學術產出-Theses
Article View/Open
Publication Export
-
題名 「從設計著手保護隱私」的法制化研究―以行動應用程式開發為例
LEGAL STUDY ON PRIVACY BY DESIGN FOR MOBILE APPLICATIONS DEVELOPMENT作者 張永慶
Chang, Yung Ching貢獻者 陳起行
Chen, Chi Shing
張永慶
Chang, Yung Ching關鍵詞 從設計著手保護隱私
行動應用程式
行動隱私
個人資料保護法
電子參與
Privacy by Design
Mobile Applications
Mobile Privacy
Personal Information Protection Act
E-Participation日期 2015 上傳時間 11-Jul-2016 17:43:03 (UTC+8) 摘要 在這資通訊技術快速發展的時代,人類對於智慧型手機與行動應用程式的使用持續的增加,然而行動應用程式的功能日趨多元,可能造成個人隱私與資料遭受到侵害的相關法律議題也引起政府官員、專家學者、法律人員、產業人士與消費者的關注。本文基於目前的行動應用程式產業提出了兩項非常重要的問題:(一)在設計與開發行動應用程式之前,是否有需要執行「從設計著手保護隱私」的法律機制來強化消費者隱私權的保護?(二)台灣是否應該將「從設計著手保護隱私」的法律機制納入個人資料保護法,以符合當代歐洲與美國的資訊隱私保護法制? 我國目前並無明確法律政策規範行動應用程式的隱私保護議題,本文藉由比較法分析途徑,針對歐盟與美國隱私保護主管機關所提出「從設計著手保護隱私」的意見書、規範建議與相關法律進行比較研究,並且研擬台灣政府與產業可能因應的對策與解決方案,使產品或服務在開發之初即納入隱私保護機制。此外,本文透過跨領域電腦科學的軟體工程方法與專家學者建議,評估導入「從設計著手保護隱私」機制於目前行動應用程式之隱私保護架構下所產生的效益與影響。 最後,本文亦逐一分析我國個人資料保護法以及歐美所提出的行動隱私相關規範,並且建議透過電子參與的方式讓政府官員、專家學者與企業可以定期對話,一起為將來的個人資料保護法制修訂,考量納入「從設計著手保護隱私」概念,強化行動隱私權之保護工作。
In the contemporary age of Information and Communication Technology (ICT), the rapid use of smartphones and mobile applications consistently increasing, legal issues regarding invasion of mobile privacy concern government officials, academics, industry experts and consumers. This thesis raises two overarching questions based on mobile applications (apps) industry: (i) Is it necessary to legally enforce Privacy by Design (PbD) into mobile apps development to ensure better protection of privacy right? (ii) Should Taiwan government incorporate PbD into its Personal Information Protection Act (PIPA) to conform the US and EU regulations? This thesis use comparative jurisprudence approach to examine mobile privacy regulations by analyzing opinions, staff reports and regulations from the US and EU to determine how better Taiwan can emulate the US and EU’s guidelines on PbD to ensure that privacy protection mechanisms are implemented into product or service from the onset of mobile apps development. Furthermore, this thesis also assesses current privacy protection regulations and frameworks through a “bridging-approach” based on software engineering methodology where we conclude PbD results during mobile apps development cycle, and also demonstrate considerable interdisciplinary cooperation between legal science and computer science. Finally, this thesis proposes feasible solutions to address contemporary mobile privacy issues in Taiwan through a critical review of Taiwan’s PIPA, US and EU’s mobile privacy regulations, and suggest e-participation approach to involve different stakeholders – government officials, academics, and industry experts for future PbD policy making and regular dialogs to ensure robust protections of mobile privacy right.參考文獻 Books1 Daniel J. Solove and Paul M. Schwartz (2015), Privacy Law Fundamentals (Third Edition), International Association of Privacy Professionals (IAPP), Portsmouth, New Hampshire, USA.2 Daniel J. Solove and Paul M. Schwartz (2015), Information Privacy Law (Fifth Edition), Wolters Kluwer, New York, USA.3 Demetrius Klitou (2014), Privacy-Invading Technologies and Privacy by Design: Safeguarding Privacy, Liberty and Security in the 21st Century, T.M.C Asser Press, Leiden, Netherlands.4 Ian Sommerville (2015), Software Engineering (Tenth Edition), Addison-Wesley, Boston, Massachusetts, USA.5 Viktor Mayer-Schönbergerand Kenneth Cukier (2013), Big Data: A Revolution That Will Transform How We Live, Work and Think, John Murray, London, UK.6 G.W. van Blarkom, J.J. Borking, P. Verhaar (2003), Handbook of Privacy-Enhancing Technologies – The Case of Intelligent Software Agents, College Bescherming Persoonsgegevens, Hague, Netherlands.Journal Articles1 Axel Hoffmann, Holger Hoffmann, Silke Jandt, Alexander RoBnagel, and Jan Marco Leimeister, “Towards the Use of Software Requirement Patterns for Legal Requirements”, 2nd International Requirements Engineering Efficiency Workshop (REEW) 2012, Essen, Germany.2 Chi-Shing Chen, “Privacy and the New Legal Paradigm: Tradition and Development in Taiwan”, Review of Policy Research,Vol. 29, No. 1 (January 2012, pp. 119-130).3 Daniel Solove, “Privacy Self-Management and the Consent Dilemma”, Harvard Law Review, Vol. 126, No. 7 (May 2013, pp. 1880-1903).4 David Krebs, “Privacy by Design: Nice-to-have or a Necessary Principle of Data Protection Law?”, Journal for Intellectual Property, Information Technology and Electronic Commerce Law (JIPITEC), Volume 4, Issue 1 (March 2013, pp. 2-20).5 Dawn N. Jutla, Peter Bodorik, Sohail Ali, “Engineering Privacy for Big Data Apps with the Unified Modeling Language”, IEEE International Congress on Big Data (June 2013, pp. 38-45).6 Eleanor Birrell and Fred B. Schneider, “Federated