WEF) during 2000-2006, but also located the fourth position in 142 national economy in “The Global Competitiveness Report” published by WEF, preceded only by Swiss, Singapore and Sweden, even though facing unstable global economic situations and the European debt crisis. Hence, observing the reasons why Finland’s industries have so strong innovative power, it seems to be related to the Finland’s national technology administrative system, and is worthy to be researched. II. The Recent Situation of Finland’s Technology Administrative System A. Preface   Finland’s administrative system is semi-presidentialism, and its executive power is shared by the president and the Prime Minister; as to its legislative power, is shared by the Congress and the president. The president is the Finland’s leader, and he/she is elected by the Electoral College, and the Prime Minister is elected by the Congress members, and then appointed by the president. To sum up, comparing to the power owned by the Prime Minister and the president in the Finland’s administrative system, the Prime Minister has more power upon executive power. So, actually, Finland can be said that it is a semi-predisnetialism country, but trends to a cabinet system.   Finland technology administrative system can be divided into four parts, and the main agency in each part, based upon its authority, coordinates and cooperates with making, subsidizing, executing of Finland’s technology policies. The first part is the policy-making, and it is composed of the Congress, the Cabinet and the Research and Innovation Council; the second part is policy management and supervision, and it is leaded by the Ministry of Education and Culture, the Ministry of Employment and the Economy, and other Ministries; the third part is science program management and subsidy, and it is composed of the Academy of Finland (AOF), the National Technology Agency (Tekes), and the Finnish National Fund Research and Development (SITRA); the fourth part is policy-executing, and it is composed of universities, polytechnics, public-owned research institutions, private enterprises, and private research institutions. Concerning the framework of Finland’s technology administrative, it can be referred to below. B. The Agency of Finland’s Technology Policy Making and Management (A) The Agency of Finland’s Technology Policy Making   Finland’s technology policies are mainly made by the cabinet, and it means that the cabinet has responsibilities for the master plan, coordinated operation and fund-assignment of national technology policies. The cabinet has two councils, and those are the Economic Council and the Research and Innovation Council, and both of them are chaired by the Prime Minister. The Research and Innovation Council is reshuffled by the Science and Technology Policy Council (STPC) in 1978, and it changed name to the Research and Innovation Council in Jan. 2009. The major duties of the Research and Innovation Council include the assessment of country’s development, deals with the affairs regarding science, technology, innovative policy, human resource, and provides the government with aforementioned schedules and plans, deals with fund-assignment concerning public research development and innovative research, coordinates with all government’s activities upon the area of science, technology, and innovative policy, and executes the government’s other missions.   The Research and Innovation Council is an integration unit for Finland’s national technology policies, and it originally is a consulting agency between the cabinet and Ministries. However, in the actual operation, its scope of authority has already covered coordination function, and turns to direct to make all kinds of policies related to national science technology development. In addition, the consulting suggestions related to national scientific development policies made by the Research and Innovation Council for the cabinet and the heads of Ministries, the conclusion has to be made as a “Key Policy Report” in every three year. The Report has included “Science, Technology, Innovation” in 2006, “Review 2008” in 2008, and the newest “Research and Innovation Policy Guidelines for 2011-2015” in 2010.   Regarding the formation and duration of the Research and Innovation Council, its duration follows the government term. As for its formation, the Prime Minister is a chairman of the Research and Innovation Council, and the membership consists of the Minister of Education and Science, the Minister of Economy, the Minister of Finance and a maximum of six other ministers appointed by the Government. In addition to the Ministerial members, the Council shall comprise ten other members appointed by the Government for the parliamentary term. The Members must comprehensively represent expertise in research and innovation. The structure of Council includes the Council Secretariat, the Administrative Assistant, the Science and Education Subcommittee, and the Technology and Innovation Subcommittee. The Council has the Science and Education Subcommittee and the Technology and Innovation Subcommittee with preparatory tasks. There are chaired by the Ministry of Education and Science and by the Minister of Economy, respectively. The Council’s Secretariat consists of one full-time Secretary General and two full-time Chief Planning Officers. The clerical tasks are taken care of at the Ministry of Education and Culture. (B) The Agency of Finland’s Technology Policy Management   The Ministries mainly take the responsibility for