Please use this identifier to cite or link to this item: https://ah.nccu.edu.tw/handle/140.119/137301


Title: 大數據分析對個人資料保護法制之衝擊 —以個人資料保護影響評估制度為中心
The Impact of Big Data Analysis Technology on the Data Protection Law Focusing on the Data Protection Impact Assessment
Authors: 林芯瑜
Lin, Chin-Yu
Contributors: 劉定基
Liu, Ting-Chi
林芯瑜
Lin, Chin-Yu
Keywords: 資料保護影響評估
隱私影響評估
大數據
告知後同意
行政管制
風險評估
個人資料保護
新冠肺炎
Data Protection Impact Assessment
Privacy Impact Assessment
Big data
Informed consent
Risk assessment
Personal data protection
Big data analysis technology
Covid-19
Date: 2021
Issue Date: 2021-10-01 10:07:16 (UTC+8)
Abstract: 大數據資料處理技術的研發與應用如同蘊含無限可能與想像的藍海,相關應用著實為當代社會帶來諸多的方便與創新,因而造就政府乃至企業對於大數據資料分析趨之若鶩的景象;然這項轉變卻也悄悄衝擊傳統個人資料保護法制設計的前提假設,使其日漸喪失掌控危險與風險的有效地位,故而有必要探尋個人資料保護領域的新規範模式。
面對大數據資料處理技術對於個人資料保護領域造成的震盪,各國(或地區)政府與學者分別對於個人資料保護領域的新規範模式該如何設計提出不同的構想,綜觀實務與學說的發展可以發現資料保護影響評估制度具有承上啟下的作用,在個人資料保護法制未來發展上亦位居關鍵要角,因此有必要就資料保護影響評估在制度設計及具體落實層面進行詳細介紹。
本文選擇歐盟GDPR、英國DPA以及美國電子政府法下的資料保護/隱私影響評估制度作為主要觀察的對象,並選擇兩份於歐盟與英國針對和新冠肺炎相關的資料處理程序所做成的資料保護影響評估進行詳細觀察,整理新型態的規範模式如何解決傳統告知後同意模式所遭逢的困境。最後回歸我國法,參考先前對於歐盟、英國以及美國資料保護/隱私影響評估法制以及實踐層面的討論,提出我國未來規劃個人資料保護影響評估制度的建議。
The development and application of big data analysis technology is like a blue ocean of infinite imagination and possibilities. Related applications of big data analysis have brought many conveniences and innovations to our society, and both government and enterprises are eager to harness the benefits of the technology. This change, however, has also impacted the longstanding design and basic principles of personal data protection laws, which are gradually losing their effectiveness in protecting individuals’ rights and controlling risks. There is thus a need to explore new norms of personal data protection laws.
In the face of the turbulence created by big data analysis technology on personal data protection laws, governments and scholars of various countries (or regions) have put forward different ideas on how to design new norms. When we look at the current developments of relevant practices and doctrines, it can be found that Data Protection Impact Assessments (DPIAs) have allowed a relatively smooth transition from the traditional regimes to the new ones, and will play a crucial role in future data protection laws. It is therefore necessary to look deeper into the design and implementation of DPIAs.
This study will focus on the DPIAs/PIAs under the EU GDPR, the UK DPA and the US Electronic Government Act, and follow with a close examination on two DPIAs conducted respectively in the EU, and the UK regarding data processing related to Covid-19. Finally, the study will return to domestic law. By reference to previous discussions on the legal and practical aspects of DPIAs/PIAs in the EU, the UK and the US, this study will offer advice on the future establishment of DPIA in Taiwan.
Reference: 一、中文文獻
(一) 專書
王泰銓 (1997),歐洲共同體法總論,臺灣:三民。
吳庚 (2004),憲法的解釋與適用,3版,臺北:自版。
李惠宗 (2019),憲法要義,8版,臺灣:元照。
李震山 (2005),多元、寬容與人權保障—以憲法未列舉權之保障為中心,臺灣:元照。
李震山 (2020),人性尊嚴與人權保障,5版,臺北:元照。
林紀東 (1985),法學緒論,7版,臺北:五南。
法治斌、董保城 (2020),憲法新論,增訂7版,臺灣:元照。
施茂林、宋明哲、宋峻杰、陳維鈞 (2016),法律風險管理:理論與案例,臺灣:五南。