Identity Management Systems: A Privacy-Based Characterization”, IEEE Security & Privacy, Vol. 11, No. 5 (September 2013, pp. 36-48).7 Ira S. Rubinstein, “Big Data: The End of Privacy or a New Beginning?”,International Data Privacy Law,Vol.3, No. 2, (May2013, pp. 74-87).8 Ira S. Rubinstein, “Regulating Privacy by Design”, Berkeley Technology Law Journal, Vol. 26, No. 3 (June 2011, pp. 1409-1456).9 Ira S. Rubinstein and Nathan Good, “Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents”, Berkeley Technology Law Journal, Vol. 28, No. 2 (December 2013, pp. 1333-1414).10 Jenny Torres, Michele Nogueira, and Guy Pujolle, “A Survey on Identity Management for the Future Network”, IEEE Communications Surveys & Tutorials, Vol. 15, No. 2 (May 2013, pp. 787-802).11 Joan Feigenbaum, Michael J. Freedman, Tomas Sander, Adam Shostack, “Privacy Engineering for Digital Rights Management Systems”, DRM ’01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management (2002, pp. 76-105).12 Kenneth A. Bamberger and Deirdre K. Mulligan, “New Governance, Chief Privacy Officers, and the Corporate Management of Information Privacy in the United States: An Initial Inquiry”, Law and Policy, UC Berkeley Public Law Research Paper No. 1701087 (November 2011, 32 pages).13 Lorrie Faith Cranor, Norman Sadeh, "A Shortage of Privacy Engineers", IEEE Security & Privacy, Vol.11, No. 2 (March 2013, pp. 77-79).14 Matthias Pocs, “Will the European Commission be able to standardise legal technology design without a legal method?” Computer Law & Security Review, Vol. 28 (December 2012, pp. 641-650).15 Robert R. Schriver, “You Cheated, You Lied: The Safe Harbor Agreement and its Enforcement by the Federal Trade Commission”, Fordham Law Review Volume 70, Issue 6 (2002, pp. 2777-2818).16 Sarah Spiekermann and Lorrie F. Caranor, “Engineering Privacy”, IEEE Transactions on Software Engineering, Vol. 35, No. 1 (January 2009, pp. 67-80).17 Susan Landau, “Educating Engineers: Teaching Privacy in a World of Open Doors”, IEEE Security & Privacy, Vol. 12, No. 3 (May 2014, pp. 66-70)18 Ting-Chi Liu, “The Definition of Personal Data, Data Protection Principles, and the Exemptions of the Personal Information Protection Law – Using CCTV as an Example (1)”, Taiwan Jurist, No. 115 (May 2012, pp. 42-54).19 Ting-Chi Liu, “The Definition of Personal Data, Data Protection Principles, and the Exemptions of the Personal Information Protection Law – Using CCTV as an Example (2)”, Taiwan Jurist, No. 119 (September 2012, pp. 39-53).20 Ting-Chi Liu, “Cloud Computing and Personal Data Protection – A Comparative Study between Taiwan’s Personal Data Protection Act and European Data Protection Directive”, Tunghai University Law Review, No. 43 (August 2014, pp. 53-106).21 Paul M. Schwartz, “Information Privacy in the Cloud”, Universityof Pennsylvania Law Review, Vol.161, No. 1623(May 2013, pp. 1623-1662).22 Paul M. Schwartz and Daniel Solove, “The PII Problem: Privacy and a New Concept of Personally Identifiable Information”,New York University Law Review, Vol. 86(December 2011, pp. 1814-1894).23 Viktor Mayer-Schönberger, “Beyond Privacy, Beyond Rights – Towards a “Systems” Theory of Information Governance”, California Law Review, Vol. 98, No. 6 (December 2010, pp. 1853-1886).Online Articles1 Ann Cavoukian, Privacy by Design – Take The Challenge (January 2009), http://www.privacybydesign.ca/index.php/paper/pbd-book/2 Ann Cavoukian, Privacy by Design –The 7 Foundational Principles(August 2009), http://www.privacybydesign.ca/index.php/about-pbd/7-foundational-principles/3 Ann Cavoukian, The 7 Foundational Principles: Implementation and Mapping of Fair Information Practices (May 2010), https://www.privacybydesign.ca/index.php/paper/implementation-and-mapping-of-fair-information-practices/4 Ann Cavoukian, Privacy by Design in Law, Policy and Practice: A While Paper for Regulators, Decision-makers and Policy-markers (August 2011), https://www.privacybydesign.ca/index.php/paper/privacy-by-design-in-law-policy-and-practice-a-white-paper-for-regulators-decision-makers-and-policy-makers/5 Ann Cavoukian and Jeff Jonas, Privacy by Design in the Age of Big Data (June, 2012), https://www.privacybydesign.ca/index.php/paper/privacy-by-design-in-the-age-of-big-data/6 Ann Cavoukian, Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices (December 2012) https://www.privacybydesign.ca/index.php/paper/operationalizing-privacy-by-design-a-guide-to-implementing-strong-privacy-practices/7 Ann Cavoukian, Stuart Shapiro and Jason Cronk, Privy Engineering: Proactively Embedding Privacy, by Design (January 2014), https://www.privacybydesign.ca/index.php/paper/privacy-engineering-proactively-embedding-privacy-design/8 Ann Cavoukian, Privacy by