Draft bill aims to regulate apps on digital stores
Democratic Progressive Party (DPP) Legislator Huang Jie (黃捷) has proposed an amendment to the Personal Data Protection Act (個人資料保護法) that would allow the government to demand that digital stores issue warnings about, remove or ban applications that present possible information security risks.
Huang said that information security is at significant risk due to Chinese apps such as ByteDance Ltd’s (字節跳動) Douyin (抖音) and TikTok, and Xiaohongshu (小紅書, “Little Red Book”), which collect personal information on their users, while victims of fraud on the platforms have no recourse for help.
The amendment is needed because Taiwan is at the forefront of information technology threats and should seek to protect itself, she said.
The proposal would empower agencies to demand that digital platforms, such as Google Play or Apple Inc’s App Store, warn users of potential risks, or require that the platforms remove or ban software, she said.
Meanwhile, DPP legislators Puma Shen (沈伯洋), Lin Yue-chin (林月琴) and Shen Fa-hui (沈發惠) submitted a draft amendment for the Cyber Security Management Act (資通安全管理法) that passed a first reading on Friday.
The amendment would designate the Ministry of Digital Affairs as the competent authority with jurisdiction over the act, while matters concerning information security would go through the ministry’s Administration for Cyber Security.
Under the proposal, the agency should periodically make unscheduled visits to inspect public offices and designated non-government agencies to ensure that their cybersecurity practices meet standards.
All government agencies should ensure that a third party installs and maintains their cybersecurity systems, the draft amendment says.
Public offices would be banned from purchasing or using any digital devices that could harm the nation’s information security, and all public offices are prohibited from purchasing or using devices and services manufactured or provided by groups, individuals or organizations in China, Hong Kong, Macau or other groups owned or affiliated with enemy foreign forces, it says.
Certain non-governmental organizations (NGOs) should observe government-level regulations, establish information security positions and observe government-level procurement regulations, it says.
The amendment would also grant authorities the power to launch administrative investigations into the designated NGOs in the event of severe information security incidents.