It is very rare to see lawmakers across party lines agree on any subject, much less a crucial one, but that happened on Thursday when three legislators accused the Ministry of Justice of failing to fully implement the Personal Information Protection Act (個人資料保護法) two years after it was amended and had its name changed.
In an age when there are almost daily media reports about Web sites and databases being hacked — the networking business site LinkedIn, US dating Web site eHarmony and music site Lastfm.com being the latest — such laggardness in protecting the online rights of citizens deserves to be criticized, especially when the ministry tries to defend itself by claiming that the act is too difficult to enforce and that it must be amended again to be workable.
So, two years after the law was updated it remains a toothless tiger that we are supposed to be grateful for because it looks scary. That is ridiculous.
The act began life back in 1995 as the Computer-Processed Personal Data Protection Act (電腦處理個人資料保護法), and was aimed at regulating the collection and use of personal data by both the government and non-governmental organizations, such as banks. However, what seemed sufficient could not keep pace with rapid technological changes and so two years ago — after years of haggling and procrastination — the act was amended to cover a greater variety of data and technology. It was also renamed.
Nevertheless, even those changes were rudimentary and provided only basic protection — that those who violate privacy rights shall be prosecuted and those whose rights are violated have the right to seek compensation — while failing to specify how regulation would be carried out, with the Ministry of Justice simply named as the coordinating authority.
For example, in November the ministry tried to get the National Communications Commission to take on oversight of Google, but the commission declined, saying it was not designed to take on enforcer status for the revised act.
Last summer also saw a contretemps when the inter-agency job program provided information from the Ministry of National Defense to employment site Yes123 about soldiers preparing to return to civilian life and become job-hunters. Yes123 used the data to send e-mails to the departing soldiers, and that raised questions about the legality of transferring personnel data from the defense ministry’s database to a commercial one. Theoretically, the release of such information — without the consent of the individual soldiers — would be a violation of the act. A defense ministry official said the soldiers submitted their personnel information of their own free will.
However, if a soldier had wanted to complain outside the chain of command, to whom would they go when there is no specific enforcement agency?
Vice Minister of Justice Chen Ming-tang (陳明堂) does not appear concerned, arguing the 1995 act is still valid until the 2010 amendment is implemented, which he said the ministry wants to do in two stages: Stage one on Oct. 1 and stage two at some point after yet another amendment is passed by the legislature.
All too often laws are passed with only the most general goals, programs and punishments for violators outlined; the specifics are supposed to be filled in by bureaucrats. This has led to farces like the debate over what blood alcohol level should be tolerated before someone can be prosecuted for drunk driving, for example.