Design – From Rhetoric to Reality (January 2014), http://www.privacybydesign.ca/index.php/paper/privacy-design-rhetoric-reality/9 Ann Cavoukian, Fred Carter, Dawn Jutla, John Sabo, Frank Dawson, Jonathan Fox, Tom Finneran, and Sander Fieten, Privacy by Design Documentation for Software Engineers Version 1.0 (June 2014), http://docs.oasis-open.org/pbd-se/pbd-se/v1.0/pbd-se-v1.0.html10 Electronic Privacy Information Center (EPIC), EU Data Protection Directive, https://epic.org/privacy/intl/eu_data_protection_directive.html11 European Commission, Privacy and Data Protection Impact Assessment Framework for RFID Applications (January 2011), http://cordis.europa.eu/fp7/ict/enet/documents/rfid-pia-framework-final.pdf12 EU Article 29 Data Protection Working Party, Directive 95/46/EC of the European Parliament and the Council of Europe on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data (October 1995), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML13 EU Article 29 Data Protection Working Party, Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications (February 2011), http://cordis.europa.eu/fp7/ict/enet/documents/rfid-pia-framework-a29wp-opinion-11-02-2011_en.pdf14 EU Article 29 Data Protection Working Party, Opinion 02/2013 on Apps on Smart Devices (February 2013), http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp202_en.pdf15 EU Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individual with Regard to the Processing of Personal Data and on the Free Movement of such Data(General Data Protection Regulation, January 2012 ), http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52012PC0011&from=EN16 Garner, Worldwide Mobile Apps Downloads 2012-2017 (September 2013), http://www.gartner.com/newsroom/id/259231517 GSM Association (GSMA), Mobile Privacy Principles (January 2011), http://www.gsma.com/publicpolicy/mobile-and-privacy/mobile-privacy-principles18 GSM Association (GSMA), Privacy Design Guidelines for Mobile Application Development (February 2012), http://www.gsma.com/publicpolicy/privacy-design-guidelines-for-mobile-application-development19 International Data Protection and Privacy Commissioners, Resolution on Privacy by Design (October 2010), 32nd International Conference, http://www.justice.gov.il/NR/rdonlyres/F8A79347-170C-4EEF-A0AD-155554558A5F/26502/ResolutiononPrivacybyDesign.pdf20 International Data Protection and Privacy Commissioners, Resolution Big Data (October 2014), 36th International Conference, http://www.privacyconference2014.org/media/16427/Resolution-Big-Data.pdf21 International Data Corporation (IDC), Worldwide Mobile Phone 2015-2019 Forecast and Analysis (April 2015), http://www.idc.com/getdoc.jsp?containerId=25507922 James Denvil, Hogan Lovells, Insights on the Consumer Privacy Bill of Rights Act of 2015 (March 2015), http://www.hldataprotection.com/2015/03/articles/consumer-privacy/insights-on-the-consumer-privacy-bill-of-rights-act-of-2015/23 Kamala D. Harris, Attorney General, California Department of Justice, Privacy On the Go: Recommendations for the Mobile Ecosystem (January 2013), http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/privacy_on_the_go.pdf24 Organization for Economic Cooperation and Development (OECD), The OECD Privacy Framework (July 2013), http://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf25 Paul M. Schwartz, The Privacy Projects, Managing Global Data Privacy (August 2009), http://theprivacyprojects.org/wp-content/uploads/2009/08/The-Privacy-Projects-Paul-Schwartz-Global-Data-Flows-20093.pdf26 Taiwan Ministry of Justice, Personal Information Protection Act (May 2010), http://law.moj.gov.tw/Eng/LawClass/LawAll.aspx?PCode=I005002127 UK Information Commissioner’s Office (ICO), Privacy by Design (November 2008), https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-by-design28 UK Information Commissioner’s Office (ICO), Privacy in Mobile Apps – Guidance for App Developers (December 2013), https://ico.org.uk/for-organisations/guide-to-data-protection/online-and-apps/29 UK Information Commissioner’s Office (ICO), Conducting Privacy Impact Assessments Code of Practice (February 2014), https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf30 UK Information Commissioner’s Office (ICO), Big Data and Data Protection (July 2014), https://ico.org.uk/for-organisations/guide-to-data-protection/big-data/31 US Depart of Health, Education, and Welfare (HEW), Secretary’s Advisory Committee on Automated Personal Data Systems, Computers, and Rights of Citizens (July 1973), http://www.justice.gov/opcl/docs/rec-com-rights.pdf32 US Federal Trade Commission (FTC), Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policy Makers (March 2012), https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf33 