(二) 專書論文
杜韋摯 (2021),英國健康資料研究利用與退出權制度分析,收於:陳鋕雄編,智慧醫療與法律,頁229-250,臺灣:翰蘆。
魯貴顯、李尚仁 (2011),科技未來性與風險,收於:周桂田編,人文與社會講座(三)現代科技明文的反思—科技、風險與社會,台灣:國立台灣大學國家發展研究所。
蕭文生 (2020),關於「一九八三年人口普查法」之判決,收於:司法院編,西德聯邦憲法法院裁判選輯(一),頁270-326,臺北:司法院。

(三) 期刊論文
王文宇 (2001),金融控股公司法制之研究,國立臺灣大學法學論叢,第30卷第3期,頁49-184。
何之行、廖貞 (2020),AI個資爭議在英國與歐盟之經驗─以Google DeepMind一案為例,月旦法學雜誌,第302期,頁127-156。
吳旻純 (2020),淺談類細胞簡訊與細胞廣播之應用,清流雙月刊,第28期,頁45-49。
李建良、王毓正、林木興、林昱梅、張譽尹、傅玲靜、闕銘富 (2019),「環境影響評估法草案的評估」座談會,月旦法學雜誌,第289期,頁200-227。
李震山 (2004),「電腦處理個人資料保護法」之回顧與前瞻,國立中正大學法學集刊,第14期,頁35-82。
周桂田 (1998),現代性與風險社會,臺灣社會學刊,第21期,頁89-129。
林士淳 (2019),大數據分析下犯罪預測機制之展望—以歐盟立法例為借鏡,全國律師,第23:10期,頁7-15。
林利芝 (2017),從美國最高法院 United States v. Jones 案分析美國政府運用 GPS 定位追蹤器探知個人位置資訊之適法性,月旦法學雜誌,第272期,頁177-188。
林玫君 (2018),大數據時代的個人資料保護,興大法學,第24期,頁1-45。
邱太三、朱家崎、林鈺雄、蔡旻峰、林志潔、陳瑞仁、張天一、林佳和、李聖傑、陳重言 (2018),吹哨者保護法法制(一),月旦刑事法評論,第8期,頁81-110。
邱文聰 (2009),從資訊自決與資訊隱私的概念區分-評「電腦處理個人資料保護法修正草案」的結構性問題,月旦法學雜誌,第168期,頁172-189。
邱文聰、吳全峰、劉靜怡、劉定基、翁逸泓 (2021),科技防疫與個人資料保護(上), 月旦裁判時報,第106期,頁85-102。
洪士茗 (2014),以擔保國家理論檢視我國民間參與公共建設之強制接管法制,全國律師,第18:6期,頁71-86。
洪子洵 (2013),外國法與我國健保資訊應用之比較--以美國醫療保險可攜性及責任法(HIPAA)為鑑,醫事法學,第20卷第2期,頁28-45。
洪子偉 (2020),淺論AI風險預測的規範性爭議,歐美研究,第50卷第2期,頁207-229。
范姜真媺 (2014),日本個人編號法對我國之借鏡──以個人資料保護監督機制之建立為主,東吳法律學報,第26卷第2期,頁1-33。
范姜真媺 (2017),大數據時代下個人資料範圍之再檢討—以日本為借鏡,東吳法律學報,第29卷第2期,頁1-38。
范姜真媺 (2018),日本次世代醫療基盤法之簡介,月旦醫事法報告,第24期,頁44-56。
范姜真媺 (2020),匿名加工資料制度之創設—因應大數據時代日本個人資料保護法之新進展,東海大學法學研究,第59期,頁1-54。
宮文祥 (2017),食安風險規範的基本說明──以行政管制為核心,月旦醫事法報告,第6期,頁32-45。
翁逸泓 (2019),資訊委員的時代角色──以GDPR及英國2018年資料保護法為中心,月旦法學雜誌,第286期,頁32-50。
張陳弘 (2018),美國聯邦憲法增修條文第4條 搜索令狀原則的新發展:以Jones, Jardines & Grady案為例,歐美研究,第48卷第2期,頁267-332。
張陳弘 (2021),科技智慧防疫與個人資料保護:陌生但關鍵的資料保護影響評估程序,國立臺灣大學法學論叢,第50卷第2期,頁337-400。
張燕平 (2016),美英兩國吹哨者法規制度與實務運作之介紹,證券服務,第654期,頁28-40。
陳忠五 (2020),重新思考身體健康權──RCA毒物污染事件引發的疑慮,月旦法學雜誌,第306期,頁6-28。
陳柏良 (2020),AI時代之分裂社會與民主──以美國法之表意自由與觀念市場自由競爭理論為中心,月旦法學雜誌,第302期,頁109-126。
陳起行 (2000),資訊隱私權法理探討—以美國法為中心,政大法學評論,第64期,頁297-341。
傅玲靜 (2015),都市計畫與環境影響評估──以臺北市內湖保護區之都市計畫變更為例,月旦法學雜誌,第243期,頁71-85。
湯德宗 (2000),之三:論違反行政程序的法律效果,月旦法學雜誌,第57期,頁141-159。
程明修 (2009),行政法上之風險評估與管理,台灣法學雜誌,第142期,頁102-118。
黃正中 (2005),漫談全球定位系統,國研科技,第7期,頁51-56。
黃銘輝 (2019),假新聞、社群媒體與網路時代的言論自由,月旦法學雜誌,第292期,頁5-29。
楊智傑 (2014),美國醫療資訊保護法規之初探:以HIPAA/HITECH之隱私規則與資安規則為中心,軍法專刊,第60卷第5期,頁79-116。
臧正運 (2021),金融科技法制與監理變革的形塑力量與關鍵趨勢,萬國法律,第236期,頁2-10。
劉定基 (2009),欺罔與不公平資訊行為之規範─以美國聯邦交易委員會的管制案例為中心,公平交易季刊,第17卷第4期,頁57-91。
劉定基 (2017),大數據與物聯網時代的個人資料自主權,憲政時代,第42卷第3期,頁265-308。
劉定基 (2020),第三人近用法庭卷證資料權利與個人資料保護的調和,國立臺灣大學法學論叢,第49卷第3期,頁881-928。
劉靜怡 (2019),淺談GDPR的國際衝擊及其可能因應之道,月旦法學雜誌,第286期,頁5-31。
劉靜怡 (2020),資訊法律的過去、現在與未來,月旦法學雜誌,第300期,頁213-222。
蔡宗珍 (1999),現代憲法論第三單元:人性尊嚴之保障作為憲法基本原則,月旦法學雜誌,第45期,頁99-102。
蔡維音 (1992),德國基本法第一條「人性尊嚴」規定之探討,憲政時代,第18卷第1期,頁36-48。
簡宏偉、吳麗芬、洪振耀、劉倢旻、吳卓葳、林瑜 (2020),大數據運用與隱私保護--手機定位資訊於防疫應用之法律問題研析,國土及公共治理,第31期,頁64-75。
羅紀瓊、尤素娟 (1993),柯林頓政府之醫療改革方案,醫院雜誌,第26卷第5期,頁268-275。
蘇永欽 (2019),立法不溯既往的憲法界線──真正和非真正溯及概念的釐清,月旦法學雜誌,第284期,頁5-22。

