Publications-Theses
Article View/Open
Publication Export
-
題名 大數據經濟發展下企業利用個資方式所面臨的個資法規範分析—以金控公司建立客戶信用分數的剖析模型(Profiling)專案為例
Personal Data Protection in the Era of Big Data — Case Study of a Taiwanese Financial Holding Company’s Customer Profiling Practice作者 鄭依明
Cheng, Yi-Ming貢獻者 鄭菀瓊
Cheng, Wan-Chiung
鄭依明
Cheng, Yi-Ming關鍵詞 人工智慧
數據分析
個資法
個資管理
隱私衝擊評估
個案研究
剖析模型
大數據經濟
AI(artificial intelligence)
Data analysis
Personal data protection
Personal data management
Privacy risk assessment
Case study
Profiling model
Big data日期 2019 上傳時間 7-Aug-2019 17:05:05 (UTC+8) 摘要 隨著全球大數據經濟不斷的發展,企業利用手邊數據進行新商業機會開發的行為,逐漸成為受到普遍重視的新商業模式發展策略。尤其是對於面臨著產業轉型需求與傳統產業升級壓力的台灣企業來說,這些企業正嘗試跟隨這波浪潮,不斷的投入公司資源進行數據的利用與研究,以優化舊有服務與打造新服務為目的,盡可能尋找各種能為公司創造價值的數據利用模式。其中,利用大量的個人資料建立客戶剖析模型以創造新商業價值的模式,更是許多企業在近年來成功利用於消費者分析、精準行銷與客製化服務設計等領域之典範,而被視為擁有極大發展潛力的個人資料利用方式。但企業所追求極大化個人資料價值的利用目的,與個資法中資料隱私權給予資料擁有者控制個人資料的保護目的,兩者是相互矛盾的。針對企業應該如何平衡該矛盾的議題探討,雖然目前相關討論的文獻漸多,但大多數僅以理論面的探討為主,而少有企業內部實際運作的討論,因而難以得知企業實際面對此議題所產生的情境為何。因此,本文提供了一實際企業進行剖析模型開發案例的介紹,並整理個資法關於個資保護範圍、個資管理模式的現有規範,嘗試分析出企業在個資法的規範下所面臨的問題與困難,並給予未來要利用個人資料進行剖析模型建立的企業一個完整的參考依據。而本研究將藉由與台灣知名金控公司的大數據團隊管理者進行深度訪談,獲取剖析模型建立的實際資料處理情境,並同時進行關於個資保護範圍、企業個資管理模式的文獻探討,最後也會包含結合理論面與實務面綜合分析。本研究結果發現,由於建立剖析模型的資料處理情境十分複雜且擁有高流程變動性,同時加上有人工智慧特性的演算法參與使得資料處理結果難以預期,造成了企業高昂的管理成本與在資料管理上的限制。而這樣的情形將導致企業在剖析模型建立的過程中容易忽略了對於個人資料的保護,產生許多潛在的隱私侵害來源。因此,企業應在過程中進行隱私衝擊評估,並密切關注隱私衝擊來源的轉換,建立有效率的隱私風險管理模式,以平衡在大數據時代下利用個資行為與個資法保護目的之矛盾。
With the continuous growth in global big data market, it becomes more and more essential for companies to develop their own strategy so as to find new business opportunities by exploiting data. Especially for companies in Taiwan which face the desperate need of transformation in conventional industries and industries upgrading, they are trying to follow up the overwhelming trend of big data by constantly investing resources in exploiting data and related research.Recently, the method of using lots of personal data to build customer profiling models has been considered as one of the most promising ways to exploit personal data. However, it may somehow cause conflicts between the goal that companies pursue to maximize the value of personal data and the core value that personal data protection law provides people the right to control their own personal data. In spite of the fact that there are more and more researches about the issue of how to resolve the contradiction, most of them were mainly focus on theoretical discussion and yet lack of providing practical cases inside the company. Therefore, the real impact for company in dealing with this issue is still not unveiled.Accordingly, this paper provides an actual profiling model building scenario to discuss this problem. In addition, it sorts out the regulations of the personal data protection law, trying to figure out what kind of the data should be protected and how should the company manage them, providing comprehensive suggestions for companies which are going to build profiling model with personal data in the future.To sum up, the