| 英文摘要 |
With the rapid development of the Internet of Things (IoT), individuals and various entities are tightly interconnected, breaking down the barriers of time and space and bringing a smart world within reach. However, as the IoT generates a vast amount of valuable data, it has led to six major risks in data protection: low-quality of data subject consent, lack of control over personal data, further processing of personal data other than that for which the personal data have been collected, over-relying on profiling based on IoT personal data which may diminish individual rights, reduced effectiveness of de-identification in protecting personal data, and information security. In the fervor surrounding these issues, it is worth exploring whether existing regulations on personal data protection and security are sufficient to address these challenges. This paper, based on Taiwan’s Personal Data Protection Act and the Cyber Security Management Act, compares regulations such as the General Data Protection Regulation (GDPR) and Proposal of the ePrivacy Regulation. The aim is to explore how Taiwan and the EU respond challenges brought about by the IoT. The paper finds several shortcomings in the current Taiwan’s regulations. Based on foreign experiences, this thesis suggests that in the future, legislators could amend the provisions on notice and consent, review the rights of the data subject, add the provisions on compatible use and profiling to Personal Data Protection Act, define de-identification clearly, establish a security and maintenance plan for the protection of personal data files and address IoT privacy issues from a risk management perspective. All suggestions aim to strengthen Taiwan’s legal framework for personal data protection in the era of the IoT. |
本站僅提供期刊文獻檢索。
