On July 12, 2024, the Legislative Yuan passed the third reading of amendments to Articles 3-1, 5, 6, 11-1, 14, 15, 19, 29, and 31 of the Communications Security and Surveillance Act, and added Article 14-1. These amendments were promulgated by the President on July 31—marking the first revision of the Act in over six years. Key updates include the introduction of regulations governing the retrieval of internet traffic records, the expansion of offenses eligible for communications surveillance and emergency surveillance, and the relaxation of requirements for obtaining such records. The principal changes are outlined as follows:
Authorization and Procedures for Retrieving Internet Traffic Records
The amendment defines internet traffic records as data generated by users or telecommunications subscribers after using telecom services on public telecommunications networks. These records comprise six categories of non-content data: device identification information, IP addresses and location data, communication timestamps, connection usage and packet volume, domain names, and types of application services and protocols. The law expressly authorizes prosecutors and judicial police officers to retrieve such records for the purpose of investigating specific cases, and it sets forth the applicable procedures and legal basis for such acts.
Expansion of Offenses Eligible for Communications and Emergency Surveillance
The scope of offenses for which communications surveillance may be conducted has been expanded to include unlawful detention, violations of sexual privacy or distribution of non-consensual sexual imagery, aggravated fraud, child and juvenile sexual exploitation, human trafficking, as well as certain offenses under the Fraud Crime Hazard Prevention Act, National Security Act, and Anti-Infiltration Act. In particular, offenses such as aggravated unlawful detention, aggravated fraud, and violations under the Fraud Crime Hazard Prevention Act may now also qualify for emergency communications surveillance to facilitate more rapid investigation and enforcement.
Relaxation of Retrieval Thresholds; Expansion of Prosecutorial Powers; Introduction of Consent-Based Access
The previous requirement that only offenses punishable by a maximum principal sentence of three or more years of imprisonment could justify an application to the court for retrieval of communications records and user data has been removed. Additionally, the range of offenses for which prosecutors may directly retrieve such information—without a court-issued retrieval order—has been expanded to include offences against computer security, child and juvenile sexual exploitation, money laundering, offenses under the National Security Act and Anti-Infiltration Act, vote-buying, and election interference or recall manipulation. The amendment also introduces a new category permitting retrieval with the express consent of the user or telecommunications subscriber.
Operators’ Obligations to Assist
The revised law expressly provides that telecommunications operators and public telecommunications network providers have a duty to retain and assist in the retrieval of user data, communication records, and internet traffic records. Non-compliance will result in fines imposed by the competent authority, with penalties applicable on a per-instance basis.
(This article was authored by Attorney Lai Kuan-Yu of ToMoDaChi Attorneys-At-Law.)
