學術產出-Theses
Article View/Open
Publication Export
-
題名 台灣創業生態系之個人資料管理與法遵議題
Personal Data Management and Legal Compliance Issue of Taiwan Entrepreneurial Ecosystem作者 黃炳曄
Huang, Bing-Yeh貢獻者 鄭至甫
Jeng, Jyh-Fu
黃炳曄
Huang, Bing-Yeh關鍵詞 新創
創業
生態系
歐盟
個資
法遵
台灣
GDPR
personal data
startup
start-up
entrepreneurial ecosystem
compliance
Taiwan日期 2021 上傳時間 2-Mar-2021 14:53:29 (UTC+8) 摘要 在巨量資料的時代裡,企業運用資料來進行分析以及驅動人工智慧模型來進行決策,藉以獲得豐厚的商業利潤。其中,個人資料所蘊含的商業價值更讓人無法忽視。因此,企業透過各種不同的手段來蒐集並使用個人資料,卻因此造成隱私權受侵害的事件不斷發生。有鑑於此,歐盟在2016年頒布了GDPR,並於2018年開始實施,藉此規範了企業使用個人資料的方式。台灣為了接軌國際,預計以GDPR作為基礎來對個人資料保護法進行修法。由於GDPR包含了為數眾多地新的個人資料使用概念,因此勢必對台灣之商業環境造成衝擊,尤其是台灣創業生態系將首當其衝。本研究旨在探討台灣創業生態系之個人資料管理與法遵議題,因此必須先檢視台灣創業生態系現行個人資料管理與法遵之現況,並再以未來台灣個人資料保護法將類比GDPR規格之修法前提下,探討台灣創業生態系之應對與調整。為了達到前述研究目的,本研究透過深度訪談法對台灣創業生態系的不同角色進行訪問,並且依據訪談結果與次級資料提出台灣創業生態系應對之策。首先,本研究發現,新創公司在包含知情同意以及資料安全性等方面的法遵措施的投入程度皆與新創公司的規模以及其蒐用資料的方式有關,並且遵循一法遵成長脈絡。此外,台灣創業生態系不同角色在個人資料管理與法遵議題上對新創公司的協助相當有限。接著,本研究透過分析GDPR與現行個人資料保護法的差異,並整理出法規遵循上的先後順序,藉此提供新創公司法遵上的建議。最後,本研究依據對台灣創業生態系的了解以及法規分析,對創業生態系提出關於去識別化與跨領域教育等方面之建議。如此一來,新創公司才能提早進行法遵,並有效節省法遵成本。另外,雖然仍有像是刪除權與兒童隱私保護等難以遵循之規定,但合規輔助者的出現,可望解決這些難解之題,並成為創新的契機。
In the age of big data, enterprises utilize data analytics and artificial intelligence models to make important decisions, thereby obtaining great commercial profits. Especially, the commercial value brought by personal data is significant. Enterprise collects and uses personal data with a variety of methods, this has however resulted in frequent violations of privacy. In view of this, GDPR, the regulation to restrict enterprise’s personal data usage, was adopted in 2016 and became enforceable beginning in 2018. In order to connect with the world, the Taiwan government is expected to amend the personal data protection law based on GDPR. As GDPR contains various new concepts in the use of personal data, it is bound to have an impact on Taiwan business environment, especially on the Taiwan entrepreneurial ecosystem will bear the brunt.This research aimed to discuss the personal data management and legal compliance issue of Taiwan entrepreneurial ecosystem. Therefore, it is necessary to review the current situation of personal data management and legal compliance in Taiwan entrepreneurial ecosystem, and then discuss Taiwan entrepreneurial ecosystem’s response and adjustment to the future change of Taiwan new personal data protection law when it amended in accordance with GDPR. In order to achieve the aforementioned purposes of research, this research conducted in-depth interviews on different roles in Taiwan entrepreneurial ecosystem, based on the interview results and secondary data, this research proposed countermeasures for Taiwan entrepreneurial ecosystem.Firstly, this research found that the legal compliance investment (including informed consent and data security) of startup companies are related to the scale of startup companies and the way they process personal data, startup companies also follow a certain law-compliance growth path. In addition, with regard to personal data management and legal compliance issue, the current assistance provided by different roles in Taiwan entrepreneurial ecosystem is still limited.Next, this research analyzed the differences between GDPR and the current Taiwan personal data protection law, and points out the priority when complying regulation, for startup companies.Finally, based on the understanding of Taiwan entrepreneurial ecosystem and legal analysis, this research puts forward suggestions on de-identification and interdisciplinary education for the entrepreneurial ecosystem. Thus, startup companies can implement legal compliance earlier and save legal compliance costs effectively. In addition, although there are still difficult-to-compliance regulations such as the right to delete and the protection of children`s privacy, the emergence of Compliance Supporter is expected to solve these difficult problems and become an opportunity for innovation.