簡易檢索 / 詳目顯示
| 研究生: |
任 帥 Ren, Shuai |
|---|---|
| 論文名稱: |
由歐盟一般資料保護規則論資料控制者義務 A Study on the Data Controllers’ Obligations under the EU General Data Protection Regulation |
| 指導教授: |
彭心儀
Peng, Shin-Yi |
| 口試委員: |
陳在方
Chen, Tsai-Fang 李紀寬 Li, Gi-Kuen |
| 學位類別: |
碩士 Master |
| 系所名稱: |
科技管理學院 - 科技法律研究所 Institute of Law for Science and Technology |
| 論文出版年: | 2019 |
| 畢業學年度: | 107 |
| 語文別: | 中文 |
| 論文頁數: | 95 |
| 中文關鍵詞: | 資料控制者義務 、個資保護目的 、個資保護手段 |
| 外文關鍵詞: | Data Controller’s Obligations, Purpose of personal data protection, Ways of personal data protection |
| 相關次數: | 點閱:3 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
歐盟一般資料保護規則自生效開始,已經過了一年的時間。在這段時間裡,這個被稱為最嚴格的資料保護規則受到了褒貶不一的評價。在整個規範中,「資料控制者義務」不僅是該規則的重點之所在,更體現了立法者在保護目的、保護手段上的選擇。故本文從歐盟規範出發,以「資料控制者義務」作為本文的研究中心。
如今的時代,是一個科技大發展的時代。民眾在享受著便利的同時,風險也接踵而至。面對這種變革,法規無可迴避,必須迎頭趕上。歐盟作為全球最重要的政治、經濟體之一,立法本就廣受關注,加之歐盟一般資料保護規則管轄權之廣大,對全球的資料保護立法無疑會產生重要的影響,甚至可能會成為他國效仿的標準。在這種背景下,從其受到的評價出發,思考資料保護的目的及手段對資料治理的立法具有現實意義。
本文首先從歐盟資料保護的背景開始談起,逐漸將焦點聚集至資料控制者義務。通過對其價值及缺失的討論,找出其面臨挑戰的原因。義務的設立往往與權利相對應,而兩者又皆與規則所要保護的目的直接相關。歐盟以「個人資料權」替代了長久以來「隱私權」的位置,從而擴延了資料主體對其個人資料的掌控力、課予了資料控制者超乎以往的嚴格義務。與此同時,各國目前也正在積極的討論如何對個人資料進行保護,但不論是選擇嚴格還是寬鬆的規制方式,義務的設立必須要以足夠的正當性及有效性為基礎,以配有落實法規的有效手段為前提,才能最終達成資料治理的目的。
It has been a year since the EU General Data Protection Regulation has been in force. During this time, the most stringent data protection regulation has been evaluated in all aspects. Data Controller’s Obligations are the most important part of the regulation. It also reflects the purpose of legislation and the method of protection. Therefore, this article, the author will start with the EU GDPR to discuss the Data Controller’s Obligations.
Today, with the rapid development of science and technology, there are some risks for the people who enjoy the convenience of their colleagues. The EU is one of the most important political and economic entities in the world. EU legislation will have a significant impact on all the countries that around the world, which possibly would become a standard. In this context, from the comments on GDPR, the purpose and methods of data protection deserve to be noticed, which has implications for national data protection legislation.
This article firstly introduces the background of GDPR, and then gradually moves on to the Data Controller’s Obligations. Find the value and shortcomings of the Data Controller’s Obligations. The establishment of obligations is related to rights, and the EU replaces the right to privacy with the right to personal data . This extends the control of the data subject to personal data and increases the obligations of the data controller.At the same time, many countries are actively discussing on how to protect personal data. Whether it is strict or loose regulation, its establishment must be based on sufficient legitimacy and effectiveness, as well as the implementation of the law.The effective means is the premise, which is aimed to finally achieve the purpose of data governance.