(四) 碩博士論文
王憶萍 (2011),風險溝通與審議式民主的連結─以「核廢何從電視公民討論會」為例,國立政治大學法律學系碩士學位論文。
吳瓊佩 (2013),我國銀行法令遵循制度之研究,國立政治大學法律科際整合研究所碩士學位論文。
杜韋摯 (2019),論我國醫療資訊當事人退出權之建構-以英國制度為典型,臺北醫學大學醫療暨生物科技法律研究所學位論文。
沈允暉 (2008),裁判書公開與個人隱私之探討,東吳大學法律學系碩士論文。
林家暘 (2010),擔保國家概念下的電信普及服務,國立台北大學法律學系碩士論文。
邱明慈 (2016),論行政法上之預防原則,東吳大學法學院法律學系碩士學位論文。
許登科 (2008),德國擔保國家理論為基礎之公私協力(ÖPP)法制-對我國促參法之啓示,國立臺灣大學法律學研究所博士論文。
陳妍沂 (2008),美國財務資訊隱私權保護規定之研究,國立政治大學法學院研究所碩士學位論文。
陳碧玉 (2014),風險預防下交通部門憲法到道路交通行政法的探討,國立成功大學法律學系博士論文。
游璿樺 (2012),從生物辨識應用探討隱私權之保護,國立政治大學法學院碩士在職專班學位論文。
賴怡雯 (2009),行政法上狀態責任之研究──以建築法為例,國立政治大學法學院碩士班學位論文。