參考文獻 英文文獻Acs, Z. J., Stam, E., Audretsch, D. B., & O’Connor, A. (2017). The lineages of the entrepreneurial ecosystem approach. Small Business Economics, 49(1), 1-10. doi:10.1007/s11187-017-9864-8Adner, R. (2016). Ecosystem as Structure: An Actionable Construct for Strategy. Journal of Management, 43(1), 39-58. doi:10.1177/0149206316678451Grow Advisors. (2017). The Startup Ecosystem White Paper. Retrieved from: https://www.startupcommons.org/download-documents.htmlAlm, J. G. (2015). The Privacies of Life: Automatic License Plate Recognition in Unconstitutional under the Mosaic Theory of Fourth Amendment Privacy Law. HAmLINE L. REv., 38, 127.Basin, D., Debois, S., & Hildebrandt, T. (2018). On Purpose and by Necessity: Compliance Under the GDPR, Berlin, Heidelberg: Springer.Blank, S., & Dorf, B. (2012). The startup owner`s manual: The step-by-step guide for building a great company, U.S, Hoboken: John Wiley & Sons.Bosma, N., Acs, Z. J., Autio, E., Coduras, A., & Levie, J. (2008). Global entrepreneurship monitor executive report. Santiago, London: Babson Park.Boyce, C., & Neale, P. (2006).Conducting in-depth interviews: A guide for designing andconducting in-depth interviews for evaluation input. Pathfinder International Watertown, MA.Cadwalladr, C., & Graham-Harrison, E. (2018, Mar 17). Revealed: 50 million facebook profiles harvested for cambridge analytica in major data breach. The Observer Retrieved from: https://login.autorpa.lib.nccu.edu.tw/login?url=https://www.proquest.com/newspapers/revealed-50-million-facebook-profiles-harvested/docview/2014573719/se-2?accountid=10067Cavoukian, A. (2009). Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada, 5.Chou, C.-f., & Shy, O. (1990). Network effects without network externalities. International Journal of Industrial Organization, 8(2), 259-270.Clement, J. (2019). Number of monthly active Facebook users worldwide as of 4th quarter 2019. Retrieved from: https://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/Carter, N., Bryant-Lukosius, D., DiCenso, A., Blythe, J., & Neville, A. J. (2014). The use of triangulation in qualitative research. Oncology nursing forum, 41(5), 545-547. doi:10.1188/14.onf.545-547Cormack, A. (2020). An Introduction to the GDPR. IDPro Body of Knowledge, 1(1).Crabtree, B. F., & Miller, W. L. (1992). Doing qualitative research. Paper presented at the Annual North American Primary Care Research Group Meeting, 19th, May, 1989, Quebec, PQ, Canada.Crabtree, B. F., & Miller, W. L. (1999). Doing Qualitative Research, 2d Edition. Newbury Park,CA: Sage Publications.Creswell, J. W., & Creswell, J. D. (2017). Research design: Qualitative, quantitative, and mixed methods approaches Newbury Park,CA: Sage Publications.Dempwolf, C. S., Auer, J., & D’Ippolito, M. (2014). Innovation accelerators: Defining characteristics among startup assistance organizations. Small Business Administration, Retrieved from: https://www.sba.gov/Denzin, N. (1970). Strategies of multiple triangulation. The Rresearch Act In Sociology: A Theoretical Iintroduction To Sociological Method, 297(1970), 313.Denzin, N. K. (1978). Triangulation: A case for methodological evaluation and combination. Sociological Methods, pp. 339-357.Evans, D. S., Schmalensee, R., Noel, M. D., Chang, H. H., & Garcia‐Swartz, D. D. (2011). Platform Economics: Essays on Multi‐Sided Businesses. In D. S. Evans (Ed.), Competition Policy International. Available at SSRN: https://ssrn.com/abstract=1974020.European Commission. (2018a). Who does the