大數據與物聯網時代的個人資料自主權

The Principle of Information Self-Determination in the Era of Big Data and IoT

隨著大數據分析與物聯網的興起，如何在各項資料蒐集時確實對當事人進行告知，並取得有意義的同意，實有相當難度，更直接挑戰了既有建立在「告知、同意」基礎上的個人資料自主控制機制。針對此一問題，國際上有主張應繼續維持現行個人資料保護的基本架構，並強化當事人自主；也有認為應另覓嶄新的資訊隱私保護途徑。站在這樣分歧的十字路口上，我國個人資料保護法未來該走向何方？值得探究。本文首先將從個人資料自主概念的發展及現今所遭遇的困境談起；其次介紹上述兩種不同的個人資料保護法制修正典範；最後提出本文的觀察與分析，作為臺灣未來在憲法或法律層次回應的參考。

With the rise of big data analytics and “Internet of Things (IoT),” it becomes more and more difficult to inform data subjects and obtain meaningful consent before collecting their data; it therefore, challenges the well-established concept of information self-determination, which is built on the basis of informed consent. To address this problem, two different approaches have been proposed internationally. One argues that we should reinforce information self-determination and keep the present personal data protection framework. The other advocates for a brand new use-based way to protect information privacy. As we face these two distinct paradigms, which one should our Personal Information Protection Act follow. This article starts with an overview of the development of information self-determination and the challenges it currently faces. The article then introduces the above-mentioned two data protection paradigms. At the end, this article will analyze the pros and cons of these two approaches, and provide suggestions as to how we could respond, both at the statutory and constitutional levels, to the data protection issues in the era of big data and IoT.