(五) 研討會論文
李寧修 (2020),從憲法觀點談數位時代政府資訊公開與個人資料保護之衝突與衡平,司法院大法官109年度學術研討會-科技、風險與人權保障,司法院,2020年12月5日。
賴恆盈 (2016),風險社會之行政管制課題序說,105年直轄市法治及行政救濟研討會,台北市政府法務局主辦,2016年6月30日。

(六) 政府相關文書、報告
中央研究院法律學研究所資訊法中心 (2020),數位時代下的國民身分證與身分識別政策建議書,網址:https://www.iias.sinica.edu.tw/news_post/1187/34。
立法院 (2020),立法院第10屆第2會期第4次會議議案關係文書,「個人資料保護法部分條文修正草案」,網址:https://lis.ly.gov.tw/lygazettec/mtcdoc?PD100204:LCEWA01_100204_00037。
行政院內政部 (2019),新一代國民身分證換發規劃案規劃成果重點報告,網址:https://www.ris.gov.tw/app/portal/789。
行政院衛生福利部 (2020),將「入境檢疫系統」結合「電子圍籬智慧監控系統」,透過手機定位掌握行蹤,網址:https://covid19.mohw.gov.tw/ch/cp-4822-53498-205.html。
財政部國庫署 (2016),菸酒事業個人資料檔案安全維護計畫範本,網址:https://www.nta.gov.tw/singlehtml/482?cntId=nta_8179_482。
國家發展委員會 (2017),歐盟「個人資料保護規則」導讀,網址:https://www.ndc.gov.tw/Content_List.aspx?n=F417F294CBF7FFF3。
國家發展委員會 (2020),「韓國個人資料保護法制因應 GDPR 施行之調適」委託研究計畫結案報告,網址:https://ws.ndc.gov.tw/Download.ashx?u=LzAwMS9hZG1pbmlzdHJhdG9yLzEwL3JlbGZpbGUvNTc0NC8zNDQ1OC8wZmQxYzkwZi1kMjk0LTRjOTgtYjE0ZC04ZDMzZjI0MDRkOTQucGRm&n=6Z%2BT5ZyL5YCL5Lq66LOH5paZ5L%2Bd6K235rOV5Yi25Zug5oeJR0RQUuaWveihjOS5i%2Biqv%2BmBqV%2FntZDmoYjloLHlkYoucGRm&icon=..pdf。
經濟部法規委員會 (2020),經濟部個人資料保護作業手冊,網址:https://www.moea.gov.tw/MNS/colr/content/SubMenu.aspx?menu_id=7783。

(七) 翻譯著作
Cathy O’Neil 著,許瑞宋譯 (2019),大數據的傲慢與偏見:一個「圈內數學家」對演算法霸權的警告與揭發,臺灣:大寫。〔Cathy O'Neil. 2016. Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy. New York: Broadway Books.〕

(八) 網路資料
王允翬 (2020),在全民健保之外──各國健康照護制度簡介(二),陽明醫聲,第21期,網址:https://ymmedmagazine.blogspot.com/2015/04/blog-post_92.html。
台灣人權促進會 (2019),台權會針對個人資料保護法的修法建議(國發會公聽會發言單),網址:https://www.tahr.org.tw/news/2486。
吳奕靖 (2020),夫收「細胞簡訊」被妻趕出門…吵架整夜睡不著 醫轟:亂槍打鳥造成恐慌,Ettoday新聞雲,網址:https://www.ettoday.net/news/20200421/1696898.htm。
劉致昕 (2020),專訪前「劍橋分析」業務總監:只要臉書的生意繼續,民主就有危機,報導者,網址:https://www.twreporter.org/a/information-warfare-business-interview-cambridge-analytica-brittany-kaiser.。

二、外文文獻
(一) 專書
Ari Ezra Waldman. 2018. Privacy as Trust Information Privacy for an Information Age. New York: Cambridge University Press.
Aldous Huxley. 2014. Brave new world. London: Vintage Books.
Cass R. Sunstein. 2018. #Republic: Divided Democracy in the Age of Social Media. New Jersey: Princeton University Press.
Cathy O'Neil. 2016. Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy. New York: Broadway Books.
Daniel Kahneman. 1973. Attention and Effort. New Jersey: Prentice Hall.
George Orwell. 2017. Nineteen Eighty-Four. New York: Houghton Mifflin Harcourt.
Jon Elster. 1998. Deliberative Democracy. New York: Cambridge University Press.
National Research Council. 1983. Risk Assessment in the Federal Government: Managing the Process. Washington (DC): National Academies Press.