一、中文部分
(一)書籍
Andrew Keen(2018) ,劉復苓(譯),《修復未來》。台北:大槐文化。
Giuseppe Bonaccorso(2017),賴屹民(譯),《初探機器學習演算法》。台北:碁峰資訊。
Frank Pasquale(2015),趙亞男(譯),《黑箱社會》。北京:中信。
John Parker(2015),關立深(譯),《全民監控—大資料時代的安全與隱私困境》,北京:金城。
陳國慈(2004),《科技企業與智慧財產》,新竹:國立清華大學。
(二)期刊論文:
王春暉(2019),〈數據私權至上—解析歐盟GDPR的個人數據保護法規〉,《Technology 技术·云·IT》,2019(3),頁46-47。
李琛(2019),〈論人工智能的法學分析方法——以著作權為例〉,《知識產權》,2019(7),頁14-22。
王春暉(2018),〈GDPR 個人數據權與《網絡安全法》個人信息權之比較〉,《網 絡空間戰略論壇》,2018(7),頁41-44。
王麗華、朱妍(2018),〈大數據背景下數據共享與數據信息法律保護的衝突與平衡〉, 《法制博覽》,2018(2),頁17-19。
王玉林、高富平(2016),〈大數據的財產屬性研究〉,《圖書與情報》,2016(1),頁29-35
王平水、馬欽娟(2011),〈隱私保護k-匿名算法研究〉,《計算機工程與應用》, 47(28),頁117。
吳偉光(2017),〈從隱私利益的產生和本質來理解中國隱私權制度的特殊性〉,《當代法學》,2017(4),頁50-63。
吳偉光(2016),〈巨量資料技術下個人資料信息私權保護私權保護論批判〉,《政 治與法律》,2016年第7期,頁118。
武長海、常錚 (2018),〈論我國數據權法律制度的構建與完善〉,《河北法學》, 2018(2),頁37-46。
周漢華(2018),〈探索激勵相容的個人數據治理之道—中國個人信息保護法的立法 方向〉,《法學研究》,2018,(2),頁3-23。
紀海龍(2014),〈數據的私法定位與保護〉,《2014 年度國家社科基金一般項目 「互聯網平台融資的法律規制研究」 ( 14BFX089) 的階段性成果》,2014,頁72-91。
高楚南(2019),〈歐盟數據控制者的義務:源起、變遷及其緣由〉,《圖書館論壇》, 2019,(03),頁140-146。
陳煒權、趙波(2018),〈論數據保護權作為一項基本權利—以《歐盟一般數據保 護條例》為分析對象〉,《西南政法大學學報》,2018(12),頁48-60。
陳錦、王禹(2018),〈從數據生命週期看數據外洩防護問題〉,《網事焦點》,2018(3),頁69-71。
徐琦(2013),〈大數據時代美國隱私保護之困〉,《中國傳媒科技》,2013年9期, 頁40-44。
陳絢、李彥(2013),〈大數據時代的 「 個人電子信息」 界說—權利衍生的比較 法研究〉,《國際新聞界》,2013(12),頁20-31。
黃章令(2018),〈重塑大資料時代下的隱私權法理〉,《月旦民商法雜誌》,2018(12), 頁131-163。
黃道麗、張敏(2018),〈大數據背景下我國個人數據法律保護模式分析〉,《網法時 空》,2015(6),頁111-116。
張茂月(2018),〈大數據時代個人信息資料安全的新威脅及保護〉,《中國科技論壇》,2015(7),頁117-122。
張繼紅(2018),〈大數據時代個人信息保護行業自律的困境與出路〉,《財經法學》,2018年6期,頁57-70。
許華孚,吳吉裕(2015)。〈巨量資料發展趨勢以及在犯罪防治領域之應用〉,《刑事政策與犯罪研究論文集》,(18),頁341-376。
姬汶君、蒙晚月(2019),〈個人信息權的民法保護研究—以個人信息權與隱私權 的區分為角度〉,《法制與社會》,2019(4),頁39-40。
曾更瑩(2018),〈個人資料保護:企業應儘速評估歐盟個資法遵循事宜〉,《LEE AND LI BULLETIN》,2018(2),頁10-11。
鄭令晗(2019),〈GDPR 中數據控制者的立法解讀和經驗探討〉,《圖書館論壇》, 2019(3),頁 1-7。
楊瑞芬(2018),〈數位經濟中的資料革命──讓消費者搶回資料所有權〉,《台灣 法學雜誌》,2018(7),頁131-163。
鄭遠民、鄭和斌(2018),〈網絡時代跨境個人數據保護救濟機制探究 ——以《歐 美隱私盾》為例〉,《廣西大學學報》,2018(3),頁42-49。
楊曉嬌(2015),〈个人信息控制者违约赔偿责任研究〉,《圖書情報工作》,2015(7), 頁17-24。
趙淑鈺、倫一(2018),〈數據外洩通知制度的國際經驗與啓示〉,《網事焦點》,2018(3),頁 74-75。
齊愛民(2005),〈論個人信息的法律保護〉,《蘇州大學學報》,2005(02),頁30-35。
簡榮宗 (2006),〈隱私權的歷史〉,《司法改革雜誌》, 62期,頁36-39。
二、外文部分
Casey, B., Farhangi, A., & Vogl, R. (2019). Rethinking Explainable Machines: The GDPR's Right to Explanation Debate and the Rise of Algorithmic Audits in Enterprise. Berkeley Tech. LJ, 34, 143.
