Newsletter
The NCC announced a bill of the Digital Intermediary Service Act
On June 29, 2022, the National Communications Commission (“NCC”) announced a bill of the Digital Intermediary Service Act (“DISA”) for public consultation. The DISA was formerly named the Digital Communications and Broadcasting Act (“DCBA”) and the Digital Communications and Broadcasting Service Act. A bill of the DCBA had been submitted to the Legislative Yuan for deliberation in November 2017, along with a bill of the Telecommunications Management Act. After an overhaul by reference to the proposed draft Digital Service Act of the EU, the DISA mainly regulates digital intermediary (“DI”) service providers instead, and the number of provisions has also increased from 29 to 58. The main points of the DISA are as follows:
1. DI service providers are enterprises which provide any of the following services:
(1) Mere conduit service: a service that consists of the transmission in a communication network of information provided by a recipient of the service or the provision of access to a communication network (such as Internet access services) or an interpersonal communications service (such as instant messaging software services).
(2) Caching service: a service designed to make the information’s onward transmission more efficient to other recipients via the automatic, intermediate and temporary storage of that information in a communication network (usually provided by telecom operators).
(3) Hosting service: a service that consists of the storage of information provided by, and at the request of, a recipient of the service.
The DISA defines “online platform service” as a special type of hosting service that stores information provided by a recipient of the service and, at the request of the recipient, disseminates that information to the public, unless that activity is a minor and purely ancillary feature of another service (such as the commentary functions at the bottom of news website pages). The DISA imposes general obligations with respect to all DI service providers as well as special obligations specifically for hosting service providers and online platform service providers. Furthermore, the DISA also authorizes the NCC to designate online platform service providers with 2.3 million active recipients of their services within the territory of Taiwan as “Designated Online Platform Service Providers” and imposes additional obligations on them.
2. Given the transnational nature of DI services, the DISA is not only applicable to those service providers having a commercial presence in Taiwan but also applies to those service providers without a commercial presence in Taiwan, but there are sufficient facts to support that they have a “substantial connection” with Taiwan. Said “substantial connection” means “having a significant number of recipients of the service within the territory of Taiwan” or “targeting the Taiwan market as the main business market”. The criteria of determination for the latter include the text, language, currency and ccTLD used by a DI service provider for its provision of services, promotion and marketing of services, or customer services, or the availability of its products/services.
3. The DISA stipulates that DI service providers shall not be liable for civil and criminal liabilities arising from the information transmitted or stored by a recipient of their services if certain conditions are met (i.e., the safe harbor mechanism). Furthermore, in order to encourages DI service providers to take active and proactive actions towards illegal content, even if a DI service provider voluntarily adopts, in accordance with its terms and conditions, lawful and necessary measures to investigate, detect, identify, remove, or disable access to illegal content, such DI service provider will not be deemed ineligible for such safe harbor exemptions, either. Nonetheless, it is worth noting that said safe harbor exemptions do not cover administrative liabilities and thus DI service providers may still face relevant administrative liabilities arising from the information transmitted or stored by a recipient of their services.
4. General obligations for all DI service providers include:
(1) DI service providers shall disclose their basic information and contact information.
(2) DI service providers without a commercial presence in Taiwan shall designate an agent in Taiwan to handle matters related to compliance with the DISA and report the same to the NCC.
(3) DI service providers shall stipulate and publicize their terms and conditions in a clear and easily comprehensible manner (which shall include information on any policies, procedures, measures and algorithmic decision-making tools used for the purpose of content moderation).
(4) DI service providers shall regularly publicize their transparency reports in a clear and easily comprehensible manner each year, disclosing information on government requests for user data, actions taken towards illegal content, self-regulatory code, etc. (however, DI service providers below a certain threshold can be exempted from the aforesaid requirement).
(5) DI service providers shall, pursuant to rulings rendered by courts or orders issued by administrative authorities in accordance with laws of which said administrative authorities are in charge, provide the courts or administrative authorities with the information about one or more specific recipients of their services that they stored for the purposes of providing such services.
Furthermore, when any competent authority (i) with respect to the information transmitted or stored by a DI service provider as requested by a recipient of the service, obtains from the court an access restriction order or emergency access restriction order; or (ii) with respect to the information stored and disseminated to the public by a DI service provider as requested by a recipient of the service, imposes an interim warning annotation measure, such DI service provider shall comply with said order or measure and publish such decisions with respect to restrictions on information flows on the publicly accessible database managed by the NCC for public searches.
