TAIWAN Law and Practice Contributed by: Che-Hung Chen, Doris Lu, Jakob Huang and Meng-Ying Lee, Chen & Lin Attorneys-at-Law
local government authorities. Further, the PDPC will prioritise the regulation of non-government agencies that do not have a clearly designated competent authority. As for non-government agencies that already have been governed by a competent authority due to the feature of busi - ness, transitional provisions will apply. During the transitional period, the supervision by their central or local competent authority will remain in effect temporarily, and the regulatory powers of each respective competent authority will be gradually migrated to the PDPC in phases. This approach aims to achieve the legislative policy goal of centralising and unifying personal data protection oversight. Before the official launch of the PDPC (sched - uled for August 2025), the relevant regulators and their authorities are as below. The MOJ is the main regulator for personal data protection and is in charge of proposing the draft bill of the PDPA, and promulgating the Enforce - ment Rules of the PDPA (which will be migrated to the PDPC after it is official launched). The MOJ and the National Development Council are in charge of issuing various interpretations to answer questions in respect of compliance with the PDPA. The enforcement of the PDPA is administered by the central government authorities that super - vise the business operation of non-government agencies, and local government authorities. Both central and local government authorities have the power to: • carry out audits and inspections on non-gov - ernment agencies; • request information; • demand rectification; and
• impose administrative penalties against non- government agencies for non-compliance with the PDPA. 1.3 Enforcement Proceedings and Fines Administrative Enforcement Proceedings Under the PDPA, central and local government authorities have the power to conduct an audit and inspection on non-government agencies, for which they may access the premises of non- government agencies, request information, and copy and retain documents. If the non-govern - ment agency refuses to provide the information and documents, the authorities may – to the extent of least harm – adopt compulsory meas - ures to obtain such information and documents. The non-government agency may raise an objection against such compulsory measures. However, if the government authority refuses to change such compulsory measures, the non- government agency may only argue against such compulsory measures in the proceeding in which it argues the administrative decision on the merits. Except for the foregoing investigation proce - dure and the procedural complaint procedure, there are no special procedures regulating the administrative process in respect of investiga - tions and imposed penalties, and in respect of the respondent’s due process and appeal rights and procedures. The general administrative laws will govern, such as: • the Administrative Procedure Act; • the Administrative Appeal Act; and • the Code of Administrative Procedure. As noted in 1.2 Regulators , the enforcement of the PDPA will be administered by the PDPC upon its official launch scheduled for August
445 CHAMBERS.COM
Powered by FlippingBook