TAIWAN Law and Practice Contributed by: Jaclyn Tsai, Aaron Chen, Teresa Huang and Jaime Cheng, Lee, Tsai & Partners
Dedicated telecommunications networks If communications among IoT devices are only operated through the radio frequency in a tele - communications network established for private use (“Dedicated Telecommunications Network”), the radio frequency is required to be approved by the MODA while the establishment of the Dedicated Telecommunications Network should obtain prior approval from the NCC under the Regulations Governing the Establishment and Use of Dedicated Telecommunications Net - works. Controlled radio-frequency devices For IoT devices classified as controlled tele - communications radio-frequency devices, their manufacturers or importers must follow the requirements under the TM Act and the Admin - istrative Regulations on Manufacturing, Import and Report of the Controlled Telecommunica - tions Radio-Frequency Devices, and obtain prior approval before launching such devices. Personal data protection requirements If the collection, processing, or use of personal data are involved in the operation of IoT devices, operators should ensure compliance with the PDPA. Self-Regulatory Rules for Financial Institutions Using IoT Devices Financial institutions are required to follow rele - vant self-regulatory rules established by financial institutions associations. Please see ‘Financial Industry’ in 4.3 Data Sharing . 4.2 Compliance and Governance Deployment of IoT devices or technologies involves navigating a complex regulatory envi - ronment, as it often falls under the purview of multiple government authorities, each with its own regulations. Businesses must therefore
identify the relevant authorities and ensure com - pliance with the regulations applicable to their
respective industries. 4.3 Data Sharing
Taiwan does not have a single regulation specifi - cally governing IoT data sharing. Instead, spe - cific industries are subject to IoT-related regula - tions or guidelines that govern sharing practices. For example: Financial Industry The following guidelines regulate IoT data shar - ing and security for financial institutions: • Rules governing the Security Management of IoT Devices for Financial Institutions (issued by the Bankers Association) • Operational Rules governing the Use of IoT Devices for Insurance Companies (issued by the Life Insurance and Non-Life Insurance Associations) These rules require banks and insurance compa - nies to ensure that IoT devices used have iden - tity authentication mechanisms, use wireless networks with encryption protocols, and moni - tor access control and network connections of IoT devices. Healthcare Industry Under the CSM Act, the Ministry of Health and Welfare (MOHW) issued the Cybersecurity Standards for Information and Communication Systems in the Healthcare Sector. Hospitals des - ignated as providers of critical healthcare infra - structure must (i) manage wireless networks and access control when using medical IoT devices and (ii) prohibit data exchanges between wire - less network-connected devices and the hospi - tal’s core network.
487 CHAMBERS.COM
Powered by FlippingBook