The Fundamental Law of Artificial Intelligence is a castle in the air with no foundation.
Since the Ministry of Science and Technology issued the "AI Research and Development Guidelines" in 2019, the National Science Council has announced a draft of the "Artificial Intelligence Basic Law" this year, attempting to catch up with international trends in regulating AI risks and safeguarding fundamental human rights. However, the draft lacks concrete governance paths for AI research, development and deployment. Furthermore, Article 5 states that the interpretation and application of other laws should "not hinder the development of new technologies," which if passed, could elevate this draft above the Personal Data Protection Act and regulations such as financial supervision and medical device laws. This would strip away existing legal tools that ensure the safety of AI data sources and applications, severely undermining the Act. The Taiwan Association for Human Rights (TAHR) recommends the government to review relevant domestic laws, clarify the relationships between different legal frameworks, and determine areas in need of adjustment to address the challenges posed by AI effectively.
The draft’s provisions highlight the role of the government in promoting AI development but fail to outline the procedural requirements that government agencies should adhere to during the development and application of AI. Multiple issues have already arisen with AI development within the Taiwanese government: the Judicial Yuan’s use of generative AI to draft criminal case rulings has sparked controversy, and the Ministry of Justice's AI-based risk assessment for recidivism t lacks transparency Additionally, the National Health Insurance Administration announced this year that it would cooperate with Google to develop an AI for diabetes risk assessment raises doubts about the data sources for training the model, especially since based on documents released to the public, the “Health and Welfare Data Management Act,” which would regulate the use of health insurance data has yet to pass.
The European Union’s AI Act adopt a risk-based approach, including varying degrees of oversight, ranging from outright bans to basic rights assessments. In contrast, the substantive content of our country’s draft merely requires the Ministry of Digital Affairs to establish a "risk framework" with Article 10 and does not address the relationship between the regulatory authority and other government agencies. Given the gaps in accountability, relief measures, basic rights assessments, legal authorizations, and regulations, how can we expect this law to effectively protect privacy and security and combat discrimination and inequality?
Fundamental principles must be implemented to be effective. While the Act lists seven principles, itlacks corresponding guidelines for implementation. The "Privacy Protection and Data Governance" even subtly allows access and reuse of non-sensitive data (excluding medical records, health records, genetic, sexual activity, health checkups, and criminal records), raising concerns about conflicts with the Personal Data Protection Act. We strongly recommend the government to clarify the correlation between this draft and existing laws, revise the structure to ensure safety measures and human rights protection can be effectively implemented, and provide a framework of best practices for public and private sectors involved in AI research and application to abide by. In the short term, government agencies should review the development and use of AI and automated algorithms in the public sector and work towards monitoring the compliance of emerging technologies with relevant regulations and international principles in the long run.
Translated by: KJ, Intern Edited by: Nini, Intern
Mandarin version :https://www.tahr.org.tw/news/3583