Finland’s technology policy management, which includes the Ministry of Education and Culture, the Ministry of Employment and Economy, the Ministry of Social Affairs and Health, the Ministry of Agriculture and Forestry, the Ministry of Defense, the Ministry of Transport and Communication, the Ministry of Environment, the Ministry of Financial, and the Ministry of Justice. In the aforementioned Ministries, the Ministry of Education and Culture and the Ministry of Employment and Economy are mainly responsible for Finland national scientific technology development, and take charge of national scientific policy and national technical policy, respectively. The goal of national scientific policy is to promote fundamental scientific research and to build up related scientific infrastructures; at the same time, the authority of the Ministry of Education and Culture covers education and training, research infrastructures, fundamental research, applied research, technology development, and commercialization. The main direction of Finland’s national scientific policy is to make sure that scientific technology and innovative activities can be motivated aggressively in universities, and its objects are, first, to raise research funds and maintain research development in a specific ratio; second, to make sure that no matter on R&D institutions or R&D training, it will reach fundamental level upon funding or environment; third, to provide a research network for Finland, European Union and global research; fourth, to support the research related to industries or services based upon knowledge-innovation; fifth, to strengthen the cooperation between research initiators and users, and spread R&D results to find out the values of commercialization, and then create a new technology industry; sixth, to analyze the performance of national R&D system.   As for the Ministry of Employment and Economy, its major duties not only include labor, energy, regional development, marketing and consumer policy, but also takes responsibilities for Finland’s industry and technical policies, and provides industries and enterprises with a well development environment upon technology R&D. The business scope of the Ministry of Employment and Economy puts more focus on actual application of R&D results, it covers applied research of scientific technology, technology development, commercialization, and so on. The direction of Finland’s national technology policy is to strengthen the ability and creativity of industries’ technology development, and its objects are, first, to develop the new horizons of knowledge with national innovation system, and to provide knowledge-oriented products and services; second, to promote the efficiency of the government R&D funds; third, to provide cross-country R&D research networks, and support the priorities of technology policy by strengthening bilateral or multilateral cooperation; fourth, to raise and to broaden the efficiency of research discovery; fifth, to promote the regional development by technology; sixth, to evaluate the performance of technology policy; seventh, to increase the influence of R&D on technological change, innovation and society; eighth, to make sure that technology fundamental structure, national quality policy and technology safety system will be up to international standards. (C) The Agency of Finland’s Technology Policy Management and Subsidy   As to the agency of Finland’s technology policy management and subsidy, it is composed of the Academy of Finland (AOF), the National Technology Agency (Tekes), and the Finnish National Fund Research and Development (SITRA). The fund of AOF comes from the Ministry of Education and Culture; the fund of Tekes comes from the Ministry of Employment and Economy, and the fund of SITRA comes from independent public fund supervised by the Finland’s Congress. (D) The Agency of Finland’s Technology Plan Execution   As to the agency of Finland’s technology plan execution, it mainly belongs to the universities under Ministries, polytechnics, national technology research institutions, and other related research institutions. Under the Ministry of Education and Culture, the technology plans are executed by 16 universities, 25 polytechnics, and the Research Institute for the Language of Finland; under the Ministry of Employment and Economy, the technology plans are executed by the Technical Research Centre of Finland (VTT), the Geological Survey of Finnish, the National Consumer Research Centre; under the Ministry of Social Affairs and Health, the technology plans are executed by the National Institute for Health and Welfare, the Finnish Institute of Occupational Health, and University Central Hospitals; under the Ministry of Agriculture and Forestry, the technology plans are executed by the Finnish Forest Research Institute (Metla), the Finnish Geodetic Institute, and the Finnish Game and Fisheries Research Institute (RKTL); under the Ministry of Defense, the technology plans are executed by the Finnish Defense Forces’ Technical Research Centre (Pvtt); under the Ministry of Transport and Communications, the technology plans are executed by the Finnish Meteorological Institute; under the Ministry of Environment, the technology plans are executed by the Finnish Environment Institute (SYKE); under the Ministry of Financial, the technology plans are executed by the Government Institute for Economic Research (VATT). At last, under the Ministry of Justice, the technology plans are executed by the National Research Institute of Legal Policy.