Clifford, D., Graef, I., & Valcke, P. (2019). Pre-formulated Declarations of Data Subject Consent—Citizen-Consumer Empowerment and the Alignment of Data, Consumer and Competition Law Protections. German Law Journal, 20(5), 679-721.
Frederik J. Zuiderveen Borgesius,Wilfred Steenbruggen(2019).The Problem of Theorizing Privacy.Theoretical Inquiries in Law.20 THEORILAW 291.
James Clark(2019).Practical strategies for dealing with data subject requests. P. & D.P. 2019, 19(3), 16-17.Privacy & Data Protection.
Kaminski, M. E. (2019). The right to explanation, explained. Berkeley Tech. LJ, 34, 189.
Michael L. Rustad & Thomas H. Koenig(2019), Towards A Global Data Privacy Standard, 71 Fla. L. Rev. 365.
Voss, W. G., & Houser, K. A. (2019). Personal Data and the GDPR: Providing a Competitive Advantage for US Companies. American Business Law Journal, 56(2), 287-344.
Aaron, T. M. (2018). Availability of WHOIS Information after the GDPR-Is It Time to Panic. Trademark Rep., 108, 1129.
Hildebrandt, M. (2018). Primitives of Legal Protection in the Era of Data-Driven Platforms
Hintze, M. (2018). Data Controllers, Data Processors, and the Growing Use of Connected Products in the Enterprise: Managing Risks, Understanding Benefits, and Complying with the GDPR.
Houser, K. A., & Voss, W. G. (2018). GDPR: The End of Google and Facebook or a New Paradigm in Data Privacy. Rich. JL & Tech., 25, 1.
Layton, R., & McLendon, J. (2018). The GDPR: What It Really Does and How the US Can Chart a Better Course. Fed. Soc. Rev, 19, 234-248.
Mendoza, S. (2018). GDPR Compliance-It Takes a Village. Seattle UL Rev., 42, 1155.
Paisley, K. (2018). It's All About the Data: The Impact of the EU General Data Protection Regulation on International Arbitration. Fordham International Law Journal, 41(4), 841.
Phil Busman,Colton Driver(2018).BETTER LATE THAN NEVER Considerations for GDPR Compliance,60 No. 10 DRI For Def. 32.
Sanders, A. K. (2018). The GDPR One Year Later: Protecting Privacy or Preventing Access to Information. Tul. L. Rev., 93, 1229.
Simmons, Camisha L. "Privacy Law Compliance in Bankruptcy: The EU's New GDPR." American Bankruptcy Institute Journal 37.10 (2018): 18-70.
Steven M. Puiszis(2018).Unlocking the Eu General Data Protection Regulation, Prof. Law., 2018, 1.
