面部自動辨識監控系統與個資保護問題研究──Bridges案之啟示

Research on Automated Facial Recognition Technology System and Personal Data Protection: Lessons from Bridges v CCSWP and SSHD

本文探索自動面部識別技術（Automated Facial Recognition technology, AFR）作為政府監控所可能發生之個資保護爭議，並以世界首例之英國Bridges v CCSWP and SSHD案判決為起點，分析我國推動AFR於打擊犯罪防止等目的時，所須滿足之個資保護要件與實際治理策略。本文研究之問題依序為：Bridges案所能帶來的啟發為何？AFR在個資保護法制架構的概念上，所引起之爭點為何？又應當如何應對？本文認為思考任何以科技方式治理決策時，無論是十餘年前全民指紋錄存釋憲案，乃至大規模AFR，於進行系爭權利辨識以及衡平之前，都應先考量降低權利間競合之風險。如就資料治理言，當政府要將人民對其基於民主之相互信任關係移轉至由自動化系統或人工智慧進行決策時，因為難以具體地對於該等非人類決策進行課責，因此若期待重塑整體資料治理之信任基礎，本文認為更需要有個資權利在法制、程序以及組織上之強化保護與作為。

This article aims to explore possible personal data protection disputes in relation to the governmental application of the Automated Facial Recognition technology (AFR) in large-scale surveillance. To deal with this, the essay takes the world’s first relevant case Bridges v CCSWP and SSHD decision of the UK as a departing point to analyze the requirements and actual implementation of legal governance strategies in the data protection regime when Taiwan promotes the application of AFR to the government’s anti-crime prevention and other purposes.With this in mind, the issues studied in this article are as follows: First, what inspiration can the Bridges case bring? Secondly, what are the disputes caused by AFR in the concept of the legal framework for personal data protection? How should we respond? This article believes that when thinking about any decision-making by scientific and technological methods, it is necessary to adopt certain methods to reduce the risk of competing rights BEFORE balancing the competing rights. Moreover, when government agencies want to transfer the people’s trust relationship based on democratic procedures, even if the transferred objects are non-humans such as automated systems or AI, they still transform the trust relationship. In this regard, there is a need for stronger consolidation and supervision of the legal system, procedures, as well as an appropriate institutional framework.