data protection law apply to? Retrieved from :https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_enEuropean Commission. (2018b). Does my company/organisation need to have a Data Protection Officer (DPO)? Retrieved from: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/data-protection-officers/does-my-company-organisation-need-have-data-protection-officer-dpo_enFan, Z., & Gupta, A. (2018). The Dangers of Digital Protectionism. Retrieved from Harvard Business Review website: https://hbr.org/2018/08/the-dangers-of-digital-protectionismFarboodi, M., Mihet, R., Philippon, T., & Veldkamp, L. (2019). Big data and firm dynamics. Paper presented at the AEA papers and proceedings.Feld, B. (2020). Startup communities: Building an entrepreneurial ecosystem in your city ,U.S, Hoboken: John Wiley & Sons.Freitas, M. D. C., & Mira da Silva, M. (2018). GDPR Compliance in SMEs: There is much to be done. Journal of Information Systems Engineering & Management, 3(4), 30.Gapper, J. (2016). LinkedIn Swaps Business Cards with Microsoft. Financial Times, 15.Gartner. (2017). Gartner Says Organizations Are Unprepared for the 2018 European Data Protection Regulation. Retrieved from: https://www.gartner.com/en/newsroom/press-releases/2017-05-03-gartner-says-organizations-are-unprepared-for-the-2018-european-data-protection-regulationGoddard, M. (2017). The EU General Data Protection Regulation (GDPR): European regulation that has a global impact. International Journal of Market Research, 59(6), 703-705.Graham, P. (2012). Startup= growth. Retrieved from: http://www.paulgraham.com/growth.htmlGrilo, A., Águeda, A., Zutshi, A., & Nodehi, T. (2017). Relationship between investors and european startup ecosystems builders. Paper presented at the 2017 International Conference on Engineering, Technology and Innovation (ICE/ITMC).Herrington, M., Kew, J., Kew, P., & Monitor, G. E. (2010). Tracking entrepreneurship in South Africa: A GEM perspective . South Africa: Graduate School of Business, University of Cape Town.Hintze, M., & LaFever, G. (2017). Meeting Upcoming GDPR Requirements While Maximizing the Full Value of Data Analytics. Available at SSRN 2927540.Holvast, J. (2007). 27 - History of privacy. In K. D. Leeuw & J. Bergstra (Eds.), The History of Information Security (pp. 737-769). Amsterdam: Elsevier Science B.V.Iansiti, M., & Levien, R. (2004). Strategy as ecology. Harvard business review, 82(3), 68-78.Isaak, J., & Hanna, M. J. (2018). User data privacy: Facebook, Cambridge Analytica, and privacy protection. Computer, 51(8), 56-59.Jia, J., Jin, G. Z., & Wagman, L. (2018). The short-run effects of gdpr on technology venture investment (No. w25248). National Bureau of Economic Research.Jiao, Y., Wang, P., Niyato, D., Alsheikh, M. A., & Feng, S. (2017). Profit maximization auction and data management in big data markets. Paper presented at the 2017 IEEE Wireless Communications and Networking Conference (WCNC).Jones, C. (2019). France issues Google with the heaviest GDPR fine to date. IT Pro. Retrieved from: https://www.itpro.co.uk/general-data-protection-regulation-gdpr/32811/france-issues-google-with-the-heaviest-gdpr-fine-toKhwaja, M., & Matic, A. (2019). Personality Is Revealed During Weekends: Towards Data Minimisation for Smartphone Based Personality Classification, Springer International Publishing. 551-560.Kirchhoff, B. A., & Phillips, B. D. (1988). The effect of firm formation and growth on job creation in the United States. Journal of business venturing., 3(4), 261-272. doi:10.1016/0883-9026(88)90008-0Konczal, J. (2012). Evaluating the effects of accelerators? Not so fast. Forbes 2012 [cited Aug 8 2012].Laney, D. (2001). 