题名

個人資料之去識別化與再識別化風險:法律之觀點

并列篇名

The Deidentification of Personal Data and its Risk of Reidentification: A Legal Perspective

DOI

10.6199/NTULJ.202309_52(3).0001

作者

翁清坤(Ching-Kuen Ueng)

关键词

個人資料 ; 隱私 ; 大數據 ; 識別符號 ; 去識別化 ; 匿名化 ; 再識別化 ; 表意自由 ; 風險忍受 ; 一般資料保護規則 ; personal data ; privacy ; big data ; identifier ; deidentification ; anonymization ; reidentification ; freedom of expression ; tolerant of risk ; General Data Protection Regulation

期刊名称

臺大法學論叢

卷期/出版年月

52卷3期(2023 / 09 / 01)

页次

619 - 739

内容语文

繁體中文;英文
中文摘要

當前盛行以大數據技術進行資料研究分析,導出各種創新性推論或發現,以造福社會。惟資料廣泛運用時,亦漸形成隱私風險。面對隱私保護與資料效用的衝突,倘將個資去識別化、匿名化,則不受個人資料保護法拘束,可移作原始蒐集目的外之利用或與第三人分享,以供各種運用。惟大數據時代,有眾多資料來源可供交叉比對,不論去識別化或匿名化資料均難以維持不可逆、不可還原的狀態,而不可避免均有被再識別化風險,乃形成隱私等人格與經濟損害、表意自由的寒蟬效應。一些知名的再識別化事件,使得去識別化的有效性漸受質疑。但有反駁,被再識別出來的比例實屬微小,去識別化仍屬有效機制。對此,美國法院見解亦相當分歧。對於去識別化與再識別化的衝突,建議可採下列因應措施:(一)去識別化資料仍可能與其他資料相結合而再識別化,故較務實解決之道,應非在於完全排除再識別化風險,而應著重於減緩風險至極低程度。類似此風險忍受概念,歐美許多立法例普遍採用之「合理」識別化、去識別化標準,亦未要求「完全排除被再識別化之風險」。(二)去識別化的進行,應按再識別化風險評估而兼採符合比例之合理技術、行政與法律措施,以降低再識別化風險。(三)課予民刑事責任而禁止不當再識別化。
英文摘要