Theodore Claypoole(2018), Sin Eaters, Moles, and Eternal Damnation: Europe's Quasi-Religious War Against U.S. Internet Companies, Bus. L.1-17.
Witzel, B., & Mount, C. (2018). Footprints: Privacy for Enterprises, Processors, and Custodians, Oh My. Seattle UL Rev., 42, 1175.
Wolters, P. T. J. (2018). The Control by and Rights of the Data Subject Under the GDPR.
Zivkovic, L. V. (2018). The Alignment between the Electronic Communications Privacy Act and the European Union's General Data Protection Regulation: Reform Needs to Protect the Data Subject. Transnat'l L. & Contemp. Probs., 28, 189.
Blume, J. (2017). A Contextual Extraterritoriality Analysis of the DPIA and DPO. Provisions in the GDPR. Geo. J. Int'l L., 49.
Ghibellini, N. (2017). Some Aspects of the EU’s New Framework for Personal Data Privacy Protection. BUS. LAW, 73, 207-207.
Humerick, M. (2017). Taking AI Personally: How the EU Must Learn to Balance the Interests of Personal Data Privacy & Artificial Intelligence. Santa Clara High Tech. LJ, 34, 393.
Kuner, C. (2017). Reality and illusion in EU data transfer regulation post.schrems. German LJ, 18, 881.
Voigt, P., & Von dem Bussche, A. (2017). The eu general data protection regulation (gdpr). A Practical Guide, 1st Ed., Cham: Springer International Publishing.
Wachter, S., Mittelstadt, B., & Russell, C. (2017). Counterfactual Explanations without Opening the Black Box: Automated Decisions and the GPDR. Harv. JL & Tech., 31, 841.
Boiret, K. (2016). Selective enforcement of EU law: explaining institutional choice (Doctoral dissertation).
Gilbert, F. (2016). EU general data protection regulation: What impact for businesses established outside the European Union. Journal of Internet Law, 19(11), 3-8.
Hill, J. B., & Marion, N. E. (2016). Introduction to Cybercrime: Computer Crimes, Laws, and Policing in the 21st Century: Computer Crimes, Laws, and Policing in the 21st Century. ABC-CLIO,31.
Pearce, H. (2016). A systems approach to data protection law and policy in a world of big data?. Computer and Telecommunications Law Review.
Zarsky, T. Z. (2016). Incompatible: the GDPR in the age of big data. Seton Hall L. Rev., 47, 995.
Lee-Makiyama, H. (2014). The Political Economy of Data: EU Privacy Regulation and the International Redistribution of Its Costs. In Protection of Information and the Right to Privacy-A New Equilibrium? (pp. 85-94). Springer, Cham.
Rustad, M. L., & Kulevska, S. (2014). Reconceptualizing the right to be forgotten to enable transatlantic data flow. Harv. JL & Tech., 28, 349.
Rotenberg, M., & Jacobs, D. (2013). Updating the law of information privacy: the new framework of the European Union. Harv. JL & Pub. Pol'y, 36, 605.
Voss, W. G. (2012). Preparing for the proposed EU general data protection regulation: with or without amendments. Bus. L. Today, 1.
Peng, S. Y. (2003). Privacy and the construction of legal meaning in Taiwan. In Int'l L. (Vol. 37, p. 1037),1037.
Litman, J. (2000). Information privacy/information property. Stanford Law Review, 1283-1313,1287.
Simitis, S(1994).From the market to the polis:The EU directive on the protection of personal data. Iowa L. Rev., 80,445.
Thomson, J. J. (1975). The right to privacy. Philosophy & Public Affairs, 295-314,204.
三、網頁部分
新京報財訊,載於http://www.bjnews.com.cn/finance/2018/03/26/480626.html(最 後瀏覽日04/09/2019)。
Gemalto(2019).DATA BREACH DISCOVERIES FROM THE
BREACH LEVEL INDEX Data Privacy and New Regulations Take CenterStage.Retrieved from https://safenet.gemalto.com/resource/partnerasset.aspx?id=64424543953&langtype=1033(Last visited 04/05/2019).