3D Data Management: Controlling Data Volume, Velocity, and Variety . META Group .Layton, R., & Elaluf-Calderwood, S. (2019, November). A Social Economic Analysis of the Impact of GDPR on Security and Privacy Practices. In 2019 12th CMI Conference on Cybersecurity and Privacy (CMI) (pp. 1-6). IEEE.Lievens, E., & Milkaite, I. (2017). Age of consent in the GDPR: updated mapping of recent national guidance and proposals. Better Internet for Kids.Love, H. (2016). The Start-Up J Curve: The Six Steps to Entrepreneurial Success: Greenleaf Book Group.Machuletz, D., & Böhme, R. (2020). Multiple purposes, multiple problems: A user study of consent dialogs after GDPR. Proceedings on Privacy Enhancing Technologies, 2020(2), 481-498.Markman, G. D., Phan, P. H., Balkin, D. B., & Gianiodis, P. T. (2005). Entrepreneurship and university-based technology transfer. Journal of Business Venturing, 20(2), 241-263.Marr, B. (2017). Data strategy: How to profit from a world of big data, analytics and the internet of things: Kogan Page Publishers.Martin, N., Matt, C., Niebel, C., & Blind, K. (2019). How Data Protection Regulation Affects Startup Innovation. Information Systems Frontiers, 21(6), 1307-1324. doi:10.1007/s10796-019-09974-2Mason, C., & Brown, R. (2014). Entrepreneurial ecosystems and growth oriented entrepreneurship. Final report to OECD, Paris, 30(1), 77-102.Mourby, M., Mackey, E., Elliot, M., Gowans, H., Wallace, S. E., Bell, J., & Kaye, J. (2018). Are ‘pseudonymised’data always personal data? Implications of the GDPR for administrative data research in the UK. Computer Law & Security Review, 34(2), 222-233.Neumann, J. (2019 ). A Taxonomy of Moats. Retrieved from: http://reactionwheel.net/2019/09/a-taxonomy-of-moats.htmlPolit, D., & Beck, C. (2012). Essentials of nursing research. Ethics, 23(2), 145-160.Politou, E., Alepis, E., & Patsakis, C. (2018). Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions. Journal of Cybersecurity, 4(1), tyy001.Porter, M. E. (1991, Apr 1991). America`s Green Strategy. Scientific American, 264, 168.Porter, M. E., & Van der Linde, C. (1995). Toward a new conception of the environment-competitiveness relationship. Journal of Economic Perspectives, 9(4), 97-118.Provost, F., & Fawcett, T. (2013). Data science and its relationship to big data and data-driven decision making. Big Data, 1(1), 51-59.Punch, K. F. (2013). Introduction to social research: Quantitative and qualitative approaches: sage.Radinsky, K. (2015). Data monopolists like Google are threatening the economy. Harvard Business Review, Retrieved from: https://hbr.org/2015/03/data-monopolists-like-google-are-threatening-the-economyRobehmed, N. (2013). What is a Startup. Forbes, Retrieved from: https://www.forbes.com/sites/natalierobehmed/2013/12/16/what-is-a-startup/?sh=abec67840440Schumpeter, J. A. (1955). The theory of economic development : an inquiry into profits, capital, credit, interest, and the business cycle / by Joseph A. Schumpeter. Massachusetts: Harvard University Press.Shah, A., Banakar, V., Shastri, S., Wasserman, M., & Chidambaram, V. (2019). Analyzing the Impact of {GDPR} on Storage Systems. Paper presented at the 11th {USENIX} Workshop on Hot Topics in Storage and File Systems (HotStorage 19).Siteimprove. (2019). GDPR Doesn`t Only Protect EU Citizens - Who Does GDPR Affect? Retrieved from: https://siteimprove.com/en/gdpr/who-gdpr-affects-and-whose-data-is-protected/Song, A. K. (2019). The Digital Entrepreneurial Ecosystem—a critique and reconfiguration. Small Business Economics, 53(3), 569-590.Spacey, J. (2016). Data Security vs Information Security. Retrieved from: https://simplicable.com/new/data-security-vs-information-securityStake, R. E. (1995). The art of case study research: sage.Startup Genome. (2019). Global