The concept of "personal data" as the cornerstone for information privacy laws seems workable. Any data relating to an identified or identifiable natural person will trigger the mechanism of personal data protection. The operation of big data is to derive or infer hidden value from the structured and unstructured raw data through novel reuse. However, the reuse of personal data will be likely beyond the scope of original collection purpose, in violation of the principle of purpose limitation. Furthermore, the ubiquitous use of personal data will lead to privacy risk. As a consequence, one of the solutions is to deidentify personal data in order to use for further purposes or share with third parties. However, in the age of big data, as the deidentified or anonymized data may be combined with other datasets from various sources, it is not likely to absolutely ensure "a person cannot be identified from a dataset." The reidentification will cause damages to privacy, personality or property, and the chilling effect on freedom of expression. As there were several famous reidentification cases in the past two decades, the effectiveness of deidentification or anonymization is gradually criticized. However, some scholars insist that the deidentification or anonymization is still effective in protecting privacy because the rate of reidentification is very small. Similarly, the U.S. courts are also divided in their effectiveness. In facing the conflict between deidentification and reidentification, there could be some solutions. Firstly, the key point is to adopt a reasonable deidentification standard, thus reducing the risk of reidentification to a not important degree, rather absolutely ruling out its risk. Secondly, data controllers shall evaluate the risk of reidentification and thus adopt the technical, legal, and organizational safeguards subject to the principle of proportionality. Finally, statutes shall include civil and criminal liabilities in order to prohibit improper reidentification.
主题分类 社會科學 > 法律學
参考文献
  1. 江耀國,黃子宴(2019)。個人資料的概念與匿名化:一個認識論的觀點。東海大學法學研究,58,1-62。
    連結:
  2. 李寧修(2020)。個人資料合理利用模式之探析:以健康資料之學術研究為例。臺大法學論叢,49(1),1-50。
    連結:
  3. 范姜真媺(2020)。匿名加工資料制度之創設:因應大數據時代日本個人資料保護法之新進展。東海大學法學研究,59,1-54。
    連結:
  4. 翁清坤(2013)。告知後同意與消費者個人資料之保護。臺北大學法學論叢,87,217-322。
    連結:
  5. 翁清坤(2018)。賦予當事人個人資料財產權地位之優勢與侷限:以美國法為中心。臺大法學論叢,47(3),941-1051。
    連結:
  6. 翁清坤(2020)。大數據對於個人資料保護之挑戰與因應之道。東吳法律學報,31(3),79-159。
    連結:
  7. 樓一琳,何之行(2017)。個人資料保護於雲端運算時代之法律爭議初探暨比較法分析:以健保資料為例。臺大法學論叢,46(2),339-422。
    連結:
  8. Article 19. (2015, June). Right to Online Anonymity. https://www.article19.org/data/files/medialibrary/38006/Anonymity_and_encryption_report_A5_final-web.pdf
  9. Abbott, R.(2013).Big Data and Pharmacovigilance: Using Health Information Exchanges to Revolutionize Drug Safety.Iowa Law Review,99,225-292.
  10. Achatz, C.,Hubbard, S.(2017).Us vs. Eu Guidelines for De-Identification, Anonymization, and Pseudonymization.Journal of Internet Law,20(11),1+7-10.
  11. Ahn, S.(2015).Whose Genome Is It Anyway?: Re-Identification and Privacy Protectionin Public and Participatory Genomics.San Diego Law Review,52,751-806.
  12. Altman, M.,Wood, A.,O'Brien, D. R.,Vadhan, S.,Gasser, U.(2015).Towards A Modern Approach to Privacy-Aware Government Data Releases.Berkeley Technology Law Journal,30(3),1967-2072.
  13. Arbuckle, L.,El Emam, K.(2020).Building an Anonymization Pipeline: Creating Safe Data.O'Reilly Media.
  14. Ausloos, J.(2020).The Right to Erasure in EU Data Protection Law.Oxford University Press.
  15. Baron, J. B.(2012).Property as Control: The Case of Information.Michigan Telecommunications and Technology Law Review,18(2),367-418.
  16. Benitez, K.,Malin, B.(2010).Evaluating Re-identification Risks with Respect to the HIPAA Privacy Rule.Journal of the American Medical Informatics Association,17,169-177.
  17. Borgesius, F. Z.,Gray, J.,van Eechoud, M.(2015).Open Data, Privacy, and Fair Information Principles: Towards a Balancing Framework.Berkeley Technology Law Journal,30(3),2073-2131.
  18. Brasher, E. A.(2018).Addressing the Failure of Anonymization: Guidance from the European Union's General Data Protection Regulation.Columbia Business Law Review,2018,209-253.
