因應物聯網發展資料保護法制的革新──歐盟法制的發展與啟示

Legislative Reform of Data Protection in the Age of Internet of Things: A Perspective of European Union

大數據應用以及被稱作物聯網（Internet of Things, IoT）的物件間通訊科技（machine to machine, M2M）已對社會各個公私部門帶來革命性的變化。哈佛商學院講座教授Michael Porter指出，物聯網讓產品賦予新興功能、更具信賴以及更高效率利用，同時也改變產品本身的性質，這種破壞性價值鏈與新型態的產品已然重塑產業的結構，市場競爭的本質也產生了變化3。

The Internet of Things (IoT) has enabled the function of data collecting, processing, exchanging and distributing more frequent and the data controller authorizes the IoT system to decide those activities is unavoidable. The data subject cannot freely control his or her personal data, and thus many countries concern the protection of privacy. The European Union (EU) takes stances on adopting proper rules of technology neutral and flexibility and respecting the open Internet. In April 2016 the European Council and Parliament passed the General Data Protection Regulation (GDPR), which comprises the compulsory notice, automated individual decision-making, privacy by design and significant measures to improve user rights including the right to be forgotten and right to data portability. This paper elaborates three questions on layered data protection, privacy impact assessment and reliable notice and consent, and agrees with the GDPR, which not only has broadened current goals of data protection but also focuses on the choice and control held by individuals. In the age of vigorous and flourishing IoT, the paper argues that enterprises should take the opportunities to build up a reliable digital relationship with their customers.