startup ecosystem report 2019. Retrieved from: https://startupgenome.com/gser2019Startup Genome. (2020). Global startup ecosystem report 2020. Retrieved from: https://startupgenome.com/gser2020Subrahmanya, M. H. B. (2017). Comparing the entrepreneurial ecosystems for technology startups in Bangalore and Hyderabad, India. Technology Innovation Management Review, 7(7), 47–62.The Economist (2017). The world’s most valuable resource is no longer oil, but data. The Economist: New York, NY, USA.Trendall, S. (2019, 2019 Jul 09). ICO slaps record £183m fine on British Airways for GDPR breach. Public Technology.Voss, W. G. (2020). Airline Commercial Use of EU Personal Data in the Context of the GDPR, British Airways and Schrems II. British Airways and Schrems II (September 30, 2020), 19(2).Yin, R. (2003). Designing case studies. Qualitative Research Methods, 359-386.Zarsky, T. Z. (2016). Incompatible: the GDPR in the age of big data. Seton Hall Law Review., 47, 995-1020.中文文獻Mayer-Schönberger, V., & Cukier, K. (2013)。大數據: 「數位革命」之後,「資料革命」登場: 巨量資料掀起生活、工作和思考方式的全面革新。台北:天下遠見出版。Ryan,什麼是孵化器(Incubator)/加速器(Accelerator)?硬塞科技字典,上網日期2016年07月21日,檢自:https://www.inside.com.tw/article/6694-what-is-incubator-accelerator羅凱揚&蘇宇暉,有效提昇決策品質─資料導向決策,上網日期2018年06月22日,檢自:https://medium.com/marketingdatascience/%E8%B3%87%E6%96%99%E5%B0%8E%E5%90%91%E6%B1%BA%E7%AD%96-data-driven-decision-making-73cdd3581092李為, (2015)。德國生態環境保護的觀察與思考(簡體中文)。科學與管理,35(02),55-59。Jonathan Tepper&Denise Hearn,(2020)。競爭之死:高度壟斷的資本主義,是延誤創新、壓低工資、拉大貧富差距的元凶。吳慧珍、曹嬿恆譯 (初版 ed.)。台北市:麥田出版。林于蘅,台歐27日三度協商GDPR認定 國發會:個資法勢必修法,上網日期2019年01月26日,檢自:https://udn.com/news/story/7238/4188419阿文哥,【台灣軟體人看世界 #1】少了軟體的科技之島,上網日期2017年01月23日, 檢自:https://blog.gaaiho.com/2017/01/1.html范姜真媺, (2013)。 個人資料保護法關於「個人資料」保護範圍之檢討. [Personal Data Protection Act Applies to the Scope of Personal Data],東海大學法學研究(41),91-123。徐仕瑋,(2014)。個資法所保護個人資料之範圍界定--評臺灣臺北地方法院一○三年度北小字第一三六○號小額民事判決。月旦裁判時報, 總號:30,, 123-138。常紀文 & 尹立霞,霧霾治理的國際經驗(簡體中文) ,上網日期2016年06月09日,檢自:http://huanbao.bjx.com.cn/news/20160616/743006-2.shtml張陳弘,(2016)。個人資料之認定-個人資料保護法適用之啟動閥。法令月刊, 67(5),67-101。張陳弘& 莊植寧,(2019)。新時代之個人資料保護法制:歐盟GDPR與臺灣個人資料保護法的比較說明 (李啟琳 Ed. 1st ed.)。台北市:新學林出版股份有限公司。陳君毅,巨頭聯手!Facebook、Google、微軟要將個人資料所有權還給使用者,上網日期2018年07月23日,檢自:https://www.bnext.com.tw/article/49966/the-data-transfer-project鈕文英, (2012)。 質性硏究方法與論文寫作 (初版 ed.), 臺北市: 雙葉書廊.蕭佑和,【新創融資】種子輪、天使輪、A輪、B輪、C輪,你都弄懂了嗎. 大和有話說,上網日期2018年12月02日,檢自:https://dahetalk.com/2018/12/02/%E3%80%90%E6%96%B0%E5%89%B5%E8%9E%8D%E8%B3%87%E3%80%91%E7%A8%AE%E5%AD%90%E8%BC%AA%E3%80%81%E5%A4%A9%E4%BD%BF%E8%BC%AA%E3%80%81a%E8%BC%AA%E3%80%81b%E8%BC%AA%E3%80%81c%E8%BC%AA%EF%BC%8C%E4%BD%A0/唐子晴,當區塊鏈遇上GDPR,相愛或相殺?,上網日期2018年08月13日,檢自:https://www.bnext.com.tw/article/50219/when-blockchain-meet-gdpr 描述 碩士
國立政治大學
科技管理與智慧財產研究所
107364119資料來源 http://thesis.lib.nccu.edu.tw/record/#G0107364119 資料類型 thesis dc.contributor.advisor 鄭至甫 zh_TW dc.contributor.advisor Jeng, Jyh-Fu en_US dc.contributor.author (Authors) 黃炳曄 zh_TW dc.contributor.author (Authors) Huang, Bing-Yeh en_US dc.creator (作者) 黃炳曄 zh_TW dc.creator (作者) Huang, Bing-Yeh en_US dc.date (日期) 2021 en_US dc.date.accessioned 2-Mar-2021 14:53:29 (UTC+8) - dc.date.available 2-Mar-2021 14:53:29 (UTC+8) - dc.date.issued (上傳時間) 2-Mar-2021 14:53:29 (UTC+8) - dc.identifier (Other Identifiers) G0107364119 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/134191 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 科技管理與智慧財產研究所 zh_TW dc.description (描述) 107364119 zh_TW dc.description.abstract (摘要) 在巨量資料的時代裡,企業運用資料來進行分析以及驅動人工智慧模型來進行決策,藉以獲得豐厚的商業利潤。其中,個人資料所蘊含的商業價值更讓人無法忽視。因此,企業透過各種不同的手段來蒐集並使用個人資料,卻因此造成隱私權受侵害的事件不斷發生。有鑑於此,歐盟在2016年頒布了GDPR,並於2018年開始實施,藉此規範了企業使用個人資料的方式。台灣為了接軌國際,預計以GDPR作為基礎來對個人資料保護法進行修法。由於GDPR包含了為數眾多地新的個人資料使用概念,因此勢必對台灣之商業環境造成衝擊,尤其是台灣創業生態系將首當其衝。