US Federal Trade Commission (FTC), Mobile Privacy Disclosures: Building Trust Through Transparency (February 2013), http://www.ftc.gov/reports/mobile-privacy-disclosures-building-trust-through-transparency-federal-trade-commission34 US Federal Trade Commission (FTC), Mobile App Developers: Start with Security (February 2013), http://business.ftc.gov/documents/bus83-mobile-app-developers-start-security35 US Federal Trade Commission (FTC), HTC America Settles FTC Charges It Failed to Secure Millions of Mobile Devices Shipped to Consumers (February 2013), http://www.ftc.gov/news-events/press-releases/2013/02/htc-america-settles-ftc-charges-it-failed-secure-millions-mobile36 US White House, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (February 2012), https://www.whitehouse.gov/sites/default/files/privacy-final.pdf37 US White House, Administration Discussion Draft: Consumer Privacy Bill of Rights Act of 2015 (February 2015), https://www.whitehouse.gov/sites/default/files/omb/legislative/letters/cpbr-act-of-2015-discussion-draft.pdf38 Seda Curses, Carmela Troncoso, and Claudia Diaz, Engineering Privacy by Design (January 2011), http://www.cosic.esat.kuleuven.be/publications/article-1542.pdfOnline Resources1 Advancing Open Standards for the Information Society (OASIS), Privacy by Design Documentation for Software Engineers (PbD-SE) Technical Committee, https://www.oasis-open.org/committees/pbd-se/2 Computing Community Consortium, Visioning Activities – Privacy by Design, http://www.cra.org/ccc/visioning/visioning-activities/privacy-by-design/3 Electronic Privacy Information Center (EPIC), Privacy Issues, https://epic.org/privacy/4 European Commission, Article 29 Working Party Documentation, http://ec.europa.eu/justice/data-protection/article-29/documentation/index_en.htm5 European Commission, Data Protection, http://ec.europa.eu/justice/data-protection/index_en.htm6 European Union’s Seventh Framework Program (EU FP7) for Research, Preparing Industry to Privacy-by-Design by Supporting its Application in Research, http://pripareproject.eu/research/7 European Commission, Network and Information Security (NIS) Directive, https://ec.europa.eu/digital-single-market/en/news/network-and-information-security-nis-directive8 Future of Privacy Forum, Application Privacy, http://www.applicationprivacy.org/9 Harvard University School of Law, Harvard Law Review, http://www.harvardlawreview.org/10 Ian Sommerville, Software Engineering Book 10th Edition, http://iansommerville.com/software-engineering-book/11 Oxford Journals, International Data Privacy Law, http://idpl.oxfordjournals.org/12 Stanford University School of Law, Stanford Technology Law Review, https://journals.law.stanford.edu/stanford-technology-law-review13 Tutorials Points, Software Engineering Tutorial, http://www.tutorialspoint.com/software_engineering/14 The Future of Privacy Forum (FPF), Application Data Privacy Project, http://www.applicationprivacy.org/learn-resources/15 UK Information Commissioner’s Office, Guide to Data Protection, https://ico.org.uk/for-organisations/guide-to-data-protection/16 UC Berkeley School of Law, Berkeley Technology Law Journal, http://scholarship.law.berkeley.edu/btlj/17 UC Berkeley School of Law, Paul M. Schwartz, http://www.paulschwartz.net/18 UC Hastings College of the Law, Privacy and Technology – Developer Resources, http://innovation.uchastings.edu/focus-areas/privacy-and-technology/developer-resource-guide/19 Viktor Mayer-Schönbergerand Kenneth Cukier, The Big Data Book, http://www.big-data-book.com/20 White House Office of Science & Technology Policy and MIT, Big Data Privacy Workshop (2014), http://web.mit.edu/bigdata-priv/index.html 描述 碩士
國立政治大學
法學院碩士在職專班
99961029資料來源 http://thesis.lib.nccu.edu.tw/record/#G0099961029 資料類型 thesis dc.contributor.advisor 陳起行 zh_TW dc.contributor.advisor Chen, Chi Shing en_US dc.contributor.author (Authors) 張永慶 zh_TW dc.contributor.author (Authors) Chang, Yung Ching en_US dc.creator (作者) 張永慶 zh_TW dc.creator (作者) Chang, Yung Ching en_US dc.date (日期) 2015 en_US dc.date.accessioned 11-Jul-2016 17:43:03 (UTC+8) - dc.date.available 11-Jul-2016 17:43:03 (UTC+8) - dc.date.issued (上傳時間) 11-Jul-2016 17:43:03 (UTC+8) - dc.identifier (Other Identifiers) G0099961029 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/98906 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 法學院碩士在職專班 zh_TW dc.description (描述) 99961029 zh_TW dc.description.abstract (摘要) 在這資通訊技術快速發展的時代,人類對於智慧型手機與行動應用程式的使用持續的增加,然而行動應用程式的功能日趨多元,可能造成個人隱私與資料遭受到侵害的相關法律議題也引起政府官員、專家學者、法律人員、產業人士與消費者的關注。本文基於目前的行動應用程式產業提出了兩項非常重要的問題:(一)在設計與開發行動應用程式之前,是否有需要執行「從設計著手保護隱私」的法律機制來強化消費者隱私權的保護?(二)台灣是否應該將「從設計著手保護隱私」的法律機制納入個人資料保護法,以符合當代歐洲與美國的資訊隱私保護法制? 