In a press conference on November 17, 2015, the Judicial Reform Foundation announced the launch of the new website named Sunshine Judiciary-Know Your Judge. The website displays a personal profile for all Taiwanese judges and prosecutors, which contains their names, year of completion of judicial training, gender, education and professional experiences, award and disciplinary records, and a link to all media comments about the judge and prosecutor that is being searched. The judicial community sparked outrage toward the launch of the website; a number of law scholars also criticized that the website’s disclosure of judge’s personal information might have breached the Taiwanese Personal Data Protection Act. The growing privacy debate over the Sunshine Judiciary website mainly lies on the unsolved issue that whether the personal profi les posted on the Sunshine Judiciary website-generated from publicly available personal dataconstitute privacy invasion. This case has revealed the insufficiency of the traditional notion for privacy protection which adopts the dichotomy method to decide privacy protection, depending on whether the issue at stake involves public space or private realms since the development new technologies has blurred the line. The mosaic theory recently adopted by the U.S. courts has noted that the same piece of personal information might require privacy protection to resist new privacy risks after such information is aggregated, combined and analyzed. Such theory has changed the tradition privacy notion wherein personal information, after being made public, deserves no privacy protection. Given this, if the Judicial Reform Foundation’s only justification that no privacy invasion was caused since all personal information posted on the Sunshine Judiciary website was generated from publicly available information, this might not be a viable defense under scrutiny of the mosaic theory which argues that aggregated public information is still subject to privacy risk. This essay proposed that the mosaic theory can be introduced in privacy protection analysis in Taiwan when interpreting the last sentence of Item 7, Paragraph 1, Article 19 of the Taiwan Personal Data Protection Act in order to properly deal with new privacy challenges posed by the data aggregation technologies.