月旦知識庫
 
  1. 熱門:
 
首頁 臺灣期刊   法律   公行政治   醫事相關   財經   社會學   教育   其他 大陸期刊   核心   重要期刊 DOI文章
管理評論 本站僅提供期刊文獻檢索。
  【月旦知識庫】是否收錄該篇全文,敬請【登入】查詢為準。
最新【購點活動】


篇名
巨量資料交易之法律風險與管理意涵──以個人資料再識別化為中心
並列篇名
Legal Risks and Management Implications of Big Data Transactions - Focusing on the Reidentification of Personal Data
作者 宋皇志
中文摘要
本文以個人資料再識別化為中心,探討巨量資料交易之法律風險與管理意涵。本文對我國各級法院關於個人資料去識別化之判決進行全面的實證研究,發現我國司法判決仍誤以為刪除部分直接識別標誌即可去識別化,毫無再識別風險之概念。在「學生資料案」中,大學意識到個人資料去識別化後具有再識別之風險,然很可惜法院認為此點無再加論述之必要,錯失一次審理再識別風險的絕佳機會。在「健保資料案」中,最高行政法院將審理重點擺在應由資料提供者抑或資料接收者進行去識別化程序之問題,否決原告所提驗證再識別化風險之聲請。本文淺見認為,運用已掌握幾位特定人之部分資料來驗證是否能辨識出該特定人,進而獲取該特定人之全部資訊,是相當好的再識別風險之驗證方法,最高行政法院於判決中全盤否定原告所提證據方法,恐有值得商榷之處。對於降低再識別風險之可能機制,本文認為對於大多數研究而言,著實沒有追求資料絕對精準之必要,概括處理應是平衡個人資料隱私保護與資料可用性最理想之去識別化方法。資料提供者為確保去識別化是否能完全斬除或至少大幅降低再識別風險,進而降低侵權風險,在交易前應對去識別化之效果進行驗證。巨量資料去識別化是否確實之驗證,應該挑選個人已知的幾筆資料,確認是否由這幾筆資料即可識別出特定人。 This paper focuses on the re-identification of personal data and discusses the legal risks and management implications of big data transactions. A comprehensive empirical study of the Taiwanese courts' decisions regarding the de-identification of personal data is conducted. The findings indicate that the Taiwanese courts are unaware of the risk of re-identification. In the Student Information case, the university recognized that de-identified personal data poses a re-identification risk. However, the court stated that further elaboration on this concern was unnecessary, thereby missing a critical opportunity to pass a judgment that would address re-identification risk. In the Health Insurance case, the Supreme Administrative Court focused on procedural concerns regarding whether the de-identification process should be performed by the data provider or the recipient, and denied the plaintiff's argument about re-identification risk. This paper proposes that a validation measure for determining whether specific individuals may be identifiable based on partial personal data and whether this process makes the whole of their personal data obtainable would be suitable for use in assessments of re-identification risk. In light of the proposed method, the Supreme Administrative Court's complete negation of the evidentiary method proposed by the plaintiff is debatable. Regarding a possible mechanism to reduce the re-identification risk, this paper argues that for most research, absolute precision is not required, and that the ideal approach for de-identification is the “generalization treatment," which can balance the protection of personal data privacy and data usability. In this approach, the data provider must validate the efficacy of de-identification before transactions to ensure that the de-identification process has completely eradicated or substantially reduced the re-identification risk, thereby reducing the infringement risk. To validate whether the de-identification of big data is reliable, several datasets belonging to known individuals must be examined to confirm whether the individuals may identified from the datasets.
起訖頁 37-51
關鍵詞 巨量資料交易去識別化再識別化法律風險管理意涵Big Data TransactionDe-IdentificationRe-IdentificationLegal RiskManagement Implications
刊名 管理評論  
期數 201810 (37:4期)
出版單位 財團法人光華管理策進基金會
該期刊-上一篇 試論金融監理科技的分析框架與發展圖像
該期刊-下一篇 試論虛擬貨幣之監理與法律定位──以日本法為中心
 

新書閱讀



最新影音


優惠活動




讀者服務專線:+886-2-23756688 傳真:+886-2-23318496
地址:臺北市館前路28 號 7 樓 客服信箱
Copyright © 元照出版 All rights reserved. 版權所有,禁止轉貼節錄