  19. Brown, I., Wright, J., & Erdos, D. (2013). Ethical Privacy Guidelines for Mobile Connectivity Measurements (B. Zevenvergen, Ed.). University Of Oxford. https://doi.org/10.2139/ssrn.2356824
  20. Brumfield, C.,Lee, J. J.(2020).The Risks and Rewards of Conducting A Census in the Digital Age.Georgetown Law Technology Review,4(2),415-427.
  21. Caldarola, Maria Cristina,Schrey, Joachim,趙彥清(譯),黃俊凱(譯)(2020).大數據與法律實務指南.元照.
  22. Cate, F. H.(2010).Protecting Privacy in Health Research: the Limits of Individual Choice.California Law Review,98(6),1765-1803.
  23. Charkow, B.(2003).The Control over the De-Identification of Data.Cardozo Arts & Entertainment Law Journal,21(1),195-228.
  24. Cheung, A. S. Y.(2018).Moving Beyond Consent for Citizen Science in Big Data Health and Medical Research.Northwestern Journal of Technology and Intellectual Property,16(1),15-40.
  25. Chin, A.,Klinefelter, A.(2012).Differential Privacy As A Response to the Reidentification Threat: The Facebook Advertiser Case Study.North Carolina Law Review,90,1417-1456.
  26. Christovich, M. M.(2016).Why Should We Care What Fitbit Shares?: A Proposed Statutory Solution to Protect Sensitive Personal Fitness Information.Hastings Communications and Entertainment Law Journal,38(1),91-116.
  27. Cohen, J. E.(1996).A Right to Read Anonymously: A Closer Look at “Copyright Management” in Cyberspace.Connecticut Law Review,28,981-1039.
  28. Contreras, J. L.(2016).Genetic Property.Georgetown Law Journal,105(1),1-54.
  29. Cunningham, M.(2017).Privacy Law That Does Not Protect Privacy, Forgetting the Right to Be Forgotten.Buffalo Law Review,65(3),495-546.
  30. Czarnowski, A. P.,Kloc, K.,Kunda, K.,Gawronski, M.,Punda, P.(2019).CHAPTER 3 Security.Guide to the GDPR
  31. Deitch, J.(2020).Protecting Unprotected Data in Mhealth.Northwestern Journal of Technology and Intellectual Property,18(1),107-128.
  32. Dever, J. P.,Dever, C. J. A.(2017).A Democracy of Users.Journal of Law & Cyber Warfare,6(1),8-50.
  33. Drabiak, K.(2017).Caveat Emptor: How the Intersection of Big Data and Consumer Genomics Exponentially Increases Informational Privacy Risks.Health Matrix: The Journal of Law-Medicine,27(1),143-228.
  34. El Emam, K.(2013).Guide to the De-identification of Personal Health Information.CRC Press.
  35. El Emam, K.,Arbuckle, L.(2013).Anonymizing Health Data.O'Reilly Media.
  36. El Emam, K.,Buckeridge, D.,Tamblyn, R.,Neisa, A.,Jonker, E.,Verma, A.(2011).The re-identification risk of Canadians from longitudinal demographics.BMC Medical Informatics and Decision Making,11(46),1-12.
  37. European Union Agency for Fundamental Rights,European Court of Human Rights,European Data Protection Supervisor,Council of Europe(2018).Handbook on European Data Protection Law.
  38. Evans, B. J.(2013).Why the Common Rule Is Hard to Amend.Indiana Health Law Review,10(2),365-414.
  39. Evans, B. J.(2016).Barbarians at the Gate: Consumer-Driven Health Data Commons and the Transformation of Citizen Science.American Journal of Law and Medicine,42(4),651-685.
  40. Federal Trade Commission(2012).,未出版
  41. Finch, K. (2016, April 25). A Visual Guide to Practical Data De-identification. Future of Privacy Forum. https://fpf.org/2016/04/25/a-visual-guide-to-practical-data-de-identification/
  42. Finch, K.,Tene, O.(2014).Welcome to the Metropticon: Protecting Privacy in A Hyperconnected Town.Fordham Urban Law Journal,41,1581-1615.
  43. Finck, M.,Pallas, F.(2020).They who must not be identified: distinguishing personal from non-personal data under the GDPR.International Data Privacy Law,10(1),11-36.
  44. Froomkin, A. M.(1996).Flood Control on the Information Ocean: Living with Anonymity, Digital Cash, and Distributed Databases.Journal of Law and Commerce,15,395-507.
  45. Garfinkel, S. L.(2015).De-Identification of Personal Information.NIST.
  46. Gellert, R.(2020).The Risk-Based Approach to Data Protection.Oxford University Press.
  47. Gellman, R.(2010).The Deidentification Dilemma: A Legislative and Contractual Proposal.Fordham Intellectual Property, Media & Entertainment Law Journal,21(1),33-61.
