Thu, Apr 18, 2019 - Page 3 News List

Data law reviews insufficient: Lim

By Ann Maxon  /  Staff reporter

New Power Party Legislator Freddie Lim, second left, speaks at a news conference in Taipei yesterday.

Photo courtesy of Freddie Lim’s office

Only about 20 percent of regulatory authorities have reviewed the privacy protection laws of countries that Taiwanese companies export users’ personal data to, New Power Party Legislator Freddie Lim (林昶佐) said yesterday, calling for more oversight of user privacy abroad.

Article 21 of the Personal Information Protection Act (個人資料保護法) stipulates that companies or organizations may be banned from exporting users’ personal information to another nation if that country’s lack of privacy protection regulations could harm the users’ rights and interests, he said.

However, nearly 80 percent of the 16 regulatory authorities that could impose a ban have not evaluated privacy protection laws abroad, rendering the law “virtually nonexistent,” he added.

“It might appear to users that they are providing information to reliable corporations, but they really have no idea if there are any back doors,” Lim said.

Users who provide personal information to companies with cloud-based databases in China could face a particular type of risk, party member Hsiao Hsin-cheng (蕭新晟) said.

As China has laws that allow the government to access companies’ user data, “if I used an app created by a Chinese-funded company to buy a book banned in China, the Chinese government could find out and arrest me if I enter the country,” he said.

In the EU, the General Data Protection Regulation requires international transmission of personal data to comply with certain privacy regulations, but in Taiwan, only the Financial Supervisory Commission has similar restrictions, requiring financial institutions to obtain approval when exporting personal data abroad, Lim said.

He urged the National Development Council to convene meetings with regulatory authorities and conduct a comprehensive review of privacy protection laws in key countries, including China, to determine whether personal data exports to certain countries should be banned.

Hsiao said that he plans to propose legislation requiring companies to reveal the location of their cloud-based databases to improve privacy protection.

The council is to review privacy protection laws abroad, starting with countries such as Japan and South Korea, which have frequent exchanges with Taiwan, council official Lee Shih-te (李世德) said.

It would also bring up the issue and consult other departments at an interministerial educational program scheduled for June, he said.

This story has been viewed 1709 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top