TAIWAN Law and Practice Contributed by: Che-Hung Chen, Doris Lu, Jakob Huang and Meng-Ying Lee, Chen & Lin Attorneys-at-Law
the duration, location, recipients and methods of data use; this information is usually provid - ed in the form of a cookie, policy or privacy notice); • obtaining informed consent from data sub - jects (businesses must obtain informed consent from users before placing cookies on their devices); • ensuring that data is used only for specified purposes within the scope of data subjects’ consent (businesses cannot use cookies for unrelated or secondary purposes without obtaining further consent from users); • implementing appropriate security measures to protect personal data (businesses must implement appropriate technical and organi - sational measures to protect personal data collected through cookies from unauthorised access, disclosure, alteration or destruction); and • respecting data subjects’ rights, such as to access, rectify, delete, or request a copy of their personal data, or demand the cessation of the collection, processing or use of their personal data. 4.2 Personalised Advertising and Other Online Marketing Practices Personalised Advertising Personalised advertising is not specifically regulated under a separate legal framework in Taiwan, but it is governed by the general provi - sions of the PDPA. Since personalised adver - tising often involves the collection and analysis of personal data to target individuals with tai - lored ads by way of collecting and analysing the browser records and footprint and at least partial IP information, it must comply with the require - ments set out in the PDPA (please refer to 4.1 Use of Cookies ). Therefore, businesses engag - ing in personalised advertising must adhere to
the PDPA’s general data protection principles to ensure legal compliance. Other Online Marketing Practices The PDPA regulates the collection and use of personal data for marketing purposes. When a non-governmental agency uses personal infor - mation for the purpose of marketing but the data subject refused the marketing, such marketing must stop immediately. Also, the non-govern - mental agency should offer ways for the data subject to express their refusal at the time such marketing first appears in public, and should compensate any necessary cost and expense for expressing such refusal. Moreover, the Financial Holding Company Act provides that financial holding companies’ sub - sidiaries engaging in co-selling activities among themselves should apply to the FSC for prior approval and ensure that such activities will not harm the interests of customers. The subsidiaries of the financial holding company should comply with the provisions of the PDPA with regard to the joint collection, processing and use of the basic personal data and dealing or transaction records of customers. In Taiwan, there are no general and primary rules regulating all types of online marketing. Never - theless, for electronic marketing, the Consumer Protection Committee has promulgated guid - ance advising that enterprises collect and use consumers’ personal information in accordance with the law, and provide reasonable protective measures. 4.3 Employment Privacy Law In Taiwan, the PDPA plays a primary role in shap - ing data protection with respect to the employ - ment relationship. Employers must comply with the general requirements of the PDPA when col -
453 CHAMBERS.COM
Powered by FlippingBook