On May 28, the Central Epidemic Command Center (CECC) announced that considering the low risk of community transmission in Taiwan, it would loosen restrictions on daily life. The CECC announced guidelines for contact-information-based measures in response to the COVID-19 outbreak.
The CECC explains that in order to ensure personal data protection, proprietors of venues where customers’ personal data is collected must designate a person to be in charge of keeping a record of and maintaining personal data collected. Such data can be retained at most for 28 days and should be deleted after the specified period of time. Such data may not be used for any purposes other than outbreak investigations. Personal data can be collected electronically or in writing. If personal data is collected electronically, information security protocols must be implemented. In addition, when collecting personal data, the individual or the organization should clearly inform data subjects of the following: the entity to collect personal data, purpose of collection, types of personal data to be collected, time period of using personal data, entities to use personal data and ways of using personal data, data subjects’ benefits and rights they can claim under the Personal Data Protection Act, and the effect of declining providing personal data.
The CECC states that if Taiwan continues to record no new indigenous cases or no community transmission after June 7, the CECC will expand the scale of loosening epidemic control measures. As long as the public can cooperate with the new rules of providing contact information when going out and can observe personal preventive precautions, including washing hands frequently and wearing masks where social distancing can’t be followed, restrictions on the number of people allowed in a place when they go out or attend social activities will be lifted.