process of building profiling model is so sophisticated and fluctuated as well as the implementation of AI Algorithm which makes output even more unpredictable, the company are now facing heavy managerial cost and the limitation of data management. That leads to the ignorance and reluctance of personal data protection for company; meanwhile, it may also cause lots of potential privacy violations. Therefore, the company should keep an eye on the possible sources of the privacy risks from time to time and establish the adapting risk control system effectively.參考文獻 ㄧ、中文參考文獻1. 宋皇志。(2018)。巨量資料交易之法律風險與管理意涵-以個人資料再識別化為中心。 管理評論, 37(4),37-51。2. 林鴻文。(2013)。個人資料保護法。台北市:書泉出版社。3. 法務部。(2010)。電腦處理個人資料保護法修正條文對照表。 取自:https://www.moj.gov.tw/dl-19613-da3da130e2ed464fbaf534929cfc9fb0.html4. 法務部。(2011)。電腦處理個人資料保護法施行細則修正草案條文對照表。取自:http://www.moj.gov.tw/public/Attachment/1102710165577.pdf5. 法務部。(2016)。公務機關利用去識別化資料之合理風險控制及法律責任。取自:http://ws.ndc.gov.tw/Download.ashx?u=LzAwMS9hZG1pbmlzdHJhdG9yLzEwL2NrZmlsZS9jMzRiN2YzNy03ZjgwLTRiMmQtOTliYS02NWZjNTcyNzczNmQucGRm&n=KDEp6Kqy56iL5ZCN56ixLeWAi%2BS6uuizh%2BaWmeWOu%2BitmOWIpeWMluS5i%2BWIpOaWt%2Baomea6luWPiuebuOmXnOazleW%2Bi%2BiyrOS7u%2BaOouioji5wZGY%3D6. 范姜真媺。(2013)。個人資料保護法關於「個人資料」保護範圍之檢討。東海大學法學研究(41),91-123。7. 徐仕瑋。(2015)。從「電信業者別」看我國個資法之適用。人權會訊(115),37-38。8. 財政部財政資訊中心。(2016)。個人資料去識別化過程驗證案例報告。取自:https://ws.ndc.gov.tw/Download.ashx?u=LzAwMS9hZG1pbmlzdHJhdG9yLzEwL2NrZmlsZS83YzI2YzEwMy0yNzU4LTQ0YTMtODg0Mi03N2ZmNTBkMzNhMWIucGRm&n=KDQp6Kqy56iL5ZCN56ixLeWAi%2BS6uuizh%2BaWmeWOu%2BitmOWIpeWMlumBjueoi%2Bmpl%2BitieahiOS%2Bi%2BWgseWRii5wZGY%3D9. 張陳弘。(2016)。個人資料之認定-個人資料保護法適用之啟動閥。法令月刊,67(5),67-101。10. 張陳弘。(2018)。新興科技下的資訊隱私保護:[告知後同意原則] 的侷限性與修正方法之提出。臺大法學論叢,47(1),201-297。11. 陳佑寰。(2016)。鬆綁部份告知同意規定-個資法修正有利網路產業。取自:網管人 https://www.netadmin.com.tw/article_content.aspx?sn=160111001712. 彭金隆、陳俞沛與孫群。(2017)。巨量資料應用在台灣個資法架構下的法律風險。臺大管理論叢,27(2S),93-118。13. 黃彥棻。(2012)。個資法細則送審,新版草案取消軌跡資料。ithome。取自:https://www.ithome.com.tw/node/7489114. 經濟部。(2018a)。個資流程衝擊分析表、填寫說明及填寫範例。 取自:https://www.moea.gov.tw/MNS/COLR/content/wHandMenuFile.ashx?file_id=1763015. 經濟部。(2018b)。經濟部個人資料保護作業手冊107年3月版。取自:https://www.moea.gov.tw/MNS/COLR/content/wHandMenuFile.ashx?file_id=1762916. 經濟部標準檢驗局。(2016)。「個人資料去識別化」驗證標準規範研訂及推廣。取自:https://www.slideshare.net/vtaiwan/ss-5856243717. 經濟部標準檢驗局。(2018)。專題報導-資訊大爆炸時代,標準保障使用者的資訊安全。取自:標準資料電子報 http://fsms.bsmi.gov.tw/cat/epaper/0706.html18. 葉志良。(2016)。大數據應用下個人資料定義的檢討:以我國法院判決為例。[The Adjustment of the Definition of Personal Information in the Age of Big Data: From a Perspective of Court case]。資訊社會研究(31),1-33。19. 葉志良。(2017)。大數據應用下個人資料的法律保護。人文與社會科學簡訊,19(1),6。20. 廖緯民。(1996)。論資訊時代的隱私權保護-以「資訊隱私權」為中心。資訊法務透析,8(11),20-27。doi:10.7062/INFOLAW.199611.001321. 樊國楨、蔡昀臻。(2016)。個人資料去識別之標準化的進程初探:根基於ISO/IEC 2nd WD 20889:2016-05-30。標準與檢驗雙月刊,196,24。22. 蔡昀臻。(2016)。巨量資料發布系統之個人資料去識別化要求事項初論。(碩士),國立交通大學,新竹市。取自:https://hdl.handle.net/11296/uk35xw23. 鍾孝宇。(2016)。巨量資料與隱私權─個人資料保護機制的再思考。(碩士),國立政治大學,台北市。取自:https://hdl.handle.net/11296/hc3kkv英文參考文獻24. APEC privacy framework.