本研究旨在探討台灣創業生態系之個人資料管理與法遵議題,因此必須先檢視台灣創業生態系現行個人資料管理與法遵之現況,並再以未來台灣個人資料保護法將類比GDPR規格之修法前提下,探討台灣創業生態系之應對與調整。為了達到前述研究目的,本研究透過深度訪談法對台灣創業生態系的不同角色進行訪問,並且依據訪談結果與次級資料提出台灣創業生態系應對之策。首先,本研究發現,新創公司在包含知情同意以及資料安全性等方面的法遵措施的投入程度皆與新創公司的規模以及其蒐用資料的方式有關,並且遵循一法遵成長脈絡。此外,台灣創業生態系不同角色在個人資料管理與法遵議題上對新創公司的協助相當有限。接著,本研究透過分析GDPR與現行個人資料保護法的差異,並整理出法規遵循上的先後順序,藉此提供新創公司法遵上的建議。最後,本研究依據對台灣創業生態系的了解以及法規分析,對創業生態系提出關於去識別化與跨領域教育等方面之建議。如此一來,新創公司才能提早進行法遵,並有效節省法遵成本。另外,雖然仍有像是刪除權與兒童隱私保護等難以遵循之規定,但合規輔助者的出現,可望解決這些難解之題,並成為創新的契機。 zh_TW dc.description.abstract (摘要) In the age of big data, enterprises utilize data analytics and artificial intelligence models to make important decisions, thereby obtaining great commercial profits. Especially, the commercial value brought by personal data is significant. Enterprise collects and uses personal data with a variety of methods, this has however resulted in frequent violations of privacy. In view of this, GDPR, the regulation to restrict enterprise’s personal data usage, was adopted in 2016 and became enforceable beginning in 2018. In order to connect with the world, the Taiwan government is expected to amend the personal data protection law based on GDPR. As GDPR contains various new concepts in the use of personal data, it is bound to have an impact on Taiwan business environment, especially on the Taiwan entrepreneurial ecosystem will bear the brunt.This research aimed to discuss the personal data management and legal compliance issue of Taiwan entrepreneurial ecosystem. Therefore, it is necessary to review the current situation of personal data management and legal compliance in Taiwan entrepreneurial ecosystem, and then discuss Taiwan entrepreneurial ecosystem’s response and adjustment to the future change of Taiwan new personal data protection law when it amended in accordance with GDPR. In order to achieve the aforementioned purposes of research, this research conducted in-depth interviews on different roles in Taiwan entrepreneurial ecosystem, based on the interview results and secondary data, this research proposed countermeasures for Taiwan entrepreneurial ecosystem.Firstly, this research found that the legal compliance investment (including informed consent and data security) of startup companies are related to the scale of startup companies and the way they process personal data, startup companies also follow a certain law-compliance growth path. In addition, with regard to personal data management and legal compliance issue, the current assistance provided by different roles in Taiwan entrepreneurial ecosystem is still limited.Next, this research analyzed the differences between GDPR and the current Taiwan personal data protection law, and points out the priority when complying regulation, for startup companies.Finally, based on the understanding of Taiwan entrepreneurial ecosystem and legal analysis, this research puts forward suggestions on de-identification and interdisciplinary education for the entrepreneurial ecosystem. Thus, startup companies can implement legal compliance earlier and save legal compliance costs effectively. In addition, although there are still difficult-to-compliance regulations such as the right to delete and the protection of children`s privacy, the emergence of Compliance Supporter is expected to solve these difficult problems and become an opportunity for innovation. en_US dc.description.tableofcontents 第一章 緒論 1第一節 研究背景 1第二節 研究動機 5第三節 研究目的 7第四節 研究問題 9第二章 文獻回顧 11第一節 台灣的創業生態系 11第二節 巨量資料時代 24第三節 GDPR 28第四節 波特假說 69第三章 研究方法與流程 74第一節 研究方法 74第二節 研究流程 85第三節 研究架構設計 86第四章 研究分析 89第一節 訪談對象介紹 89第二節 台灣創業生態系個人資料管理之現況 94第三節 未來新個人資料保護法之樣貌 131第四節 未來台灣創業生態系所面對之法遵挑戰 145第五章 結論與建議 156第一節 研究發現 156第二節 研究結論 170第三節 研究貢獻 181第四節 研究限制 183第五節 研究建議 185參考文獻 188英文文獻 