  48. Gilligan, K. C.(2022).Protecting Consumers and Regulating Data: The Need for Comprehensive Federal Oversight of the Direct-to-Consumer Genetic Testing Industry.Drexel Law Review,14,207-260.
  49. Gitter, D. M.(2017).Informed Consent and Privacy of Non-Identified Bio-Specimens and Estimated Data: Lessons from Iceland and the United States in an Era of Computational Genomics.Cardozo Law Review,38(4),1251-1299.
  50. Groos, D.,van Veen, E.-B.(2020).Anonymised Data and the Rule of Law.European Data Protection Law Review,6(4),498-508.
  51. Hintze, M.(2019).Science and Privacy: Data Protection Laws and Their Impact on Research.Washington Journal of Law, Technology & Arts,14(2),103-137.
  52. Hintze, M.(2016).,未出版
  53. Hirsch, D. D.(2014).The Glass House Effect: Big Data, the New Oil, and the Power of Analogy.Maine Law Review,66(2),373-395.
  54. Information and Privacy Commission New South Wales (2020, May). A Guide to Privacy Impact Assessments. https://www.ipc.nsw.gov.au/sites/default/files/2021-3/Guide_to_Privacy_Impact_Assessments_May_2020.pdf
  55. Information and Privacy Commissioner of Ontario(2016).,未出版
  56. Kish, L. J.,Topol, E. J.(2015).Unpatients: why patients should own their medical data.Nature Biotechnology,33,921-924.
  57. Klinefelter, A.(2011).When to Research Is to Reveal: The Growing Threat to Attorney and Client Confidentiality from Online Tracking.Virginia Journal of Law and Technology,16(1),1-40.
  58. Kloc, K.,Gawronski, M.,Dominiak, M.,Sztaberek, M.,Naklicka, P.,Punda, P.(2019).CHAPTER 1 Basic Compliance.Guide to the GDPR
  59. Klocke, J. L.(2008).Prescription Records for Sale: Privacy and Free Speech Issues Arising from the Sale of De-Identified Medical Data.Idaho Law Review,44,511-536.
  60. Lagos, Y.(2014).Taking the Personal Out of Data: Making Sense of De-Identification.Indiana Law Review,48(1),187-203.
  61. Lagos, Y.,Polonetsky, J.(2013).Public vs. Nonpublic Data: The Benefits of Administrative Controls.Stanford Law Review Online,66,103-109.
  62. Manheim, K.,Kaplan, L.(2019).Artificial Intelligence: Risks to Privacy and Democracy.Yale Journal of Law & Technology,21,106-188.
  63. Mayer-Schonberger, Viktor,Cukier, Kenneth,林俊宏(譯)(2013).大數據.天下文化.
  64. McCallister, E., Grance, T., & Scarfone, K. (2010). Guide to Protecting the Confidentiality of Personally Identifiable Information (PII): Recommendations of the National Institute of Standards and Technology. NIST. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-122.pdf
  65. McGraw, D.,Leiter, A.(2012).A Policy and Technology Framework for Using Clinical Data to Improve Quality.Houston Journal of Health Law & Policy,12,137-169.
  66. McGraw, D.,Leiter, A.(2014).Risk-Based Regulation of Clinical Health Data Analytics.Colorado Technology Law Journal,12(2),427-444.
  67. Miller, J. S.(2015).How Did You Know That? Protecting Privacy Interests of Research Participants Via Certificates of Confidentiality.The Columbia Science and Technology Law Review,17(1),90-119.
  68. Morrison, A. L.(2011).A Research Revolution: Genetic Testing Consumers Become Research (and Privacy) Guinea Pigs.Journal on Telecommunications and High Technology Law,9,573-605.
  69. Narayanan, A.,Shmatikov, V.(2008).Robust De-anonymization of Large Sparse Datasets.2008 IEEE Symposium on Security and Privacy
  70. Narayanan, A.,Shmatikov, V.(2010).Privacy and Security: Myths and Fallacies of “Personally Identifiable Information”.Communications of the ACM,53(6),24-26.
  71. National Committee on Vital and Health Statistics(2017).,未出版
  72. National Data Guardian for Health and Care (2016). Review of Data Security, Consent and Opt-outs. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/535024/data-security-review.PDF
  73. NIST (2012, September). Guide for Conducting Risk Assessments. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
  74. Office of the Australian Information Commissioner (2017, May). What Is Personal Information?. https://www.oaic.gov.au/privacy/privacy-guidancefor-organisations-and-government-agencies/handling-personal-information?a=2832
  75. Ohm, P.(2015).Sensitive Information.Southern California Law Review,88(5),1125-1196.
  76. Ohm, P. (2012, August 23). Don’t Build a Database of Ruin. Harvard Business Review. https://hbr.org/2012/08/dont-build-a-database-of-ruin
