大數據應用世代下的資訊隱私規範

Abstract

在傳統以自主、自治、自決理論為基礎的隱私規範下，各國資訊隱私法規紛紛以建置個資當事人「通知與選擇」機制為規範主軸，所規範者多著重於規定通知個資當事人之方式、應通知之內容、個資當事人選擇或同意的方式以及同意的範圍等。然而，隨著網路科技的快速發展，人民的基礎生活不但越來越依賴資訊網路，甚至在某些情形下因為產業趨勢或政府力推電子化政策的結果，人民的許多日常生活機能幾乎已離不開網路，那麼，人民是否真能自主「選擇」揭露其資訊呢？又在大數據與人工智慧AI技術的蓬勃發展下，資訊的應用透過程式演算法自動學習與擴大運用，同時業者間錯縱複雜的合縱連橫合作關係，導致個資當事人即使收悉資訊蒐集者的「通知」，他（她）不但無法即時消化冗長的隱私政策內容，也無法自行評估未來資訊應用所可能產生的實際風險，且由於營業秘密法的保護，人民並無法獲悉與監督資訊蒐集者對其資訊的實際利用狀況。有不少論者即推估，在現行的資訊隱私規範下，個資隱私的未來將往兩個極端的方向發展，一是未來將沒有個資隱私。這是因為當人民習慣性地揭露個資，習慣性地不審視與評估風險，科技的發展使大數據應用越見容易拼湊完整的個人資訊，並能輕易跨境跨領域的傳輸與利用，未來個資將無所不在；或者，二是未來AI大數據的發展將受到嚴重阻礙。因為當人民對資訊控制者的個資處理與保護失去信任，人民將傾向不揭露個資，導致資訊流通受到束縛，在沒有足夠的基礎資訊下，AI大數據分析亦將難以精確地運算與發展。 傳統隱私規範之目的是否真同於資訊隱私之規範目的？究竟人類社會應首重保護個資還是應以鼓勵資訊交流為目標？GDPR的硬性規定究是有益或有害資訊科技發展？軟性規範是否更適合資訊隱私所遇到的困境？本文藉由資訊揭露本質的分析討論，輔以大數據應用世代生活上的實際案例與經驗，以及資訊揭露者與蒐集者間存在長期被忽略的信任關係等討論，推導資訊蒐集者在資訊隱私議題所應當扮演的角色與應擔負的責任，並建議資訊隱私規範應以資訊信託的角度來立法，輔以設計隱私等軟性規範，俾能同時保護個資隱私與促進大數據與AI科技的發展，應用科技增進人類福祉。

Based upon the traditional concept of privacy which derived from the theory of democracy, autonomy and self-determination, data privacy laws in most of modern countries emphasize on the establishment of a comprehensive notice-and-choice mechanism, which ordinarily include the ruling of means of notices, content of notices, meaningful ways of choices and agreements, the scope of agreements and so forth. However, as the speedy development in internet technologies, not only does people’s daily life heavily rely upon information technology, but also people in the modern age are more and more often forced to carry out their life tasks in electronic ways because of industrial trend or governmental policies of digitalization. In such circumstances, can people really discretionally “choose” to or not to disclose their personal information? Moreover, as quick development in big data and artificial intelligence (AI) technology, the ways of information application are sophistically adopted by AI algorithm which may learn and improve by itself. Accompanied by the complicated inter-industry data sharing scheme, data subjects usually are not capable of comprehending the actual utilization after and risk of information disclosure, even if they are noticed with lengthy information privacy policies by the data collectors. Furthermore, under the protection of trade secret laws, ordinary people don’t have the access to the big data analysis algorithms and application techniques adopted by data controllers, thus people cannot monitor the actual processing of their information. Consequently, many scholars predict that the future of data privacy will eventually either become no privacy at all, on the cause that people will gradually be used to reveal their personal information without trying to evaluate the risks, which provides the AI with the opportunities of easily analyzing big data to identify any person; or hinder AI and big data technology from further development, on the cause that when people lose trust on data collectors and begin to suspect that their interests may be harmed, people will cease providing their personal data, which will curtail free flow of data and AI technology won’t be able to rely upon precise raw data in developing useful functions for the benefit of our society in the future. Whether the purposes of traditional privacy regulations are identical to that of information privacy? Whether our society would be more beneficial by focusing on blind protection of personal data or by facilitating free data transmissions? Whether soft regulations would be a more appropriate resolution for issues of information privacy than hard, rigid regulations? Through the analysis of nature of information disclosure, accompanied by practical real life cases, experience in the era of big data application and the relations between information disclosers and receivers, this thesis suggests that data collectors shall act as the role of information trust, and information privacy regulations shall be re-designed from the perspective of information trust which may be practically implemented by privacy-by-design concept in order to achieve both goals of privacy protection and stimulating development of big data and AI technologies. Consequently, our society may well take advantage of big data and AI technologies in improving general welfare of humanity.