Support Centre

Taiwan

Summary

Law: The Personal Data Protection Act 2010 (as amended in 2015) (PDPA)

Regulator: The National Development Council (NDC)

Summary: Data protection in Taiwan is governed by the Personal Data Protection Act 2010 (as amended in 2015) (PDPA) and the Enforcement Rules of the Personal Data Protection Act (the Enforcement Rules). The PDPA is a comprehensive data protection law which covers the activities of government agencies and non-government agencies including data transfers and breach notification. In addition, data subjects are provided with rights including a right to access, rectification, and deletion.

Although the National Development Council (NDC) is the lead regulator when it comes to interpreting the PDPA, enforcement falls under industry-specific regulators. On June 2, 2023, amendments to the PDPA entered into effect. The amendments update Article 48 of the PDPA in regard to violations of security obligations and establish an independent supervision mechanism. The NDC confirmed that the Executive Yuan will promptly establish a preparatory office for the Personal Data Protection Commission.

News

Insights

September 2024

Taiwan: Overview of the 2024 Draft Artificial Intelligence Basic Act

In this Insight article, Vick Chien, Ken-Ying Tseng, and Evelyn Shih, from Lee and Li, Attorneys-at-Law, introduce Taiwan's progressive steps towards artificial intelligence (AI) governance. With the 2024 Draft Artificial Intelligence Basic Act (the Draft Act), Taiwan addresses legal challenges while promoting sustainable development, transparency, and innovation in AI technologies.

July 2024

Taiwan: Administrative guidelines and policies for AI

In this Insight article, Kenying Tseng, Vick Chien, and Evelyn Shih of Lee and Li Attorneys-at-Law explore Taiwan's dynamic approach to artificial intelligence (AI) regulation. Despite the absence of codified AI laws, Taiwan is actively developing guidelines and policies to ensure the ethical and responsible application of AI, balancing innovation with societal values.

June 2023

Taiwan: Draft amendments to the PDPA

In this Insight article, Robert C. Lee and Wayne Huang, from YangMing Partners, discuss the recent amendments made to Taiwan's Personal Data Protection Act (PDPA) and their implications for personal data protection.

Due to several recent incidents of severe personal data leakage incidents in Taiwan, which garnered significant public attention and highlighted the importance of personal data protection, the Executive Yuan of Taiwan (Cabinet) approved draft amendments to the PDPA on April 13, 2023. Subsequently, the draft amendments (Amendments) were approved by Taiwan's Legislative Yuan (Congress) on May 16 and were officially signed off on and published by Taiwan's President on May 31.

September 2021

Taiwan: EU GDPR adequacy decision: The road ahead

Taiwan commenced the process to obtain an adequacy decision shortly after the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') took effect in May 2018. The Taiwan Government established a Personal Data Protection Office under the National Development Council ('NDC') in July 2018 for the purposes of, among others, obtaining a GDPR adequacy decision as soon as possible so as to facilitate cross-border personal data transfers between EU Member States and Taiwan. Ken-Ying Tseng, Partner at Lee and Li, Attorneys-at-Law, discusses the timeline of Taiwan's process thus far of obtaining an adequacy decision and what is further expected to happen regarding this.

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.