360互聯網安全中心(2019),《2018 年网络诈骗趋势研究报告》。載於http://zt.360.cn/1101061855.php?dtid=1101062366&did=610070297(最後瀏覽日04/09/2019)。
The News Lens關鍵評論,載於https://www.thenewslens.com/article/96378(最後 瀏覽日04/10/2019)。
新華社,載於http://www.xinhuanet.com/2017-02/11/c_1120449651.htm(最後瀏 覽日07/09/2019)
Internet World Stats(2019). Retrieved from https://www.internetworldstats.com/stats9.htm(Last visited 4/16/2019).
南方都市報,載於https://www.secrss.com/articles/3023(最後瀏覽日 04/16/2019)。
IThome新聞,載於https://www.ithome.com.tw/news/128391(最後瀏覽日 04/28/2019)。
KANTAR.Retrieved from https://uk.kantar.com/public-opinion/policy/2018/data- shows-awareness-of-gdpr-is-low-amongst-consumers/(Last visited 05/05/2019).
European Parliament. Retrieved from http://www.europarl.europa.eu/elections2014- results/en/turnout.html (Last visited 05/05/2019).
法務部(2016),〈《歐盟及日本個人資料保護立法最新發展之分析報告》委託研 究案成果報告〉,頁1,載於https://www.moj.gov.tw/fp-60-64624-b36c1-001.html(最後瀏覽日05/09/2019)。
European Commission. Use of Internet Services.Retrieved from http://ec.europa.eu/information_society/newsroom/image/document/2018-20/3_desi_report_use_of_internet_services_18E82700-A071-AF2B-16420BCE813AF9F0_52241.pdf(Last visited 05/09/2019).
人民網,載於http://media.people.com.cn/BIG5/n1/2017/0117/c410509- 29029502.html(最後瀏覽日05/10/2019)。
人大新聞網,載於http://npc.people.com.cn/n1/2018/0921/c14576-30308146.html(最後瀏覽日05/11/2019)。
GCP專門家,載於https://blog.gcp.expert/ml-1-ai-ml-deep-learning-intro/ (最後瀏覽日05/12/2019)。
H. Beales, et al.(2017).Government Regulation: The Good, The Bad, & The Ugly”, released by the Regulatory Transparency Project of the Federalist Society. Retrieved from https://regproject.org/wp-content/uploads/RTP-Regulatory-Process-Working-Group-Paper.pdf (Last visited 05/12/2019).
meanwhile in budapest.Retrieved from https://meanwhileinbudapest.com/2018/05/ 25/gdpr-and-the-power-of-selective-enforcement(Last visited 05/14/2019).
iapp.Retrieved from https://iapp.org/news/a/study-gdprs-global-reach-to-require-at-least-75000-dpos-worldwide/(Last visited 05/13/2019).
iapp.Retrieved from https://iapp.org/news/a/analyzing-changes-in-dpa-income-and-s taff-2011-2016/(Last visited 05/13/2019).
安全牛,載於https://www.aqniu.com/learn/30670.html(最後瀏覽日05/13/2019)。
CNN.Retrieved from https://money.cnn.com/2018/05/11/technology/gdpr-tech-companies-losers/index.html(Last visited 05/14/2019).
POLITICO.Retrieved from https://www.politico.eu/article/opinion-consumers-are-the-losers-in-eus-collective-action-proposal-european-commission-collective-action/(Last visited 05/15/2019).
THE NEW YORK TIMES.Retrieved from https://www.nytimes.com/2015/05/26/technology/as-facebook-sweeps-across-europe-regulators-gird-for-battle.html(Last visited 05/15/2019).
noyb(05/25/2018).GDPR: noyb.eu filed four complaints over "forced consent"
against Google, Instagram, WhatsApp and Facebook. Retrieved from https://noyb.eu/wp-content/uploads/2018/05/pa_forcedconsent_en.pdf(Last visited 05/15/2019).
