Privacy Perils of Open Data and Data Sharing: A Case Study of Taiwan's Open Data Policy and Practices

Governments and private sector players have hopped on the open data train in the past few years. Both the governments and civil society in Taiwan are exploring the opportunities provided by the data stored in public and private sectors. While they have been enjoying the benefits of the sharing and flowing of data among various databases, the government and some players in the private sectors have also posed tremendous privacy challenges by inappropriately gathering and processing personal data. The amended Personal Data Protection Act was originally enacted as a regulatory mechanism to protect personal data and create economic benefits via enhancing the uses of public and private sector data. In reality, the Act has instead resulted in harm to Taiwan's data privacy situation in this big data era. This article begins with an overview of the Taiwan's open data policy history and its current practices. Next, the article analyzes cases in which the data sharing practices between different sectors have given rise to privacy controversies, with a particular focus on 2020, when Taiwan used data surveillance in response to the COVID-19 pandemic. Finally, this article flags problems related to an open data system, including the protection of sensitive data, de-identification, the right to consent and opt-out, and the ambiguity of "public interest," and concludes by proposing a feasible architecture for the implementation of a more sensible open data system with privacy-enhancing characteristics.