請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/72756
標題: | 從比較法觀點探討我國個資保護制度之轉型 Exploring the Transformation of Taiwan Personal Data Protection Law from the Perspective of Comparative Law |
作者: | Jung-Han Chang 張容涵 |
指導教授: | 黃銘傑 |
關鍵字: | 歐盟一般資料保護規則,財產原則,選擇加入,選擇退出,聯邦貿易委員會法第五條,欺罔行為,不公平行為, GDPR,Property Rule,Opt-In,Opt-Out,FTC Act Section 5,Deception,Unfairness, |
出版年 : | 2019 |
學位: | 碩士 |
摘要: | 大數據與AI的發展,使得企業如火如荼的蒐集、處理、利用消費者個資,歐盟早於歐洲人權公約承認個資保護為人權保護之一環,且自GDPR於西元2018年5月25日正式上路後,更揭開大數據時代個人資料保護的序幕,而位於大西洋彼端的美國於隱私權保護的脈絡下,發展出對資訊隱私保護,兩個法域就同樣的保護議題,有著截然不同的立法架構與管制模式。本文參照歐、美兩地關於資料保護之規範,提出一套新時代下關於個資保護的管制架構,企圖於開放個資利用與個人權利保障間尋求一平橫點,亦供台灣個資法未來修正之參考。
本文第二章先以台灣健保資料庫案為開端,指出現行法既無法開放個資利用,亦不足以保障個人權利,落入雙輸的困境。因此,第三章從個人權利保障之觀點出發,討論個資的產權分配問題,析論個資應受「財產原則」或「補償原則」保護,而藉由歐盟GDPR之示例,本文認為台灣個資法除了應適用「財產原則」保護個資外,更應進一步修正有關規定以符合該原則之精神。第四章討論「知情同意」原則下衍生之同意模式-「選擇加入」與「選擇退出」,兩者分別以歐盟與美國為代表,然而鑑於個資告知於實務上並無法取得當事人真摯之同意;蓬勃發展之「不要拉倒」商業模式;以及各地趨勢將管制重點由「蒐集」階段轉移至「利用」階段,本文認為未來台灣個資法應採「選擇退出」模式,以利資料之開放與流通。最後,本文指出台灣個資法於事前缺乏風險管理機制,未來不足以因應個資遭「剖析」與「自動化決策」等高風險行為,應如歐盟實施「資料保護影響評估」;於事後則缺乏管制不實個資告知之手段,應如美國FTC以「欺罔行為」或「不公平行為」管制之。 The development of big data and AI has made enterprises rampantly collect, process and use personal data. EU has recognized the protection of personal data also belongs to the protection of human rights in European Human Rights Convention. On May 25, 2018, the implementation of GDPR declares the prelude to personal data protection in the era of big data was unveiled. Though United States also provides protection for information privacy, it shows differences in legislative structure and regulatory framework comparing with EU. This article refers to the norms and regulations of data protection in Europe and the United States, and proposes a new regulatory framework for personal data protection, in order to find a balance between promotion of information flow and protection of individual rights, and also provide amendement suggestion for Taiwan Personal Data Protection law in the near future. The second chapter of this article begins with the famous case of Taiwan Health Insurance Database. It points out that the current law can neither promote the information flow nor protect individual rights and fall into the dilemmas. Therefore, the third chapter discusses the entitlement of personal data by analysising the adquacy of “property rule” and “liability rule”. This article finds personal data should be protected by “property rule” by taking GDPR as an example. In addition, the current law should further amend the relevant provisions in order to comply with the property rule. The fourth chapter discusses the two consent models derived from the principle of 'informed consent', one is 'opt-in' and the other is 'opt-out'. These two models are represented by EU and the United States respectively. However, in view of the failure of notice system, the booming business model of 'take-it or leave-it'; and the shifting trend of regulatory attitude, this paper believes that Taiwan personal data protection law should adopt the 'opt-out' model in the future to facilitate the flow of information. Finally, this paper believes that the current law lacks an ex ante data protection impact assessment risk management mechanism which isn’t enough to cope with high-risk behaviors such as “profiling” and “automated decision-making” in the future, and also lacks ex post regulatory means for mispresentation or omission of notice. Thus, Taiwan Personal Data protection law should adopt EU data protection impact assessment and target “deception” and “unfairness” conducts by referring to US FTC Act. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/72756 |
DOI: | 10.6342/NTU201901981 |
全文授權: | 有償授權 |
顯示於系所單位: | 法律學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-108-1.pdf 目前未授權公開取用 | 11.36 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。