  77. Ohm, P.(2010).Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization.UCLA Law Review,57,1701-1777.
  78. Pan, S. B.(2016).Get to Know Me: Protecting Privacy and Autonomy Under Big Data's Penetrating Gaze.Harvard Journal of Law & Technology,30,239-261.
  79. Pavolotsky, J.(2013).Privacy in the Age of Big Data.The Business Lawyer,69(1),217-225.
  80. Peppet, S. R.(2014).Regulating the Internet of Things: First Steps Toward Managing Discrimination, Privacy, Security, and Consent.Texas Law Review,93,85-176.
  81. Phillips, M.,Dove, E. S.,Knoppers, B. M.(2017).Criminal Prohibition of Wrongful Re-identification: Legal Solution or Minefield for Big Data?.Bioethical Inquiry,14,527-539.
  82. Pike, E. R.(2016).Securing Sequences: Ensuring Adequate Protections for Genetic Samples in the Age of Big Data.Cardozo Law Review,37,1977-2034.
  83. Pinker, Steven,陳岳辰(譯)(2022).理性:人類最有效的認知工具,讓我們做出更好的選擇,採取更正確的行動.商周.
  84. Polonetsky, J.,Tene, O.,Finch, K.(2016).Shades of Gray: Seeing the Full Spectrum of Practical Data De-Identification.Santa Clara Law Review,56(3),593-629.
  85. Porter, C. C.(2008).De-identified Data and Third Party Data Mining: The Risk of Re-Identification of Personal Information.Shidler Journal of Law, Commerce & Technology,5,3-10.
  86. Rostow, T.(2017).What Happens When an Acquaintance Buys Your Data?: A New Privacy Harm in the Age of Data Brokers.Yale Journal on Regulation,34,667-707.
  87. Rubinstein, I. S.(2013).Big Data: The End of Privacy or a New Beginning?.International Data Privacy Law,3(2),74-87.
  88. Rubinstein, I. S. (2016, November 8). Brussels Privacy Symposium on Identifiability: Policy and Practical Solutions for Anonymisation and Pseudonymisation: Framing the Discussion. https://fpf.org/wp-content/uploads/2016/11/Rubinstein_framing-paper.pdf
  89. Rubinstein, I. S.,Hartzog, W.(2017).The Anonymization Debate Should Be About Risk, Not Perfection.Communications of the ACM,60(5),22-24.
  90. Rubinstein, I. S.,Hartzog, W.(2016).Anonymization and Risk.Washington Law Review,91,703-760.
  91. Russo, S. J.(2020).Is De-Identification of Personal Health Information in the Age of Artificial Intelligence A Reality or A Noble Myth?.Journal of Health Care Compliance,22,55-59.
  92. Schwartz, P. M.,Solove, D. J.(2011).The PII Problem: Privacy and A New Concept of Personally Identifiable Information.New York University Law Review,86,1814-1894.
  93. Schwartz, P. M.,Solove, D. J.(2014).Reconciling Personal Information in the United States and European Union.California Law Review,102(4),877-916.
  94. Segrist, P.(2015).How the Rise of Big Data and Predictive Analytics Are Changing the Attorney's Duty of Competence.North Carolina Journal of Law & Technology,16(3),527-622.
  95. Serwin, A. B.(2009).Privacy 3.0: the Principle of Proportionality.University of Michigan Journal of Law Reform,42(4),869-930.
  96. Smith, C. R.(2012).Somebody's Watching Me: Protecting Patient Privacy in Prescription Health Information.Vermont Law Review,36,931-994.
  97. Sokhansanj, B. A.(2012).Beyond Protecting Genetic Privacy: Understanding Genetic Discrimination Through Its Disparate Impact on Racial Minorities.Columbia Journal of Race and Law,2(2),279-309.
  98. Stalla-Bourdillon, S.,Knight, A.(2016).Anonymous Data v. Personal Data-A False Debate: An EU Perspective on Anonymization, Pseudonymization and Personal Data.Wisconsin International Law Journal,34(1),284-322.
  99. Sweeney, L.(2002).k-Anonymity: A Model for Protecting Privacy.International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems,10(5),557-570.
  100. Sweeney, L.(2013).,未出版
  101. Sweeney, L., Yoo, J. S., Perovich, L., Boronow, K. E., Brown, P., & Brody, J. G. (2017). Re-identification Risks in HIPAA Safe Harbor Data: A study of data from one environmental health study. Technology Science. https://techscience.org/a/2017082801/
  102. Swire, P.,Woo, J.(2018).Privacy and Cybersecurity Lessons at the Intersection of the Internet of Things and Police Body-Worn Cameras.North Carolina Law Review,96(5),1475-1524.
  103. Sylvester, D. J.,Lohr, S.(2005).Counting on Confidentiality: Legal and Statistical Approaches to Federal Privacy Law after the USA Patriot Act.Wisconsin Law Review,2005(4),1033-1136.