New Version of Personal Information Protection Act and Personal Information Protection & Administration System

I.Summary In 1995, the Computer-Processed Personal Data Protection Law was implemented in the Republic of China. With the constant development of information technology and the limitations in the application of the legislation, the design of the original legal system is no longer consistent with practical requirements. Considering the increasing number of incidents of personal data leaks, discussions were carried out over a long period of time and the new version of the Personal Information Protection Act was passed after three readings in April, 2010. The title of the law was changed to Personal Information Protection Act. The new system has been officially implemented since 1 October, 2012. The new Act not only revised the provisions of the law in a comprehensive way, but also significantly increased the obligations and responsibilities of enterprises. In terms of civil liability, the maximum amount of compensation for a single incident is 200 Million NTD. For domestic industries, how to effectively respond to the requirements under the Personal Information Protection Act and adopt proper corresponding measures to lower the risk has become a key task for enterprise operation. II. Main Points 1. Implementation of the Enforcement Rules of the Personal Information Protection Act Personal information protection can be said the most concerned issue in Taiwan recently. As a matter of fact, the Computer-Processed Personal Data Protection Law was established in Taiwan as early as August 1995. After more than 10 years of development, computer and information technology has evolved significantly, and many emerging business models such as E-commerce are extensively collecting personal data. It has become increasingly important to properly protect personal privacy. However, the previous Computer-Processed Personal Data Protection Law was only applicable to certain industries, i.e. the following 8 specific industries: the credit investigation business, hospital, school, telecommunication business, financial business, securities business, insurance business, and mass media. And other business was designated by the Ministry of Justice and the central government authorities in charge of concerned enterprises. In addition, the law only protected personal information that was processed by “computer or automatic equipment”. Personal information that was not computer processed was not included. There were clearly no sufficient regulations for the protection of personal data privacy and interest. There were numerous incidents of personal data leaks. Among the top 10 consumer news issued by the Consumer Protection Committee of the Executive Yuan in 2007, “incidents of personal data leaks through E-commerce and TV shopping” was on the top of the list. This provoked the Ministry of Justice and the Ministry of Economic Affairs to “jointly designate” the retail industry without physical boutique (including 3 transaction models: online shopping, catalogue shopping and TV shopping) to be governed by the Computer-Processed Personal Data Protection Law since 1 July 2010. To allow the provisions of the personal information protection legal system to meet the environment of rapid change, the Executive Yuan proposed a Draft Amendment to the Computer-Processed Personal Data Protection Law very early and changed the title to the Personal Information Protection Act. The draft was discussed many times in the Legislative Yuan. Personal Information Protection Act was finally passed after three readings in April 2010, which was officially published by the Office of the President on 26 May. Although the new law was passed in April 2010, to allow sufficient time for enterprises and the public to understand and comply the new law, the new version of the personal information protection law was not implemented on the date of publication. In accordance with Article 56 of the Act, the date of implementation was to be further established by the Executive Yuan. After discussions over a long period of time, the Executive Yuan decided for the Personal Information Protection Act to be officially implemented on 1 October 2012. However, the implementation of two articles is withheld: Article 6 of the Act about the principal prohibition against the collection, processing and use of special personal information and Article 54 about the obligation to notice the Party within one year for personal information indirectly acquired before the implementation of the new law. In terms of the personal data protection legal system, other than the most important Personal Data Protection Act, the enforcement rules established in accordance with the main law also play a key role. The previous Enforcement Rules of the Computer-Processed Personal Data Protection Law were published and implemented on 1 May, 1996. Considering that the Computer-Processed Personal Data Protection Law was amended in 2010 and that its title has been changed to the Personal Data Protection Act, the Ministry of Justice also followed the amended provisions under the new law and actively studied the Draft Amendment to the Enforcement Rules of the Computer-Processed Personal Data Protection Act. After it was confirmed that the new version of the Personal Data Protection Act would be officially launched on 1 October 2012, the Ministry of Justice announced officially the amended enforcement rules on 26 September, 2012. The title of the enforcement rules was also amended to the Enforcement Rules of the Personal Data Protection Act. The new version of personal data protection law and enforcement rules was thus officially launched, creating a brand new era for the promotion of personal