The Ministry of Justice issued the Fa-Lu-10703513050 Circular of August 30, 2018 (Hereinafter, the “Circular”) to explain that if a photo on an identity card has been converted into irreversible feature values by an algorithm and cannot be used to directly or indirectly identify such specific individual, such feature values are not regarded as personal data and, therefore, are not governed by the Personal Data Protection Law.
According to this Circular, the personal data set forth in the Personal Data Protection Law (hereinafter, the “Law”) should be data that can be directly or indirectly used to identify such specific individual in order to be eligible for protection under the Law, as specifically stipulated under Article 2, Subparagraph 1 of the Law and Article 3 of its enforcement rules. Therefore, if a non-public agency leverages all kinds of technologies to de-identify any personal data in its possession to the extent that the way the data are presented can longer directly or indirectly identify such specific individual, such data is not regarded as personal data and certainly is not governed by the Law.
This Circular further pointed out that the so-called “de-identification” means that personal data can no longer be used directly or indirectly for the purpose of identification after the personal data are processed through a specific procedure. Therefore, if the photo on an identity card of a citizen has been converted into irreversible feature values through an algorithm and can no longer be used to directly or indirectly identify such specific individual, the feature values are not regarded as personal data and certainly not governed by the Law.