On the third stage, we have, during the data aggregation phase, a way to compare the long-term trends of one particular contribution from one particular community versus another cohort of sensors. This is not to detect malice, but more likely to uncover the biases inherent in the kind of sensors that they use.
Maybe in the hardware, above a certain range, it starts to become erratic or below a certain range it becomes deteriorated. It’s possible. Basically, the first stage is to look for algorithms that can systematically uncover and correct bias.
That, in fact, one of the points that we’re looking for in the Grand Challenge at the end of this year is to get the researchers a set of data and develop a way that could increase the net trustworthiness of the diverse data sets. That, too, is part of the challenge.
It will all be announced on CI Taiwan. We choose this in particular because there’s no privacy issue. We’re not saying that it cannot one day be applied to, for example, health care data that are donated by home caring stations or by the patients themselves.
Basically, the privacy, the DPA adequacy, that is one arm.
Statistics is one arm. The environmental data aggregation, citizens contribute the data. We’re running three consultations at the moment about interchange of data across ministries, publishing of government data to our citizens, and how citizens-originating data enters into policy-making process, all the three directions, as part of the vTaiwan process.
Just this morning we ran the second consultation on government data publishing data outward. Soon, I think a week or two, the third one, the incoming one will...It’s all live-streamed. If you go to the vTaiwan Facebook group, it’s all live-streamed.
We will aggregate all these recommendations and figure out whether we need a act-level change, a law-level change, whether the law itself is sufficient. For DPA, of course we will have to change the privacy law at least at one point, the current authority chapter, and maybe data localization chapter.
Aside than that, maybe it’s possible to do it entirely on the regulatory level and not on the law level. This consultation is mainly to determine whether there’s any input from the community that is only realizable by changing, say, the Freedom of Information act or the Privacy Act. If not, then it’s all going to be regulatory level. That’s the legal part.
Then the CI, the civil IoT, is progressing without worrying about privacy. Basically, we build the standards, the technical expertise, the trust between the civil society, private sector vendors of those sensors, and the ministries involved to try to convince the minister it really generates better social impact if we work together.
Once these two are independently solved, then we can tackle the most difficult part, which is the use of private data under consent, for public good.
Right.
First, I’ll encourage you to review the DPA discussion on vTaiwan where it also touched on the localization. The main provisional idea is that it all depends on how strong the DPA is.
If the DPA is a thoroughly EU-style DPA that has de factor administrative not just interpretation control, that is to say it can recommend specific privacy-enhancing technologies, if it has this level of control, then, of course, a EU-style exchange only with adequacy countries or jurisdictions makes sense.
If, at the end of it, we pass adequacy, but with a DPA that are more advisory than prescribing particular PETs, then maybe it does make sense to keep the current data localization idea, which is open by default and closed only for security processes or whatever. We will know when the actual DPA gets bootstrapped.
Depending on the strength of the DPA, we will know the strengths of data localization. Personally, I don’t have a preference. I think the consensus now is more of having the citizen being aware that they have certain agency under not just GDPR, but existing PIDA. They can demand explanation. Data is not just an asset. It is a relationship.
If sufficient amount of people in a civil society takes this view, then maybe we don’t need a strong DPA. Maybe the citizens, as part of consumer protection associates, authorities, and so on, or like iWIN, is able to safeguard it to a certain degree. That would actually be a pretty balanced power between the civil society, the private sector, and the government.
On the other hand, if the civil society does not have this kind of empowerment, we don’t succeed in getting people taking the view that they have agency, that data is a relationship, then a much stronger case will be made in the Parliament about a strong DPA. That’s just logical, and I don’t have a preference one way or another.
Yeah.
It’s not always like that. During the Company Act rewrite recently, we explicitly said the US approach works better in many things, so we just adopt this.
I think the mindset is changing. One part of it, I think, is the successful application of a doctrine of the so-called sandbox laws. It is not a legal term. Technically, it’s experimentation and advancement of economy or whatever. I don’t know the full name, but everybody just call it sandbox, so might has well. [laughs] At the moment, we have three sandboxes.
