Challenges of Personal Health Data Protection in the Era of Cloud Computing: A Comparative Legal Analysis
Author：Chih-hsing Ho Assistant Research Fellow
Origin of Topic
The Taiwanese government has recently promoted the adoption of cloud services in its government agencies since the Executive Yuan approved its “Cloud Computing Industrial Development Plan” in 2010. Among the twelve government’s proposed cloud service schemes, the “Health Cloud Project”, which has been initiated and funded by the Ministry of Health and Welfare since 2015, aims at applying cloud computing techniques to the National Health Insurance Database to help improve health care delivery. By analyzing the Taipei High Administrative Court’s judgments, this paper argues that whether the National Health Insurance Bureau is entitled to release its national health insurance data to third parties for the purpose of secondary use is not without controversy. It further pinpoints that in addition to recognizing information autonomy, which has been proposed by the Grand Justices’ constitutional interpretation, as well as considering the legislative purpose of the revision of the Personal Data Protection Act in Taiwan, there is a need to re-evaluate the challenges that cloud computing techniques could have brought to the implementation of the Personal Data Protection Act. This paper adopts a comparative legal perspective to analyze different rules and governance frameworks implemented by the EU, the UK, and the US in their various definitions of personal data and the regulation of risks associated with applying cloud computing techniques to personal data. It plans to reflect an adequate way to address the balance of individual privacy and public interest, especially the protection of personal and information autonomy that the government in Taiwan shall take into consideration for its cloud computing application.