(2005). Paper presented at the Asia Pacific Economic Cooperation Secretariat. http://publications.apec.org/-/media/APEC/Publications/2005/12/APEC-Privacy-Framework/05_ecsg_privacyframewk.pdf25. Barbaro, M, & Zeller Jr., T.(2006). A Face Is Exposed for AOL Searcher No. 4417749. The New York Times Retrieved from https://www.nytimes.com/2006/08/09/technology/09aol.html26. Bing, J. (1984). The Council of Europe Convention and OECD Guidelines on Data Protection. Mich. YBI Legal Stud., 5, 271.27. Calo, R.(2013). Against notice skepticism in privacy(and elsewhere). Notre Dame Law Review, 87(3), 1027.28. Cooley, T. M., & Lewis, J.(1907). A treatise on the law of torts, or the wrongs which arise independently of contract. Chicago: Callaghan & company.29. Davis, W.(2013). AOL Settles Data Valdez Lawsuit For $5 Million. from Media Post https://www.mediapost.com/publications/article/193831/aol-settles-data-valdez-lawsuit-for-5-million.html30. El Emam, K.(2011). Methods for the de-identification of electronic health records for genomic research. Genome Medicine, 3(4), 25. doi:10.1186/gm23931. Garfinkel, S. L.(2015a). The Data Identifiability Spectrum. In De-identification of personal information (Ed.).32. Garfinkel, S. L.(2015b). De-identification of personal information. Retrieved from https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf33. Harford, T.(2014). Big data: A big mistake? Significance, 11(5), 14-19.34. Information and privacy commissioner of Ontario(2016). De-identification Guidelines for Structured Data.35. King, N. J., & Forder, J.(2016). Data analytics and consumer profiling: Finding appropriate privacy principles for discovered data. Computer Law & Security Review, 32(5), 696-714. doi:https://doi.org/10.1016/j.clsr.2016.05.00236. Li, C. (2016). A Gentle introduction to gradient boosting. URL: http://www.ccs.neu. edu/home/vip/teach/MLcourse/4_ boosting/slides/gradient_boosting.pdf.37. Longhurst, R.(2003). Semi-structured interviews and focus groups. Key methods in geography, 3, 143-156.38. Malin, B.(2013). A De-identification Strategy Used for Sharing One Data Provider’s Oncology Trials Data through the Project Data Sphere® Repository. Project Data Sphere.39. Mantelero, A.(2014). The future of consumer data protection in the EU Re-thinking the “notice and consent” paradigm in the new era of predictive analytics. Computer Law Security Review, 30(6), 643-660.40. Mayer-Schönberger, V., & Cukier, K.(2014). Big Data: A Revolution That Will Transform How We Live, Work, and Think: Houghton Mifflin Harcourt.41. McCallister, E.(2010). Guide to protecting the confidentiality of personally identifiable information: Diane Publishing.42. Nissenbaum, H.(2011). A Contextual Approach to Privacy Online. Daedalus, 140(4), 32-48. doi:10.1162/DAED_a_0011343. Palinkas, L. A., Horwitz, S. M., Green, C. A., Wisdom, J. P., Duan, N., & Hoagwood, K.(2015). Purposeful Sampling for Qualitative Data Collection and Analysis in Mixed Method Implementation Research. Administration and policy in mental health, 42(5), 533-544. doi:10.1007/s10488-013-0528-y44. Article 29 Data Protection Working Party.