數位時代,載於https://www.bnext.com.tw/article/48248/80-percent-taiwanese-spend-more-than-two-hours-in-mobile-phones128391(最後瀏覽日05/18/2019)。
新浪專欄,載於http://tech.sina.com.cn/zl/post/detail/i/2014-11-03/pid_8464266.ht m(最後瀏覽日05/22/2019)。
ALPHAcamp網站,載於https://tw.alphacamp.co/blog/2016-11-24-rocket-internet-status-quo(最後瀏覽日05/22/2019)。
數位時代,載於https://www.bnext.com.tw/article/35807/bn-2015-03-31-151014-36(最後瀏覽日05/25/2019)。
寫點科普請給指教,載於https://kopu.chat/2017/06/09/big-data-spirit/(最後瀏覽 日05/25/2019)
每日頭條,載於https://kknews.cc/tech/9jvmg65.html(最後瀏覽日05/26/2019)。
iapp. Retrieved from https://iapp.org/resources/article/iapp-ey-annual-governance- report-2018/(Last visited 05/30/2019).
36Kr,載於https://36kr.com/p/176288(最後瀏覽日06/01/2019)。
競天公誠網絡安全與數據隱私團隊,〈如何保障數據主體的知情權?〉,http://lawv3.wkinfo.com.cn/topic/61000000515/9.HTML(最後瀏覽日06/05/2019)。
William J. Clinton.Albert Gore(1997).A Framework for Global Electronic Commerce,Retrieved from https://www.w3.org/TR/NOTE-framework-970706(Last visited 06/10/2019).
Privacy Alliance.Retrieved from http://www.privacyalliance.org/resources/ppguidelines/(Last visited 07/05/2019).
騰訊網,載於https://tech.qq.com/a/20131228/005589.htm(最後瀏覽日06/15/201 9)。
快科技,載於https://news.mydrivers.com/1/483/483147.htm(最後瀏覽日06/15/2019)。
CENTER FOR DATA INNOVATION. Retrieved from https://www.datainnovation.org/2019/06/what-the-evidence-shows-about-the-impact-of-the-gdpr-after-one-year/ (Last visited 06/20/2019).
THE NEW YORK TIMES .Retrieved from https://bits.blogs.nytimes.com/2008/0 7/15/will-profit-motive-undermine-trust-in-truste/?mtrref=www.google.com&gwh=DA7699948E7648E875DE647BDFE78486&gwt=pay(Last visited 06/25/2019).
eeo經濟觀察網,載於http://www.eeo.com.cn/2019/0530/357427.shtml(最後瀏覽 日07/01/2019)。
中國信息通訊研究院安全研究所、對外經濟貿易大學數字經濟與法律創新研究中心、奮迅律師事務所、科文頓·柏靈律師事務所、京東集團、北京大學法治與發展研究院,《歐盟GDPR合規指引》。載於:http://www.caict.ac.cn/kxyj/qwfb/ztbg/201905/P020190528556912534746.pdf(最後瀏覽日07/01/2019)。
騰訊網,載於https://new.qq.com/omn/20180905/20180905G005IN.html(最後瀏 覽日07/03/2019)。
LJSW.IO,載於https://www.ljsw.io/dedao/2019-06-19/AEz.html(最後瀏覽日07/06/2019)。
財經頭條,載於https://t.cj.sina.com.cn/articles/view/6649686558/18c5a2a1e00100a kch(最後瀏覽日07/06/2019)。
FEDERAL TRADE COMMISSION. Retrieved from https://www.ftc.gov/news-events/press-releases/2019/03/ftc-releases-2018-privacy-data-security-update(Last visited 07/08/2019).
KNOW YOUR COMPLIANCE,Retrieved from https://www.w3.org/TR/NOTE- framework-970706(Last visited 07/20/2019).
European Commission.Retrieved from https://www. ustelecom.org/broadband-capex-investment-looking-up-in-2017/(Last visited 07/20/2019).
中國法學網,載於http://iolaw.org.cn/showNews.aspx?id=33342(最後瀏覽日7/21/2019)。
Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679.Retrieved from https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236(Last visited 07/21/2019).
iThome,載於https://www.ithome.com.tw/news/124969(最後瀏覽日07/22/2019)。