Taiwan: Modification to the Taiwan Personal Information Defense Act


Under the existing Taiwan Personal Information Defense Act (PDPA), there is no independent information defense authority. The enforcement of the PDPA has actually been carried out by the main federal government authority accountable of the sector worried or the city government worried (jointly “ Competent Authority“).

As a result of a rise in situations of individual information violations in the last few years with cases impacting lots of information topics, movie critics have actually elevated worries regarding the existing fines being as well lax to stop the constant information violations. In a prominent instance including the additional use nationwide medical insurance information, the Taiwan Constitutional Court regulationed in August 2022 that the absence of independent information defense authority protests the Constitution and also asked for the facility of the appropriate lawful system within 3 years. In feedback, the Taiwan Legal Yuan passed the Modification to the Personal Information Defense Act (“ Modification“) on 16 Might 2023, to attend to these worries.

Under Short article 27 of the PDPA, a non-government firm in ownership of individual information documents ought to execute correct protection procedures to avoid the individual information from being swiped, changed, harmed, damaged or divulged. The main federal government authorities accountable of the sectors worried might assign and also get particular non-government firms to develop a safety and security and also upkeep prepare for the defense of individual information documents and also a standard on getting rid of individual information complying with a service discontinuation. The Competent Authority might get the non-government firm to remedy the offense within a specific duration if a non-government firm breaches Short article 27. If the non-government firm falls short to remedy the offense in time, a penalty in between NTD 20,000 (around USD 666) and also NTD 200,000 (around USD 6,666) will certainly be enforced for each and every incident of the offense.

The Modification boosts penalties for offense of Short article 27 of the PDPA to a variety of NTD 20,000 (around USD 666) to NTD 2 million (around USD 66,666), which can currently be enforced at the exact same time as the order to remedy the offense within a specific duration. Failing to remedy within the given duration will certainly go through collective penalties in the variety of NTD 150,000 (around USD 5,000) to NTD 15 million (around USD 500,000). For serious offenses, penalties can be raised to the variety of NTD 150,000 (around USD 5,000) to NTD 15 million (around USD 500,000) to begin with.

This component of the Modification will certainly come to be reliable after being released by the Head of state.

The Modification likewise marks the brand-new Personal Information Defense Compensation (PDPC) as the unique Competent Authority for individual information defense.

The primary workplace for the PDPC is anticipated to be developed as early as August 2023. The following stage of prep work will certainly be preparing the business regulation for the PDPC, with the objective of sending the draft to the Taiwan Legal Yuan for evaluation in 2024. The first staffing for the primary workplace is anticipated to contain 40 to 50 authorities in charge of taking care of individual information defense issues.

The Modification mirrors the Taiwan federal government’s feedback to worries relating to the existing light touch enforcement of the PDPA. The raised penalties for information violations show the federal government’s dedication to holding individual information enthusiasts responsible for offenses of their information defense commitments. With the facility of a specialized and also independent information defense authority, PDPC, it is anticipated that the enforcement of the PDPA would certainly come to be a lot more powerful.

Taking into consideration the influence of the Modification, firms are recommended to examine and also enhance information defense methods, consisting of a comprehensive evaluation of the information circulations, inner and also exterior personal privacy plans, treatments, and also protection procedures to determine any kind of voids or weak points in the existing information defense monitoring and also to guarantee conformity with the PDPA.