(2007). Opinion 4/2007 on the concept of personal data.45. Article 29 Data Protection Working Party.(2017). Guidelines on Data Protection Impact Assessment(DPIA)and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679.46. Executive Office of the President, Munoz, C., Director, D. P. C., Megan (US Chief Technology Officer Smith (Office of Science and Technology Policy)), & DJ (Deputy Chief Technology Officer for Data Policy and Chief Data Scientist Patil (Office of Science and Technology Policy)). (2016). Big data: A report on algorithmic systems, opportunity, and civil rights. Executive Office of the President.47. Rustici, C.(2018). GDPR Profiling and Business Practice. In Computer Law Review International(Vol. 19, pp. 34).48. Schermer, B. W.(2011). The limits of privacy in automated profiling and data mining. Computer Law & Security Review, 27(1), 45-52. doi:https://doi.org/10.1016/j.clsr.2010.11.00949. Schwartz, P. M., & Solove, D. J.(2011). The PII problem: Privacy and a new concept of personally identifiable information. NYUL rev., 86, 1814.50. President`s Council of Advisors on Science Technology.(2014). Report to the President, Big Data and Privacy: A Technology Perspective. Executive Office of the President, President`s Council of Advisors on Science and Technology51. Sweeney, L.(2002). k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness Knowledge-Based Systems, 10(05), 557-570.52. United States v. Knotts.(1983). In US Report(Vol. 460, pp. 276): United States Supreme Court53. Voigt, P., & Von dem Bussche, A.(2017). The EU General Data Protection Regulation(GDPR)(Vol. 18): Springer.54. Warren, S. D., & Brandeis, L. D.(1890). The Right to Privacy. Harvard Law Review, 4(5). doi:10.2307/132116055. Zuiderveen Borgesius, F. J.(2016). Singling out people without knowing their names – Behavioural targeting, pseudonymous data, and the new Data Protection Regulation. Computer Law & Security Review, 32(2), 256-271. doi:https://doi.org/10.1016/j.clsr.2015.12.013 描述 碩士
國立政治大學
科技管理與智慧財產研究所
105364210資料來源 http://thesis.lib.nccu.edu.tw/record/#G1053642101 資料類型 thesis dc.contributor.advisor 鄭菀瓊 zh_TW dc.contributor.advisor Cheng, Wan-Chiung en_US dc.contributor.author (Authors) 鄭依明 zh_TW dc.contributor.author (Authors) Cheng, Yi-Ming en_US dc.creator (作者) 鄭依明 zh_TW dc.creator (作者) Cheng, Yi-Ming en_US dc.date (日期) 2019 en_US dc.date.accessioned 7-Aug-2019 17:05:05 (UTC+8) - dc.date.available 7-Aug-2019 17:05:05 (UTC+8) - dc.date.issued (上傳時間) 7-Aug-2019 17:05:05 (UTC+8) - dc.identifier (Other Identifiers) G1053642101 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/125031 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 科技管理與智慧財產研究所 zh_TW dc.description (描述) 105364210 zh_TW dc.description.abstract (摘要) 隨著全球大數據經濟不斷的發展,企業利用手邊數據進行新商業機會開發的行為,逐漸成為受到普遍重視的新商業模式發展策略。尤其是對於面臨著產業轉型需求與傳統產業升級壓力的台灣企業來說,這些企業正嘗試跟隨這波浪潮,不斷的投入公司資源進行數據的利用與研究,以優化舊有服務與打造新服務為目的,盡可能尋找各種能為公司創造價值的數據利用模式。