Skip to main content
  • 1528 Accesses

Abstract

This Chapter expands on the other states data protection laws within the Asia region. Taiwan, similar to many other nation states throughout the Asian region have a long and complex history that dates back centuries. Privacy as a concept and right has gained traction in Taiwan. It must be noted that this Chapter does not in any way discuss the current political tensions between mainland China and Taiwan. It only examines the current day data protection laws of Taiwan.

They were a prefecture of Imperial China’s Fujian province from the late seventeenth century and formally became a province beginning in 1884. China ceded the island to Japan after losing the Sino-Japanese War of 1894–95. During World War II, the government of the Republic of China, led by Generalissimo Chiang Kai-shek and dominated by his Nationalist Party, declared the return of Taiwan to China as one of its aims. What followed, Franklin Roosevelt readily agreed because he wanted China’s help in preserving post-war peace. The Cairo Conference of late 1943 ratified this decision, in the process denying the people of Taiwan a say in their future. Taiwan returned to Chinese jurisdiction soon after the United States dropped nuclear bombs on Hiroshima and Nagasaki in 1945. They have also been ruled and influenced by both the Dutch and Portuguese at various times. Thus their current day legal framework has been influenced by civil and common law traditions.

The right to privacy across the territory of Taiwan is alive. Taiwan has adopted the title of Personal Data Protection Act in 1995 (PDPA). Since then, the PAPDA has only been amended twice, with the most recent changes in 2015. The PDPA generally follows the privacy principles approved by the Asia-Pacific Economic Corporation (APEC ) in 200426 and the EU legal framework. The PDPA not only regulates private entities but also imposes rules for data collection , use, and disclosure by the public sector. The PDPA was designed to provide an overarching protection of personal data with an extensive scope but has faced a number of problems regarding its implementation due to incorrect perception of the law. Taiwan have, similar to other states, been grappling to balance the need for national security while protecting personal data. In other words, where a country is threatened by terrorism plans to establish a national biometric database, where all citizens will be required to submit their facial and other physical identifiers for national security or prevention of crime, it is much more difficult to justify a privacy breach . It will not be easy to strike a balance between these prominent interests.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Bush, R., Hass, R Taiwan’s democracy and the China challenge: Taiwan’s democratic progress over the last 20 years is remarkable, but the looming presence of China could threaten the future of the island’s democracy, 2018, https://www.brookings.edu/wp-content/uploads/2018/12/FP_20190226_taiwan_bush_hass.pdf

  2. 2.

    Ibid.

  3. 3.

    Ibid.

  4. 4.

    Ibid.

  5. 5.

    Ibid.

  6. 6.

    Taiwan Constitution, 1946, 2013 version, https://constitutii.files.wordpress.com/2013/01/taiwan-constitution.pdf, and https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=A0000001

  7. 7.

    International Covenant on Civil and Political Rights, G.A. res. 2200A (XXI), 21 U.N. GAOR Supp. (No. 16) at 52, U.N. Doc. A/6316 (1966), 999 U.N.T.S. 171, entered into force Mar. 23, 1976. According to the Ministry of Law, the ICCPR came into effect in 2009. https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=Y0000041. Instrument of Ratification to the International Covenant on Civil and political Rights, https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=Y0000050

  8. 8.

    Pemng, SY, (2003) Privacy and the Construction of Legal Meaning in Taiwan, The International Lawyer, Vol 37, No 4.

  9. 9.

    Ibid.

  10. 10.

    Chen-Hung Chang, Eyes on the Road Program in Taiwan - Information Privacy Issues under the Taiwan Personal Data Protection Act, 31 J. Marshall J. Info. Tech. & Privacy L. 145 (2015). J.Y. Interp. No. 585, at reasoning 17 (2004) (Taiwan), translated in http://www.judicial.gov.tw/constitutionalcourt/EN/p03_01.asp?expno=585(the quoted language is a translation from Taiwanese to English by the author).

  11. 11.

    Ibid, J.Y. Interp. No. 603, at holding 1 (2005) (Taiwan), translated in http://www.judicial.gov.tw/constitutionalcourt/EN/p03_01.asp?expno=603(the quoted language is a translation from Taiwanese to English by the author).

  12. 12.

    Ibid.

  13. 13.

    Ibid.

  14. 14.

    Ibid.

  15. 15.

    Ibid.

  16. 16.

    Ibid.

  17. 17.

    Ibid.

  18. 18.

    Ibid.

  19. 19.

