| 中文摘要 |
歐盟一般資料保護規則(General Data Protection Regulation, GDPR)取代過往95指令,其目的主要係強化大數據時代下數據主體權利,賦予其知情權、接近使用權、更正權、被遺忘權、限制處理權、資料可攜權、拒絕權與自動化決策限制權等八項權利,並課與數據控管者告知、採取安全措施、通知與遵法等義務。GDPR為目前世界最為嚴苛的數據保護法並設有廣泛的域外效力,在GDPR生效後世界各國數據保護相關法律規範亦隨之革新,我國為取得歐盟適足性(adequacy decision)認定,個人資料保護法以GDPR為修法方向。我國個資法以課與數據控管者義務為主,就數據主體權利幾乎僅規定於第3條與第11條,且未將各項權利可行使情形明確區分。本文就GDPR與個資法之數據主體權利、數據控管者義務與跨境傳輸等規範進行比較後,針對個資法不足之處提出修法建議。
隨著科技發展,世界各國愈來愈重視個人資料保護,大數據帶來數據紅利的同時亦侵害數據主體,故本文主張透過建構完整的數據賦權制度使數據主體避免侵害或受到侵害時得以主張權利。除比較GDPR規定外,將《歐洲數據戰略》(European Data Strategy)、《資料治理規則》(Data Governance Act)草案及《電子隱私條例》(ePrivacy Regulation, ePR)草案重點納入討論並羅列可資參考部分,本文認為數據權財產化與衍生數據保護乃為將來數據保護規範趨勢,故亦探討數據權性質之轉變、數據財產化權利以及衍生數據之權利,提出完整建構數據賦權制度之建議,以完善數據保護規範。 |
| 英文摘要 |
The EU General Data Protection Regulation (GDPR) replaces the Directive 95/46/EC, and its main purpose is to strengthen the rights of data subjects in the era of big data. GDPR empowers data subjects eight rights, including right to know, right to access, right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object and right to free from automated individual decisionmaking, and gives the obligations such as informing, adoption of secure measures, notification and compliance with regulations to data controllers. GDPR is the most rigorous law of data protection in the world currently and has extensive extraterritorial effects. After the GDPR came into effect, relevant laws and regulations on data protection in various countries in the world have also been amended. In order to obtain the adequacy decision of the European Union, Taiwanese personal data protection takes GDPR as the revision direction. Taiwanese personal data protection focuses on the obligation of data controllers, and the rights of data subjects are almost only stipulated in Articles 3 and 11, and there is no clear distinction between the circumstances in which the rights can be exercised. In this paper, comparing the rights of data subjects, the obligation of data controllers and cross-border transmission between the GDPR and Taiwanese personal data protection to propose amendments for Taiwanese personal data protection.
With the development of science and technology, countries around the world pay more and more attention to the protection of personal data. Big data brings data dividends and infringes on the data subject simultaneously. Therefore, this paper advocates that through the construction of a complete data empowerment system, the data subject can avoid infringement or claim their rights. In addition to comparing GDPR regulations, the European Data Strategy, the draft Data Governance Act, and the draft ePrivacy Regulation (ePR) will be discussed and listed key points for reference. This paper considers that the propertyization of data rights and data exhaust are the trend of data protection norms in the future, so discussing about the nature changing of data rights, data property rights and the rights of data exhaust in order to propose suggestions to construct data empowerment system completely draft ePrivacy Regulation (ePR) will be discussed and listed key points for reference. |
本站僅提供期刊文獻檢索。
