Following the signing of agreements with China about financial cooperation across the Taiwan Strait, Chinese financial concerns have been eagerly seeking ways to start up and develop business operations in Taiwan. The Financial Supervisory Commission (FSC) has so far given its approval for four major Chinese banks — the Bank of China, Bank of Communications, China Construction Bank and China Merchants Bank — to set up representative offices in Taiwan.
The Cross-Strait Economic Cooperation Framework Agreement includes a commitment to lift restrictions on cross-strait financial services. According to this commitment, representative offices established by Chinese banks in Taiwan may be upgraded to branch banks one year after they are set up. That means the four Chinese banks may, if they wish, commence banking operations in Taiwan in September. When they do that, they can then join the Joint Credit Information Center (JCIC) as member institutions.
The predecessor of today’s JCIC was set up by the Bankers’ Association of Taipei in 1975. Its original function was to serve as a center for collecting, processing and exchanging credit data among the member institutions of the bankers’ association. In 1992, the JCIC was transformed into a non-profit foundation. In March 1993, the Ministry of Finance assigned the JCIC the task of setting up a nationwide credit database, whereupon the center began to put on file the credit data of customers of financial institutions.
It was not until 1995 that Taiwan instituted the -Computer-Processed Personal Data Protection Act (電腦處理個人資料保護法), the purpose of which was to regulate the collection, processing and use of personal data by government and non--government agencies.
As fraud has become an increasingly serious problem in recent years, the government last year amended this act and changed its title to the Personal Information Protection Act (個人資料保護法). The amended law seeks to regulate a wider range of situations under which personal data could be unscrupulously collected and divulged by non-government agencies, and by means other than computers.
The problem is that the monster that had already come into being before these personal data protection laws were drawn up has never been brought into question. When applying for a credit card or loan, people probably don’t look very carefully at the fine print, one line of which asks applicants to give consent for the bank to obtain data about them from the JCIC.
Furthermore, data about people’s loans and credit will be registered with the JCIC and kept on file in its databank for reference by other banks. The basis on which the JCIC can collect people’s credit data is “personal consent,” but this “informed consent” is also indirect, unobvious and generalized.
Although the JCIC uses computers’ auditing function to prevent its staff from looking up personal credit data for illegitimate purposes, its mode of operation still largely relies on self-regulation by its member institutions. The fact is that the JCIC does not require financial institutions to ask their customers to sign a written consent form or agreement. All a financial institution has to do is go online and check the box that says “the person’s consent has been obtained.” Once they have done that, they can access and download the data.
It can be seen from past cases where the FSC imposed penalties that there have been numerous instances of banks making illegal inquiries about personal data or divulging it to others. Taiwanese banks and local branches of overseas banks alike have been caught breaking the rules, but the only penalty the JCIC can impose is to temporarily suspend the offending institution’s right to look up data, which is hardly enough to deter institutions from breaking the rules.
If Taiwanese banks have broken the rules so often, how can we trust Chinese banks to abide by the system of their own accord? Perhaps now is the time for us to reconsider this -monster, which was born before the laws on personal data protection came into existence.
If one considers the various laws in Taiwan, one will find that the Personal Information Protection Act is too general. It only provides the most basic standards for regulating ordinary situations. As to the Regulations Governing Authorization and Administration of Service Enterprises Engaged in Interbank Credit Information Processing and Exchange (銀行間徵信資料處理交換服務事業許可及管理辦法), the emphasis of this law is on setting standards for consent, but it says very little about how data is to be processed and used, and it has no penalty guidelines.
In the US, although there is no single centralized credit information center such as exists in Taiwan, there are still various laws, such as the Fair Credit Reporting Act and the Consumer Credit Protection Act, that regulate the conditions under which institutions may legally gain access to consumers’ credit data, and these laws place the burden of proof of not having transferred the data for other purposes on the institution. They also lay out the procedures to be followed when there is a dispute about data.
In Taiwan, a single non--governmental foundation has credit data on almost every person and company in the country in its hands, giving it a national monopoly on such information. Such an institution could not exist in other countries. Isn’t it about time we put a law in place to monitor and regulate it?
Lai Chung-chiang is deputy president of the Taiwan Association for Human Rights. Chiu E-ling is the director of media and publication for the association.
TRANSLATED BY JULIAN CLEGG
In the US’ National Security Strategy (NSS) report released last month, US President Donald Trump offered his interpretation of the Monroe Doctrine. The “Trump Corollary,” presented on page 15, is a distinctly aggressive rebranding of the more than 200-year-old foreign policy position. Beyond reasserting the sovereignty of the western hemisphere against foreign intervention, the document centers on energy and strategic assets, and attempts to redraw the map of the geopolitical landscape more broadly. It is clear that Trump no longer sees the western hemisphere as a peaceful backyard, but rather as the frontier of a new Cold War. In particular,
When it became clear that the world was entering a new era with a radical change in the US’ global stance in US President Donald Trump’s second term, many in Taiwan were concerned about what this meant for the nation’s defense against China. Instability and disruption are dangerous. Chaos introduces unknowns. There was a sense that the Chinese Nationalist Party (KMT) might have a point with its tendency not to trust the US. The world order is certainly changing, but concerns about the implications for Taiwan of this disruption left many blind to how the same forces might also weaken
As the new year dawns, Taiwan faces a range of external uncertainties that could impact the safety and prosperity of its people and reverberate in its politics. Here are a few key questions that could spill over into Taiwan in the year ahead. WILL THE AI BUBBLE POP? The global AI boom supported Taiwan’s significant economic expansion in 2025. Taiwan’s economy grew over 7 percent and set records for exports, imports, and trade surplus. There is a brewing debate among investors about whether the AI boom will carry forward into 2026. Skeptics warn that AI-led global equity markets are overvalued and overleveraged
Japanese Prime Minister Sanae Takaichi on Monday announced that she would dissolve parliament on Friday. Although the snap election on Feb. 8 might appear to be a domestic affair, it would have real implications for Taiwan and regional security. Whether the Takaichi-led coalition can advance a stronger security policy lies in not just gaining enough seats in parliament to pass legislation, but also in a public mandate to push forward reforms to upgrade the Japanese military. As one of Taiwan’s closest neighbors, a boost in Japan’s defense capabilities would serve as a strong deterrent to China in acting unilaterally in the
RSS