188中文文獻 193 zh_TW dc.format.extent 5037346 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0107364119 en_US dc.subject (關鍵詞) 新創 zh_TW dc.subject (關鍵詞) 創業 zh_TW dc.subject (關鍵詞) 生態系 zh_TW dc.subject (關鍵詞) 歐盟 zh_TW dc.subject (關鍵詞) 個資 zh_TW dc.subject (關鍵詞) 法遵 zh_TW dc.subject (關鍵詞) 台灣 zh_TW dc.subject (關鍵詞) GDPR en_US dc.subject (關鍵詞) personal data en_US dc.subject (關鍵詞) startup en_US dc.subject (關鍵詞) start-up en_US dc.subject (關鍵詞) entrepreneurial ecosystem en_US dc.subject (關鍵詞) compliance en_US dc.subject (關鍵詞) Taiwan en_US dc.title (題名) 台灣創業生態系之個人資料管理與法遵議題 zh_TW dc.title (題名) Personal Data Management and Legal Compliance Issue of Taiwan Entrepreneurial Ecosystem en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) 英文文獻Acs, Z. J., Stam, E., Audretsch, D. B., & O’Connor, A. (2017). The lineages of the entrepreneurial ecosystem approach. Small Business Economics, 49(1), 1-10. doi:10.1007/s11187-017-9864-8Adner, R. (2016). Ecosystem as Structure: An Actionable Construct for Strategy. Journal of Management, 43(1), 39-58. doi:10.1177/0149206316678451Grow Advisors. (2017). The Startup Ecosystem White Paper. Retrieved from: https://www.startupcommons.org/download-documents.htmlAlm, J. G. (2015). The Privacies of Life: Automatic License Plate Recognition in Unconstitutional under the Mosaic Theory of Fourth Amendment Privacy Law. HAmLINE L. REv., 38, 127.Basin, D., Debois, S., & Hildebrandt, T. (2018). On Purpose and by Necessity: Compliance Under the GDPR, Berlin, Heidelberg: Springer.Blank, S., & Dorf, B. (2012). The startup owner`s manual: The step-by-step guide for building a great company, U.S, Hoboken: John Wiley & Sons.Bosma, N., Acs, Z. J., Autio, E., Coduras, A., & Levie, J. (2008). Global entrepreneurship monitor executive report. Santiago, London: Babson Park.Boyce, C., & Neale, P. (2006).Conducting in-depth interviews: A guide for designing andconducting in-depth interviews for evaluation input. Pathfinder International Watertown, MA.Cadwalladr, C., & Graham-Harrison, E. (2018, Mar 17). Revealed: 50 million facebook profiles harvested for cambridge analytica in major data breach. The Observer Retrieved from: https://login.autorpa.lib.nccu.edu.tw/login?url=https://www.proquest.com/newspapers/revealed-50-million-facebook-profiles-harvested/docview/2014573719/se-2?accountid=10067Cavoukian, A. (2009). Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada, 5.Chou, C.-f., & Shy, O. (1990). Network effects without network externalities. International Journal of Industrial Organization, 8(2), 259-270.Clement, J. (2019). Number of monthly active Facebook users worldwide as of 4th quarter 2019. Retrieved from: https://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/Carter, N., Bryant-Lukosius, D., DiCenso, A., Blythe, J., & Neville, A. J. (2014). The use of triangulation in qualitative research. Oncology nursing forum, 41(5), 545-547. doi:10.1188/14.onf.545-547Cormack, A. (2020). An Introduction to the GDPR. IDPro Body of Knowledge, 1(1).Crabtree, B. F., & Miller, W. L. (1992). Doing qualitative research. Paper presented at the Annual North American Primary Care Research Group Meeting, 19th, May, 1989, Quebec, PQ, Canada.Crabtree, B. F., & Miller, W. L. (1999). Doing Qualitative Research, 2d Edition. Newbury Park,CA: Sage Publications.Creswell, J. W., & Creswell, J. D. (2017). Research design: Qualitative, quantitative, and mixed methods approaches Newbury Park,CA: Sage Publications.Dempwolf, C. S., Auer, J., & D’Ippolito, M. (2014). Innovation accelerators: Defining characteristics among startup assistance organizations. Small Business Administration, Retrieved from: https://www.sba.gov/Denzin, N. (1970). Strategies of multiple triangulation. The