(二) 專書論文
Fred H. Cate. 2006. The Failure of Fair Information Practice Principles. Pp.343-379 in Consumer Protection in the Age of the Information Economy, edited by Jane K. Winn. London: Routledge.
William Malcolm. 2017. Overseas or Cross-Border Transfers of Personal Data: Schrems, Brexit and the General Data Protection Regulation. Pp.143-167 in Guide to the General Data Protection Regulation: a companion to Data protection law and practice, edited by Rosemary Jay. London: Sweet & Maxwell.

(三) 期刊論文
Daniel J. Solove. 2002. Conceptualizing Privacy. California Law Review 90:1087-1155.
Daniel J. Solove. 2013. Privacy Self-Management and the Consent Dilemma. Harvard Law Review 126:1880-1903.
Daniel J. Solove. 2021. The Myth of the Privacy Paradox. George Washington Law Review 89:1-51.
David M. Parker., Steven G. Pine., and Zachary W. Ernst. 2019. Privacy and Informed Consent for Research in the Age of Big Data. Penn State Law Review 123:703-733.
Dennis D. Hirsch. 2020. From Individual Control to Social Protection: New Paradigms for Privacy Law In The Age of Predictive Analytics. Maryland Law Review 79(2):439-505.
Edward J. Janger, and Paul M. Schwartz. 2002. The Gramm-Leach-Bliley Act, Information Privacy, and the Limits of Default Rules. Minnesota Law Review 86:1219-1262.
Elizabeth Dubois, and Grant Blank. 2018. The echo chamber is overstated: the moderating effect of political interest and diverse media. Information, Communication & Society 21:729-745.
Helen Norton. 2019. Powerful Speakers and Their Listeners. University of Colorado Law Review 90:441-473.
Hiba Jasim Hadi., Ammar Hameed Shnain., Hiba Jasim Hadi., and Sarah Hadishaheed. 2015. Big Data and Five V’s Characteristics. International Journal of Advances in Electronics and Computer Science 2(1):16-23.
Jack M. Balkin. 2016. Information Fiduciaries and the First Amendment. University of California at Davis Law Review 49:1183-1234.
John S. Applegate. 2005. The Story of Reserve Mining: Managing Scientific Uncertainty in Environmental Regulation. Indiana Legal Studies Research Paper 16:1-43.
Julia M. Brooks. 2019. Drawing the Lines: Regulation of Automatic License Plate Readers in Virginia. Richmond Journal of Law & Technology 25:1-32.
Mark A. Geistfeld. 2017. A Roadmap for Autonomous Vehicles:State Tort Liability, Automobile Insurance, and Federal Safety Regulation. California Law Review 105:1611-1694.
Mark Peasley. 2019. It's Time for an American (Data Protection) Revolution, Akron Law Review 52:911-943.
Michael Birnhack. 2012. Reverse Engineering Informational Privacy Law. Yale Journal of Law and Technology 15:24-91.
Neil M. Richards, and Jonathan King. 2013. Three Paradoxes of Big Data. Stanford Law Review 66:41-46.
Niva Elkin-Koren, and Michal S. Gal. 2019. The Chilling Effect of Governance-by-Data on Data Markets. The University of Chicago Law Review 86:403-431.
Oliver Wendell Holmes. 1946. Learning and Science. North Carolina Law Review 24:102-103.
Omer Tene, and Jules Polonetsky. 2013. Big Data for All: Privacy and User Control in the Age of Analytics. Northwestern Journal of Technology and Intellectual Property 11(5):239-273.
Ragnar E. Lofstedt. 2011. Risk versus Hazard – How to Regulate in the 21st Century. European Journal of Risk Regulation 2:149-168.
Raphaël Gellert. 2015. Understanding Data Protection As Risk Regulation. Journal of Internet Law 18(11):3-15.
Rick Swedloff. 2014. Risk Classification's Big Data (R)evolution. Connecticut Insurance Law Journal 21:339-374.
Ronen Avraham, Kyle D. Logue, and Daniel Schwarcz. 2014. Understanding Insurance Antidiscrimination Laws. Southern California Law Review 87:195-274.
Ryan L. Garner. 2017. Evaluating Solutions to Cyber Attack Breaches of Health Data: How Enacting a Private Right of Action for Breach Victims Would Lower Costs. Indiana Health Law Review 14:127-171.
Samuel D. Warren., and Louis D. Brandeis. 1890. The Right to Privacy. Harvard Law Review 4:193-220.
Sandra Wachter, Brent Mittelstadt, and Chris Russell. 2018. Counterfactual Explanations without Opening the Black Box: Automated Decisions and the GDPR. Harvard Journal of Law & Technology 31:841-887.
Solon Barocas, and Andrew D. Selbst. 2016. Big Data's Disparate Impact. California Law Review 104:671-732.
Tim Wu. 2018. Is The First Amendment Obsolete? Michigan Law Review 117:547-581.
Wen-Ta Chiu, Ronald P. Laporte, and Jonathan Wu. 2020. Determinants of Taiwan’s Early Containment of COVID-19 Incidence. American Journal of Public Health 110:943-944.
Zohar Efroni, Jakob Metzger, Lena Mischau and Marie Schirmbeck. 2019. Privacy Icons: A Risk-Based Approach to Visualisation of Data Processing. European Data Protection Law Review 5(3):352-366.