  104. Tene, O.(2013).Privacy Law's Midlife Crisis: A Critical Assessment of the Second Wave of Global Privacy Laws.Ohio State Law Journal,74(6),1217-1261.
  105. Tene, O.,Polonetsky, J.(2013).Big Data for All: Privacy and User Control in the Age of Analytics.Northwestern Journal of Technology and Intellectual Property,11(5),239-273.
  106. Teperdjian, R.(2020).The Puzzle of Squaring Blockchain with the General Data Protection Regulation.Jurimetrics Journal,60(3),253-313.
  107. The DHHS Office for Civil Rights. (2012). Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html#standard
  108. The Information Commissioner's Office (2012). Anonymisation: Managing Data Protection Risk, Code of Practice. https://ico.org.uk/media/1061/anonymisation-code.pdf
  109. The Information Commissioner's Office (2021, October). Chapter 2: How do we ensure anonymisation is effective? Draft anonymisation, pseudonymisation and privacy enhancing technologies guidance. https://ico.org.uk/media/about-the-ico/documents/4018606/chapter-2-anonymisation-draft.pdf
  110. The Information Commissioner's Office (2017). Big Data, Artificial Intelligence, Machine Learning and Data Protection. https://ico.org.uk/media/for-organisations/documents/2013559/big-data-ai-ml-and-data-protection.pdf
  111. Tovino, S. A.(2004).The Use and Disclosure of Protected Health Information for Research Under the Hipaa Privacy Rule: Unrealized Patient Autonomy and Burdensome Government Regulation.South Dakota Law Review,49,447-502.
  112. Van Meter, B. T.(2020).Demanding Trust in the Private Genetic Data Market.Cornell Law Review,105(5),1527-1560.
  113. Verdi, J.(2012).Transcript: Sorrell v. Ims Health-Any Impact on Patient Privacy?.Vermont Law Review,36,829-834.
  114. Victoria State Government (2018). De-identification Guidelines. https://www.vic.gov.au/sites/default/files/2019-03/Victorian-Data-Sharing-Act-2017-De-identification-guidelines.pdf
  115. Voigt, P.,von dem Bussche, A.(2017).The EU General Data Protection Regulation (GDPR): A Practical Guide.Springer.
  116. Voss, W. G.,Houser, K. A.(2019).Personal Data and the Gdpr: Providing A Competitive Advantage for U.S. Companies.American Business Law Journal,56(2),287-344.
  117. Waldo, J.(Ed.),Lin, H. S.(Ed.),Millett, L. I.(Ed.)(2007).Engaging Privacy and Information Technology in a Digital Age.National Academies Press.
  118. Warner, D.(2013).Safe De-Identification of Big Data Is Critical to Health Care Organizations Must Find A Way to Strike A Balance As They Work Through the Challenges and Concerns.Journal of Health Care Compliance,15,63-72.
  119. Westergren, A.(2016).The Data Liberation Movement: Regulation of Clinical Trial Data Sharing in the European Union and the United States.Houston Journal of International Law,38(3),887-912.
  120. Westin, A. F.(1967).Privacy and Freedom.Ig Publishing.
  121. Woo, J. W.(2017).Smart Cities Pose Privacy Risks and Other Problems, but That Doesn't Mean We Shouldn't Build Them.UMKC Law Review,85(4),953-972.
  122. Wu, F. T.(2013).Defining Privacy and Utility in Data Sets.University of Colorado Law Review,84,1117-1177.
  123. Wucker, Michele,許恬寧(譯)(2022).找出生活中的灰犀牛:認識你的風險指紋,化危機為轉機.天下文化.
  124. Yakowitz, J.(2011).Tragedy of the Data Commons.Harvard Journal of Law & Technology,25(1),1-68.
  125. Yakowitz, J.,Barth-Jones, D.(2011).,Technology Policy Institute.
  126. Zivanovic, N. N.(2015).Medical Information As A Hot Commodity: The Need for Stronger Protection of Patient Health Information.Intellectual Property Law Bulletin,19(2),183-202.
  127. 王興娟(2018)。行政院主計總處個資去識別化作業辦理情形與成效。主計月刊,753,72-77。
  128. 吳全峰,許慧瑩(2018)。健保資料目的外利用之法律爭議:從去識別化作業工具談起。月旦法學雜誌,272,45-62。
  129. 林裕嘉(2017)。公務機關利用去識別化資料之風險評估及法律責任(上)。司法周刊,1852,2-3。
  130. 林裕嘉(2017)。公務機關利用去識別化資料之風險評估及法律責任(下)。司法周刊,1853,2-3。
  131. 孫敏超(2021)。美國加州修正加州消費者隱私法健康資料去識別化相關規定。科技法律透析,33(1),14-16。
  132. 財團法人電信技術中心(2017)。,財團法人電信技術中心。
  133. 張陳弘(2018)。國家建置全民健康保險資料庫之資訊隱私保護爭議:評最高行政法院 106 年度判字第 54 號判決。中原財經法學,40,185-257。
  134. 項靖,陳曉慧,楊東謀,羅晉(2015)。,國家發展委員會。
  135. 賈文宇(2018)。人體生物資料庫通知基因研究「偶然發現」(incidental findings)之倫理及法律問題:兼論臺灣生物資料庫面臨之挑戰與建議。政大法學評論,153,145-191。
print cancel