Blog: Impact of European Union General Data Protection Regulation on Data Sharing in Taiwan

There is a good awareness of General Data Protection Regulation (GDPR) as a debate and the need for Taiwan to adapt if it wants to do business with the European Union (EU). However, awareness is largely where it ends, as most don’t see Taiwan having a seat at the table on its outcome, and take a ‘wait and see’ approach.

The publicised aspect of GDPR in Taiwan surrounds the principles of ‘right-to-be-forgotten’ and  ‘businesses should take more responsibility’ on data usage and application. How this is applied locally, and future implication for data sharing, is unclear. There is a lack of discussion on other critical aspects of GDPR, such as the portability of data and actual penalties for abuse locally.

This means very different strategies for different decision-makers. It can mostly fall in three buckets:

1. Play it safe – This is the view from public organisations and big companies. GDPR has made any potential data-sharing discussion a ‘legal risk’ and dramatically kills the appetite to explore a data-sharing partnership.

2. Keep it in a black box – There is a growing demand for outsourcing solutions (legally isolating risk) and creating a third party to take on the risk. Until there is a clear demonstration of auditing capabilities from law enforcement locally, as long as this is done ‘outside’ and/or very unlikely to be proven externally, it is business as usual. Thus, you have many small and medium-sized enterprises (SMEs) claiming ‘they have access’ to data from big players. Precisely what they have, how they get it, and what they do with it is in the grey. And most turn a blind eye as there is no major consumer revolt to date.

3. Make what you can, while you can – There are many companies (SMEs in particular) that are struggling for money and hope they can monetise their data before GDPR or GDPR-like legislation takes hold locally. This means little regard on who is getting the data and what they intend to do with the data.

Items 2 & 3 above makes Taiwan data sharing market very murky, and you really don’t know what you are getting even if you tried.  Meaningful data sharing is confined mainly to two organisations dealing directly or only working with sister companies within the same group.

This means data is very fragmented, and its application limited.  It doesn’t allow for a more holistic view of ‘consumers’ and doesn’t foster a vibrant ecosystem for third party value-added services.

On a higher level, there is a growing awareness of data rights and data security in Taiwan; however, there is still little consensus on what this means locally and how this will be applied.

This is underpinned by a few practical realities and challenges which make the data industry very difficult domestically:

• Negative media creating suspicion from stakeholders – Taiwan is surrounded by broader conversations of fake news, internet security attacks, virus and malware attacks, particularly from Mainland China which means any aggressive attempts to innovate on data are viewed with suspicion.
• No strong domestic leader in data – While a dominant player in IT hardware, Taiwan lacks a strong domestic leader in ‘data value-added services’. Unlike its North-Asia neighbours – Japan, Korea, and China – who all have their own local giants (Alibaba, Rakuten, Naiver, Line, Tencent, etc.) with a robust digital ecosystem, comparatively, Taiwan is reliant on foreign players for their solutions. This is reflected with deep penetration of foreign services like Facebook, Google, LINE, and low margin domestic digital advertising business.
• Taiwan’s businesses instinctively looking at market forces, versus local legislation, to determine industry future – Legal process in Taiwan can be slow and often results in a compromise. Taiwan is clearly aware of its limitations on how we can take ‘foreign companies’ to court. Where legislation is ‘too restrictive’, it will encounter the dilemma of limiting local firms much more than foreign players.

For GDPR to really create positive synergies for Taiwan given the above challenges, I feel Taiwan needs to:

A. Create and communicate a strong strategic framework of ‘data rights’ at the individual level, not at government level via legislation, and not at business level via products and services. Although the government’s ability to follow this through legislation, and more importantly, enforcement (including penalties) is critical in creating a fair playing field.

B. Mandate and create a ‘trusted’ data sharing protocol where there are clear guidelines and processes in how data can be shared and how it can be used. This ideally can be led via publicly funded association or non-governmental organisation (with strong government oversight but not influence) and has directly backing by government, including the ability to advise on policy, day-to-day administration, enforcement and penalties of these guidelines.

C. Invest and build a robust ecosystem of third party value-added services (certified by the trusted data sharing protocol) where consumers can ‘feel’ tangible value through consenting to open-up their individual data. Only when there is a thriving industry backed through public demand can this be sustainable. Net, there needs to be enough money in the industry to attract talent and still have room to give value back to consumers.

Taiwan government has already positioned the country towards a path of success through initiatives like opening government data and public data. There are also smart future directions set by Taiwan’s National Development Council, who strategically mapped out possible foundational building blocks, such asmyData, to bring this to an ‘individual level’. However, this needs to become ‘market-driven’, or it will have little chance of succeeding internationally and being adopted by the public.

Massive potential for Taiwan if it can get this public-private partnership right, similar to how it successfully transformed the island into a key IT hardware hub 30 years ago, I look and work towards making Taiwan a ‘knowledge hub’ for the next 30 years.