Experts Warn of Gaode Maps Risks; Key Issue is Lack of Civilian Regulation?

The recent controversy surrounding China's Gaode Maps application has ignited a crucial debate in Taiwan about national security and the regulation of foreign technology. The Ministry of Digital Affairs has taken a decisive step by designating Gaode Maps as a product that endangers national information security, leading to a ban on its use within government agencies. This move underscores Taiwan's growing vigilance regarding potential data security risks emanating from mainland China.

However, the decision has not been met with universal approval. Online discussions reveal a polarization of opinions, with some netizens criticizing the ban as overly restrictive and reminiscent of previous bans on platforms like TikTok. These critics argue that Taiwan should focus on learning from new technologies rather than immediately resorting to prohibition. This sentiment reflects a segment of the public that views such restrictions with skepticism, potentially seeing them as hindering technological adoption.

Conversely, cybersecurity experts like Chiu Chi-hung, known online as "Big River Horse," strongly support the ban, asserting it was long overdue. His primary concern lies not with the ban itself, but with its limited scope. Chiu highlights a significant regulatory gap: while government agencies are prohibited from using Gaode Maps, civilian users remain largely unregulated. This leaves a substantial portion of the population potentially exposed to the same security risks that prompted the government's action.

Chiu further elaborates on the legal framework, or lack thereof, governing civilian use of such applications. He points to China's National Intelligence Law, which mandates that companies cooperate with national intelligence efforts, implying that data transmission is not a matter of 'if' but 'when.' Taiwan's current legal toolkit, particularly the Computer-Assisted Crime Prevention Act, primarily addresses government cybersecurity. While the Personal Data Protection Act offers some avenues for restricting cross-border data transfers, its application to consumer apps is complex and rarely invoked, requiring individual administrative procedures for each prohibited service. This highlights a critical need for updated legislation to address the unique challenges posed by Chinese technology platforms in the civilian sphere.