题名

雲端運算與個人資料保謢-以台灣個人資料保護法與歐盟個人資料保護指令的比較為中心

并列篇名

Cloud Computing and Personal Data Protection-A Comparative Study between Taiwan's Personal Data Protection Act and European Data Protection Directive

作者

劉定基(Ting-Chi Liu)

关键词

雲端運算 ; 個人資料保護(法) ; 資訊安全 ; 資訊隱私 ; Cloud Computing ; Personal Data Protection (act) ; Data Security ; Information Privacy

期刊名称

東海大學法學研究

卷期/出版年月

43期(2014 / 08 / 01)

页次

53 - 106

内容语文

繁體中文
中文摘要

雲端運算(cloud computing),亦即個人將其所擁有之資訊,儲存於由他人管理、運作的遠端資料中心上,並利用網際網路存取該等資訊之電腦資源利用方式,是目前政府及民間積極推動、發展之產業。然而,雲端運算服務讓使用者透過網際網路,不受時間、地點限制,隨意存取資料之便利性,卻同時對資料主體之資訊隱私產生嚴重衝擊。從個人資料保護的觀點出發,雲端運算服務可能涉及「雲端服務提供者」、「雲端服務使用者」與「資料主體」三方間的法律關係。此外,在使用雲端運算服務時,由於相關當事人未必清楚了解在特定時間,個人資料究竟儲存於何處(國)之遠端資料中心,此一特徵是否對個人資料之保護產生不利影響,在法制上又應如何因應,也值得加以研究。本文的目的即在於從新近通過的「個人資料保護法」的觀點,深入檢視雲端運算相關法律問題、提出建議,俾供將來相關討論或執法參考。
英文摘要