其中,利用大量的個人資料建立客戶剖析模型以創造新商業價值的模式,更是許多企業在近年來成功利用於消費者分析、精準行銷與客製化服務設計等領域之典範,而被視為擁有極大發展潛力的個人資料利用方式。但企業所追求極大化個人資料價值的利用目的,與個資法中資料隱私權給予資料擁有者控制個人資料的保護目的,兩者是相互矛盾的。針對企業應該如何平衡該矛盾的議題探討,雖然目前相關討論的文獻漸多,但大多數僅以理論面的探討為主,而少有企業內部實際運作的討論,因而難以得知企業實際面對此議題所產生的情境為何。因此,本文提供了一實際企業進行剖析模型開發案例的介紹,並整理個資法關於個資保護範圍、個資管理模式的現有規範,嘗試分析出企業在個資法的規範下所面臨的問題與困難,並給予未來要利用個人資料進行剖析模型建立的企業一個完整的參考依據。而本研究將藉由與台灣知名金控公司的大數據團隊管理者進行深度訪談,獲取剖析模型建立的實際資料處理情境,並同時進行關於個資保護範圍、企業個資管理模式的文獻探討,最後也會包含結合理論面與實務面綜合分析。本研究結果發現,由於建立剖析模型的資料處理情境十分複雜且擁有高流程變動性,同時加上有人工智慧特性的演算法參與使得資料處理結果難以預期,造成了企業高昂的管理成本與在資料管理上的限制。而這樣的情形將導致企業在剖析模型建立的過程中容易忽略了對於個人資料的保護,產生許多潛在的隱私侵害來源。因此,企業應在過程中進行隱私衝擊評估,並密切關注隱私衝擊來源的轉換,建立有效率的隱私風險管理模式,以平衡在大數據時代下利用個資行為與個資法保護目的之矛盾。 zh_TW dc.description.abstract (摘要) With the continuous growth in global big data market, it becomes more and more essential for companies to develop their own strategy so as to find new business opportunities by exploiting data. Especially for companies in Taiwan which face the desperate need of transformation in conventional industries and industries upgrading, they are trying to follow up the overwhelming trend of big data by constantly investing resources in exploiting data and related research.Recently, the method of using lots of personal data to build customer profiling models has been considered as one of the most promising ways to exploit personal data. However, it may somehow cause conflicts between the goal that companies pursue to maximize the value of personal data and the core value that personal data protection law provides people the right to control their own personal data. In spite of the fact that there are more and more researches about the issue of how to resolve the contradiction, most of them were mainly focus on theoretical discussion and yet lack of providing practical cases inside the company. Therefore, the real impact for company in dealing with this issue is still not unveiled.Accordingly, this paper provides an actual profiling model building scenario to discuss this problem. In addition, it sorts out the regulations of the personal data protection law, trying to figure out what kind of the data should be protected and how should the company manage them, providing comprehensive suggestions for companies which are going to build profiling model with personal data in the future.To sum up, the process of building profiling model is so sophisticated and fluctuated as well as the implementation of AI Algorithm which makes output even more unpredictable, the company are now facing heavy managerial cost and the limitation of data management. That leads to the ignorance and reluctance of personal data protection for company; meanwhile, it may also cause lots of potential privacy violations. Therefore, the company should keep an eye on the possible sources of the privacy risks from time to time and establish the adapting risk control system effectively. en_US dc.description.tableofcontents 第一章 緒論 1第一節 研究動機與目的 1第二節 研究方法 3第一項 研究範圍與研究方法 