Global Data and Cyber Handbook

Taiwan

Select a Topic
Start Comparison
Legal Bases for Processing of Personal Data
Jump to
Legal Bases for Processing of Personal Data Start Comparison
Is an identified legal basis required in order to collect or process non-sensitive personal data?

Last review date: 31 December 2024

Yes.

The following are potential legal bases for processing sensitive personal data:

         appropriate notice has been provided to or made available to the data subject

         the data subject has provided consent to the processing for the identified purposes

         other

  • It is explicitly specified in laws.
  • Collecting or processing is necessary for government agencies to perform their legal duties or for non-government agencies to perform their statutory obligations, and there are security measures before or after collecting/processing.
  • The data is necessary for public interest in statistics or for the purpose of academic research conducted by a research institution. The personal data must not be personally identifiable.
  • The data subject has given explicit consent to the processing. However, the exceptions to this are: (1) the collection/processing is beyond the scope necessary for the specific purpose, (2) specified otherwise in laws, or (3) the alleged consent is given against the data subject's will.

 

Is an identified legal basis required in order to collect or process sensitive personal data?

Last review date: 31 December 2024

Yes  

The following are potential legal bases for processing special categories of personal data:

         the data subject has given consent to the processing, where consent is measured to a higher standard than for non-sensitive personal data (for example, additional requirement for consent to be "explicit")

         processing relates to personal data which are manifestly made public by the data subject

         processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

         other

  • It is explicitly specified in laws.
  • Collecting or processing is necessary for government agencies to perform its legal duties or for non-government agencies to perform its statutory obligations, and there are security measures before or after collecting/processing.
  • The personal data is necessary for statistics gathering or for the purpose of academic research conducted by a research institution in pursuit of public interests. The personal data must not be personally identifiable.
  • The data subject has given explicit consent to the processing. However, the exceptions to this are: (1) the collection/processing is beyond the scope necessary for the specific purpose, (2) specified otherwise in laws, or (3) the alleged consent is given against the data subject's will.

 

Are there special requirements that apply to the collection or processing of personal data from minors?

Last review date: 31 December 2024

Yes.

"Minor" is not explicitly specified in the PDPA. Under the Civil Code, the consent to collect or process personal data provided by a person between 7 to 18 years old will be invalid without the approval of their holder of parental responsibility. For a person under seven years old, only the holder of parental responsibility has the authority to provide consent.

In what circumstances do these special requirements apply?

Last review date: 31 December 2024

         generally

What are the special requirements that apply to collecting or processing personal data from minors?

Last review date: 31 December 2024

         consent must be given or authorized by the parent/ guardian of the minor

 

{{ $store.state.loadingScreen.message }} ...