中文摘要 |
2020年底,由Scherms擔任榮譽主席的歐洲數位人權中心(None of Your Business, NOYB)分別於德國及西班牙向其個資保護專責主管機關對於Apple提出違反電子通訊隱私指令(ePrivacy Directive, ePD)之申訴,指控該公司在iPhone上操作廣告識別碼(Identifier for Advertising, IDFA)的行為觸犯了前述國家的個資保護規範,開啟了歐洲新一輪對於巨型跨國業者之隱私權與數位通訊傳播管制戰役。 在這新一輪的隱私權戰役中,本文認為其中最為關鍵之點已然不僅是對於一般個人資料保護之爭議,而毋寧是更加地聚焦在數位通訊傳播此一特別新興領域之個資保護面向的管制問題,尤其是利用個資而為個人化廣告與未經請求之廣告此二爭議上。準此,本文認為我國應當考慮在電子通傳之領域制定特別之個資保護規範以求保障個資當事人之法益,而使得現代個資控制人在對於個資加值應用而獲取商業上利益之時能有所依循。 至於在利用個資以電子通傳方式投放直銷廣告問題上,本文認為個資控制人應盡量滿足個資法第20條列舉之情況,尤其是獲得個資當事人事前明確同意時,方得准許為目的外利用之行銷。如若資料控管者最初是以同意作為蒐集個資的基礎,則通常第三方間接蒐集個資的資料控管人需要再次獲得個資當事人之同意,以確保資料控管者的新處理合於公正、合法原則。 又,雖然我國2017年數位通訊傳播法草案有相關之規定,惟其立法目的與體系上仍有疑惑之處,本文認為數位通訊傳播法草案此處之揭露未經請求來電者資訊義務,不適用個資保護法理而不具同質性,因此不應該將數位通訊傳播法草案視為電子通傳領域之個資保護之特別法而優先於個資法適用,故未經請求之數位通訊傳播直銷仍須回歸個資法,須先經個資當事人同意。 |
英文摘要 |
At the end of 2020, the None of Your Business (NOYB), under the honorary chairmanship of Scherms, filed a complaint against Apple for violations of the ePrivacy Directive (ePD) in Germany and Spain. Accusing the company of operating the Identifier for Advertising (IDFA) on the iPhone in violation of the personal data protection regulations of the aforementioned countries, and opened the third round of the European electronic communication battle in relation to privacy against giant multinational companies. This article believes that the most critical point is not only the dispute over the protection of personal data in general, but rather focus more on the regulation of personal data protection in this particular emerging field of electronic communication, in particularly the disputes regarding using personal data for personalized advertising and unsolicited advertising. In this regard, this article suggests that Taiwan should consider formulating special personal data protection regulations in the field of electronic communication in order to protect the legal interests of data subjects, so that data controllers can obtain commercial benefits for the value-added applications of personal data. In terms of the issue of applying personal data on direct marketing through electronic communication, this article suggests that data controllers should try their best to meet the conditions listed in Article 20 of the Personal Data Protection Law, especially when they have obtained the prior explicit consent of the personal information parties. In addition, although the Digital Communications Act (draft) has relevant provisions, the draft should not be regarded as a special law regarding data protection in the field of electronic communication. |