data protection in Taiwan. II. Personal Data Administration System and Information Privacy Protection Charter Before the amendment to the Personal Data Protection Act was passed, the Legislative Yuan made a proposal to the government in June 2008 to promote a privacy administration and protection certification system in Taiwan, in reference to foreign practices. In August of the following year, the Strategic Review Board of the Executive Yuan passed a resolution to promote the E-Commerce Personal Data Administration and Information Security Action Plan. In December of the same year, approval was granted for the plan to be included in the key government promotion plans from 2010 to 2013. Based on this action plan, since October 2010, the Ministry of Economic Affairs has asked the Institution for Information Industry to execute an E-Commerce Personal Data Administration System Setup Plan. Since 2012, the E-Commerce Personal Data Administration System Promotion Plan and the Taiwan Personal Information Protection and Administration System (TPIPAS) have been established and promoted, with the objective of procuring enterprises to, while complying with the personal data protection legal system, properly protect consumers’ personal information through the establishment of an internal administration mechanism and ensuring that the introducing enterprises meet the requirements of the system. The issuance of the Data Privacy Protection Mark (dp.mark) was also used as an objective benchmark for consumers to judge the enterprise’s ability to maintain privacy. Regarding the introduction of the personal data administration system, enterprises should establish a content administration mechanism step by step in accordance with the Regulations for Taiwan Personal Information Protection and Administration System. Such system also serves as the review benchmark to decide whether domestic enterprises can acquire the Data Privacy Protection Mark (dp.mark). Since domestic enterprises did not have experience in establishing internal personal data administration system in the past, starting 2011, under the Taiwan Personal Information Protection and Administration System, enterprises received assistance in the training of system professionals such as Personal Data Administrators and Personal Data Internal Appraisers. Quality personal data administrators can help enterprises establish complete internal systems. Internal appraisers play the role of confirming whether the systems established by the enterprises are consistent with the system requirements. As of 2012, there are almost 100 enterprises in Taiwan that participate in the training of system staff and a total of 426 administrators and 131 internal appraisers. In terms of the introduction of TPIPAS, in additional to the establishment and introduction of administration systems by qualified administrators, enterprises can also seek assistance from external professional consulting institutions. Under the Taiwan Personal Information Protection and Administration System, applications for registration of consulting institutions became available in 2012. Qualified system consulting institutions are published on the system website. Today 9 qualified consulting institutions have completed their registrations, providing enterprises with personal data consulting services. After an enterprise completes the establishment of its internal administration system, it may file an application for certification under the Taiwan Personal Information Protection and Administration System. The certification process includes two steps: “written review” and “site review”. After the enterprise passing certification, it is qualified to use the Data Privacy Protection Mark (dp.mark). Today 7 domestic companies have passed TPIPAS certification and acquired the dp.mark: 7net, FamiPort, books.com.tw, LOTTE, GOHAPPY, PAYEASY and Sinya Digital, reinforcing the maintenance of consumer privacy information through the introduction of personal data administration system. III. Event Analysis The Taiwan Personal Information Protection and Administration System (TPIPAS) is a professional personal data administration system established based on the provisions of the latest version of the domestic Personal Data Protection Act, in reference to the latest requirements of personal data protection by international organizations and the experience of main countries in promoting personal data administration system. In accordance with the practical requirements to protect personal data by industries, TPIPAS converted professional legal conditions into an internal personal data administration procedure to effectively assist industries to establish a complete and proper personal data administration system and to comply with the requirements of personal data legislations. With the launch of the new version of the Personal Data Protection Act, introducing TPIPAS and acquiring dp.mark are the best strategies for enterprises to lower the risk from the personal data protection law and to upgrade internal personal data administration capability.

An Analysis of the Recusal Mechanism in the Latest Revision of the Government Procurement Act and Regulations Governing Procurements for Scientific and Technological Research and Development

