Peng, J. L., Chen, Y. P., and Sun, A. 2017. Personal Information Protection Act and the Legal Risk of Big Data Applications in Taiwan. NTU Management Review, : 93-118. doi:10.6226/NTUMR.2017.JUL.F104-009
Jin-Lung Peng, Associate Professor, Department of Risk Management and Insurance, National Chengchi University
Yu-Pei Chen, Assistant Professor, Department of Medicine, National Cheng Kung University
Aureola Sun, Ph.D. Student, Department of Risk Management and Insurance, National Chengchi University
In spite of their underlying values, big data now present enormous challenges as their collection, processing and application are potentially susceptible to the legal risks under Personal Information Protection Act (PIPA 2010) in Taiwan. By putting big data under the analysis framework of PIPA, this paper notes that by taking into consideration the staggering volume, velocity and variety claimed by big data and the enactment of PIPA, problems might arise in a number of ways: (1) In terms of information disclosure, data collection and processing would not meet the requirement of Article 8 and Article 9 of PIPA;(2) Data controllers are very likely to breach the duty stipulated by Article 11 of PIPA, which is, deleting and discontinuing to process or use when the specific purpose no longer exists or contract period expires; (3) Some data collectors might fail to satisfy the specific purpose requirement set by Article 19 of PIPA; (4) Data controllers might violate Article 20 of PIPA at the first marketing action; (5) They also might not meet Article 54 of PIPA that requires a notification may be given at the time where such personal information is first used.
big data Personal Information Protection Actthe right to privacy