Cloud computing, which involves the storage by users of their information on remote data centers owned and operated by others and access through the Internet-is a fast growing business. However, while cloud computing allows its users to easily access to their information at anytime and anywhere, as long as there is internet connection, the technology brings serious data security and privacy concerns. From the personal data protection point of view, cloud computing service requires the study of legal relations among cloud computing providers, cloud computing service users, and data subjects. In addition, since relevant parties may not know where personal data is located geographically at any particular time, it is also worth considering whether this characteristic may have adverse impact on data protection, and how the law should respond. Thus, this paper aims to comprehensively review the related issues based on the newly enacted Personal Data Protection Act, and to provide suggestions for law enforcement and further discussion in this field.
主题分类 社會科學 > 法律學
参考文献
  1. 李惠宗(2013)。個人資料保護法上的帝王條款—「目的拘束原則」。法令月刊,64(1),37-61。
    連結:
  2. 張乃文(2010)。雲端運算產業發展之策略規劃與法制因應。科技法律透析,22(12),23-40。
    連結:
  3. 張乃文(2013)。雲端運算環境之法規遵循議題剖析。科技法律透析,25(7),21-40。
    連結:
  4. Article 29 Data Prot. Working Party, Opinion 04/2007 on the Concept of Personal Data 11-12, No. 01248/07/EN, WP 136 (June 20, 2007), available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf
  5. Information Commissioner's Office, Guidance on the Use of Cloud Computing (2012), available at http://www.ico.org.uk/for_organisations/guidance_index/~/media/documents/library/Data_Protection/Practical_application/cloud_computing_guidance_for_organisations.ashx
  6. Hustinx, Peter Hustinx, Data Protection and Cloud Computing under EU Law, https://secure.edps.europa.eu/EDPSWEB/webdav/shared/Documents/EDPS/Publications/Speeches/2010/10-04-13_Speech_Cloud_Computing_EN.pdf
  7. Article 29 Data Prot. Working Party, Opinion 05/2012 on Cloud Computing 5, No. 01037/12/EN, WP 196 (July 1, 2012), available at http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp196_en.pdf
  8. Working Groups on Technology and Media of the Conference of Federal and State Data Protection Commissioners, Cloud Computing: An Orientation Guide (2011), available at http://www.bfdi.bund.de/EN/Topics/technologicalDataProtection/Artikel/OHCloudComputing.pdf?__blob=publicationFile
  9. Lovells, Hogan, EU Draft Data Protection Regulation: the LIBE Committee Amendments: A Hogal Lovells Briefing Paper 2, http://www.hldataprotection.com/files/2013/11/EU-Draft-Data-Protection-Regulation-LIBE-Committee-Amendments.pdf
  10. European Parliament Committee on Civil Liberties, Justice and Home Affairs, Draft Report on the Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individual with Regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation), Jan. 16, 2013, [hereinafter LIBE Committee Report] 87, available at http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/pr/922/922387/922387en.pdf
  11. Miguel Helft, Privacy Group Asks F.T.C. to Investigate Google, N.Y. Times Bits Blog (Mar. 17, 2009, 6:37 PM), available at http://bits.blogs.nytimes.com/2009/03/17/privacy-group-asksftc-to-investigate-google-cloud-computing/?hp&_r=0
  12. European Commission, Commission decisions on the adequacy of the protection of personal data in third countries, http://ec.europa.eu/justice/data-protection/document/international- transfers/adequacy/
  13. Hakim, Danny, Europe Aims to Regulate the Cloud, N.Y. Times, Oct. 6, 2013, available at http://www.nytimes.com/2013/10/07/business/international/europe-aims-to-regulate-the-cloud.html?pagewanted=all
  14. Article 29 Data Prot. Working Party, Opinion 05/2012 on Applicable Law, No. 0836-02/10/EN, WP 179 (Dec. 16, 2010), available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp179_en.pdf
  15. Barbaro, Michael & Zeller, Jr, Tom, A Face is Exposed for AOL Searcher No. 4417749, N.Y. Times, Aug. 9, 2006, available at http://www.nytimes.com/2006/08/09/technology/09aol.html?pagewanted=all
  16. Electronic Privacy Information Center, Cloud Computing, http://epic.org/privacy/cloudcomputing/#introduction
  17. Article 29 Data Prot. Working Party, Opinion 1/2010 on the Concepts of “Controller” and “Processor” 8-9, No. 00264/10/EN, WP 169 (Feb 16, 2010), available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp169_en.pdf
