题名

數位通訊傳播管制與個資保護:APPLE與FACEBOOK的歐洲隱私權戰役啟發

并列篇名

Digital Communication Control and Personal Data Protection: Inspired by Apple and Facebook's Privacy Battle in Europe

作者

翁逸泓(Yi-Hung Weng)

关键词

個人資料保護 ; 數位通訊傳播 ; 歐盟一般資料保護規則 ; 隱私與電子通訊指令 ; 行為追蹤 ; 隱私權 ; Data Protection ; Electronic Communications ; GDPR ; ePrivacy Directive ; Behavioural-tracking ; the Right to Privacy

期刊名称

東吳法律學報

卷期/出版年月

33卷4期(2022 / 04 / 01)

页次

35 - 78

内容语文

繁體中文
中文摘要

2020年底,由Scherms擔任榮譽主席的歐洲數位人權中心(None of Your Business, NOYB)分別於德國及西班牙向其個資保護專責主管機關對於Apple提出違反電子通訊隱私指令(ePrivacy Directive, ePD)之申訴,指控該公司在iPhone上操作廣告識別碼(Identifier for Advertising, IDFA)的行為觸犯了前述國家的個資保護規範,開啟了歐洲新一輪對於巨型跨國業者之隱私權與數位通訊傳播管制戰役。在這新一輪的隱私權戰役中,本文認為其中最為關鍵之點已然不僅是對於一般個人資料保護之爭議,而毋寧是更加地聚焦在數位通訊傳播此一特別新興領域之個資保護面向的管制問題,尤其是利用個資而為個人化廣告與未經請求之廣告此二爭議上。準此,本文認為我國應當考慮在電子通傳之領域制定特別之個資保護規範以求保障個資當事人之法益,而使得現代個資控制人在對於個資加值應用而獲取商業上利益之時能有所依循。至於在利用個資以電子通傳方式投放直銷廣告問題上,本文認為個資控制人應盡量滿足個資法第20條列舉之情況,尤其是獲得個資當事人事前明確同意時,方得准許為目的外利用之行銷。如若資料控管者最初是以同意作為蒐集個資的基礎,則通常第三方間接蒐集個資的資料控管人需要再次獲得個資當事人之同意,以確保資料控管者的新處理合於公正、合法原則。又,雖然我國2017年數位通訊傳播法草案有相關之規定,惟其立法目的與體系上仍有疑惑之處,本文認為數位通訊傳播法草案此處之揭露未經請求來電者資訊義務,不適用個資保護法理而不具同質性,因此不應該將數位通訊傳播法草案視為電子通傳領域之個資保護之特別法而優先於個資法適用,故未經請求之數位通訊傳播直銷仍須回歸個資法,須先經個資當事人同意。
英文摘要

