賦予當事人個人資料財產權地位之優勢與侷限：以美國法為中心

The Strengths and Weaknesses for Granting Property Rights in Personal Information to Data Subjects: Focusing on the U.S. Laws

因科技發展，個人資料輕易被大量蒐集、運用、甚至交易，乃易遭濫用。美國學者因此主張，應賦予個資「財產權」地位，而全面賦予當事人對於各種類型個資之「控制權」。賦予個資財產權地位，當事人得評估是否、何時、對誰揭露或分享其何種個資，而平等參與個資供需交易的運作，且可避免資料蒐集者未支付對價的「搭便車」行為，以減緩個資遭濫用。惟賦予個資財產權地位，卻也引起各種質疑。尤其，個資固有財產利益之面向，但亦有精神利益之面向，不應將涉及當事人人性尊嚴與人格發展的個資因出售或授權使用而永久喪失控制權。當事人擁有其個資上之財產權之主張，可能為一種迷思。美國雖有極少數州立法將個資中之「基因資訊」界定為當事人之財產權，但其適用範圍卻僅侷限於保險用途。相反地，美國法院則認定，當事人對於其個資並無財產權；而包括客戶名單等個資在內之「資料庫」，法院卻認定，乃業者之營業秘密及財產。因賦予個資財產權地位之可行性堪慮，乃有呼籲美國應採行歐盟立法模式，而全面賦予當事人對於各種類型個資之控制權。而在臺灣，個資法既已全面賦予當事人對於各種類型個資之控制權，故縱未另賦予個資財產權地位，惟其理論主張與實務運作，仍有值得臺灣借鏡之處。

A large amount of personal information is easily collected, processed, used, shared, and even transacted as a result of technological progress. However, it leads to a threat to consumer privacy. Therefore, some American scholars proposed that property rights in personal information should be granted to individuals to bargain over which personal information to disclose to whom for what purposes. However, since such a proposal to grant property rights in personal information to individuals face many challenges, it is doubtful about its feasibility. In particular, a crucial disparity takes place between the traditional property law supporting free alienability and personal information protection requiring inalienability to protect human dignity and personhood. It is likely a myth that a data subject owns personal information about himself/herself. Although there are very few state statutes in the Unites States defining genetic information as an unique property or exclusive property owned by a data subject, its applicable scope is limited to be used only for the insurance purpose. However, the U.S. courts ruled that property rights in personal information are not owned by data subjects and, instead, that databases, including customer lists and personal information, are trade secrets and properties owned by data collectors. As the feasibility to grant property rights in personal information to individuals is doubtful, there is an advocate that the U.S. should adopt European Union legislation model to comprehensively grant control to individuals to lessen the misuse of personal information. In contrast, Taiwan has passed the Personal Information Protection Act so that data subjects can have comprehensive control over the use of their personal information. Therefore, although it is not necessary to grant property rights in personal information to individuals, Taiwan can still learn from the theories and adjudications relating to the propertization of personal information to avoid the invasion of privacy.