社群行銷所涉之資料共同控管者責任──以歐盟規範為中心

Responsibility of Joint Controller on Social Media Marketing- a perspective from EU regulations

近年來社群媒體已深入大眾日常生活，人們透過社群媒體與他人溝通交流，取得最新資訊或消費購物。而社群媒體也以勢不可擋之姿，在網路世界中突破地域限制地快速成長，並不斷推出各種個人化及適性化服務。然而，社群媒體之所以能夠提供適性化服務，很多時候是基於大量蒐集分析用戶的個人資料。為有效管理社群媒體的個人資料蒐集、處理與利用情況，歐盟近年來陸續透過官方文件解釋，擴大資料控管者及資料共同控管者範圍，賦予社群媒體及其平台上的商業使用者，更明確的個資保護責任。本文藉由爬梳近年來歐盟個資法相關文件，嘗試釐清透過社群媒體行銷者，被賦予個資保護責任及相關立論。提供此議題上的歐盟法制趨勢觀察，及目前可能的因應之道。

"In recent years, social media have penetrated into our daily lives. People communicate with others, obtain the latest information, and even make purchases through social media. With an unstoppable posture, social media break through geographical restrictions and grow rapidly in the online world through various personalized services. Behind the scene of such an undeniable service is the collection and analysis of a large number of users' personal information. In order to effectively regulate the use of personal data on social media, in recent years, the EU has broaden the scope of personal data controller and given social media and its commercial users a clearer responsibility for personal data protection. This article scrutinizes the relevant document of EU personal data protection laws trying to clarify whether those who use the marketing services provided by social media will fall into the scope of data controller or joint controller under EU personal data protection laws. The article aims to provide observations on the trends of EU policies on this issue and to provide possible solutions."