An Analysis of the Recusal Mechanism in the Latest Revision of the Government Procurement Act and Regulations Governing Procurements for Scientific and Technological Research and Development 1. Introduction   Article 1 of the Government Procurement Act (hereinafter referred to as the Act) reveals that “This Act is enacted to establish a government procurement system that has fair and open procurement procedures, promotes the efficiency and effectiveness of government procurement operation, and ensures the quality of procurement.” Therefore, a recusal mechanism for reviewing qualification/disqualification of tenders and bidders is highly essential, for example, the head of the agency or its related persons should disclose the conflict of interests. After amended and promulgated on May 22, 2019 (Presidential Decree Hua-tzung-1 Yi No. 10800049691), the Act was revised with the identical legislative principle of the Act on Recusal of Public Servants Due to Conflicts of Interest. In other words, a more flexible and transparent mechanism has been adopted, which is more advanced and ideal for both procurement authority and external supervisors. 2. The New Recusal Mechanism of the Act Enhances the Flexibility and Transparency   The revision struck out the Paragraph 4, Article 15 of the Act, and the regulation related to the recusal mechanism shall be comply with the Act on Recusal of Public Servants Due to Conflicts of Interest, especially the qualification/disqualification provision of the “related persons.” The new government procurement procedure adopted a more flexible and transparent practice, “disclosure in advance and publication afterwards.” The detailed analysis is as follows. (1) Before the Act amended, the personnel of a procuring entity and its related persons shall withdraw themselves from the procurement.   Before the Act amended, the personnel of a procuring entity and its related persons shall withdraw themselves from the procurement. According to the previous Paragraph 4 of Article 15 (4), “Suppliers or persons in charge shall not participate in the procurement if they have connections with the agency’s head described in Paragraph 2. However, if the implementation of this paragraph is against fair competition or public interest, the exclusion can be exempted with the authority’s approval.” The Paragraph 2 mentioned specified, “The personnel of a procuring entity shall withdraw themselves from procurement and all related matters thereof if they or their spouses, relatives by blood or by marriage within three degrees, or family members living together with them have interests involved therein.” Simply put, legislators considered that suppliers or persons in charge shall not participate in an agency's procurement if they have conflict of interests with its head. For instance, the spouses, all the relatives within the third degree by consanguinity (blood) or by affinity (marriage), or family members living together with the head of the agency, cannot involve in the procurement of the agency. Furthermore, if a legal entity or an organization is directed by the relatives of the head of a government agency mentioned, it is disqualified from the procurement. (2) After the Act amended, the recusal of related persons substituted by self-disclosure and information publication norms   According to the Amendment, the Act was amended because the content of the article is existed in Article 9 of Act on Recusal of Public Servants Due to Conflicts of Interest; thus, Article 15 of the Act is hereby deleted. Recalling Article 9 of the previous Act on Recusal of Public Servants Due to Conflicts of Interest, “A public servant and his related persons shall not conduct transactions such as subsidizing, sales, lease, contracting, or other transactions conducted with consideration with the organ with which the public servant serves or the organs under his supervision.” For this reason, the amendment to Article 15 of Government Procurement Act is to regulate the mechanism of withdrawal of relevant parties by Article 14 of the existing Act on Recusal of Public Servants Due to Conflicts of Interest. However, the amendment of this article is greatly affected by the interpretation of judicial court no. 716, so it is necessary to briefly describe its key points as follows.   On the basis of the Judicial Yuan Justice Interpretation No. 716 [Transactions between public officials and their associates and service agencies shall be prohibited), adopting a constitutional interpretation of Article 9 of Act on Recusal of Public Servants Due to Conflicts of Interest, grand justice agreed this article does not contradict the proportion principle of article 23 of Constitution of the Republic of China (Taiwan), and it does not violate Article 15 “The right of existence, the right of work, and the right of property shall be guaranteed to the people” and Article 22 “All other freedoms and rights of the people that are not detrimental to social order or public welfare shall be guaranteed under the Constitution”, either. However, for public officials, if they are not allowed to participate in trading competition, it will result in the monopoly of other minority traders, which is not conducive to the public interest. Therefore, this interpretation holds that if the agency has conducted open and fair procedures in the transaction process, and there is sufficient anti-fraud regulation, whether there is still a risk of improper benefit transmission or conflict of interest, and it is necessary to prohibit the transaction of public officials' associates, the relevant authorities should make comprehensive review and improvement as soon as possible.   