    Chen, TF, (2011) Transplant of Civil Code in Japan, Taiwan, and China: With the Focus of Legal Evolution, Taiwan University Law Review [Vol. 6: 1].

  20. 20.

    Ibid.

  21. 21.

    Ibid. Chen notes that, In Taiwan, a civil code was first introduced following the Japanese colonial occupation in 1895 (rather than following the Nationalist rule beginning in 1945). Since Taiwan’s first Civil Code experience started in 1895, Taiwan was able to receive western civil law earlier than Mainland China. Following the return of Taiwan to the Nationalist Government of China in 1945 and subsequent democratization in the 1980s, Taiwan has enacted many special civil laws to deal with legal issues that emerged as a result of immense social and economic changes.

  22. 22.

    Ibid.

  23. 23.

    Civil Code 2019 version, Ministry of Justice, https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=B0000001

  24. 24.

    Ibid, Article 195.

  25. 25.

    Personal Data Protection Act 1995, Promulgated by Presidential Decree Ref. No. ROC-President-(I)-Yi-5960 dated August 11, 1995. Amended on May 26, 2010. Amended on December 30, 2015, Ministry of Justice 2019, https://law.moj.gov.tw/ENG/LawClass/LawHistory.aspx?pcode=I0050021

  26. 26.

    Chang, CH, Eyes on the Road Program in Taiwan - Information Privacy Issues under the Taiwan Personal Data Protection Act, 31 J. Marshall J. Info. Tech. & Privacy L. 145 (2015).

  27. 27.

    Ibid.

  28. 28.

    Ibid.

  29. 29.

    Ibid.

  30. 30.

    Ibid.

  31. 31.

    Ibid.

  32. 32.

    Enforcement Rules of the Personal Data Protection Act, promulgated by the Ministry of Justice on May 1, 1996 Per Ruling Ref. No. (85) Law-10,259, Amended on Sep 26, 2012, Amended on March 2, 2016. The joint announcement was made on January 10, 2019 by the Ministry of Justice Order faluzi No. 10803500010 and the National Development Council fa-fa-zi No. 1080080004A. The relevant matters set out in Article 33 pertaining to “The Ministry of Justice” shall be handled by “The National Development Council” as governing body.

  33. 33.

    Personal Data Protection Act 1995, Article 2.

  34. 34.

    Enforcement Rules of the Personal Data Protection Act 1996, Article 4.

  35. 35.

    Personal Data Protection Act 1995, Article 2.

  36. 36.

    Personal Data Protection Act 1995, Article 3.

  37. 37.

    Ibid.

  38. 38.

    Ibid, Article 20.

  39. 39.

    Chang, H., Tsai, C, Taiwan-first court case based on the right to be forgotten, Baker McKenzie, https://www.lexology.com/library/detail.aspx?g=644356dc-6da9-4fc8-ad3e-1deb18f48848

  40. 40.

    Personal Data Protection Act 1995, Article 3.

  41. 41.

    Personal Data Protection Act 1995, Article 5. Article 7 and 8 of the Enforcement Rules of the Personal Data Protection Act supports Article 5.

  42. 42.

    Personal Data Protection Act 1995, Article 6, Articles 8 and 9 shall apply mutatis mutandis to the collection, processing, or use of personal data in accordance with the preceding paragraph; Paragraphs 1, 2 and 4 of Article 7 shall apply mutatis mutandis to the consent required under Subparagraph 6 of the preceding paragraph.

  43. 43.

    Personal Data Protection Act 1995, Chapter II Data Collection, Processing and Use by a Government Agency.

  44. 44.

    Personal Data Protection Act 1995, Article 16.

  45. 45.

    Ibid, Article 17.

  46. 46.

    Ibid, Article 18.

  47. 47.

    Ibid, Chapter III Data Collection, Processing and Use by a Non-government Agency. Article 20 of the Enforcement Rules of the Personal Data Protection Act 1996 Article 19, Except for the personal data specified under Paragraph 1, Article 6, the collection or processing of personal data by a non-government agency shall be for specific purposes and on one of the following bases. Article 26 A “contractual or quasi-contractual relationship”, as referred to under Subparagraph 2, Paragraph 1, Article 19 of the PDPA, is not limited to the relationship formed after the amendment to the PDPA has taken into effect. Article 27 A “contractual relationship”, shall include the contractual relationship between a non-government agency and a data subject, and also the relationship where a non-government agency and a data subject are either contacting, negotiating or communicating with, receiving delivery from or making delivery to a necessary third party for the purpose of performing the contract between the non-government agency and the data subject. A “quasi-contractual relationship”, as referred to under Subparagraph 2, Paragraph 1, Article 19 of the PDPA, shall mean any of the following: 1. any relationships involving the contact and negotiation between a non-government agency and a data subject before the execution of a contract for the purpose of preparing for or negotiating the terms of such contract or transaction; or 2. any relationships involving the communication between a non-government agency and a data subject upon the extinguishment of a contract due to the invalidation, rescission, cancellation or termination thereof or upon the complete performance of a contract, for the purpose of exercising their rights, performing their obligations, or ensuring the integrity of the personal data.

