我國金融機構金融資料共享法制之檢討－ 以金融保密義務為中心

Abstract

有鑑於近年來金融科技之高速發展，我國主管機關提出了許多改革方向，其中即包含了資料共享。本文以我國金融保密相關規定與金融機構間資料共享指引為觀察重點，提出我國金融保密相關規定可能造成資料共享之阻礙。基此，本文先盤點資料共享在我國可能涉及之法律，發現我國保密義務並未像個資法設有當事人同意此一豁免事由，於權衡保密義務之性質與客戶之金融隱私權後，認為在一定條件下應可承認當事人同意作為金融機構保密義務之豁免事由。本文再參考美國Gramm–Leach–Bliley Act、Regulation P與新加坡銀行法作為比較法之研究依據，最後從預設模式之選擇、適用主體、隱私權政策之告知義務、保護客體、集團內資料共享與二手資料比較我國相關規範與比較法之優劣，並針對不足之處提出修改之建議，以確保客戶之金融隱私在金融機構資料共享下受到充足保護，貫徹客戶之金融隱私權。

Given the recent rapid development of financial technology (FinTech), Taiwan’s financial regulator aims to reform our laws to accommodate this progress. One significant area of reform is data sharing. This thesis analyzes the regulations outlined in the Banking Act and Direction of Data Sharing Between Financial Institutions in Taiwan. It argues that the current financial secrecy obligation poses an obstacle to the effective data sharing between financial institutions. This thesis, therefore, explores exemptions to the financial secrecy obligation, particularly the "customer’s consent," and considers the balance between financial secrecy obligations and customer privacy rights. Furthermore, this thesis refers to the Gramm-Leach-Bliley Act in the United States, Regulation P, and the Banking Law of Singapore to conduct comparative legal studies and compares various aspects of Taiwan's relevant regulations with these comparative laws. This thesis’ proposal includes the selection of the default model, applicable subjects, disclosing the financial institution's privacy policy, protection objects, intra-group data sharing, and the issue of secondary data. The thesis finally proposes modifications to address the identified shortcomings of Taiwan’s current laws, emphasizing that such measures are necessary to ensure the protection of customers' financial privacy while facilitating the data sharing between financial institutions, thereby upholding their financial privacy rights.