Accordingly, following interpretation no. 716, Act on Recusal of Public Servants Due to Conflicts of Interest was amended and published with 23 articles on 13 June, 2018. The withdrawal of interested parties is provided for in Article 14 and an additional six exceptions are provided, including: (1) The procurement carried out by public notice under the Government Procurement Act or pursuant to Article 105 of the same Act. (2) The property right in interest created for the procurement, sale by tender, lease by tender or tender solicitation carried out by public notice in a fair competitive manner pursuant to laws. (3) Subsidy requested in the legal capacity under laws; the subsidy to the public servant’s related person in an open and fair manner pursuant to laws, or the subsidy which might be against the public interest if it is prohibited and is granted subject to the competent authority’s approval. (4) The subject matter of the transaction is provided by the organ with which the public servant serves or the organs under his supervision, and traded at the official price. (5) The lease, acquisition, discretionary management, improvement and utilization of national non-public real estate requested by the state-owned enterprise in order to execute the national construction projects or public policies, or for the purpose of public welfare. (6) The subsidy and transaction under the specific amount.   The above amendments make the transactions between public officials and related parties that should be avoided in the past partially flexible now. In accordance with Paragraph 2 of the same article, in the case of the first three paragraphs of the proviso of Paragraph 1, the applicant or bidder shall voluntarily state his/her identity in the application or tender documents. After the subsidy or transaction is established, the agency shall disclose it together with its identity. That is to say, the self-disclosure is required beforehand and the information will go public afterwards to meet public expectations of transparency. This is also conducive to the supervision of all sectors, and conforms to the intention of the grand justice’s interpretation.   The reason why there is no need for government procurement to withdrawal is that the announcement process of the procurement is made in accordance with Government Procurement Act (including open tendering, selective tendering and restricted tendering through the announcement). There are strict procedures to follow and there is no conflict between the conflict of interest of public officials and the spirit of legislation. As to Paragraph 2 of other legal orders, the property right in interest created for the procurement, sale by tender, lease by tender or tender solicitation carried out by public notice in a fair competitive manner pursuant to laws. The legislative explanations are exemplified by the procurement (e.g. procurements for scientific and technological research and development) handled by the announcement in accordance with Fundamental Science and Technology Act. 3. Conclusion: It is suggested that relevant withdrawal regulations should be amended as soon as possible in procurements for scientific and technological research and development   The strike-out of the recusal provision of the Act does not mean that government procurement stoke out the recusal mechanism. The recusal mechanism is still stated in Article 14 of Act on Recusal of Public Servants Due to Conflicts of Interest. In addition to the advantages of the same regulations on the prohibition of transactions between related parties, it also enables the regulators with open and fair procedures and sufficient prevention of fraud, such as government procurement, to avoid evading so as not to harm the public interest. At the same time, supplemented by open and transparent disclosure, the amendment is a positive change of legislation.   Meanwhile, this paper believes that Government Procurement Act has adopted the mechanism of flexibility and transparency requirements for the procurement object avoidance regulations, and procurements for scientific and technological research and development should revise relevant withdrawal regulations as soon as possible. In accordance with Paragraph 4 of Article 6 of Fundamental Science and Technology Act and the authorization, Regulations Governing Procurements for Scientific and Technological Research and Development (hereinafter referred to as the regulatory regulations) is established. According to Article 8 (2) and (3) of the regulation, a responsible person, partner, or representative of the public school, public research institute (organization), or juristic person or entity performing the scientific research procurement may not serve as a responsible person, partner, or representative of the supplier. The supplier and the juristic person or entity performing the scientific research procurement may not at the same time be affiliated with each other, or affiliated to the same other enterprise. From the perspective of the article structure, the withdrawal regulation for scientific research procurement is within the norm of Article 15 of Government Procurement Act before the amendment, but it includes regulations for affiliated enterprises, which is not included in Article 15. The amendment to Article 14 of Act on Recusal of Public Servants Due to Conflicts of Interest also states that the proviso of Paragraph 1 of scientific research procurement “other procurements that are regulated by fair competition and by means of an announcement procedure” can also prove that the mechanism for scientific research procurement should adopt this provision. Therefore, it is recommended that the original procurements for scientific and technological research that is independent from Government Procurement Act should be amended by the competent authority as soon as possible in order to comply with the relevant provisions of Article 8 of Regulations Governing Procurements for Scientific and Technological Research and Development and to comply with the original intention of the Regulations Governing Procurements for Scientific and Technological Research and Development, and to avoid stricter regulations on scientific procurement than government procurement. Meanwhile, it is in accordance with the spirit of the grand justice’s interpretation No. 716.