  48. 48.

    Ibid.

  49. 49.

    Ibid, Article 20, Except for the personal data specified in Paragraph 1, Article 6, a non-government agency shall use personal data only within the necessary scope of the specific purpose of collection; the use of personal data for another purpose.

  50. 50.

    Ibid.

  51. 51.

    Ibid.

  52. 52.

    Ibid, Article 21.

  53. 53.

    Ibid, Article 22.

  54. 54.

    Ibid. Additionally, When the central government authorities in charge of the industries concerned or the municipality/city/county governments concerned conduct the inspections described in Paragraph 1, professionals in the field of information technology, telecommunications or law may accompany the inspectors during the inspections.

    Non-government agencies and their personnel may not evade such inspections, obstruct the investigators from accessing the premises or data, or refuse to comply with the inspections or decisions referred to in Paragraphs 1 and all personnel who take part in the inspections shall keep in confidence all the personal data that they become aware of due to the inspections.

  55. 55.

    Personal Data Protection Act 1995, Article 23, The confiscated files or duplicates referred to in Paragraph 2 of the preceding article shall be sealed or tagged and properly handled; if it is unfeasible to move or take possession of such files, the authority shall assign personnel to guard such files or order the owner of such files or an appropriate person to take possession of the files. If it is no longer necessary to keep the confiscated files or the duplicates, or the authority has decided not to impose any penalties or confiscate any files, the confiscated files and duplicates shall be returned except for the files or duplicates that shall be confiscated or kept for the investigation of other cases.

  56. 56.

    Personal Data Protection Act 1995, Article 24.

  57. 57.

    Personal Data Protection Act 1995, Article 7.

  58. 58.

    Ibid, Article 8.

  59. 59.

    The data subject’s rights and interests that will be affected if he/she elects not to provide his/her personal data.

  60. 60.

    Personal Data Protection Act 1995, Article 9.

  61. 61.

    Ibid, Article 10.

  62. 62.

    Personal Data Protection Act 1995, Article 13, Where a request is made by a data subject to a government or non-government agency pursuant to Article 11, the agency shall determine whether to accept or reject such request within thirty days; such deadline may be extended by up to thirty days if necessary, and the data subject shall be notified in writing of the reason for the extension.

  63. 63.

    Ibid, Article 11. Article 20 of the Enforcement Rules of the Personal Data Protection Act 1996 The circumstances “where the specific purpose no longer exists” referred to under Paragraph 3, Article 11 of the PDPA shall mean any of the following circumstances: 1. the government agency has been dissolved or reorganized without another agency to take over its tasks; 2. the non-government agency has ceased its business or been dissolved without another agency to take over its business, or the non-government agency has changed the scope of its business, thereby causing the purpose for which the personal data were collected to be no longer applicable; 3. the specific purpose has been reached, and there is therefore no longer necessary to continue the processing and use of personal data; or 4. other circumstances where the specific purpose evidently can no longer be reached or no longer exists.

  64. 64.

    Ibid. When the specific purpose of data collection no longer exists, or upon expiration of the relevant time period, the government or non-government agency shall, on its own initiative or upon the request of the data subject, erase or cease processing or using the personal data, unless the processing or use is either necessary for the performance of an official or business duty, or has been agreed to by the data subject in writing. A government or non-government agency shall, on its own initiative or upon the request of the data subject, erase the personal data collected or cease collecting, processing or using the personal data in the event where the collection, processing or use of the personal data is in breach of the Act.

  65. 65.

    Ibid.

  66. 66.