(四) 國際組織文件和各國政府相關文書、報告
American Civil Liberties Union. 2012. Eight Problems With “Big Data” Available at https://www.aclu.org/blog/privacy-technology/surveillance-technologies/eight-problems-big-data
American Civil Liberties Union. 2014. Written Submission of the American Civil Liberties Union on Racial Disparities in Sentencing Hearing on Reports of Racism in the Justice System of the United States. Available at https://www.aclu.org/sites/default/files/assets/141027_iachr_racial_disparities_aclu_submission_0.pdf
Article 29 Data Protection Working Party. 2017. Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01) Available at https://ec.europa.eu/newsroom/article29/items/611236
Article 29 Data Protection Working Party. 2017. Guidelines on Data Protection Officers (‘DPOs’) Available at https://ec.europa.eu/newsroom/article29/items/612048
Cabinet Office, National security and intelligence, and Government Security Profession. 2018. Guidance on the IAO Role. Available at https://www.gov.uk/government/publications/information-asset-owner-role-guidance
Department of Homeland Security. 2017. Privacy Impact Assessment for the United States - Mexico Entry/Exit Data Sharing Initiative. Available at https://www.dhs.gov/sites/default/files/publications/privacy-pia-cbp-usmexicoentryexitdatasharinginitiative-december2017.pdf.
European Commission. 2020. Data protection as a pillar of citizens’ empowerment and the EU’s approach to the digital transition - two years of application of the General Data Protection Regulation. Available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52020DC0264&from=EN
European Commission. 2021. Proposal for a Regulation of the European Parliament and the Council laying down requirements for Artificial Intelligence. Available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52021PC0206
European Data Protection Board. 2018. THE EUROPEAN DATA PROTECTION BOARD. Available at https://edpb.europa.eu/sites/default/files/files/news/endorsement_of_wp29_documents_en_0.pdf
European Data Protection Board. 2019. Opinion 6/2019 on the draft list of the competent supervisory authority of Spain regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) Available at https://edpb.europa.eu/sites/default/files/files/file1/201906_edpb_art.64_es_sas_dpia_list_en_0.pdf
European Data Protection Board. 2020. Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0. Available at https://edpb.europa.eu/sites/default/files/files/file1/edpb_guidelines_201904_dataprotection_by_design_and_by_default_v2.0_en.pdf
European Data Protection Board. 2021. EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). Available at https://edpb.europa.eu/our-work-tools/our-documents/edpbedps-joint-opinion/edpb-edps-joint-opinion-52021-proposal_en
Information Commissioner's Office. 2021. Data Protection by Design and Default. Available at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-by-design-and-default/#dpd9
Information Commissioner's Office. 2021. Data Protection Impact Assessments (DPIAs) Available at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/data-protection-impact-assessments-dpias/
Information Commissioner's Office. 2021. Do we need to consult the ICO? Available at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/data-protection-impact-assessments-dpias/do-we-need-to-consult-the-ico/
Information Commissioner's Office. 2021. Examples of processing ‘likely to result in high risk’ Available at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/data-protection-impact-assessments-dpias/examples-of-processing-likely-to-result-in-high-risk/
Information Commissioner's Office. 2021. How do we do a DPIA? Available at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/data-protection-impact-assessments-dpias/how-do-we-do-a-dpia/#how6
Information Commissioner's Office. 2021. How do we do a DPIA? Available at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/data-protection-impact-assessments-dpias/how-do-we-do-a-dpia/
Information Commissioner's Office. 2021. Relationship with the Department for Digital, Culture Media and Sport. Available at https://ico.org.uk/about-the-ico/who-we-are/relationship-with-the-dcms/
