You can see the rules and regulations in other jurisdictions.
Personal information is safeguarded by the Personal Data Protection Act (PDPA). The PDPA stipulates that collecting, processing and utilizing personal information must adhere to notice and consent regulations. With regards to personal data, the Act defines it as a broad range of information such as: name, birthday, ID card number, passport details, physical features, fingerprints, marital status, education background and occupation as well as medical records and treatments. Also included are genetic details and sexual life activities alongside health checks and criminal records in addition to contact data plus financial situation and social participation. Lastly, any other facts that can directly or indirectly identify an individual.1
Under the PDPA, a company is expected to alert and gain approval from an individual in advance of collecting, handling or using any of their personal information, barring certain exemptions. In order to meet the notification requirement, it is necessary for certain topics to be conveyed to the individual concerned, such as the purpose for which their data is being gathered, the type of information involved and who has permission to access it and for how long.1
Therefore, if a fintech company wishes to collect, process, or use any personal data, it will be subject to the PDPA's obligations.1
Cross-border payments in Taiwan