Taiwan occupies a unique geopolitical position – with a substantial population and robust economy, it lacks formal diplomatic recognition by most countries and is considered by the People’s Republic to be rightfully part of it. Taiwan has its own system and laws. How does it approach personal data flows beyond its borders?
Taiwan has a comprehensive personal data privacy law with a GDPR-similar approach. It provides more flexibility than the EU in how Taiwanese personal information is collected and processed. There is no express extraterritorial reach to its law. But Taiwan businesses must comply with rules on handling data they collect and can be held criminally and civilly liable for exporting data that infringes Taiwan principles.
There are statutory exceptions to the relatively free ability for cross-border sharing and processing of personal data. Taiwan’s financial regulator requires financial institutions to obtain consent for the export of personal financial data. Taiwan prohibits its telecommunications and broadcast companies from storing subscriber data in the People’s Republic of China. Taiwan uses sectoral exceptions to address particularly sensitive security concerns.
This podcast episode explores the unique position of Taiwan on our continuing global tour with Yugo Nagashima about how data localization is practiced.
If you have ideas for more interviews or stories, please email firstname.lastname@example.org.