論歐盟社群媒體平台精準投放之管制架構：以私生活權之保障為中心

Abstract

本文旨在釐清歐盟基本權憲章中的私生活權是否、如何作為次級法管制社群媒體平台精準投放之初級法基礎。著眼於歐盟次級法中，個資法制與內容法制在精準投放管制領域中之匯流現狀，純然從個資保護出發不再足以正當化所有對精準投放的管制。本文以歐盟基本權憲章之私生活權切入，論證保障私生活權是除了個資保護權外，管制精準投放之立法所欲追求的正當目的。本文所要回答的問題是：精準投放管制與資料保護一般規則間的落差，是否能夠透過保障私生活權之目的說明？如果可以，現有的次級法管制有何不當與不足之處？ 本文主張，私生活權保護開放、持續的人格發展所處的外在環境，精準投放具有使人格發展僵固及受到操弄的危險，從而形成平台對使用者私生活權之限制。相比於個資保護權，私生活權額外地考慮了個資處理對人格發展的影響。從保障私生活權的立法目的出發，現有歐盟次級法對於精準投放的管制部分延續個資保護法制的中性技術管制模式，未依據訊息投放對人格發展的影響區分，而有不當之處；以個資的處理作為管制對象，未能涵蓋某些有害的操弄形式，亦未能更宏觀地處理精準投放的演算法對資訊環境所生影響，而有不足之處。 本文論證分為三個部分：歐盟次級法的精準投放管制現狀分析（第二章）、歐盟基本權憲章的理論分析與解釋（第三章）與透過第三章確立的理論檢驗歐盟次級法對精準投放之管制架構（第四章）。 第二章透過歐盟資料保護一般規則、數位服務法與政治廣告透明性及投放規則草案三者之分析與比較，呈現歐盟次級法的個資法制與內容法制在平台精準投放的議題上匯流。此種匯流肇因於精準投放是平台透過個資進行內容篩選排序之活動本質，並反映於立法目的、管制手段的重合，以及在內容法制中隱含的個資保護考量。除此之外，次級法現狀亦彰顯歐盟立法者對於精準投放管制，並非只考量個資保護，從而需要額外的理論基礎。 第三章分析憲章之私生活權與個資保護權的內涵，與精準投放如何構成權利之限制。本文指出，歐盟法院對私生活權的理解相容於考量人格發展環境之自主觀點，從而保障領域能夠擴張及於人格發展的環境。平台的精準投放透過塑造僵化、單一的人格發展條件，以及對於脆弱性的操弄，形成對私生活權的限制。相比於著重制衡個資處理權力的個資保護權，私生活權能夠將精準投放對人格發展的影響納入考量。兩者形成一體、但作用不盡相同的保障。 第四章從基本權的視角出發，評析歐盟管制架構的不當與不足之處。本文指出，在個資保護法制的基礎框架外，次級法額外對於精準投放施加的管制，不當之處在於部分因循個資保護的特種個資、特徵剖繪之概念，而非著眼於訊息投放的可能影響，而使得管制手段未能貼合保障私生活權之目的。不足之處則在於，對廣告系統及特種個資的管制未能涵蓋其他有害的操弄形式，以及對超大型線上平台的推薦系統管制將目光限縮於前階段的特徵剖繪，而非評估整體演算法對使用者接觸之資訊環境所造成的影響。

This thesis seeks to understand whether and to what extent the right to respect for private life in the Charter of Fundamental Rights of the European Union serves as the primary law for the secondary law regulating micro-targeting on social media platforms. As data protection law and content regime under EU secondary law converge in the field of regulation on micro-targeting, a purely data protection perspective is no longer sufficient to legitimize all forms of regulation on micro-targeting. The thesis focuses on the right to respect for private life under the Charter and argues that, in addition to the right to data protection, safeguarding the right to respect for private life is a legitimate aim for regulating micro-targeting. The purpose of the thesis is to answer whether the gap between micro-targeting regulation and the General Data Protection Regulation can be justified through the aim of safeguarding the right to respect for private life. If so, what are the deficiencies in current secondary law regulations? The thesis argues that the right to respect for private life safeguards the external environment which is essential for the open and continuous development of personality, and that platform’s micro-targeting interferes with the right by inhibiting its development and exposing it to the risk of manipulation. Compared to the right to data protection, the right to respect for private life addresses the influence of data processing on personality. From the purpose of safeguarding the right to private life, current regulation on micro-targeting under EU secondary law partly follows the neutral technical regulation model of data protection law. Therefore, it is inadequate in that it fails to differentiate the impacts of targeting on personality development. Moreover, current regulation on data processing is insufficient because it fails to cover certain harmful manipulative practices and respond to the broader impacts of micro-targeting algorithms on the information environment. The argument in the thesis is divided into three parts: an analysis of the current state of micro-targeting regulation in EU secondary laws (Chapter 2), a theoretical analysis and interpretation of the EU Charter of Fundamental Rights (Chapter 3), and the examination of the regulatory framework for micro-targeting in EU secondary laws based on the theoretical foundation established in Chapter 3 (Chapter 4). Chapter 2 presents the convergence of data protection law and content regime in the context of platform’s micro-targeting through an analysis and comparison of three EU secondary laws: the General Data Protection Regulation, the Digital Services Act, and the proposal for regulation on the transparency and targeting of political advertising. This convergence comes from the nature of platform’s micro-targeting which curates content based on personal data. It is reflected in the alignment of the legislative aims and regulatory means, as well as the implicit consideration of data protection within content regulations. Furthermore, current secondary law also indicates that the center of attention of the micro-targeting regulation is not solely data protection and therefore requires additional theoretical foundation. Chapter 3 analyzes the coverage of the right to respect for private life and the right to data protection as enshrined in the Charter. It examines how micro-targeting may interfere with these rights. The chapter points out the alignment between the Court of Justice of the European Union's interpretation of the right to respect for private life and the notion of autonomy, which duly accounts for the developmental context of one's personality. Consequently, this perspective supports the expansion of the right's scope to encompass the surrounding environment. Platform’s micro-targeting limits the right to respect for private life by structuring a rigid and homogenous information environment and exploiting vulnerabilities for manipulation. Compared to the right to data protection that focuses on balancing the data processing power, the right to respect for private life can address the impact of micro-targeting on development of personality. The two rights constitute a coherent protection but function distinctively. Chapter 4 evaluates the inadequacies and insufficiency of EU regulatory framework from the perspective of fundamental rights. The section highlights the insufficiency of current regulations concerning micro-targeting, beyond the scope of data protection laws. It echoes the terminology of "special categories of personal data" or "profiling" as stipulated by data protection regulations. However, it fails to account for the potential ramifications of content targeting, which is ill-suited to the overarching goal of upholding the right to respect for private life. It is also insufficient because the regulation on advertising and special categories of personal data does not address other harmful forms of manipulation. Moreover, the regulation on the recommender systems of very large online platforms focuses not on the impact algorithms have on the users but limited to profiling stage. Furthermore, it is also insufficient as the current regulations pertaining to advertising and the handling of special categories of personal data fail to encompass various other detrimental forms of manipulation. The existing regulation concerning recommender systems within very large online platforms concentrates solely on the profiling phase and neglects the broader influence of algorithms on the user environment they interact with.