Personal data
protection act goes into effect, though certain clauses exempted
GRAY AREA: Some controversial articles will need
to get legislative approval, but others are now enforced, such as one that lets
people make telemarketers delete their data
By Rich Chang / Staff reporter
Some aspects of the Personal Data Protection Act (個人資料保護法), which comes into
force today, contain controversial clauses that will require further amendments,
a judicial official said yesterday.
Approved by the legislature in April 2010, the act was promulgated by President
Ma Ying-jeou (馬英九). However, it did not come into force until now because of the
controversies surrounding some of its articles.
The Executive Yuan has decided that parts of the act that do not need further
consideration will take effect today and it has instructed the Ministry of
Justice to communicate with lawmakers to push for the passage of the articles
that have caused some consternation.
Chen Wei-lien (陳維練), director of the ministry’s Department of Legal Affairs,
said people have complained about rampant marketing telephone calls.
Under the new law, people can ask sales representatives not to call again and
remove their personal data. If companies continue to do telemarketing, but fail
to explain how they collect personal information, people can report them to the
authorities or even file a civil suit with the courts asking for compensation,
Chen said.
As for online material, it is legal to post personal information on the Internet
when the reason for doing so is to safeguard public safety by showcasing
lawbreaking, such as films of criminal suspects caught on surveillance cameras
or people who are naked in public places.
It is legal for people to search for and post the personal data of law-breakers
— such as someone who tortures animals or causes traffic accidents — online, but
posting personal data online for other reasons is not, Chen said.
Violators of the act can face a maximum prison sentence of five years, a fine of
up to NT$200,000 or both, Chen said.
The revised clauses that have not come into effect yet are pending approval by
the legislature.
Under the revised version of Article 6, health records are listed as a type of
information that may not be collected, used or processed for any means, joining
data on medical treatment, genetic information, sexuality and criminal records,
which were already listed in the 2010 version of the article.
Exceptions were made for six situations, two of which were new additions to the
article: when public interests were at stake and when the written consent of
concerned parties was provided.
The revised version of Article 54 removes the requirement for financial
institutions to inform individuals about information not personally provided by
the concerned party within one year after the effective date of the act.
It stipulates instead that financial institutions must inform individuals of the
data they possess before they use or process that information.
|