資料治理法制：歐盟模式之啟發

翁逸泓

資料治理 ； 資料共享 ； 資料再利用 ； 個資保護 ； 開放資料 ； 資訊受託人 ； 資料中介者 ； 資料利他主義 ； Data Governance ； Data-sharing ； Re-use of Data ； Data Protection ； Open Data ； Information Fiduciary ； Data Intermediaries ； Data Altruism

東海大學法學研究

64期（2022 / 10 / 01）

55 - 116

繁體中文

本文之研究目的為對於資料之應用情狀，尤其就私部門間以及私、公部門間資料近用與分享所生風險之資料治理問題，尋求可能的管制論理與架構。歐盟在2020年之後的整體資料策略明顯地以過去廿餘年來建立的對於個人基本權利與自由保障為核心價值，藉由多元而開放之資料流通法律框架而企圖達到民主治理的透明問責目的，並促進其數位市場的公平與均衡。本文認爲歐盟個資保護模式既然為我國個資法立法之借鏡，且個資法在我國已經施行廿餘年，再加上建構信任關係的資料受託者理論可為參考標的，因此本文以Jack Balkin教授之資訊受託人模式說明具有委託與信任關係特質之資訊中介者角色與相關之法律關係，並以歐盟資料治理法為參考點，分析可能的資料共享模式。再者，就資料利他之部分則使個人和企業法人得較容易地基於公共利益而獲取相關資料／個資，例如特定大規模對於資料／個資蒐集的研究而自願以同意方式提供資料，故必須建立對資料利他主義相關法律制度的信任關係。本文認為資料治理在以個資保護為核心價值的歐盟資料法制進展中，已然逐漸成形。我國如果企圖在資料近用與共享上迅速地與國際上之資料法制發展接軌，則必須至少考量歐盟之相關發展，而由於數位發展部依據其組織法乃主管關於資料治理事項，因此接下來數位發展部將是任重而道遠的重要機關，而必須加速完成相對應法制之籌劃。

This research aims to seek possible regulatory theories and frameworks for data applications, in particularly data governance issues related to risks arising from data access and sharing between the private sector and between private and public sectors. The EU's overall data strategy after 2020 will obviously take the protection of fundamental rights and freedoms of individuals established over the past two decades as its core value, and attempt to achieve the goal of transparency and accountability for democratic governance through a diverse and open legal framework for the freedom of data flow, and promote fairness and equilibrium in its digital market. In this regard, this research applies Prof. Jack Balkin's Information Fiduciary Model, and takes the DGA as a reference point to analyze possible data sharing models. Furthermore, data altruistic makes it easier for individuals and legal persons to obtain relevant data/ personal data based on public interests, such as voluntarily providing data by consent in certain large-scale researches on data/ personal data collection. A relationship of trust in the legal system related to data altruism must be established. This paper argues that data governance has gradually taken shape in the progress of the EU data legal system with personal data protection as its core value. If Taiwan attempts to quickly integrate with the international data legal development in terms of data access and sharing, it must at least consider the relevant development of the EU. Since the Ministry of Digital Development is in charge of data governance, it will be a crucial role with a long way to go, which must accelerate the completion of the corresponding legal planning.