Recommendation of the Regulations on the Legal and Effective Access to Taiwan’s Biological Resources

Preface Considering that, many countries and regional international organizations already set up ABS system, such as Andean Community, African Union, Association of Southeast Asia Nations (ASEAN), Australia, South Africa, and India, all are enthusiastic with the establishment of the regulations regarding the access management of biological resources and genetic resources. On the other hand, there are still many countries only use traditional and existing conservation-related regulations to manage the access of biological resources. Can Taiwan's regulations comply with the purposes and objects of CBD? Is there a need for Taiwan to set up specific regulations for the management of these access activities? This article plans to present Taiwan's regulations and review the effectiveness of the existing regulations from the aspect of enabling the legal and effective access to biological resources. A recommendation will be made on whether Taiwan should reinforce the management of the bio-resources access activities. Review and Recommendation of the Regulations on the Legal and Effective Access to Taiwan's Biological Rersearch Resources (1)Evaluate the Needs and Benefits before Establishing the Regulation of Access Rights When taking a look at the current development of the regulations on the access of biological resources internationally, we discover that some countries aggressively develop designated law for access, while some countries still adopt existing regulations to explain the access rights. Whether to choose a designated law or to adopt the existing law should depend on the needs of establishing access and benefit sharing system. Can the access and benefit sharing system benefit the functioning of bio-technological research and development activities that link closely to the biological resources? Can the system protect the interests of Taiwan's bio-research results? In Taiwan, in the bio-technology industry, Agri-biotech, Medical, or Chinese Herb Research & Development are the key fields of development. However, the biological resources they use for the researches are mainly supplied from abroad. Hence, the likelihood of violating international bio-piracy is higher. On the contrary, the incidence of international research houses searching for the biological resources from Taiwan is comparatively lower, so the possibility for them to violate Taiwan's bio-piracy is very low. To look at this issue from a different angle, if Taiwan establishes a separate management system for the access of biological resources, it is likely to add more restrictions to Taiwan's bio-tech R&D activities and impact the development of bio-industry. Also, under the new management system, international R&D teams will also be confined, if they wish to explore the biological resources, or conduct R&D and seek for co-operation activities in Taiwan. Not to mention that it is not a usual practice for international R&D teams to look for Taiwan's biological resources. A new management system will further reduce their level of interest in doing so. In the end, the international teams will then shift their focus of obtaining resources from other countries where the regulation on access is relatively less strict. Before Taiwan establishes the regulations on the legal and effective access to bio-research resources, the government should consider not only the practical elements of the principal on the fair and impartial sharing of the derived interests from bio-research resources, but also take account of its positive and negative impacts on the development of related bio-technological industries. Even if a country's regulation on the access and benefit sharing is thorough and comprehensive enough to protect the interests of bio-resource provider, it will, on the contrary, reduce the industry's interest in accessing the bio-resources. As a result, the development of bio-tech industry will be impacted and the resource provider will then be unable to receive any benefits. By then, the goal of establishing the regulation to benefit both the industry and resource provider will not be realized. To sum up, it is suggested to evaluate the suitability of establishing the management system for the access to biological resources through the cost-effect analysis first. And, further consider the necessity of setting up regulations by the access the economic benefits derived from the regulation for both resource provider and bio-tech industry. (2)The Feasibility of Managing the access to Bio-research Resources from existing Regulations As analysed in the previous paragraphs, the original intention of setting up the Wildlife Conservation Act, National Park Law, Forestry Act, Cultural Heritage Preservation Act, and Aboriginal Basic Act is to protect the environment and to conserve the ecology. However, if we utilize these traditional regulations properly, it can also partially help to manage the access to biological resources. When Taiwan's citizens wish to enter specific area, or to collect the biological resources within the area, they need to receive the permit from management authority, according to current regulations. Since these national parks, protection areas, preserved areas, or other controlled areas usually have the most comprehensive collections of valuable biological resources in a wide range of varieties, it is suggested to include the agreements of access and benefit sharing as the mandatory conditions when applying for the entrance permit. Therefore, the principal of benefit sharing from the access to biological resources can be assured. Furthermore, the current regulations already favour activities of accessing biological resources for academic research purpose. This practice also ties in with the international trend of separating the access application into two categories - academic and business. Australia's practice of access management can be a very good example of utilizing the existing regulations to control the access of resources. The management authority defines the guidelines of managing the entrance of control areas, research of resources, and the collection and access of resources. The authority also adds related agreements, such as PIC (Prior Informed Consent), MTA (Material Transfer Agreement), and benefit sharing into the existing guidelines of research permission. In terms of scope of management, the existing regulation does not cover all of Taiwan's bio-research resources. Luckily, the current environmental protection law regulates areas with the most resourceful resources or with the most distinctive and rare species. These are often the areas where the access management system is required. Therefore, to add new regulation for access management on top of the existing regulation is efficient method that utilizes the least administrative resources. This could be a feasible way for Taiwan to manage the access to biological resources. (3)Establish Specific Regulations to Cover the Details of the Scope of Derived Interests and the Items and Percentage of Funding Allocation In addition