At the onset of the COVID-19 pandemic, Taiwan has adopted numerous novel digital technologies for contact tracing, social distancing, home quarantine, and pandemic investigation. Effective digital governance, including big data analytics and smart technology, is regarded as the main contributor to Taiwan’s success in containing the pandemic.
For example, the government’s solution to the challenging pandemic investigation for the linkage between patients and potential cases is exploring patients’ daily footprints (down to every hour) through mobile phone tracking (and maybe surveillance camera). The result is then disclosed to the public so that those who have visited these places can stay alert.
Despite the potential derogation of privacy protection arising from these measures, Taiwan’s population has generally accepted the Government’s use of its emergency powers to deploy these technologies. This is due to the government’s transparent communication of disease control measures on a daily basis, and the citizens’ trust in their democratically elected and appointed bureaucrats.
However, privacy concerns are raised again because the exemptions from personal data protection were further expanded without clear boundaries as to what purpose the collected data could or could not serve. The first challenge regarding privacy and personal data protection in the COVID-19 pandemic in Taiwan is the vague, unclear boundary of the government’s emergency powers to loosen privacy protection and to allow a broader range of accessibility to personal data.
The second challenge is that the Central Epidemic Command Center (CECC) is not able to comprehensively disclose what personal data has been collected, how it was collected and processed, and for what purposes the data was used. Even though the government issues daily updates regarding COVID-19 with a large degree of transparency, the CECC is reluctant to be totally transparent about the deployment of digital measures and operating mechanisms due to concerns that citizens may find ways to cheat the system.
Due to serious concerns of privacy, the government needs to show a high degree of defence with regards to its measures, given the scope of personal data the government collected, the means of data collection, the precise policy purposes, and the number of different factors and alternatives that would have been considered. Concerns over misuse of personal data would continue to surface if emergency exemptions are not provided with sufficient information as to what purpose could or could not be served.
The third challenge is the lack of an independent data protection authority responsible for overseeing the use of personal data and safeguarding individuals against data abuse in Taiwan’s personal data protection framework. The National Development Council (NDC) is designated as the competent authority in charge of interpreting the Personal Data Protection Act (PDPA) and regulating personal data processing in Taiwan. However, the NDC’s independence in personal data protection is questioned because the NDC is also in charge of Taiwan’s economic, industrial, and social development, where promoting personal data utilisation is essential.
The final challenge is the bypassing of the Communication Security and Surveillance Act (CSSA) during the pandemic, where individuals’ telecommunication data is monitored in the electronic fence system without an interception order issued by a judge or by the Director of the National Security Bureau.
Until the end of the pandemic, big data analysis and technology-assisted public health measures will be continuously used to contain COVID-19. Therefore, even though fully preserving individual privacy is difficult, the government still needs to cautiously design and implement Covid-19 restrictions, and be aware of the balance between data protection and public health.