3第二項 研究規劃與章節安排 6第二章 台灣個資法對於企業利用個資的影響 8第一節 台灣個資法的發展與修法背景簡介 8第二節 個資法保護內涵:資訊隱私權 12第三節 個資保護範圍的探討 13第一項 間接識別性資料的界線 14第二項 去識別化資料的界線 23第三項 連結性資料的界線 28第四項 合理隱私期待資料的界線 32第五項 小結 34第四節 資料的個資法適用性判斷 36第三章 企業利用個人資料之管理模式 40第一節 告知與同意原則 40第二節 去識別化管理 43第三節 資料處理流程的隱私衝擊評估 50第四節 GDPR中針對建立剖析模型行為的管理規範 55第四章 企業建立剖析模型實際案例分析 59第一節 案例介紹—金控公司的信用指標建立專案 59第一項 剖析模型建立動機 60第二項 剖析模型建立流程介紹 61第二節 資料的個資法適用性分析 72第三節 資料處理的隱私衝擊評估 81第五章 結論 92第一節 研究發現 92第二節 研究限制與建議 97參考文獻 99附錄 105 zh_TW dc.format.extent 3157303 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G1053642101 en_US dc.subject (關鍵詞) 人工智慧 zh_TW dc.subject (關鍵詞) 數據分析 zh_TW dc.subject (關鍵詞) 個資法 zh_TW dc.subject (關鍵詞) 個資管理 zh_TW dc.subject (關鍵詞) 隱私衝擊評估 zh_TW dc.subject (關鍵詞) 個案研究 zh_TW dc.subject (關鍵詞) 剖析模型 zh_TW dc.subject (關鍵詞) 大數據經濟 zh_TW dc.subject (關鍵詞) AI(artificial intelligence) en_US dc.subject (關鍵詞) Data analysis en_US dc.subject (關鍵詞) Personal data protection en_US dc.subject (關鍵詞) Personal data management en_US dc.subject (關鍵詞) Privacy risk assessment en_US dc.subject (關鍵詞) Case study en_US dc.subject (關鍵詞) Profiling model en_US dc.subject (關鍵詞) Big data en_US dc.title (題名) 大數據經濟發展下企業利用個資方式所面臨的個資法規範分析—以金控公司建立客戶信用分數的剖析模型(Profiling)專案為例 zh_TW dc.title (題名) Personal Data Protection in the Era of Big Data — Case Study of a Taiwanese Financial Holding Company’s Customer Profiling Practice en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) ㄧ、中文參考文獻1. 宋皇志。(2018)。巨量資料交易之法律風險與管理意涵-以個人資料再識別化為中心。 管理評論, 37(4),37-51。2. 林鴻文。(2013)。個人資料保護法。台北市:書泉出版社。3. 法務部。(2010)。電腦處理個人資料保護法修正條文對照表。 取自:https://www.moj.gov.tw/dl-19613-da3da130e2ed464fbaf534929cfc9fb0.html4. 法務部。(2011)。電腦處理個人資料保護法施行細則修正草案條文對照表。取自:http://www.moj.gov.tw/public/Attachment/1102710165577.pdf5. 法務部。(2016)。公務機關利用去識別化資料之合理風險控制及法律責任。取自:http://ws.ndc.gov.tw/Download.ashx?u=LzAwMS9hZG1pbmlzdHJhdG9yLzEwL2NrZmlsZS9jMzRiN2YzNy03ZjgwLTRiMmQtOTliYS02NWZjNTcyNzczNmQucGRm&n=KDEp6Kqy56iL5ZCN56ixLeWAi%2BS6uuizh%2BaWmeWOu%2BitmOWIpeWMluS5i%2BWIpOaWt%2Baomea6luWPiuebuOmXnOazleW%2Bi%2BiyrOS7u%2BaOouioji5wZGY%3D6. 范姜真媺。(2013)。個人資料保護法關於「個人資料」保護範圍之檢討。東海大學法學研究(41),91-123。7. 徐仕瑋。(2015)。從「電信業者別」看我國個資法之適用。人權會訊(115),37-38。8. 財政部財政資訊中心。(2016)。個人資料去識別化過程驗證案例報告。取自:https://ws.ndc.gov.tw/Download.ashx?u=LzAwMS9hZG1pbmlzdHJhdG9yLzEwL2NrZmlsZS83YzI2YzEwMy0yNzU4LTQ0YTMtODg0Mi03N2ZmNTBkMzNhMWIucGRm&n=KDQp6Kqy56iL5ZCN56ixLeWAi%2BS6uuizh%2BaWmeWOu%2BitmOWIpeWMlumBjueoi%2Bmpl%2BitieahiOS%2Bi%2BWgseWRii5wZGY%3D9. 張陳弘。(2016)。個人資料之認定-個人資料保護法適用之啟動閥。法令月刊,67(5),67-101。10. 張陳弘。(2018)。新興科技下的資訊隱私保護:[告知後同意原則] 的侷限性與修正方法之提出。臺大法學論叢,47(1),201-297。11. 陳佑寰。(2016)。鬆綁部份告知同意規定-個資法修正有利網路產業。取自:網管人 https://www.netadmin.com.tw/article_content.aspx?sn=160111001712. 彭金隆、陳俞沛與孫群。(2017)。巨量資料應用在台灣個資法架構下的法律風險。臺大管理論叢,27(2S),93-118。13. 黃彥棻。(2012)。個資法細則送審,新版草案取消軌跡資料。ithome。取自:https://www.ithome.com.tw/node/7489114. 經濟部。(2018a)。個資流程衝擊分析表、填寫說明及填寫範例。 取自:https://www.moea.gov.tw/MNS/COLR/content/wHandMenuFile.ashx?file_id=1763015. 經濟部。(2018b)。經濟部個人資料保護作業手冊107年3月版。取自:https://www.moea.gov.tw/MNS/COLR/content/wHandMenuFile.ashx?file_id=1762916. 