| 關 鍵 詞: |
個人資料保護;數位經濟;去識別化;匿名化;不可復原;假名化;日本;個人資料保護法 |
| 中文摘要: |
個人資料商業價值提升衍生急遽增加的個人資料侵害行為與外洩問題,為確保民眾個人資料獲得妥適保障,主要國家無不正視制定個人資料保護專法的必要,並持續強化有關個人資料蒐集、利用、共享與國際傳輸之規範。另一方面,在個人資料成為當前數位經濟發展不可或缺的重要助力之下,主要國家也開始高揭「強化個人資料之活用」的重要性,並陸續採納「個人資料去識別化」此一嶄新概念,期透過技術措施藉以衡平個人資料之保護與活用。個人資料去識別化簡言之係指「透過技術方法使資料本身無從識別特定自然人」,當前並區分為個人資料的「匿名化」「假名化」,前者要求去識別化處理必須達到無從識別特定自然人且「不可復原」之程度,而後者則仍保有再識別之可能。本文詳加比較主要國家個人資料去識別化(匿名與假名)規範設計,特別是針對匿名化與假名化推動訂有專門規定之日本進行分析,並立於比較法之基礎上,相應觀察我國個人資料保護法制規範現況,本文建議我國針對匿名化及假名化在內之個人資料去識別化機制推動,初期宜以發布指引方式進行規範,中長期再視實務現況評估於個人資料保護法制定專門規範。
|
| 英文關鍵詞: |
Personal Data Protection;Digital Economy;De-identification;Anonymization;Irreversibility;Pseudonymization;Personal Data Protection Act |
| 英文摘要: |
The increasing commercial value of personal data has led to a surge in privacy violationsand data leaks. To ensure adequate protection of personal data, major countries recognize the necessity of enactingcomprehensive data protection legislationand continually strengthening regulations surrounding data collection, usage, sharing, and international transfer. On the other hand, as personal data becomes an indispensable driver of today's digital economy, major countries are also emphasizing the importance of enhancing the utilization of personal data. Manyhave adopted the novel concept of "de-identification"through technicalmeasures to strike a balance between data protection and utilization.In short, de-identification refers to the process of making datanon-identifiable to any specific individual through technical means. Currently, this concept is categorized into "anonymization"and"pseudonymization."Anonymization requires that de-identified data cannot identify any specific individual and is "irreversible," while pseudonymization retains the potential for re-identification.This articleprovides a detailed comparison of de-identification regulations(anonymization and pseudonymization) in major countries, with a focus on Japan, where specific provisions on anonymization andpseudon-ymization have been enacted. Based on comparative law, it also examines the current regulatory framework in Taiwan. The authorsuggests that, initially, Taiwanshould promote de-identificationmechanisms, including anonymization and pseudonymizationthrough guidelines. In the medium to long term, it would be advisable to assess practical developments and consider establishing dedicated regulations under Personal DataProtection Act.
|
| 目 次: |
壹、前言
貳、個人資料保護與去識化關聯概念之發展
一、個人資料價值提升衍生嚴峻之資料外洩問題
二、國際個人資料保護立法趨勢與潮流
三、個人資料去識別化概念興起、實務運用與爭議
四、小結
參、匿名化與假名化所涉國際立法例分析
一、歐盟暨歐盟成員國
二、美國
三、日本
四、韓國
五、其他殊值關注之國家
六、小結:國際立法例綜整與比較
肆、我國相應觀察與法制發展建議(代結論)
一、我國個人資料保護法制層面規範現況
二、憲法法庭 111 年憲判字第 13 號判決之觀察
三、本文觀點與法制建議一:我國應予考量之議題
四、本文觀點與建議二:對應匿名化與假名化議題之法制具體推動建議
|
| 相關法條: |
 |
| 相關判解: |
|
| 相關函釋: |
|
| 相關論著: |
|