1. 翁清坤(2020)。大數據對於個人資料保護之挑戰與因應之道。東吳法律學報，31(3)，79-159。
   連結：
2. 莊文忠(2018)。循證的政策制定與資料分析：挑戰與前瞻。文官制度，10(2)，1-20。
   連結：
3. 劉定基(2020)。第三人近用法庭卷證資料權利與個人資料保護的調和。國立臺灣大學法學論叢，49(3)，881-928。
   連結：
4. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals withregard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995, p. 31-50
5. Regulation(EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act) (Text with EEA relevance) PE/85/2021/REV/1, OJ L 152, 3.6.2022, p. 1-4.
6. (2020).Proposal for a Regulation of the European Parliament and of the Council on a Single Market for Digital Services(Digital Services Act) and amending Directive 2000/31/EC, COM(2020) 825 final..
7. Regulation(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, OJ L 119, 4.5.2016, p. 1-88.
8. Directive(EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information, OJ L 172, 26.6.2019, p. 56-83.
9. Directive 2013/37/EU of the European Parliament and of the Council of 26 June 2013 amending Directive 2003/98/EC on the re-use of public sector information Text with EEA relevance, OJ L 175, 27.6.2013, p. 1-8.
10. Directive 2003/98/EC of the European Parliament and of the Council of 17 November 2003 on the re-use of public sector information, OJ L 345, 31.12.2003, p. 90-96.
11. (2022).Proposal for a Regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data, COM(2022) 68 final..
12. Alexander, Sam(2021).Australian Information Businesses : The Adoption of an Information Fiduciary Framework in the Australian Context.ANU Journal of Law and Technology,2(1),7-44.
13. Balkin, Jack M.(2020).The Fiduciary Model of Privacy (Responding to David E Pozen and Lina M Khan, ‘A Skeptical View of Information Fiduciaries’).Harvard Law Review Forum,134,11-33.
14. Balkin, Jack M.(2016).Information Fiduciaries and the First Amendment.UC Davis School of Law-Law Review,49,1183-1234.
15. Jack M. Balkin and Jonathan Zittrain, A Grand Bargain to Make Tech Companies Trustworthy, The Atlantic(Oct. 3, 2016), https://www.theatlantic.com/technology/archive/2016/10/information-fiduciary/502346/.
16. Council of the European Union(2021).Council of the European Union, Proposal for a Regulation of the European Parliament and of the Council on European data governance(Data Governance Act) - Mandate for negotiations with the European Parliament, 24 September 2021..
17. Dobkin, Ariel(2018).Information Fiduciaries in Practice : Data Privacy and User Expectations.Berkeley Technology Law Journal,33(1),1-52.
18. EDPS, Opinion on Personal Information Management Systems, 20 October 2016, https://edps.europa.eu/sites/edp/files/publication/16-10-20_pims_opinion_en.pdf
19. European Commission, A European strategy for data, 1, https://ec.europa.eu/info/sites/default/files/communication-european-strategy-data-19feb2020_en.pdf
20. European Commission, Data Governance and Data Policies at the European Commission(2020), https://ec.europa.eu/info/sites/info/files/summary-data-governance-data-policies_en.pdf
21. European Commission, Directorate-General for Communications Networks, Content and Technology(2021), Towards a European strategy on business-to-government data sharing for the public interest : final report prepared by the High-Level Expert Group on Business-to-Government Data Sharing. European Commission, European legislation on open data and the re-use of public sector information, https://ec.europa.eu/digital-single-market/en/european-legislation-reuse-public-sector-information.
22. Force 11, The FAIR Principles, https://www.force11.org/group/fairgroup/fairprinciples
23. ICO, Data Sharing Code of Practice(2011), https://ico.org.uk/media/for-organisations/documents/1068/data_sharing_code_of_practice.pdf
24. ICO, Principle(b) : Purpose limitation, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/purpose-limitation/
25. Khan, Lina M.,Pozen, David E.(2019).A Skeptical View of Information Fiduciaries.Harvard Law Review,133,497-541.
26. Tuch, Andrew F.(2020).A General Defense of Information Fiduciaries.Washington University Law Review,98,1897-2037.
27. Wagner, Ben,Kuklis, Lubos(2022).Establishing Auditing Intermediaries to Verify Platform Data.Regulating Big Tech : Policy Responses to Digital Dominance
28. Waldman, Ari Ezra(2018).Privacy as Trust : Information Privacy for an Information Age.
29. Woods, Lorna,Perrin, Will(2022).Obliging Platforms to Accept a Duty of Care.Regulating Big Tech : Policy Responses to Digital Dominance
30. 邱文聰(2009)。從資訊自決與資訊隱私的概念區分─評「電腦處理個人資料保護法修正草案」的結構性問題。月旦法學雜誌，168，172-189。
31. 翁逸泓(2019)。開放全民電子健康資料加值應用之個資保護問題─以英國經驗為例。月旦法學雜誌，285，144-173。
32. 翁逸泓,李寧修。委託研究計畫結案報告委託研究計畫結案報告,國家發展委員會。
33. 國家發展委員會，109 年 10 月 28 日「行政院開放政府國家行動方案推動小組」第 1 次會議，https://www.ndc.gov.tw/Content_List.aspx?n=B230D4AA5D433594
34. 國家發展委員會(2020)。國家發展委員會，服務型智慧政府 2.0 推動計畫（行政院 109 年8 月 3 日院臺科會字第 1090022013 號函核定）。
35. 國家發展委員會，個人化資料自主運用（MyData），https://mydata.nat.gov.tw/。
36. 曾冠球(2020)。跨部門資料協作的趨勢：借鏡歐盟經驗。國土及公共治理季刊，8(3)，54-63。
37. 葉俊榮(2016)。探尋隱私權的空間意涵─大法官對基本權利的脈絡論證。中研院法學期刊，18，1-40。
38. 劉定基(2018)。試評「數位通訊傳播法」草案。「匯流、治理、通傳會」論文集
39. 劉定基(2017)。大數據與物聯網時代的個人資料自主權。憲政時代，42(3)，265-308。
40. 劉靜怡(2020)。人工智慧時代的法學研究路經初探。法律思維與制度的智慧轉型
41. 蕭乃沂,朱斌妤(2018)。資料驅動創新的跨域公共治理。國土及公共治理季刊，6(4)，74-85。

1. (2022)。健康資料加值應用的下一步──資料治理與信任擔保。月旦法學雜誌，331，24-36。
2. (2023)。健保資料二次使用之個人資料保護立法芻議－111年憲判字第13號【健保資料庫案】判決之回應－。輔仁法學，66，307-378。
3. (2024)。資訊受託人理論之研究及對我國之啟示。中正大學法學集刊，83，107-161。