我國目前並無明確法律政策規範行動應用程式的隱私保護議題,本文藉由比較法分析途徑,針對歐盟與美國隱私保護主管機關所提出「從設計著手保護隱私」的意見書、規範建議與相關法律進行比較研究,並且研擬台灣政府與產業可能因應的對策與解決方案,使產品或服務在開發之初即納入隱私保護機制。此外,本文透過跨領域電腦科學的軟體工程方法與專家學者建議,評估導入「從設計著手保護隱私」機制於目前行動應用程式之隱私保護架構下所產生的效益與影響。 最後,本文亦逐一分析我國個人資料保護法以及歐美所提出的行動隱私相關規範,並且建議透過電子參與的方式讓政府官員、專家學者與企業可以定期對話,一起為將來的個人資料保護法制修訂,考量納入「從設計著手保護隱私」概念,強化行動隱私權之保護工作。 zh_TW dc.description.abstract (摘要) In the contemporary age of Information and Communication Technology (ICT), the rapid use of smartphones and mobile applications consistently increasing, legal issues regarding invasion of mobile privacy concern government officials, academics, industry experts and consumers. This thesis raises two overarching questions based on mobile applications (apps) industry: (i) Is it necessary to legally enforce Privacy by Design (PbD) into mobile apps development to ensure better protection of privacy right? (ii) Should Taiwan government incorporate PbD into its Personal Information Protection Act (PIPA) to conform the US and EU regulations? This thesis use comparative jurisprudence approach to examine mobile privacy regulations by analyzing opinions, staff reports and regulations from the US and EU to determine how better Taiwan can emulate the US and EU’s guidelines on PbD to ensure that privacy protection mechanisms are implemented into product or service from the onset of mobile apps development. Furthermore, this thesis also assesses current privacy protection regulations and frameworks through a “bridging-approach” based on software engineering methodology where we conclude PbD results during mobile apps development cycle, and also demonstrate considerable interdisciplinary cooperation between legal science and computer science. Finally, this thesis proposes feasible solutions to address contemporary mobile privacy issues in Taiwan through a critical review of Taiwan’s PIPA, US and EU’s mobile privacy regulations, and suggest e-participation approach to involve different stakeholders – government officials, academics, and industry experts for future PbD policy making and regular dialogs to ensure robust protections of mobile privacy right. en_US dc.description.tableofcontents Table of ContentsAbstract iAcknowledgements iiiList of Tables viList of Figures vii1 Introduction 1 1.1 Research Questions 5 1.2 Theoretical Approach 6 1.2.1 Study and Review Mobile Privacy Regulations 7 1.2.2 Analysis and Engineering Privacy by Design 9 1.3 Summary 102 Privacy Regulations and Privacy by Design 11 2.1 European Union 12 2.1.1 Data Protection Directive 95/46/EC 14 2.1.2 Data Protection Act 1998 (UK) 19 2.1.3 General Data Protection Regulation 21 2.2 United States 25 2.3 Taiwan 28 2.4 Summar 323 Privacy Protection Framework - A New Paradigm 33 3.1 Incorporating Fair Information Practice to Privacy by Design 36 3.2 Privacy by Design Roadmap for Mobile Apps Stakeholders 41 3.2.1 Mobile Apps Stakeholders 42 3.3 Engineering Privacy by Design 51 3.3.1 Privacy in Software Development Life Cycle 54 3.3.2 Incorporating Privacy Enhancing Technology 59 3.4 Summary 624 Conclusions and Recommendations 64References 66 zh_TW dc.format.extent 1167668 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0099961029 en_US dc.subject (關鍵詞) 從設計著手保護隱私 zh_TW dc.subject (關鍵詞) 行動應用程式 zh_TW dc.subject (關鍵詞) 行動隱私 zh_TW dc.subject (關鍵詞) 個人資料保護法 zh_TW dc.subject (關鍵詞) 電子參與 zh_TW dc.subject (關鍵詞) Privacy by Design en_US dc.subject (關鍵詞) Mobile Applications en_US dc.subject (關鍵詞) Mobile Privacy en_US dc.subject (關鍵詞) Personal Information Protection Act en_US dc.subject (關鍵詞) E-Participation en_US dc.title (題名) 「從設計著手保護隱私」的法制化研究―以行動應用程式開發為例 zh_TW dc.title (題名) LEGAL STUDY ON PRIVACY BY DESIGN FOR MOBILE APPLICATIONS DEVELOPMENT en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) Books1 Daniel J. Solove and Paul M. Schwartz (2015), Privacy Law Fundamentals (Third Edition), International Association of Privacy Professionals (IAPP), Portsmouth, New Hampshire, USA.2 Daniel J. Solove and Paul M. Schwartz (2015), Information Privacy Law (Fifth Edition), Wolters Kluwer, New York, USA.3 Demetrius Klitou (2014), Privacy-Invading Technologies and Privacy by Design: Safeguarding Privacy, Liberty and Security in the 21st Century, T.M.C Asser Press, Leiden, Netherlands.4 Ian Sommerville (2015), Software Engineering (Tenth Edition), Addison-Wesley, Boston, Massachusetts, USA.5 Viktor Mayer-Schönbergerand Kenneth Cukier (2013), Big Data: A Revolution That Will Transform How We Live, Work and Think, John Murray, London, UK.6 G.W. van Blarkom, J.J. Borking, P. Verhaar (2003), Handbook of Privacy-Enhancing Technologies – The Case of Intelligent Software Agents, College Bescherming Persoonsgegevens, Hague, Netherlands.Journal Articles1 Axel Hoffmann, Holger