經濟部標準檢驗局。(2016)。「個人資料去識別化」驗證標準規範研訂及推廣。取自:https://www.slideshare.net/vtaiwan/ss-5856243717. 經濟部標準檢驗局。(2018)。專題報導-資訊大爆炸時代,標準保障使用者的資訊安全。取自:標準資料電子報 http://fsms.bsmi.gov.tw/cat/epaper/0706.html18. 葉志良。(2016)。大數據應用下個人資料定義的檢討:以我國法院判決為例。[The Adjustment of the Definition of Personal Information in the Age of Big Data: From a Perspective of Court case]。資訊社會研究(31),1-33。19. 葉志良。(2017)。大數據應用下個人資料的法律保護。人文與社會科學簡訊,19(1),6。20. 廖緯民。(1996)。論資訊時代的隱私權保護-以「資訊隱私權」為中心。資訊法務透析,8(11),20-27。doi:10.7062/INFOLAW.199611.001321. 樊國楨、蔡昀臻。(2016)。個人資料去識別之標準化的進程初探:根基於ISO/IEC 2nd WD 20889:2016-05-30。標準與檢驗雙月刊,196,24。22. 蔡昀臻。(2016)。巨量資料發布系統之個人資料去識別化要求事項初論。(碩士),國立交通大學,新竹市。取自:https://hdl.handle.net/11296/uk35xw23. 鍾孝宇。(2016)。巨量資料與隱私權─個人資料保護機制的再思考。(碩士),國立政治大學,台北市。取自:https://hdl.handle.net/11296/hc3kkv英文參考文獻24. APEC privacy framework.(2005). Paper presented at the Asia Pacific Economic Cooperation Secretariat. http://publications.apec.org/-/media/APEC/Publications/2005/12/APEC-Privacy-Framework/05_ecsg_privacyframewk.pdf25. Barbaro, M, & Zeller Jr., T.(2006). A Face Is Exposed for AOL Searcher No. 4417749. The New York Times Retrieved from https://www.nytimes.com/2006/08/09/technology/09aol.html26. Bing, J. (1984). The Council of Europe Convention and OECD Guidelines on Data Protection. Mich. YBI Legal Stud., 5, 271.27. Calo, R.(2013). Against notice skepticism in privacy(and elsewhere). Notre Dame Law Review, 87(3), 1027.28. Cooley, T. M., & Lewis, J.(1907). A treatise on the law of torts, or the wrongs which arise independently of contract. Chicago: Callaghan & company.29. Davis, W.(2013). AOL Settles Data Valdez Lawsuit For $5 Million. from Media Post https://www.mediapost.com/publications/article/193831/aol-settles-data-valdez-lawsuit-for-5-million.html30. El Emam, K.(2011). Methods for the de-identification of electronic health records for genomic research. Genome Medicine, 3(4), 25. doi:10.1186/gm23931. Garfinkel, S. L.(2015a). The Data Identifiability Spectrum. In De-identification of personal information (Ed.).32. Garfinkel, S. L.(2015b). De-identification of personal information. Retrieved from https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf33. Harford, T.(2014). Big data: A big mistake? Significance, 11(5), 14-19.34. Information and privacy commissioner of Ontario(2016). De-identification Guidelines for Structured Data.35. King, N. J., & Forder, J.(2016). Data analytics and consumer profiling: Finding appropriate privacy principles for discovered data. Computer Law & Security Review, 32(5), 696-714. doi:https://doi.org/10.1016/j.clsr.2016.05.00236. Li, C. (2016). A Gentle introduction to gradient boosting. URL: http://www.ccs.neu. edu/home/vip/teach/MLcourse/4_ boosting/slides/gradient_boosting.pdf.37. Longhurst, R.(2003). Semi-structured interviews and focus groups. Key methods in geography, 3, 143-156.38. Malin, B.(2013). A De-identification Strategy Used for Sharing One Data Provider’s Oncology Trials Data through the Project Data Sphere® Repository. Project Data Sphere.39. Mantelero, A.