At the end of 2020, the None of Your Business (NOYB), under the honorary chairmanship of Scherms, filed a complaint against Apple for violations of the ePrivacy Directive (ePD) in Germany and Spain. Accusing the company of operating the Identifier for Advertising (IDFA) on the iPhone in violation of the personal data protection regulations of the aforementioned countries, and opened the third round of the European electronic communication battle in relation to privacy against giant multinational companies. This article believes that the most critical point is not only the dispute over the protection of personal data in general, but rather focus more on the regulation of personal data protection in this particular emerging field of electronic communication, in particularly the disputes regarding using personal data for personalized advertising and unsolicited advertising. In this regard, this article suggests that Taiwan should consider formulating special personal data protection regulations in the field of electronic communication in order to protect the legal interests of data subjects, so that data controllers can obtain commercial benefits for the value-added applications of personal data. In terms of the issue of applying personal data on direct marketing through electronic communication, this article suggests that data controllers should try their best to meet the conditions listed in Article 20 of the Personal Data Protection Law, especially when they have obtained the prior explicit consent of the personal information parties. In addition, although the Digital Communications Act (draft) has relevant provisions, the draft should not be regarded as a special law regarding data protection in the field of electronic communication.
主题分类 社會科學 > 法律學
参考文献
  1. 王鵬翔,張永健(2019)。論經濟分析在法學方法之運用。國立臺灣大學法學論叢,48(3),791-871。
    連結:
  2. 洪家殷(2019)。公務機關資料之蒐集與個人資料之保護。東吳法律學報,30(4),29-68。
    連結:
  3. 翁清坤(2020)。大數據對於個人資料保護之挑戰與因應之道。東吳法律學報,31(3),79-159。
    連結:
  4. 翁逸泓(2018)。科技人權-全民電子通訊監察與個人資料保護。臺灣民主季刊,15(1),1-43。
    連結:
  5. 劉靜怡(2017)。通訊監察與民主監督:歐美爭議發展趨勢之反思。歐美研究,47(1),43-106。
    連結:
  6. ANANNY, MIKE(2018).NETWORKED PRESS FREEDOM: CREATING INFRASTRUCTURES FOR A PUBLIC RIGHT TO HEAR.
  7. Apple Inc., App Store, User Privacy and Data Use, https://developer.apple.com/app-store/user-privacy-and-data-use/, last visited: 2021/04/24.
  8. Article 29 Data Protection Working Party, Opinion 04/2012 on Cookie Consent Exemption, Adopted on 7 June 2012, https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf, last visited: 2021/04/24.
  9. Article 29 Data Protection Working Party, Article 29 Working Party: Guidelines on Consent under Regulation 2016/679, 17/EN, WP259 rev.01, Adopted on 28 November 2017, As last Revised and Adopted on 10 April 2018, https://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=51030, last visited: 2021/04/24.
  10. Article 29 Data Protection Working Party, Opinion 15/2011 on the Definition of Consent, 01197/11/EN, WP187, Adopted on 13 July 2011, https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2011/wp187_en.pdf, last visited: 2021/04/24.
  11. Borgesius, Frederik J. Zuiderveen,Kruikemeier, Sanne,Boerman, Sophie C.,Helberger, Natali(2017).Tracking Walls, Take-It-Or-Leave-It Choices, the GDPR, and the ePrivacy Regulation.EUROPEAN DATA PROTECTION LAW REVIEW,3,353-368.
  12. CAREY, PETER(2020).DATA PROTECTION: A PRACTICAL GUIDE TO UK LAW.
  13. Chadwick, Ruth(ed.),Levitt, Mairi(ed.),Shickle, Darren(ed.)(2014).THE RIGHT TO KNOW AND THE RIGHT NOT TO KNOW: GENETIC PRIVACY AND RESPONSIBILITY.
  14. Committee on the Judiciary (United States), Investigation of Competition in Digital Markets, 2020, https://judiciary.house.gov/uploadedfiles/competition_in_digital_markets.pdf, last visited: 2021/04/24.
  15. Council of Europe, Convention for the Protection of Human Rights and Dignity of the Human Being with Regard to the Application of Biology and Medicine: Convention on Human Rights and Biomedicine, Oviedo, 4.IV.1997, https://www.coe.int/en/web/conventions/full-list/-/conventions/rms/090000168007cf98, last visited: 2021/04/24.
  16. Council of the European Union, Proposal for a Regulation of the European Parliament and of the Council: Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), Brussels, 10 February 2021 (OR. en) , 6087/21, https://data.consilium.europa.eu/doc/document/ST-6087-2021-INIT/en/pdf, last visited: 2021/04/24.
  17. Court of Justice of the European Union, Press Release No 91/20, 16 July 2020, Judgment in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems, https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091en.pdf, last visited: 2021/04/24.
  18. Edenberg, Elizabeth,Jones, Meg Leta(2019).Analyzing the Legal Roots and Moral Core of Digital Consent.NEW MEDIA & SOCIETY,21,1804-1823.
