個人資料的概念與匿名化：一個認識論的觀點

Identifacation and Anonymization Personal Data -An Epistemological Perspective

個人資料之識別是一個「認識論」的探索，涉及三個要素：識別主體、識別方法、及識別客體。如果忽略其中任何一個，即無法解答「識別」的問題，故個人資料定義中應增加對「識別主體」及「識別方法」的描述。在歐盟關於「識別主體」及「識別方法」，學界曾有絕對主義與相對主義的兩派主張。但見諸歐盟法院判決、第29條工作小組、英國ICO的文件均傾向相對主義。個人資料之識別與匿名化（去識別）是一體兩面的問題，涉及同樣的三個要素：（再）識別主體、識別方法、及識別客體。歐盟認為「（再）識別主體」仍是「資料管理者或其他任何人」，而英國ICO採用「有心侵入者」標準。就匿名化而言，歐盟認為「識別方法」仍是「可能之合理方法」。工作小組WP216意見書指出，匿名化資料必須是「無法回逆」，其意涵為：以所有「可能之合理方法」（而非以「任何方法」）無法再識別出當事人。是故「無法回逆」標準不是絕對主義立場，也非「零風險」。關於我國健保資料庫案判決，本文指出兩個主要議題－「議題一」：資料庫中之資料是否已經去識別？以及「議題二」：健保署將資料提供給國家衛生研究院及衛生福利部，以建置資料庫的行為，是否符合個資法？本文深入研究判決本文、學說評論後，以歐盟觀點加以分析並提出本文意見。

The paper argues that the problem of “identification” of “personal data” is actually an “epistemological” inquiry, because it is involved with three elements: the identifying subject, the process and means of identification, and the object. Failure to account for any of the elements would render the solution of “identification” problem incomplete. The legal definition of “personal data” shall include descriptions with respect to “the identifying subject” and “the means of identification”. In the EU, legal academics provide two approaches -- “absolute theory” and “relative theory”. The opinion of EU Court, Article 29 Working Party, and UK Information Commissioner’s Office all adopt the relative approach. Same to the problem of “identification”, the “anonymisation” of personal data is also concerned with three elements: the re-identifying subject, the means of identification, and the object. The recital of Directive and GDPR both consider the re-identifying subject to be “the controller and any other persons”, while the UK proposes the test of “motivated intruder”. Regarding the means of identification, the EU refers to the means “likely reasonably” to be used for identification. Article 29 Working Party requested the anonymisation to be “irreversible”. The term “irreversible” should be understood as not reversible by the means “likely reasonably” to be used, which is essentially the relative approach.