(2014). The future of consumer data protection in the EU Re-thinking the “notice and consent” paradigm in the new era of predictive analytics. Computer Law Security Review, 30(6), 643-660.40. Mayer-Schönberger, V., & Cukier, K.(2014). Big Data: A Revolution That Will Transform How We Live, Work, and Think: Houghton Mifflin Harcourt.41. McCallister, E.(2010). Guide to protecting the confidentiality of personally identifiable information: Diane Publishing.42. Nissenbaum, H.(2011). A Contextual Approach to Privacy Online. Daedalus, 140(4), 32-48. doi:10.1162/DAED_a_0011343. Palinkas, L. A., Horwitz, S. M., Green, C. A., Wisdom, J. P., Duan, N., & Hoagwood, K.(2015). Purposeful Sampling for Qualitative Data Collection and Analysis in Mixed Method Implementation Research. Administration and policy in mental health, 42(5), 533-544. doi:10.1007/s10488-013-0528-y44. Article 29 Data Protection Working Party.(2007). Opinion 4/2007 on the concept of personal data.45. Article 29 Data Protection Working Party.(2017). Guidelines on Data Protection Impact Assessment(DPIA)and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679.46. Executive Office of the President, Munoz, C., Director, D. P. C., Megan (US Chief Technology Officer Smith (Office of Science and Technology Policy)), & DJ (Deputy Chief Technology Officer for Data Policy and Chief Data Scientist Patil (Office of Science and Technology Policy)). (2016). Big data: A report on algorithmic systems, opportunity, and civil rights. Executive Office of the President.47. Rustici, C.(2018). GDPR Profiling and Business Practice. In Computer Law Review International(Vol. 19, pp. 34).48. Schermer, B. W.(2011). The limits of privacy in automated profiling and data mining. Computer Law & Security Review, 27(1), 45-52. doi:https://doi.org/10.1016/j.clsr.2010.11.00949. Schwartz, P. M., & Solove, D. J.(2011). The PII problem: Privacy and a new concept of personally identifiable information. NYUL rev., 86, 1814.50. President`s Council of Advisors on Science Technology.(2014). Report to the President, Big Data and Privacy: A Technology Perspective. Executive Office of the President, President`s Council of Advisors on Science and Technology51. Sweeney, L.(2002). k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness Knowledge-Based Systems, 10(05), 557-570.52. United States v. Knotts.(1983). In US Report(Vol. 460, pp. 276): United States Supreme Court53. Voigt, P., & Von dem Bussche, A.(2017). The EU General Data Protection Regulation(GDPR)(Vol. 18): Springer.54. Warren, S. D., & Brandeis, L. D.(1890). The Right to Privacy. Harvard Law Review, 4(5). doi:10.2307/132116055. Zuiderveen Borgesius, F. J.(2016). Singling out people without knowing their names – Behavioural targeting, pseudonymous data, and the new Data Protection Regulation. Computer Law & Security Review, 32(2), 256-271. doi:https://doi.org/10.1016/j.clsr.2015.12.013 zh_TW dc.identifier.doi (DOI) 10.6814/NCCU201900050 en_US