Information Commissioner's Office. 2021. What are ‘controllers’ and ‘processors’? Available at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/controllers-and-processors/what-are-controllers-and-processors/
Information Commissioner's Office. 2021. When do we need to do a DPIA? Available at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/data-protection-impact-assessments-dpias/when-do-we-need-to-do-a-dpia/#when1
Juvenile Justice Information System Steering Committee. 2018. Data & Evaluation Report 12-Month Recidivism. Available at https://www.oregon.gov/oya/jjis/Reports/2018%20-%2012-month%20Recidivism.pdf
National Health Service Digital. 2020. COVID-19 Public Health Directions 2020. Available at https://digital.nhs.uk/about-nhs-digital/corporate-information-and-documents/directions-and-data-provision-notices/secretary-of-state-directions/covid-19-public-health-directions-2020
National Health Service Digital. 2020. Data Protection Impact Assessment – COVID-19 Vaccine Trials Permission to Contact Service – V2.0. Available at https://digital.nhs.uk/coronavirus/coronavirus-covid-19-response-information-governance-hub/data-protection-impact-assessment---covid-19-vaccine-trials-permission-to-contact-service---v1.0
National Health Service Digital. 2020. National data opt-out. Available at https://digital.nhs.uk/services/national-data-opt-out
National Health Service Digital. 2021. Data Access Request Service. Available at https://digital.nhs.uk/services/data-access-request-service-dars
National Health Service Digital. 2021. Data Sharing Framework Contract. Available at https://digital.nhs.uk/services/data-access-request-service-dars/data-access-request-service-dars-process/data-access-request-service-dars-pre-application-checklist
National Health Service Digital. 2021. Independent Group Advising on the Release of Data. Available at https://digital.nhs.uk/about-nhs-digital/corporate-information-and-documents/independent-group-advising-on-the-release-of-data#building-confidence-through-information-governance
National Health Service. 2016 Data Protection Impact Assessment Template. Available at https://www.royalberkshire.nhs.uk/Downloads/Corporate%20Governance/INFORMATION%20GOVERNANCE/Data%20Protection%20Impact%20Assessment%20Template.pdf
National Institute for Health Research. 2020. COVID-19 vaccine studies Frequently asked questions. Available at https://bepartofresearch.nihr.ac.uk/Vaccine-studies/Frequently-asked-questions/index
National Institute for Health Research. 2020. Sign up to be contacted about coronavirus vaccine research. Available at https://bepartofresearch.nihr.ac.uk/vaccine-studies/
National Institute for Health Research. 2020. Vaccine studies using the Vaccine Research Registry. Available at https://bepartofresearch.nihr.ac.uk/vaccine-studies/approved-vaccine-studies/
Office of Privacy and Civil Liberties. 2015. Initial Privacy Assessment (IPA) Instructions & Template. Available at https://www.justice.gov/file/dojipatemplatemay2015pdf-0/download
Office of Privacy and Civil Liberties. 2015. PRIVACY IMPACT ASSESSMENTS Official Guidance. Available at https://www.justice.gov/opcl/file/631431/download
Office of the National Coordinator for Health Information Technology. 2019. Top 10 Myths of Security Risk Analysis. Available at https://www.healthit.gov/topic/privacy-security-and-hipaa/top-10-myths-security-risk-analysis
Oregon Youth Authority Research and Evaluation Office. 2019. Recidivism Outcome. Available at https://www.oregon.gov/oya/Research/RecidivismFY01-FY17.pdf
United States Department of Health & Human Service. 2007. Security Standards: Administrative Safeguards. Available at https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf?language=es
United States Department of Justice. 2012. PIA template. Available at https://www.justice.gov/opcl/docs/doj-pia-template.pdf
United States Environmental Protection Agency. 2020. National Environmental Policy Act Review Process. Available at https://www.epa.gov/nepa/national-environmental-policy-act-review-process#EIS
United States Securities and Exchange Commission. 2007. Privacy Impact Assessment (PIA) Guide. Available at https://www.sec.gov/about/privacy/piaguide.pdf

