Privacy Law at Taiwan
Taiwan's data protection landscape is governed by the Personal Data Protection Act (PDPA), which has undergone significant amendments to enhance personal data privacy and establish a dedicated regulatory authority.
Key Features of Taiwan's Personal Data Protection Act (PDPA)
1. Legal Foundation and Amendments
Enactment and Amendments The PDPA was enacted on May 26, 2010, with major amendments in 2015 and 2023 to address evolving data privacy concern
Establishment of the Personal Data Protection Commission (PDPC) In response to a 2022 Constitutional Court ruling, Taiwan established the PDPC as the dedicated authority to oversee data protection enforcement. The preparatory office was set up in December 2023, with the aim to fully operationalize the PDPC by August 202.
2. Scope and Definitions
Personal Data Includes information such as name, date of birth, national ID, passport number, appearance, fingerprints, marital status, family background, educational background, occupation, contact information, financial status, social activities, and any other information that may be used to directly or indirectly identify a natural perso.
Sensitive Personal Data Encompasses medical records, medical treatments, genetic information, sexual background, health examination information, and criminal records. Processing of such data is prohibited unless specific conditions are met, such as legal obligations or explicit consen.
3. Rights of Data Subjects
Taiwanese residents enjoy several rights under the PDP:
Right to Access Individuals can request access to their personal data held by oganization.
Right to Rectification Individuals can request corrections to inaccurate or incomplete personal dat.
Right to Erasure Individuals can request the deletion of their personal data under certain condition.
Right to Object Individuals can object to the processing of their personal data, particularly for direct marketing purpose.
Right to Wihdraw Consent Individuals can withdraw consent previously given for data processing activitie.
4. Obligations of Data Controllers and Processors
Security Measures Organizations must implement appropriate security measures to protect personal data from unauthorized access, alteration, destruction, or disclosur.
Data Breach Notification In the event of a data breach, organizations are required to notify affected individuals and the PDPC promptl.
Data Protection Officer (DPO) While not mandatory, organizations are encouraged to appoint a DPO to oversee data protection complianc.
Administrative Fines Violations can result in fines ranging from NTD 20,000 to NTD 2 million. Failure to rectify violations within a specified period can lead to increased fines up to NTD 15 millio.
Criminal Penalties Intentional violations may incur imprisonment of up to 5 years and/or fines up to NTD 1 millio.
Civil Liabilities Individuals may seek compensation for damages resulting from data breaches under the Civil Cod
6. International Cooperation
Taiwan has joined the Global Cooperation Arrangement for Privacy Enforcement (Global CAPE), a multilateral framework aimed at enhancing cross-border cooperation in data protection enforcement. This membership facilitates collaboration with countries like the US, Japan, Canada, the UK, South Korea, and others to address global data privacy challenge
✅ Summary Table
| Aspect | Details | |--------------------------|--------------------------------------------------------------------------------------------------| | Primary Legislation | Personal Data Protection Act (PDPA) | | Regulatory Authority | Personal Data Protection Commission (PDPC) | | Key Rights | Access, Rectification, Erasure, Object, Withdraw Consent | | Sensitive Data | Medical records, genetic information, sexual background, health examination information, criminal records | | Penalties | Administrative fines (up to NTD 15 million), criminal penalties (up to 5 years imprisonment and/or NTD 1 million fine) | | International Cooperation | Member of Global Cooperation Arrangement for Privacy Enforcement (Global CAPE) |
RELATED Blog
0 comments