Hoffmann, Silke Jandt, Alexander RoBnagel, and Jan Marco Leimeister, “Towards the Use of Software Requirement Patterns for Legal Requirements”, 2nd International Requirements Engineering Efficiency Workshop (REEW) 2012, Essen, Germany.2 Chi-Shing Chen, “Privacy and the New Legal Paradigm: Tradition and Development in Taiwan”, Review of Policy Research,Vol. 29, No. 1 (January 2012, pp. 119-130).3 Daniel Solove, “Privacy Self-Management and the Consent Dilemma”, Harvard Law Review, Vol. 126, No. 7 (May 2013, pp. 1880-1903).4 David Krebs, “Privacy by Design: Nice-to-have or a Necessary Principle of Data Protection Law?”, Journal for Intellectual Property, Information Technology and Electronic Commerce Law (JIPITEC), Volume 4, Issue 1 (March 2013, pp. 2-20).5 Dawn N. Jutla, Peter Bodorik, Sohail Ali, “Engineering Privacy for Big Data Apps with the Unified Modeling Language”, IEEE International Congress on Big Data (June 2013, pp. 38-45).6 Eleanor Birrell and Fred B. Schneider, “Federated Identity Management Systems: A Privacy-Based Characterization”, IEEE Security & Privacy, Vol. 11, No. 5 (September 2013, pp. 36-48).7 Ira S. Rubinstein, “Big Data: The End of Privacy or a New Beginning?”,International Data Privacy Law,Vol.3, No. 2, (May2013, pp. 74-87).8 Ira S. Rubinstein, “Regulating Privacy by Design”, Berkeley Technology Law Journal, Vol. 26, No. 3 (June 2011, pp. 1409-1456).9 Ira S. Rubinstein and Nathan Good, “Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents”, Berkeley Technology Law Journal, Vol. 28, No. 2 (December 2013, pp. 1333-1414).10 Jenny Torres, Michele Nogueira, and Guy Pujolle, “A Survey on Identity Management for the Future Network”, IEEE Communications Surveys & Tutorials, Vol. 15, No. 2 (May 2013, pp. 787-802).11 Joan Feigenbaum, Michael J. Freedman, Tomas Sander, Adam Shostack, “Privacy Engineering for Digital Rights Management Systems”, DRM ’01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management (2002, pp. 76-105).12 Kenneth A. Bamberger and Deirdre K. Mulligan, “New Governance, Chief Privacy Officers, and the Corporate Management of Information Privacy in the United States: An Initial Inquiry”, Law and Policy, UC Berkeley Public Law Research Paper No. 1701087 (November 2011, 32 pages).13 Lorrie Faith Cranor, Norman Sadeh, "A Shortage of Privacy Engineers", IEEE Security & Privacy, Vol.11, No. 2 (March 2013, pp. 77-79).14 Matthias Pocs, “Will the European Commission be able to standardise legal technology design without a legal method?” Computer Law & Security Review, Vol. 28 (December 2012, pp. 641-650).15 Robert R. Schriver, “You Cheated, You Lied: The Safe Harbor Agreement and its Enforcement by the Federal Trade Commission”, Fordham Law Review Volume 70, Issue 6 (2002, pp. 2777-2818).16 Sarah Spiekermann and Lorrie F. Caranor, “Engineering Privacy”, IEEE Transactions on Software Engineering, Vol. 35, No. 1 (January 2009, pp. 67-80).17 Susan Landau, “Educating Engineers: Teaching Privacy in a World of Open Doors”, IEEE Security & Privacy, Vol. 12, No. 3 (May 2014, pp. 66-70)18 Ting-Chi Liu, “The Definition of Personal Data, Data Protection Principles, and the Exemptions of the Personal Information Protection Law – Using CCTV as an Example (1)”, Taiwan Jurist, No. 115 (May 2012, pp. 42-54).19 Ting-Chi Liu, “The Definition of Personal Data, Data Protection Principles, and the Exemptions of the Personal Information Protection Law – Using CCTV as an Example (2)”, Taiwan Jurist, No. 119 (September 2012, pp. 39-53).20 Ting-Chi Liu, “Cloud Computing and Personal Data Protection – A Comparative Study between Taiwan’s Personal Data Protection Act and European Data Protection Directive”, Tunghai University Law Review, No. 43 (August 2014, pp. 53-106).21 Paul M. Schwartz, “Information Privacy in the Cloud”, Universityof Pennsylvania Law Review, Vol.161, No. 1623(May 2013, pp. 1623-1662).22 Paul M. Schwartz and Daniel Solove, “The PII Problem: Privacy and a New Concept of Personally Identifiable Information”,New York University Law Review, Vol. 86(December 2011, pp. 1814-1894).23 Viktor Mayer-Schönberger, “Beyond Privacy, Beyond Rights – Towards a “Systems” Theory of Information Governance”, California Law Review, Vol. 98, No. 6 (December 2010, pp. 1853-1886).Online Articles1 Ann Cavoukian, Privacy by Design – Take The Challenge (January 2009), http://www.privacybydesign.ca/index.php/paper/pbd-book/2 Ann Cavoukian, Privacy by Design –The 7 Foundational Principles(August 2009), http://www.privacybydesign.ca/index.php/about-pbd/7-foundational-principles/3 Ann Cavoukian, The 7 Foundational Principles: Implementation and Mapping of Fair Information Practices (May 2010), https://www.privacybydesign.ca/index.php/paper/implementation-and-mapping-of-fair-information-practices/4 