Following the signing of agreements with China about financial cooperation across the Taiwan Strait, Chinese financial concerns have been eagerly seeking ways to start up and develop business operations in Taiwan. The Financial Supervisory Commission (FSC) has so far given its approval for four major Chinese banks — the Bank of China, Bank of Communications, China Construction Bank and China Merchants Bank — to set up representative offices in Taiwan.
The Cross-Strait Economic Cooperation Framework Agreement includes a commitment to lift restrictions on cross-strait financial services. According to this commitment, representative offices established by Chinese banks in Taiwan may be upgraded to branch banks one year after they are set up. That means the four Chinese banks may, if they wish, commence banking operations in Taiwan in September. When they do that, they can then join the Joint Credit Information Center (JCIC) as member institutions.
The predecessor of today’s JCIC was set up by the Bankers’ Association of Taipei in 1975. Its original function was to serve as a center for collecting, processing and exchanging credit data among the member institutions of the bankers’ association. In 1992, the JCIC was transformed into a non-profit foundation. In March 1993, the Ministry of Finance assigned the JCIC the task of setting up a nationwide credit database, whereupon the center began to put on file the credit data of customers of financial institutions.
It was not until 1995 that Taiwan instituted the -Computer-Processed Personal Data Protection Act (電腦處理個人資料保護法), the purpose of which was to regulate the collection, processing and use of personal data by government and non--government agencies.
As fraud has become an increasingly serious problem in recent years, the government last year amended this act and changed its title to the Personal Information Protection Act (個人資料保護法). The amended law seeks to regulate a wider range of situations under which personal data could be unscrupulously collected and divulged by non-government agencies, and by means other than computers.
The problem is that the monster that had already come into being before these personal data protection laws were drawn up has never been brought into question. When applying for a credit card or loan, people probably don’t look very carefully at the fine print, one line of which asks applicants to give consent for the bank to obtain data about them from the JCIC.
Furthermore, data about people’s loans and credit will be registered with the JCIC and kept on file in its databank for reference by other banks. The basis on which the JCIC can collect people’s credit data is “personal consent,” but this “informed consent” is also indirect, unobvious and generalized.
Although the JCIC uses computers’ auditing function to prevent its staff from looking up personal credit data for illegitimate purposes, its mode of operation still largely relies on self-regulation by its member institutions. The fact is that the JCIC does not require financial institutions to ask their customers to sign a written consent form or agreement. All a financial institution has to do is go online and check the box that says “the person’s consent has been obtained.” Once they have done that, they can access and download the data.