  19. European Commission, Proposal for a regulation of the European Parliament and of the Council: Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), Brussels, 10.1.2017 COM(2017) 10 final, 2017/0003 (COD), https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/? uri=CELEX:52017PC0010&from=EN, last visited: 2021/04/24.
  20. European Commission, The Digital Services Act Package, https://ec.europa.eu/digital-single-market/en/digital-services-act-package, last visited: 2021/04/24.
  21. European Council, Council of the European Union, Confidentiality of Electronic Communications: Council Agrees Its Position on ePrivacy Rules, 10 February 2021, https://www.consilium.europa.eu/en/press/press-releases/2021/02/10/confidentiality-of-electronic-communications-council-agrees-its-position-on-eprivacy-rules/, last visited: 2021/04/24.
  22. European Data Protection Board, Recommendations 02/2020 on the European Essential Guarantees for Surveillance Measures, Adopted on 10 November 2020, https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_recommendations_202002_europeanessentialguaranteessurveillance_en.pdf, last visited: 2021/04/24.
  23. European Data Protection Board, Guidelines 05/2020 on Consent under Regulation 2016/679, Version 1.1, Adopted on 4 May 2020, https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf, last visited: 2021/04/24.
  24. European Data Protection Board, EDPB Response to the Letter of 13 July 2020 from News Media Europe and Others Regarding Cookie Walls, 19 November 2020. https://edpb.europa.eu/our-work-tools/our-documents/topic/cookies_en, last visited: 2021/04/24.
  25. European Data Protection Board, Opinion 5/2019 on the Interplay Between the ePrivacy Directive and the GDPR, in Particular Regarding the Competence, Tasks and Powers of Data Protection Authorities, Adopted on 12 March 2019, https://edpb.europa.eu/sites/edpb/files/files/file1/201905_edpb_opinion_eprivacydir_gdpr_interplay_en_0.pdf, last visited: 2021/04/24.
  26. European Data Protection Board, Statement 03/2021 on the ePrivacy Regulation, Adopted on 9 March 2021, https://edpb.europa.eu/system/files/2021-03/edpb_statement_032021_eprivacy_regulation_en_0.pdf , last visited: 2021/04/24.
  27. European Data Protection Board, Recommendations 01/2020 on Measures that Supplement Transfer Tools to Ensure Compliance with the EU Level of Protection of Personal Data, Adopted on 10 November 2020, https://edpb.europa.eu/sites/edpb/files/consultation/edpb_recommendations_202001_supplementarymeasurestransfers-tools_en.pdf, last visited: 2021/04/24.
  28. Facebook, Speaking Up for Small Businesses, December 16, 2020, https://about.fb.com/news/2020/12/speaking-up-for-small-businesses/, last visited: 2021/04/24.
  29. FELDMAN, DAVID(2002).CIVIL LIBERTIES AND HUMAN RIGHTS IN ENGLAND AND WALES.
  30. Financial Times, China’s Tech Giants Test Way Around Apple’s New Privacy Rules, 16 March, 2021, https://www.ft.com/content/520ccdae-202f-45f9-a516-5cbe08361c34, last visited: 2021/04/24.
  31. HARRIS, DAVID J.,O’BOYLE, MICHAEL,BATES, EDWARD P.,BUCKLEY, CARLA M.(2009).HARRIS, O’BOYLE & WARBRICK: LAW OF THE EUROPEAN CONVENTION ON HUMAN RIGHTS.
  32. ico. (Information Commissioner’s Office), Principle (b): Purpose Limitation, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/purpose-limitation/, last visited: 2021/04/24.
  33. Kennedy, Jamie(2005).The Right to Receive Information: The Current State of the Doctrine and the Best Application for the Future.SETON HALL L. REV.,35,789-821.
  34. Kuner, Christopher(ed.),Bygrave, Lee A.(ed.),Docksey, Christopher(ed.),Drechsler, Laura(ed.)(2020).THE EU GENERAL DATA PROTECTION REGULATION (GDPR): A COMMENTARY.
  35. LESSIG, LAWRENCE(1999).CODE: AND OTHER LAWS IN CYBERSPACE.
  36. MacCarthy, Mark(2011).New Directions in Privacy: Disclosure, Unfairness and Externalities.JOURNAL OF LAW AND POLICY FOR THE INFORMATION SOCIETY,6A,425-512.
  37. MCBRIDE, JEREMY(1999).Proportionality and the European Convention on Human Rights.THE PRINCIPLE OF PROPORTIONALITY IN THE LAWS OF EUROPE
  38. NOYB, Complaint Filed to the Data Protection Authority Berlin, https://noyb.eu/sites/default/files/2020-11/IDFA_Germany_DEF_Redacted.pdf, last visited: 2021/04/24.
  39. NOYB, Complaint Filed to the Spanish Data Protection Authority, https://noyb.eu/sites/default/files/2020-11/IDFA_ES_DEF_Redacted.pdf, last visited: 2021/04/24.
  40. Office Journal of the European Communities, 2000/520/EC: Commission Decision of 26 July 2000 Pursuant to Directive 95/46/EC of the European Parliament and of the Council on the Adequacy of the Protection Provided by the Safe Harbour Privacy Principles and Related Frequently Asked Questions Issued by the US Department of Commerce (Notified under Document Number C(2000) 2441) (Text with EEA Relevance.), OJ L 215, 25.8.2000, p. 7-47, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/? uri=CELEX:32000D0520&from=en, last visited: 2021/04/24.