  18. Catteddu, Daniele & Hogben Giles, Cloud Computing—Benefits, Risks and Recommendations for Information Security, European Network and Information Security Agency, available at http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment
  19. Article 29 Working Party, European Commission, at http://ec.europa.eu/justice/data-protection/article-29/index_en.htm
  20. Article 4.1(a) of the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [hereinafter Directive 95/46/EC], available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML
  21. Billings, John T.(2012).Comment, European Protectionism in Cloud Computing: Addressing Concerns over the Patriot Act.CommLaw Conspectus,21,211-231.
  22. Bussche, Axel von dem,Markus, Stamm(2013).Data Protection in Germany.
  23. Carey, Peter(2009).Data Protection: A Practical Guide to UK and EU Law.
  24. Cheng, Tina(2013).A Cloudy Forecast: Divergence in the Cloud Computing Laws of the United States, European Union, and China.Ga. J. Int'l & Comp. L.,41,481-505.
  25. European Union Agency for Fundamental Rights(2010).Data Protection in the European Union: the Role of National Data Protection Authorities.
  26. Gutwirth, Serge(ed.)(2011).Computers, Privacy and Data Protection: An Element of Choice.
  27. Hon, W. Kuan(2011).The Problem of "Personal Data" in Cloud Computing: What Information is Regulated?-The Cloud of Unknowing.Int'l Data Privacy L.,1,211-228.
  28. Hon, W. Kuan(2012).Who is Responsible for "Personal Data" in Cloud Computing?-The Cloud of Unknowing Part 2.Int'l Data Privacy L.,2,3-18.
  29. Jay, Rosemary(2012).Data Protection Law and Practice.
  30. Kalyvas, James R.(2013).Cloud Computing: A Practical Framework for Managing Cloud Computing Risk-Part 1.Intell. Prop. & Tech. L.J.,25(3),7-18.
  31. Katzan, Harry, Jr.(2010).Privacy, Identity, and Cloud Computing.
  32. Kesan, Jay P.(2013).Information Privacy and Data Control in Cloud Computing: Consumers, Privacy Preferences, and Market Efficiency.Wash. & Lee L. Rev.,70,341-472.
  33. Kuner, Christopher(2012).Bloomberg BNA: Privacy and Security Law ReportBloomberg BNA: Privacy and Security Law Report,Bloomberg BNA.
  34. Kuner, Chritopher(2013).Transborder Data Flows and Data Privacy Law.
  35. Marchini, Renzo(2010).Cloud Computing: A Practical Introduction to the Legal Issues.
  36. Mather, Tim(2009).Cloud Security and Privacy-An Enterprise Perspective on Risks and Compliance.
  37. Narayanan, Vineeth(2012).Comment, Harnessing the Cloud: International Law Implications of Cloud -Computing.Chi. J. Int'l L.,12,783-809.
  38. Ohm, Paul(2010).Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization.UCLA L. Rev.,57,1701-1777.
  39. Robison, William Jeremy(2010).Note, Free at What Cost? Cloud Computing Privacy Under the Stored Communication Act.Geo L.J.,98,1195-1239.
  40. Schwartz, Paul M.(2013).Bloomberg BNA: Privacy and Security Law ReportBloomberg BNA: Privacy and Security Law Report,Bloomberg BNA.
  41. Schwartz, Paul M.(2013).Information Privacy in the Cloud.U. Pa. L. Rev.,161,1623-1662.
  42. Schwartz, Paul M.,Solove, Daniel J.(2011).The PII Problem: Privacy and a New Concept of Personally Identifiable Information.N.Y.U. L. Rev.,86,1814-1894.
  43. Shaw, Thomas(2011).Cloud Computing for Lawyers and Executives.
  44. Voss, W. Gregory(2013).One Year and Loads of Data Later, Where are We? An Update on the Proposed European Union General Data Protection Regulation.J. Internet L.,16(10),1-23.
  45. Walden, Ian(2002).Anonymising Personal Data.Int'l J. L. & IT,10,224-237.
  46. 王澤鑑(1994)。民法學說與判例研究
  47. 李治安(2010)。當法律漫步在雲端。法學新論,25,49-65。
  48. 邱文聰(2008)。論「個人資料保護法」之修正。TAHR pas/TAHR 報,7 月號=Jul.,2-5。
  49. 孫德沛(2011)。國立政治大學法律科際整合研究所=Graduate Institute of Law and Interdisciplinary Studies, National Chengchi University。
  50. 財團法人資訊工業策進會科技法律研究所(2012)。個資保護1.0。書泉。
  51. 陳敏(2013)。行政法總論。作者自版=Chen, Ming。
  52. 劉佐國、李世德(2012)。個人資料保護法釋義與實務。碁峰資訊=Gotop。
  53. 劉定基(2010)。個人資料保護法初論。台灣法學,159,1-8。
  54. 劉定基(2012)。個人資料的定義、保護原則與個人資料保護法適用的例外—以監視錄影為例(上)。月旦法學教室,115,39-53。
  55. 劉靜怡(2010)。雲端運算趨勢與個人資訊隱私保護。全國律師,14(2),39-52。
  56. 劉靜怡(2010)。不算進步的立法:「個人資料保護法」初步評析。月旦法學,183,147-164。
  57. 寰瀛法律事務所(2013)。個資法百問。新學林=Sharing。
被引用次数
  1. 樓一琳、何之行(2017)。個人資料保護於雲端運算時代之法律爭議初探暨比較法分析:以健保資料為例。臺大法學論叢,46(2),339-422。
  2. 葉志良,楊東穎,程致剛(2020)。5G與消費者保障:以維護消費者資訊自主權為中心。台灣國際法學刊,16(1),23-51。
  3. (2016)。網路之刑事追訴─科技與法律的較勁。政大法學評論,145,339-390。
  4. (2017)。大數據時代的個人資料隱私與去識別化之探討。前瞻科技與管理,7(2),1-34。
  5. (2020)。評介美國2018 年雲端法及其衍生跨國規範衝擊。月旦法學雜誌,305,102-115。
print cancel