to the utilization of current regulations to control the access to biological resources, many countries establish specific regulations to manage the biological resources. If, after the robust economic analysis had been done, the country has come to an conclusion that it is only by establishing new regulations of access management the resources and derived interests of biological resources can be impartially shared, the CBD (Convention of Bio Diversity), the Bonn Guidelines, or the real implementation experiences of many countries can be an important guidance when establishing regulations. Taiwan has come up with the preliminary draft of Genetic Resources Act that covers the important aspects of international access guidelines. The draft indicates the definition and the scope of access activities, the process of access applications (for both business and academic purpose), the establishment of standardized or model MTA, the obligation of disclosing the sources of property rights (patents), and the establishment of bio-diversity fund. However, if we observe the regulation or drafts to the access management of the international agreements or each specific country, we can find that the degree of strictness varies and depends on the needs and situations. Generally speaking, these regulations usually do not cover some detailed but important aspects such as the scope of derived interests from biological resources, or the items and percentage of the allocation of bio-diversity fund. Under the regulation to the access to biological resources, in addition to the access fee charge, the impartial sharing of the derived interests is also an important issue. Therefore, to define the scope of interests is extremely important. Any interest that is out of the defined scope cannot be shared. The interest stated in the existing regulation generally refers to the biological resources or the derived business interests from genetic resources. Apart from describing the forms of interest such as money, non-money, or intellectual property rights, the description of actual contents or scope of the interests is minimal in the regulations. However, after realizing the importance of bio-diversity and the huge business potential, many countries have started to investigate the national and international bio-resources and develop a database system to systematically collect related bio-research information. The database comprised of bio-resources is extremely useful to the activities related to bio-tech developments. If the international bio-tech companies can access Taiwan's bio-resource database, it will save their travelling time to Taiwan. Also, the database might as well become a product that generates revenues. The only issue that needs further clarification is whether the revenue generated from the access of database should be classified as business interests, as defined in the regulations. As far as the bio-diversity fund is concerned, many countries only describe the need of setting up bio-diversity funds in a general manner in the regulations. But the definition of which kind of interests should be put into funds, the percentage of the funds, and the related details are not described. As a result, the applicants to the access of bio-resources or the owner of bio-resources cannot predict the amount of interests to be put into bio-diversity fund before they actually use the resources. This issue will definitely affect the development of access activities. To sum up, if Taiwan's government wishes to develop the specific regulations for the access of biological resources, it is advised to take the above mentioned issues into considerations for a more thoroughly described, and more effective regulations and related framework. Conclusion In recent years, it has been a global trend to establish the regulations of the access to and benefit sharing of bio-resources. The concept of benefit sharing is especially treated as a useful weapon for the developing countries to protect the interests of their abundant bio-research resources. However, as we are in the transition period of changing from free access to biological resources to controlled access, we are facing different regulations within one country as well as internationally. It will be a little bit disappointing for the academic research institution and the industry who relies on the biological resources to conduct bio-tech development if they do not see a clear principal direction to follow. The worse case is the violation of the regulation of the country who owns the bio-resources when the research institutions try to access, exchange, or prospect the biological resources without thorough understanding of related regulations. For some of Taiwan's leading fields in the bio-tech industry, such as Chinese and herbal medicine related products, agricultural products, horticultural products, and bio-tech products, since many resources are obtained from abroad, the incidence of violation of international regulation will increase, and the costs from complying the regulations will also increase. Therefore, not only the researcher but also the government have the responsibility to understand and educate the related people in Taiwan's bio-tech fields the status of international access management regulations and the methods of legally access the international bio-research resources. Currently in Taiwan, we did not establish specific law to manage the access to and benefit sharing of bio-resources. Comparing with the international standard, there is still room of improvement for Taiwan's regulatory protection to the provider of biological resources. However, we have to consider the necessity of doing so, and how to do the improvement. And Taiwan's government should resolve this issue. When we consider whether we should follow international trend to establish a specific law for access management, we should always go back to check the potential state interests we will receive and take this point into consideration. To define the interests, we should always cover the protection of biological resources, the development of bio-tech industry, and the administrative costs of government. Also the conservation of biological resources and the encouragement of bio-tech development should be also taken into consideration when the government is making decisions. In terms of establishing regulations for the access to biological resources and the benefit sharing, there are two possible solutions. The first solution is to utilize the existing regulations and add the key elements of access management into the scope of administrative management. The work is planned through the revision of related current procedures such as entrance control of controlled areas and the access of specific resources. The second solution is to establish new regulations for the access to biological resources. The first solution is relatively easier and quicker; while the second solution is considered to have a more comprehensive control of the issue. The government has the final judgement on which solution to take to generate a more effective management of Taiwan's biological resources.

TOP