The regulatory-level sandbox as offered by the SME agency, the regulatory reform center’s sandbox. They don’t call themselves a sandbox, though. They are at https://law.ndc.gov.tw/ which is a platform economy regulatory adjustment, where the NDC, the Regulatory Reform Center, the RRC, takes people’s appeal that certain interpretations are out of data and work with the ministries to abolish them very simply put.
The SMEA sandbox is more about a new emerging trade or a new emerging business model. It’s not even sure whether it runs counter to our regulation or not. It would help to clear the gray area and to even work out new regulations to fit their purpose, instead of retrofitting existing obsolete regulations.
The SME one is for when you don’t know what’s blocking you. The NDC one is for that you know precisely what need to be abolished in order for you to move forward. They have this relationship.
Sometimes the SME one passes to the NDC. There’s a recent case about Upark, a startup that installs this kind of blocking thing on the parking lots.
The SME worked with NDC to relax that, so that now on average, if you just rent out up to eight hours per day, throughout the month, then you are not taxed and hold like a operating parking lot. That is a very good case of the SME taking it, clarifying it, passing it to NDC and NDC helping it to adjust the law.
This is much more...
It really worked. Then, this is less continental law system. This is much more US style and much more case law-ish thinking. Even if its challenge is lost, we have the FinTech Sandbox, which admittedly suffers from the fact that many people entering the FinTech Sandbox is not even very clear which law they are challenging or which part of the law that they’re challenging.
There’s a lot of handholding to do by the FSC. If you listen to some other side of people, they say they have a lot handholding to do to the FSC people, so both sides, sure, have a lot of handholding to do, but as a FinTech.
We are also working on the AV, the autonomous vehicles sandbox. We expect that to pass this session or latest next, but likely this.
The MOEA will take the application and do the evaluation. When it comes to making exceptions on existing loss, the MOTC will do the exemption. All the while, the evaluation of the safety, accountability, AI applicability will be contributed by MOST.
Verily, but the alternative is to have the MOTC make all the decisions itself...
Yeah, you go to your local MOEA office.
Yeah, the municipal MOEA office.
Well the MOEA has so-called 馬上辦 service centers. They report directly to the MOEA. It just happens that they have multiple municipal offices.
Yes.
The process, according to the draft law is all online, so I’ll just explain very briefly.
Basically, the MOEA is the driver, just like in the SME sandbox. The applicant, I think Upark folks, doesn’t even need to know that there are MOTC, MOF, NDC, RRC, whatever, involved. At the beginning, it just talks to the SME folks in MOEA.
Yes, for the AV sandbox. The AV sandbox it’s also paramount for us, for all the ministries to be in a multi-stakeholder panel because they all have some stake.
The panel need to make decisions in a way that is not detrimental to any ministries’ purposes. The MOEA is better at handling this kind of innovators proposals because it’s more flexible in understanding the language that are not overtly technically or legally correct.
The thing with FinTech Sandbox was that there’s a lot of language difference between the innovators who describe the latest immutable distributed ledgers and the existing bankers describe their compliance roles. They are literally worlds apart.
The FSC devoted a lot of time just to reconcile their languages. In the time for the AV sandbox, we think it’s maybe better to have the people who work with startups all the time, the MOEA people, to serve as their face, their proxy, and then talk to the ministries that are really needed to relax the laws or their existing laws.
Now, the municipal government is still important, not in the sense that they have a veto on the roads or whatever, but rather publishing the real, actual social needs of the city government.
For many AV experiments, it will fare much better if you know exactly what, for example...I’m just making this up, the Penghu County. They really want smart ships because for some offshore islands, the transportation situation’s very difficult. They cannot keep the sailors around all the time.
If there are some lightweight, self-driving ship that people can summon at will, it would really help them. They have all the relevant climate data, sea data, whatever data to support the parameters on which to make such experiments.
Instead of starting from zero, the innovators can just look at each county and region’s needs and not compete, but rather try to solve a little bit of it in a smaller section. The relation is not like innovators are in the dark and people just randomly veto them, but rather the different municipalities declare their needs.
We’ll publish this as a transcript.
