AI輔助企業管理──AI決策之法律責任探討

AI-assisted Enterprise Management—The Legal Liability of AI Decision-Making

人工智慧是近年最受歡迎的議題之一，除了應用在創作、自動駕駛，讓人們生活更便利外，在企業使用人工智慧系統更大幅提供企業管理的效率。使用人工智慧輔助企業經營固然效率大幅提升，惟人工智慧分析所需取得相關資料、所做決策亦可能失敗造成企業或股東甚至第三人損害，此情形在我國尚未有人工智慧專法下如何適用民法損害賠償制度，既能保障使用者、第三人，也不至阻礙人工智能的發展。又公司董事對AI輔助作成的決策，是否仍須依公司法負受任人義務責任？我國對於資料的蒐集目前僅有個人資料維護法規範，個人資料保護法為1995年訂定，最後一次修正雖為2023年，然該次修正僅就主管機關、罰鍰部分修正，並未因人智慧技術造成的影響，對資料取得與保護為修正，本文參考歐盟一般資料保護規則（General Data Protection Regulation, GDPR；歐盟法規編號：(EU) 2016/679）給予我國個人資料保護法修改及適用的建議。

Artificial intelligence has been one of the most popular topics in recent years. In addition to being applied in creation and autonomous driving to make people’s lives more convenient, the use of artificial intelligence systems in enterprises can greatly improve the efficiency of enterprise management. Although the efficiency of using artificial intelligence to assist business operations has been greatly improved, the relevant information required for artificial intelligence analysis and the decisions made may also fail, causing damage to the company or shareholders or even third parties. How can this situation be applied when there is no specific artificial intelligence law in Taiwan? How to use the civil law damage compensation system to protect users and third parties, and not hinder the development of artificial intelligence? Also, do company directors still have to bear fiduciary duties in accordance with company law for decisions made with AI assistance? The collection of data in Taiwan is currently only regulated by the Personal Data Protection Act. The Personal Data Protection Act was enacted in 1995. Although the last amendment was in 2023, the amendment only amended the competent authorities and fines, and didn’t care about AI has been revised on data acquisition and protection. This article refers to the EU General Data Protection Regulation (GDPR; EU Regulation Number: (EU) 2016/679) to modify and apply Taiwan’s personal data protection law.