Currently, industries can easily use personal information at a large scale due to technological progress. However, it leads to a threat to privacy of consumers. As a consequence, according to Article 222 of the U.S. Telecommunications Act of 1996, except as required by law or with the approval of the customer, a telecommunications carrier shall not use, disclose, or permit access to individually identifiable customer proprietary network information (CPNI) for purposes not relevant or necessary to its provision of the telecommunications service from which such information is derived. As the Telecommunications Act does not clearly enact how to obtain the approval of the customer, the Federal Communications Commission (FCC) issued the CPNI order to require the opt-in consent of the customer before using, disclosing, or permitting access to CPNI. However, in U.S. WEST, Inc. v. FCC, the court ruled the requirement of the opt-in consent violated the commercial speech protected by the First Amendment and, thus, was unconstitutional. As for the financial industry in Taiwan, with whom and to what extent customer personal information may be shared among the affiliates of the financial holding company alter due to the frequent amendments to the Financial Holding Company Act. Therefore, the method to obtain the consent of a data subject fluctuates between the ＂opt-in＂ and ＂opt-out＂ requirements before some categories of personal information, i.e. basic information of customer, may be shared. As the legal requirement is not consistently valid and reliable for a long term, its negative impact is tremendous for the cross-selling by the sharing of personal information and for the new potential uses of personal information in the age of big data. As a result, following the U.S. telecommunciations industry, the Taiwanese financial industry may also use the commercial speech doctrine as a weapon to challenge the constitutionality of the Financial Holding Company Act.