    Personal Data Protection Act 1995, Article 12. Article 22 of the Enforcement Rules of the Personal Data Protection Act 1996, A notification given via “appropriate means”, as referred to under Article 12 of the PDPA, shall mean a notification that is given in a prompt manner via verbal words, in writing, over the phone, via text messages, email, fax, electronic documents or other means that can effectively make the information known or available to the data subjects. However, if such notification entails disproportionate costs, a government or non-government agency may, taking into consideration the technical feasibility and privacy protection of the data subjects, notify the data subjects through the Internet, the media or other proper and public means. A notification given under Article 12 of the PDPA shall include the facts pertaining to the data breach and the response measures already adopted to address such breach of personal data.

  67. 67.

    Criminal Code, 1928, version 2019, Ministry of Justice, https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=C0000001

  68. 68.

    Ibid, Article 315-1 Article 315-2 A person who for purpose of gain provides a locality or an instrument to facilitate another to engage in an act specified in the preceding article shall be sentenced to imprisonment for less than five years and short-term imprisonment; in lieu thereof, or in addition thereto, a fine of not more than five hundred thousand dollars may be imposed. A person who for purpose of dissemination, broadcast, or sale has the act specified in the preceding paragraph shall be subject to the same punishment. An offense of manufacturing, distributing, broadcasting or selling the recorded materials specified in the two preceding paragraphs or item 2 of the preceding article shall be punished in accordance with the provisions of paragraph 1. An attempt to commit an offense specified in the three preceding paragraphs is punishable. Article 315-3 The contents of the recording specified in the preceding two articles and the articles on which the recording is made and the recording articles shall be confiscated whether or not they belong to the offender.

  69. 69.

    Ibid, Article 317. Article 318 A public official or one who has previously been a public official who discloses without reason commercial or industrial secrets of another that he knows or possesses because of his official position shall be sentenced to imprisonment for not more than two years, short-term imprisonment, or a fine of not more than two thousand yuan.

  70. 70.

    Ibid, Article 318-1-2. Article 319 Prosecution for an offense specified in Articles 315, 315-1, and 316 through 318-2 may be instituted only upon complaint.

  71. 71.

    Personal Data Protection Act 1995, Article 28. If the total amount of damages for the injuries attributable to the same incident exceeds the amount referred to in the preceding paragraph, the compensation payable to each victim shall not be limited to the lower end of damages, i.e. NT$500, per incident as set forth in Paragraph 3 of this Article. The right of claim referred to in Paragraph 2 above may not be transferred or inherited. However, this does not apply to the circumstances where monetary compensation has been agreed upon in a contract or a claim therefor has been filed with the court.

  72. 72.

    Personal Data Protection Act 1995, Article 29. Paragraphs 2 to 6 of the preceding article apply to the damage claims raised in accordance with the preceding paragraph.

  73. 73.

    Personal Data Protection Act 1995, Article 30. Article 31 With regard to matters pertaining to damages, aside from the provisions of the PDPA, the State Compensation Law may be applied to a government agency and the Civil Code may be applied to a non-government agency.

  74. 74.

    Personal Data Protection Act 1995, Article 32.

  75. 75.

    Personal Data Protection Act 1995, Article 33. If the non-government agency referred to in Paragraph 1 is a legal person or a group and has no main office, principal place of business, or the addresses thereof are both unknown, the district court where the central government is located shall have exclusive jurisdiction.

  76. 76.

    Ibid.

  77. 77.

    Ibid.

  78. 78.

    Personal Data Protection Act 1995, Article 34.

  79. 79.

    Ibid. The incorporated foundation or the incorporated charity may expand demand for the relief sought before the conclusion of the oral argument. If other data subjects that suffer damages due to the same incident chose not to delegate their litigation rights pursuant to the preceding paragraph, they may still bring the case to the court within the timeframe specified in the public notice for the court to combine the cases.

  80. 80.

    Ibid.

References

  • Chang, C. H. (2015). Eyes on the road program in Taiwan – Information privacy issues under the Taiwan personal data protection act, 31 J. Marshall J. Info. Tech. & Privacy L. 145.

    Google Scholar 

  • Chen, T. F. (2011). Transplant of civil code in Japan, Taiwan, and China: With the focus of legal evolution. Taiwan University Law Review, 6(1), 389.

    Google Scholar 

  • Pemng, S. Y. (2003). Privacy and the construction of legal meaning in Taiwan. The International Lawyer, 37(4), 1037.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Walters, R., Novak, M. (2021). Taiwan. In: Cyber Security, Artificial Intelligence, Data Protection & the Law . Springer, Singapore. https://doi.org/10.1007/978-981-16-1665-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-981-16-1665-5_9

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-16-1664-8

  • Online ISBN: 978-981-16-1665-5

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics