|OVERVIEW||Taiwan has complex privacy legislation in place – the Computer-Processed Personal Data Protection Law 1995 regulates the “computerized processing of personal data”. On April 27, 2010, the Taiwan Legislature passed an amendment to the CPPDPA totled the Personal Data Protection Act which applies to all individuals, legal entities and enterprises that collect personal data. It will become effective in 2011.|
|ENACTED||April 27, 2010|
|GENERAL PRIVACY LAWS||
Article 12 of the Republic of China Constitution of 1946 states that citizens should have freedom concerning correspondence.
An infringement of the right to privacy may be subject to civil liabilities under the Civil Code.
Authorities on the country’s legal system ask whether or not the employees had a reasonable expectation of privacy in order to determine if the monitoring were proper.
|PERSONAL DATA PROTECTION LAWS AND REGULATIONS||
Taiwan has had detailed data privacy legislation since 1995; however, this applied only to public sector entities. On April 27, 2010, the Taiwan legislature passed the Personal Data Protection Act which applies to all individuals, legal entities and enterprises that collect personal data.
The Computer-Processed Personal Data Protection Law of 1995 governs the collection and use of personally identifiable information by government agencies.
|TYPE OF DATA PROTECTED||Personal Information.|
|WORKPLACE PRIVACY LAWS||
Taiwan has no legislation specifically regulating workplace monitoring.
A district court case from 2003 adopted the “reasonable expectation” test for workplace monitoring. Under this test, companies can only monitor employee emails if they do not have a reasonable expectation of privacy of their work emails. The opinion of the district court judge was that the ability of an employer to monitor its employees’ work emails depended on whether or not the employees had a reasonable expectation of privacy for their work emails.
Implied Consent: The court stated that an employer may announce its email monitoring policy to the employees. If the employees do not object to such a policy, the employees should be deemed as having given implied consent. The district court also concluded that there are no other laws and regulations explicitly prohibiting employers from monitoring employees’ work emails.
Statute Governing the Protection and Monitoring of Communications governs the interception and monitoring of private communications by the policy. Certain civil and criminal liabilities, however, apply to all persons. For employer to be exempt from liabilities under this law, he must obtain consent of employees and the employer’s monitoring cannot be for illegal purpose.
The Criminal Code prohibits individuals from intercepting or monitoring “non-public” speeches or activities of others unless there is a legal justification.
It is not yet clear how the Personal Data Protection Act will impact workplace monitoring. It is also unclear under the new Act how an employer should collect consent if that is required from workers.
|TRANSBORDER TRANSFERS||No law specifically related to the transborder transfer of personal data.|
|FINES AND SANCTIONS||
The compensation arrangements are contained in Article 28: A non-government agency which infringes upon the rights and interests of a principal as a result of its violation of this Law shall be liable for the damages arising therefrom, provided, however, that these provisions do not apply to the situation where the non-government agency can prove that the damages are not caused by its willful conduct or negligence.
The total amount of compensation for the damages referred to in the two preceding paragraphs shall not be less than NT$20,000 (USD 614) but not more than NT$100,000 (USD 3,068) for each case of damages per person, provided, however, that the above provisions do not apply to the situation where the injured party can prove that the damages sustained by it are more than the aforesaid prescribed amount.
With regard to damages caused to the principal by the same cause and fact, the total amount of compensation shall not be more than NT$20 million (USD 613,638).
The criminal sanctions are contained in Articles 33 and 34:
Under the new Act, penalties for the unlawful disclosure of personal data are increased. Individuals or enterprises who profit from the collection, processing or use of personal data will be fined no more than NT$1 million (up from the current NT$40,000) or face a term of imprisonment of up to five years (up from the current two years). Finally, the filing of class action legal proceedings against parties who violate the law is permissible under the new Act.
|OTHER PRIVACY LAWS AND REGULATIONS||There are numerous laws that have implications for privacy and data protection. A number of these laws relate to internal security.|