It is high time to establish practical legal mechanisms regarding digital rights and freedoms to ensure democracy and rule of law continues to strive in the digital age. We urge your attention on the “Digital Bill of Rights” drafted by civil society, which focuses on the individual and the people’s rights, government obligations and constraint of power, as well as establishing the due process and remedy mechanism for when the individual and the people’s rights are to be restricted by the government.

The government should establish digital rights including, but not limited to, the public and the individual’s right to be informed, as an extension of the right to digital autonomy (including the ability to be fully aware and control the utilization of personal and behavioral data and footprints), the right to secrecy, the right to anonymity, the right to request non-digital/non-personal/non-automatic decision-making, and the right to meaningful alternatives,etc.

We urge your attention on the “Digital Bill of Rights,” by which a bottom-up approach is taken up by volunteering lawyers, tech experts, and human rights activists.

We respectfully call upon the government to improve the regulation for personal data protection, ensuring the implementation of such regulation can align with clear and sound laws in privacy protection.

Specifically, we hope the government will:

1. Fulfill its promise and finish establishing the Personal Data Protection Commission before August 2025, as well as initiating further amendments to the Personal Data Protection Act for assuring data protection authority’s power and duties. We request the government to involve civil society engagement in the regulation deliberation process.
2. Ensure the independent agency protecting personal data has substantive power and resources equivalent to those of a second-tier agency and sufficient to monitor data collection and utilization in public and private sectors. The government should also actively and substantially supervise public departments and ensure accountability.

The government should actively implement accountability and remedy mechanisms for personal data breaches in public sectors. The mechanism should include measures for damage control and remedial action, as well as standard operating procedures and a stringent timeline to prevent similar events from happening again. Specifically, for the incident in 2022 where over 23 million people’s household registration data were leaked, the government should immediately prevent further damage, implement substantive remedial plans, complete an independent investigation into the leak, and officially report the full details of the incident and the corresponding remedial plan to the public.

The government should lay down rules for explicit health data protection, which should, at the minimum, include data related to health conditions, health insurance, medical records, and medical examination records. The government should respect the people’s right to informed consent, right to control data after provision, and right to withdraw consent, top ensure compliance with the medical ethics protected by the WMA Declaration of Taipei and others, as well as the patients’ right to dignity and informational autonomy, as guaranteed by the Constitutional Court Judgment No. 13 of 2022.

When interfering with online content (such as requiring taking down the content or banning the website), the government must premise itself under the principle of legal reservation and ensure the process is transparent and thoroughly documented. We also call upon the government to periodically publish statistics on internet content and access limitation demands.

Public authorities have a duty to ensure the neutrality and openness of the internet. When intervening in internet content (such as requesting the removal or blocking of websites), it must be based on clear legal authorization and in accordance with the principle of proportionality. Additionally, an independent oversight and remedy mechanism should be established. The government's enforcement process should also be transparent and fully documented, with regular publication of statistics on requests to restrict internet content or access.

The government should promote and adopt legislation for digital platforms and other digital services that align with international human rights standards. The legislation should require responsibilities and obligations for digital service providers. Especially for internet platform providers above a certain scale, the government should establish human rights governing mechanisms that can handle third-party accountability and remedy for rights violations, to prevent various human rights violations and negative impacts. These measures should foster a safe network environment free from online violence and hate speech in collaboration with major digital platform providers and protecting freedom of speech.

Both Government and enterprises should actively promote a network environment favorable for mental health, internet privacy, and network safety for relatively marginalized communities. This includes, but is not limited to, preventing cyberbullying, child and youth sexual exploitation, gender-based online violence, hate speech, and content that encourages self-harm or addiction from children and youth.

Additionally, the government should require enterprises to adopt active measures in governing relevant content. Enterprises should establish prevention mechanisms and transparent censorship regulations for situations where algorithms may amplify negative material.

The government should take into consideration the potential risks of human rights violations by digital technology enterprises such as digital monitoring and surveillance companies, relevant hardware, software, information sellers or agents, as well as telecom providers and large digital platform companies.

This includes, but is not limited to, promoting mandatory law on corporate human rights and environmental due diligence, requiring enterprises to operate in accordance with United Nations Guiding Principles on Business and Human Rights (UNGPs), requiring enterprises to coordinate internal capacities and procedures to take appropriate measures, and ensuring compliance with international human rights standards with the assistance of internal or external human rights experts.

The government should complete legislation on Artificial Intelligence or Computer-Aided Decision-Making technology to ensure that all related development, products, and applications adhere to international human rights standards. This includes implementing transparency and interpretability, establishing accountability and independent oversight mechanisms with sufficient enforcement power , prohibiting technologies with high risk of human rights violations that cannot meet these standards, and establishing channels for individuals and groups to assert their rights and seek remedies, as well as identifying the responsible institutions for these purposes. Before developing or deploying Artificial Intelligence or Computer-Aided Decision-Making technologies, public authorities must disclose the legal basis for their use, the model training processes, the types and sources of training data, the scope of application, the degree of impact such systems will have on decisions, and the process and outcomes of human rights impact assessments. These human rights impact assessments must include the participation of civil society.

Promote the development of open-source (open source code, open data, and open government), information commons and civic technology to advance the transparency, monitorability, and tenacity of public service and digital development. Particularly, free and open-source software (FLOSS) can advance sustainability, local innovation, and civic empowerment in digital development. The government should formulate policies and laws that include open source as the core strategy for public service and digital development.