(五) 網路文獻
British Broadcasting Corporation. 2020. China launches coronavirus 'close contact detector' app. Available at https://www.bbc.com/news/technology-51439401
British Broadcasting Corporation. 2020. Coronavirus: How can AI help fight the pandemic? Available at https://www.bbc.com/news/technology-51851292
British Broadcasting Corporation. 2020. Did 'herd immunity' change the course of the outbreak? Available at https://www.bbc.com/news/uk-53433824
British Medical Journal. 2020. What we can learn from Taiwan’s response to the covid-19 epidemic. Available at https://blogs.bmj.com/bmj/2020/07/21/what-we-can-learn-from-taiwans-response-to-the-covid-19-epidemic/
Douglas Laney. 2001. 3D Data Management: Controlling Data Volume, Velocity, and Variety. Available at https://studylib.net/doc/8647594/3d-data-management--controlling-data-volume--velocity--an...
European Association for Secure Transactions. Payment Fraud Definitions. Available at https://www.association-secure-transactions.eu/industry-information/payment-fraud-definitions/
Fred H. Cate, Peter Cullen, and Viktor Mayer-Schönberger. 2014. Data Protection Principles for the 21st Century: Revising the 1980 OECD Guideline. Available at https://www.oii.ox.ac.uk/archive/downloads/publications/Data_Protection_Principles_for_the_21st_Century.pdf
Gerry Foitik. 2020. STOPP CORONA APP The Austrian Contact Tracing App A Digital Tool In The Fight Against COVID-19. Available at https://psc-europe.eu/images/STOPP_CORONA_APP.pdf
Ian Goldberg, David Wagner, and Randi Thomas. 1996. A Secure Environment for Untrusted Helper Applications. Available at https://www.usenix.org/legacy/publications/library/proceedings/sec96/full_papers/goldberg/goldberg.pdf
International Business Machines. 2020. The Four V's of Big Data. Available at https://www.ibmbigdatahub.com/infographic/four-vs-big-data
James Manyika, Michael Chui, Brad Brown, Jacques Bughin, Richard Dobbs, Charles Roxburgh, and Angela Hung Byers. 2011. Big data: The next frontier for innovation, competition, and productivity. Available at https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/big-data-the-next-frontier-for-innovation#
Joshua B. Bolten. 2003. OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002. Available at https://georgewbush-whitehouse.archives.gov/omb/memoranda/m03-22.html
Kevin Litman-Navarro, We Read 150 Privacy Policies. They Were an Incomprehensible Disaster. Available at https://www.nytimes.com/interactive/2019/06/12/opinion/facebook-google-privacy-policies.html
Liza Lin, and Timothy W. Martin. 2020. How Coronavirus Is Eroding Privacy. Available at https://www.wsj.com/articles/coronavirus-paves-way-for-new-age-of-digital-surveillance-11586963028
Missy Ryan. 2016. Obama administration announces measures to punish Russia for 2016 election interference. Available at https://www.washingtonpost.com/world/national-security/obama-administration-announces-measures-to-punish-russia-for-2016-election-interference/2016/12/29/311db9d6-cdde-11e6-a87f-b917067331bb_story.html?utm_term=.421db51a055c
Paul Kerley. 2020. Brexit: Seven things changing in January and others that remain unresolved. Available at https://www.bbc.com/news/explainers-54195827
Perelman School of Medicine at the University of Pennsylvania. HIPAA Security Risk Management Process. Available at https://www.med.upenn.edu/psom/results.html?query=HIPAA&search=%2F%2Fwww.med.upenn.edu&form_submit
Science News. 2019. Echo chambers may not be as dangerous as you think, new study finds. Available at https://www.sciencedaily.com/releases/2019/05/190513155629.htm
Svetlana Sicular. 2013. Gartner’s Big Data Definition Consists of Three Parts, Not to Be Confused with Three “V”s. Available at https://blogs.gartner.com/svetlana-sicular/gartners-big-data-definition-consists-of-three-parts-not-to-be-confused-with-three-vs/
The Open File Blog. 2013. TX: Study Finds Harris County Prosecutors Sought Death Penalty 3-4 Times More Often against Defendants of Color. Available at https://www.prosecutorialaccountability.com/2013/03/15/tx-study-finds-harris-county-prosecutors-sought-death-penalty-3-4-times-more-often-against-defendants-of-color/
Description: 碩士
國立政治大學
法律學系
106651043
Source URI: http://thesis.lib.nccu.edu.tw/record/#G0106651043
Data Type: thesis
Appears in Collections:[法律學系] 學位論文

Files in This Item:

File Description SizeFormat
104301.pdf6433KbAdobe PDF13View/Open


All items in 學術集成 are protected by copyright, with all rights reserved.


社群 sharing