Digital Asia

Data Innovations and Digital Democracy

COVID-19 Technological Epidemic Prevention and Digital Data Governance in Taiwan

This report aims to examine the complex relationships of key stakeholders in socio-technical ecosystem of data innovations in Taiwan through two important case studies in 2020: COVID-19 technological epidemic prevention and smart governance for personal data (eID implementation with MyData platform).


This report documents data innovations of the Taiwanese government in the areas of COVID-19 technological epidemic prevention and smart governance for personal data (eID implementation with MyData platform).

Here are some key findings:
1.  In Taiwan’s plans to become a smart nation, the Taiwanese government has laid out its goals in the area of smart governance: to digitally integrate Taiwan’s services ecosystem, analyse demand for public services through big data, maximize the release of open data to drive public innovation and civic participation, and to better leverage crowd intelligence towards joint, collaborative and transparent governance. In the same vein, it is paying attention to data and information security, personal data privacy and protection and data rights, in line with the European Union General Data Protection Regulation (GDPR), to which Taiwan is currently applying for adequacy certification.

2. Taiwan’s data culture is unique in its collaborative and citizen-participatory nature, which has seen the government, the private sector and civil society participating in digital innovations, engendering a culture of transparency and joint governance. Data has been leveraged independently by citizens and the private sector towards developing and refining government policy and public services, such as via the government’s “regulatory sandbox” system, where innovators who wish to test new products, services or commercial models can do so together with the government, within risk-controlled environments where regulations are temporarily relaxed.

3.  Data innovations have proven crucial in Taiwan’s COVID-19 technological pandemic prevention strategies. At the first signs of the COVID-19 outbreak, Taiwan quickly established a foreign entry quarantine system, leveraging cross-ministerial data to track individuals at risks of COVID-19, prevent suspected infections and streamline relevant hospital and frontline procedures to reduce cross-infection. Together with Taiwanese telecommunications operators, it also developed the “Electronic Geofencing” cellular-tracking system, which uses cell tower triangulation to monitor the movements of quarantined individuals together with local authorities. This has aroused public concerns over loss of rights to personal data privacy, opaque or poor data handling protocols, and being placed under government surveillance.

4. Part of technological epidemic prevention, Taiwan’s mask rationing system is a prime example of open data and civic, public and private sector collaboration, in order to curb mask stockpiling, allay public fear and panic buying as well as to allo-cate masks equitably and efficiently. The system is first developed by engineers from civil society, improved with the support of the government and telecommu-nication operators using open data and real-time technologies, and implemented with the support of private enterprises to serve as mask distribution points. How-ever, the system mainly utilises one’s national NHI card (National Health Insurance card) that contains highly private individual medical data as a means for mask pro-curement; this led to concerns about data misdemeanour by data handlers such as private enterprises and the government. Together with the entry quarantine and Electronic Geofencing cellular-tracking systems, questions have arisen as to the extent to which personal data can be used in the public interest of pandemic pre-vention, without prior consent in data collection.

5. Pertaining to the COVID-19 innovations, the Taiwanese government’s positionis that personal (data) rights have to be partially given up in the cause of publicsafety – of note is the principle of proportionality to the public interest as rendered in Taiwan’s Constitution – but that there should be corresponding, remedialstrategies to safeguard data security and privacy. Such strategies include minimising data collection to the barest minimum, data de-identification, rigorous datastorage, use and deletion protocols. With effective technological epidemic prevention, Taiwanese civic groups have raised privacy concerns with using personaldata during COVID-19 pandemic.

6. The Taiwanese government also developed MyData, a personalized online services platform offering one-stop and synchronous personal data access to servicesprovided by various government agencies and financial institutions. The systemempowers citizens to exercise autonomous control over their personal data use byothers. One major controversy that has delayed its implementation is the government’s plans to speedily and compulsorily launch a new form of chip-based electronic identification (eID) for citizens, which would be able to channel digitalisedcitizen data for MyData use. Public concerns of eID implementation have focusedon both hardware and software vulnerabilities prone to data security, the prevailing lack of regulations on accountability and personal data protection, and worriesof government surveillance and potential violations in digital human rights.

7. Taiwanese concerning personal data security and protection can be understoodby contextualizing it in Taiwan’s White Terror period (1947–1987), during which the authoritarian Kuomintang government oppressed Taiwanese political dissidents.This explains the public mindfulness of government as a data handler. Additionally, China’s frequent cyberattacks and information warfare caution Taiwanesewith risks of digital infiltration that might compromise data security in this islandcountry.

8. Pertaining to the new eID, the Taiwanese government has assured the public that the eID and MyData platform will be conducted under the highest of data security standards, with some mandated by laws. To fulfil the GDPR requirements, the government has planned to establish a dedicated agency, a new Ministry of Digital Development, to supervise applications utilizing personal data, coordinate digital governance policies and amend relevant data regulations. It will also amend the Personal Data Protection Act (PDPA) to enhance privacy standards with reference to the EU’s GDPR and other laws to expand the rights of data subjects and strengthening the responsibilities of data controllers over the safeguarding of personal data security.

9. As data innovations proliferate in Taiwan, stronger tripartite cooperation among government, public and enterprises are expected as more data is open to the public. In particular, it is expected that civil society in an increasingly digital democracy such as Taiwan will apply digital technologies towards stronger participation in politics and public affairs, government monitoring and to realise public interests. The debates over personal data privacy and data security concerns are also expected to continue, in particular for the eID issues, whose implementation has already been delayed, until all parties come to democratic consensus on a satisfactory solution.



Ming Yin Ho


Programme Manager for Digital Transformation +65 66036167