5. Special obligations for providers of hosting services are to establish a notice and action mechanism allowing anyone to notify them of the presence of illegal content on their services and, when they decide to remove or disable access to specific items of information provided by a recipient of their services, to notify the recipient of the decision and provide a clear and specific statement of reasons for that decision.
6. Special obligations for online platform service providers include:
(1) Online platform service providers shall provide an electronic and free-of-charge complaint-handling mechanism allowing recipients of their services to contest the providers’ decisions with respect to restrictions on information flows for a period of at least six months following such decisions. Moreover, said mechanism shall not be based solely on automated decision-making.
(2) Online platform service providers shall select a dispute settlement institution for online platform services accredited by the NCC for recipients of their services to lodge a complaint against them and, where such dispute settlement institution renders a decision in favor of a recipient of their services, reimburse the recipient for any fees and other reasonable expenses that the recipient has paid in relation to the dispute settlement.
(3) Online platform service providers shall take appropriate technical and organizational measures to ensure that notices submitted by trusted flaggers are processed with priority and without delay.
(4) Online platform service providers shall issue warnings and suspend the provision of their services to recipients of their services that frequently provide manifestly illegal content or frequently submit manifestly untrue notices or complaints (“Misuse”).
(5) Online platform service providers allowing recipients of their services to conclude distance contracts with traders shall obtain each trader’s contact information, identification document, certificate of license/approval/registration, a self-certification declaration committing to only offer products or services that comply with the laws of Taiwan, etc. and conduct due diligence on the accuracy of such information/documents before they provide services for such traders to promote or offer products or services to recipients of their services residing in Taiwan. Moreover, said online platform service providers shall disclose each trader’s contact information and certificate of license/approval/registration to recipients of their services in a conspicuous, easily comprehensible and accessible manner and design and organize their online interfaces in a way that enables traders to comply with their obligations regarding pre-contractual information and product safety information under Taiwan law.
(6) Online platform service providers shall additionally include the information on complaints and Misuses they handled, explanation of any use of automated means for content moderation, etc. in their transparency reports.
(7) When displaying advertising on their online interfaces, online platform service providers shall indicate in a clear, conspicuous, real-time identifiable manner that the information displayed is an advertisement, disclose the advertiser on whose behalf the advertisement is displayed, and provide information on the main parameters used to determine the recipients to whom the advertisement is displayed so that recipients of their services can understand why an advertisement would be displayed to them.
Considering that the systemic risks brought about by micro and small enterprises and said enterprises’ capacity of legal compliance are relatively small, the DISA stipulates that online platform service providers below a certain threshold and exempt from the transparency reports requirements can also be exempted from the special obligations listed above unless they were announced as Designated Online Platform Service Providers.
7. Besides those special obligations described above, the Designated Online Platform Service Providers announced by the NCC shall further comply with the following special obligations:
(1) Designated Online Platform Service Providers shall analyze and assess any significant systemic risks with the functions that they provide in Taiwan or the use of their services in Taiwan each year, including impact from their content moderation systems, recommender systems, advertisement delivery and display systems, etc.
(2) Designated Online Platform Service Providers shall adopt proportionate and effective mitigation measures in response to the systemic risks identified above.
(3) Designated Online Platform Service Providers shall engage a third-party independent institution or organization to conduct an audit on their compliance with the general and special obligations described above and implementation of their self-regulation mechanism, and submit an audit report to the NCC for recordation.
(4) Designated Online Platform Service Providers that use recommender systems shall set out in their terms and conditions, in a clear and easily comprehensible manner, the main parameters used in such recommender systems, the options for recipients of their services to modify or adjust those main parameters that they have made available, and the effects from such modification or adjustment. Moreover, the aforesaid options shall include at least one option which is not based on profiling.
If the Legislative Yuan passes the DISA, a DI service provider without a commercial presence in Taiwan, but with sufficient facts to support that it has a substantial connection with Taiwan, still has to comply with the general obligations for all DI service providers mentioned above, in particular the obligations to designate an agent in Taiwan and to comply with access restriction orders or interim warning annotation measures. If (i) after receiving an administrative fine, a DI service provider has still not rectified its failure to designate an agent in Taiwan or comply with an access restriction order/interim warning annotation measure and (ii) such failure constitutes a material violation, the NCC and the competent authority may order mere conduit service providers, telecom operators or enterprises establishing public telecom networks to refuse the DI service provider’s request for the transmission of communications so as to block recipients of services from accessing or using its services.
The NCC will hold several information sessions and public hearings to collect comments from the public on the DISA for further adjustment. Once all provisions of the DISA have been confirmed, the NCC will submit the bill of the DISA to the Executive Yuan and Legislative Yuan for review and deliberation.