Support Centre

Taiwan

Summary

Law: The Personal Data Protection Act 2010 (as amended in 2015) (PDPA)

Regulator: The National Development Council (NDC)

Summary: Data protection in Taiwan is governed by the PDPA and the Enforcement Rules of the Personal Data Protection Act. Although the NDC is the lead regulator when it comes to interpreting the PDPA, the PDPA is enforced by the competent regulators that supervise each industry. Of these regulators, the Financial Supervisory Commission is the most active. On June 2, 2023, amendments to the PDPA entered into effect. The amendments update Article 48 of the PDPA in regard to violations of security obligations and establish an independent supervision mechanism. The NDC confirmed that the Executive Yuan will promptly establish a preparatory office for the Personal Data Protection Commission. 

Insights

In this Insight article, Vick Chien, Partner at Lee and Li, Attorneys-at-Law, introduces Taiwan's progressive steps towards artificial intelligence (AI) governance. With the 2024 Draft Artificial Intelligence Basic Act (the Draft Act), Taiwan addresses legal challenges while promoting sustainable development, transparency, and innovation in AI technologies.

In this Insight article, Kenying Tseng, Vick Chien, and Evelyn Shih of Lee and Li Attorneys-at-Law explore Taiwan's dynamic approach to artificial intelligence (AI) regulation. Despite the absence of codified AI laws, Taiwan is actively developing guidelines and policies to ensure the ethical and responsible application of AI, balancing innovation with societal values.

In this Insight article, Robert C. Lee and Wayne Huang, from YangMing Partners, discuss the recent amendments made to Taiwan's Personal Data Protection Act (PDPA) and their implications for personal data protection.

Due to several recent incidents of severe personal data leakage incidents in Taiwan, which garnered significant public attention and highlighted the importance of personal data protection, the Executive Yuan of Taiwan (Cabinet) approved draft amendments to the PDPA on April 13, 2023. Subsequently, the draft amendments (Amendments) were approved by Taiwan's Legislative Yuan (Congress) on May 16 and were officially signed off on and published by Taiwan's President on May 31.

Taiwan commenced the process to obtain an adequacy decision shortly after the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') took effect in May 2018. The Taiwan Government established a Personal Data Protection Office under the National Development Council ('NDC') in July 2018 for the purposes of, among others, obtaining a GDPR adequacy decision as soon as possible so as to facilitate cross-border personal data transfers between EU Member States and Taiwan. Ken-Ying Tseng, Partner at Lee and Li, Attorneys-at-Law, discusses the timeline of Taiwan's process thus far of obtaining an adequacy decision and what is further expected to happen regarding this.