Ann Cavoukian, Privacy by Design in Law, Policy and Practice: A While Paper for Regulators, Decision-makers and Policy-markers (August 2011), https://www.privacybydesign.ca/index.php/paper/privacy-by-design-in-law-policy-and-practice-a-white-paper-for-regulators-decision-makers-and-policy-makers/5 Ann Cavoukian and Jeff Jonas, Privacy by Design in the Age of Big Data (June, 2012), https://www.privacybydesign.ca/index.php/paper/privacy-by-design-in-the-age-of-big-data/6 Ann Cavoukian, Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices (December 2012) https://www.privacybydesign.ca/index.php/paper/operationalizing-privacy-by-design-a-guide-to-implementing-strong-privacy-practices/7 Ann Cavoukian, Stuart Shapiro and Jason Cronk, Privy Engineering: Proactively Embedding Privacy, by Design (January 2014), https://www.privacybydesign.ca/index.php/paper/privacy-engineering-proactively-embedding-privacy-design/8 Ann Cavoukian, Privacy by Design – From Rhetoric to Reality (January 2014), http://www.privacybydesign.ca/index.php/paper/privacy-design-rhetoric-reality/9 Ann Cavoukian, Fred Carter, Dawn Jutla, John Sabo, Frank Dawson, Jonathan Fox, Tom Finneran, and Sander Fieten, Privacy by Design Documentation for Software Engineers Version 1.0 (June 2014), http://docs.oasis-open.org/pbd-se/pbd-se/v1.0/pbd-se-v1.0.html10 Electronic Privacy Information Center (EPIC), EU Data Protection Directive, https://epic.org/privacy/intl/eu_data_protection_directive.html11 European Commission, Privacy and Data Protection Impact Assessment Framework for RFID Applications (January 2011), http://cordis.europa.eu/fp7/ict/enet/documents/rfid-pia-framework-final.pdf12 EU Article 29 Data Protection Working Party, Directive 95/46/EC of the European Parliament and the Council of Europe on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data (October 1995), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML13 EU Article 29 Data Protection Working Party, Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications (February 2011), http://cordis.europa.eu/fp7/ict/enet/documents/rfid-pia-framework-a29wp-opinion-11-02-2011_en.pdf14 EU Article 29 Data Protection Working Party, Opinion 02/2013 on Apps on Smart Devices (February 2013), http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp202_en.pdf15 EU Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individual with Regard to the Processing of Personal Data and on the Free Movement of such Data(General Data Protection Regulation, January 2012 ), http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52012PC0011&from=EN16 Garner, Worldwide Mobile Apps Downloads 2012-2017 (September 2013), http://www.gartner.com/newsroom/id/259231517 GSM Association (GSMA), Mobile Privacy Principles (January 2011), http://www.gsma.com/publicpolicy/mobile-and-privacy/mobile-privacy-principles18 GSM Association (GSMA), Privacy Design Guidelines for Mobile Application Development (February 2012), http://www.gsma.com/publicpolicy/privacy-design-guidelines-for-mobile-application-development19 International Data Protection and Privacy Commissioners, Resolution on Privacy by Design (October 2010), 32nd International Conference, http://www.justice.gov.il/NR/rdonlyres/F8A79347-170C-4EEF-A0AD-155554558A5F/26502/ResolutiononPrivacybyDesign.pdf20 International Data Protection and Privacy Commissioners, Resolution Big Data (October 2014), 36th International Conference, http://www.privacyconference2014.org/media/16427/Resolution-Big-Data.pdf21 International Data Corporation (IDC), Worldwide Mobile Phone 2015-2019 Forecast and Analysis (April 2015), http://www.idc.com/getdoc.jsp?containerId=25507922 James Denvil, Hogan Lovells, Insights on the Consumer Privacy Bill of Rights Act of 2015 (March 2015), http://www.hldataprotection.com/2015/03/articles/consumer-privacy/insights-on-the-consumer-privacy-bill-of-rights-act-of-2015/23 Kamala D. Harris, Attorney General, California Department of Justice, Privacy On the Go: Recommendations for the Mobile Ecosystem (January 2013), http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/privacy_on_the_go.pdf24 Organization for Economic Cooperation and Development (OECD), The OECD Privacy Framework (July 2013), http://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf25 Paul M. Schwartz, The Privacy Projects, Managing Global Data Privacy (August 2009), http://theprivacyprojects.org/wp-content/uploads/2009/08/The-Privacy-Projects-Paul-Schwartz-Global-Data-Flows-20093.pdf26 Taiwan Ministry of Justice, Personal Information Protection Act (May 2010), http://law.moj.gov.tw/Eng/LawClass/LawAll.aspx?PCode=I005002127 UK Information Commissioner’s Office (ICO), Privacy by Design (November 2008), https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-by-design28 UK Information Commissioner’s Office (ICO), Privacy in Mobile Apps – Guidance for App Developers (December 2013), https://ico.org.uk/for-organisations/guide-to-data-protection/online-and-apps/29 UK Information Commissioner’s Office (ICO), Conducting Privacy Impact Assessments Code of Practice (February 2014), https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf30 UK Information Commissioner’s Office (ICO), Big Data and Data Protection (July 2014), https://ico.org.uk/for-organisations/guide-to-data-protection/big-data/31 US Depart of Health, Education, and Welfare (HEW), Secretary’s Advisory Committee on Automated Personal Data Systems, Computers, and Rights of Citizens (July 1973), http://www.justice.gov/opcl/docs/rec-com-rights.pdf32 US Federal Trade Commission (FTC), Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policy Makers (March 2012), https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf33 US Federal Trade Commission (FTC), Mobile Privacy Disclosures: Building Trust Through Transparency (February 2013), http://www.ftc.gov/reports/mobile-privacy-disclosures-building-trust-through-transparency-federal-trade-commission34 US Federal Trade Commission (FTC), Mobile App Developers: Start with Security (February 2013), http://business.ftc.gov/documents/bus83-mobile-app-developers-start-security35 US Federal Trade Commission (FTC), HTC America Settles FTC Charges It Failed to Secure Millions of Mobile Devices Shipped to Consumers (February 2013), http://www.ftc.gov/news-events/press-releases/2013/02/htc-america-settles-ftc-charges-it-failed-secure-millions-mobile36 US White House, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (February 2012), https://www.whitehouse.gov/sites/default/files/privacy-final.pdf37 US White House, Administration Discussion Draft: Consumer Privacy Bill of Rights Act of 2015 (February 2015), https://www.whitehouse.gov/sites/default/files/omb/legislative/letters/cpbr-act-of-2015-discussion-draft.pdf38 Seda Curses, Carmela Troncoso, and Claudia Diaz, Engineering Privacy by Design (January 2011), http://www.cosic.esat.kuleuven.be/publications/article-1542.pdfOnline Resources1 Advancing Open Standards for the Information Society (OASIS), Privacy by Design Documentation for Software Engineers (PbD-SE) Technical Committee, https://www.oasis-open.org/committees/pbd-se/2 Computing Community Consortium, Visioning Activities – Privacy by Design, http://www.cra.org/ccc/visioning/visioning-activities/privacy-by-design/3 Electronic Privacy Information Center (EPIC), Privacy Issues, https://epic.org/privacy/4 European Commission, Article 29 Working Party Documentation, http://ec.europa.eu/justice/data-protection/article-29/documentation/index_en.htm5 European Commission, Data Protection, http://ec.europa.eu/justice/data-protection/index_en.htm6 European Union’s Seventh Framework Program (EU FP7) for Research, Preparing Industry to Privacy-by-Design by Supporting its Application in Research, http://pripareproject.eu/research/7 European Commission, Network and Information Security (NIS) Directive, https://ec.europa.eu/digital-single-market/en/news/network-and-information-security-nis-directive8 Future of Privacy Forum, Application Privacy, http://www.applicationprivacy.org/9 Harvard University School of Law, Harvard Law Review, http://www.harvardlawreview.org/10 Ian Sommerville, Software Engineering Book 10th Edition, http://iansommerville.com/software-engineering-book/11 Oxford Journals, International Data Privacy Law, http://idpl.oxfordjournals.org/12 Stanford University School of Law, Stanford Technology Law Review, https://journals.law.stanford.edu/stanford-technology-law-review13 Tutorials Points, Software Engineering Tutorial, http://www.tutorialspoint.com/software_engineering/14 The Future of Privacy Forum (FPF), Application Data Privacy Project, http://www.applicationprivacy.org/learn-resources/15 UK Information Commissioner’s Office, Guide to Data Protection, https://ico.org.uk/for-organisations/guide-to-data-protection/16 UC Berkeley School of Law, Berkeley Technology Law Journal, http://scholarship.law.berkeley.edu/btlj/17 UC Berkeley School of Law, Paul M. Schwartz, http://www.paulschwartz.net/18 UC Hastings College of the Law, Privacy and Technology – Developer Resources, http://innovation.uchastings.edu/focus-areas/privacy-and-technology/developer-resource-guide/19 Viktor Mayer-Schönbergerand Kenneth Cukier, The Big Data Book, http://www.big-data-book.com/20 White House Office of Science & Technology Policy and MIT, Big Data Privacy Workshop (2014), http://web.mit.edu/bigdata-priv/index.html zh_TW