  41. Official Journal of the European Communities, Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector (Directive on Privacy and Electronic Communications), OJ L 201, 31.7.2002, p. 37-47, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/? uri=CELEX:32002L0058&from=EN, last visited: 2021/04/24.
  42. Official Journal of the European Communities, Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on Certain Legal Aspects of Information Society Services, in Particular Electronic Commerce, in the Internal Market ('Directive on Electronic Commerce'), OJ L 178, 17.7.2000, p. 1-16, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32000L0031&from=EN, last visited: 2021/04/24.
  43. Office Journal of the European Communities, Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 Pursuant to Directive 95/46/EC of the European Parliament and of the Council on the Adequacy of the Protection Provided by the EU-U.S. Privacy Shield (Notified under Document C(2016) 4176) (Text with EEA Relevance), C/2016/4176, OJ L 207, 1.8.2016, p. 1-112 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/? uri=CELEX:32016D1250&from=EN, last visited: 2021/04/24.
  44. Official Journal of the European Union, Directive 2003/98/EC of the European Parliament and of the Council of 17 November 2003 on the Re-Use of Public Sector Information, OJ L 345, 31.12.2003, p. 90-96, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32003L0098&from=en, last visited: 2021/04/24.
  45. Official Journal of the European Union, Directive 2013/37/EU of the European Parliament and of the Council of 26 June 2013 amending Directive 2003/98/EC on the Re-Use of Public Sector Information (Text with EEA Relevance), OJ L 175, 27.6.2013, p. 1-8, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/? uri=CELEX:32013L0037&from=EN, last visited: 2021/04/24
  46. Official Journal of the European Union, Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data by Competent Authorities for the Purposes of the Prevention, Investigation, Detection or Prosecution of Criminal Offences or the Execution of Criminal Penalties, and on the Free Movement of Such Data, and Repealing Council Framework Decision 2008/977/JHA, OJ L 119, 4.5.2016, p. 89-131, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/? uri=CELEX:32016L0680&from=EN, last visited: 2021/04/24.
  47. Oriola, Taiwo A.(2005).Regulating Unsolicited Commercial Electronic Mail in the United States and the European Union: Challenges and Prospects.TUL. J. TECH. & INTELL. PROP.,7,113-166.
  48. Papakonstantinou, Vagelis,de Hert, Paul(2020).Big Data Analytics in Electronic Communications: A Reality in Need of Granular Regulation (Even if This Includes an Interim Period of No Regulation at All).COMPUTER LAW AND SECURITY REVIEW,36,105397.
  49. Papakonstantinou, Vagelis,de Hert, Paul(2011).The Amended EU Law on ePrivacy and Electronic Communications after its 2011 Implentation; New Rules on Data Protection, Spam, Data Breaches and Protection of Intellectual Property Rights.J. MARSHALL J. COMPUTER & INFO. L.,29,29-74.
  50. REED, CHRISTOPHER(2000).INTERNET LAW: TEXT AND MATERIALS.
  51. Schulze, Reiner(ed.),Staudenmayer, Dirk(ed.)(2020).EU DIGITAL LAW: ARTICLE-BY- ARTICLE COMMENTARY.
  52. SUNSTEIN, CASS R.(2007).REPUBLIC.COM 2.0.
  53. SUZOR, NICOLAS P.(2019).LAWLESS: THE SECRET RULES THAT GOVERN OUR DIGITAL LIVES.
  54. United Nations Educational, Scientific and Cultural Organization, Universal Declaration on the Human Genome and Human Rights, 11 November 1997, http://portal.unesco.org/en/ev.php-URL_ID=13177&URL_DO=DO_TOPIC&URL_SECTION=201.html, last visited: 2021/04/24.
  55. Wachter, Sandra,Mittelstadt, Brent(2019).A Right to Reasonable Inferences: Re-Thinking Data Protection Law in the Age of Big Data and AI.COLUMBIA BUSINESS LAW REVIEW,2019,494-620.
  56. 邱文聰(2009)。從資訊自決與資訊隱私的概念區分—評「電腦處理個人資料保護法修正草案」的結構性問題。月旦法學雜誌,168,172-189。
  57. 邱宜君,產業可利用 350 萬筆死者健保資料限健康相關目的,2020/10/27,聯合報,https://money.udn.com/money/story/5612/4967475,最後瀏覽日:2021/04/24。
  58. 翁逸泓(2016)。OTT 發展之隱私與個人資料保護問題初探。世新法學,10(1),25-85。
  59. 國家發展委員會法制協調中心(2020).個人資料保護法規及參考資料彙編.國家發展委員會.
  60. 張陳弘,莊植寧(2019).新時代之個人資料保護法制:歐盟 GDPR 與臺灣個人資料保護法的比較說明.新學林.
  61. 黃松茂(2008)。國立臺灣大學法律學研究所。
  62. 葉奇鑫。國家發展委員會委託研究國家發展委員會委託研究,國家發展委員會。
  63. 葉俊榮(2016)。私權的空間意涵—大法官對基本權利的脈絡論證。中研院法學期刊,18,1-40。
  64. 廖福特(2006)。個人影像隱私與新聞自由之權衡—Von Hannover 及 Peck 判決分析與台灣借鏡。政大法學評論,91,145-198。
  65. 劉定基(2018)。試評「數位通訊傳播法」草案。匯流、治理、通傳會論文集
  66. 劉春堂(2011)。死者名譽之民事責任。輔仁法學,42,115-162。
  67. 劉靜怡(2002)。網際網路時代的資訊使用與隱私權保護規範:個人、政府與市場的拔河。資訊管理研究,4(3),137-161。
  68. 劉靜怡(2010)。不算進步的立法:「個人資料保護法」初步評析。月旦法學雜誌,183,147-164。
  69. 衛生福利部,健保署今召開「健保資料再運用及個資隱私保護」專家討論會,2021/01/05,https://www.mohw.gov.tw/cp-16-57466-1.html,最後瀏覽日:2021/04/24。
print cancel