Rresearch Act In Sociology: A Theoretical Iintroduction To Sociological Method, 297(1970), 313.Denzin, N. K. (1978). Triangulation: A case for methodological evaluation and combination. Sociological Methods, pp. 339-357.Evans, D. S., Schmalensee, R., Noel, M. D., Chang, H. H., & Garcia‐Swartz, D. D. (2011). Platform Economics: Essays on Multi‐Sided Businesses. In D. S. Evans (Ed.), Competition Policy International. Available at SSRN: https://ssrn.com/abstract=1974020.European Commission. (2018a). Who does the data protection law apply to? Retrieved from :https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_enEuropean Commission. (2018b). Does my company/organisation need to have a Data Protection Officer (DPO)? Retrieved from: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/data-protection-officers/does-my-company-organisation-need-have-data-protection-officer-dpo_enFan, Z., & Gupta, A. (2018). The Dangers of Digital Protectionism. Retrieved from Harvard Business Review website: https://hbr.org/2018/08/the-dangers-of-digital-protectionismFarboodi, M., Mihet, R., Philippon, T., & Veldkamp, L. (2019). Big data and firm dynamics. Paper presented at the AEA papers and proceedings.Feld, B. (2020). Startup communities: Building an entrepreneurial ecosystem in your city ,U.S, Hoboken: John Wiley & Sons.Freitas, M. D. C., & Mira da Silva, M. (2018). GDPR Compliance in SMEs: There is much to be done. Journal of Information Systems Engineering & Management, 3(4), 30.Gapper, J. (2016). LinkedIn Swaps Business Cards with Microsoft. Financial Times, 15.Gartner. (2017). Gartner Says Organizations Are Unprepared for the 2018 European Data Protection Regulation. Retrieved from: https://www.gartner.com/en/newsroom/press-releases/2017-05-03-gartner-says-organizations-are-unprepared-for-the-2018-european-data-protection-regulationGoddard, M. (2017). The EU General Data Protection Regulation (GDPR): European regulation that has a global impact. International Journal of Market Research, 59(6), 703-705.Graham, P. (2012). Startup= growth. Retrieved from: http://www.paulgraham.com/growth.htmlGrilo, A., Águeda, A., Zutshi, A., & Nodehi, T. (2017). Relationship between investors and european startup ecosystems builders. Paper presented at the 2017 International Conference on Engineering, Technology and Innovation (ICE/ITMC).Herrington, M., Kew, J., Kew, P., & Monitor, G. E. (2010). Tracking entrepreneurship in South Africa: A GEM perspective . South Africa: Graduate School of Business, University of Cape Town.Hintze, M., & LaFever, G. (2017). Meeting Upcoming GDPR Requirements While Maximizing the Full Value of Data Analytics. Available at SSRN 2927540.Holvast, J. (2007). 27 - History of privacy. In K. D. Leeuw & J. Bergstra (Eds.), The History of Information Security (pp. 737-769). Amsterdam: Elsevier Science B.V.Iansiti, M., & Levien, R. (2004). Strategy as ecology. Harvard business review, 82(3), 68-78.Isaak, J., & Hanna, M. J. (2018). User data privacy: Facebook, Cambridge Analytica, and privacy protection. Computer, 51(8), 56-59.Jia, J., Jin, G. Z., & Wagman, L. (2018). The short-run effects of gdpr on technology venture investment (No. w25248). National Bureau of Economic Research.Jiao, Y., Wang, P., Niyato, D., Alsheikh, M. A., & Feng, S. (2017). Profit maximization auction and data management in big data markets. Paper presented at the 2017 IEEE Wireless Communications and Networking Conference (WCNC).Jones, C. (2019). France issues Google with the heaviest GDPR fine to date. IT Pro. Retrieved from: https://www.itpro.co.uk/general-data-protection-regulation-gdpr/32811/france-issues-google-with-the-heaviest-gdpr-fine-toKhwaja, M., & Matic, A. (2019). Personality Is Revealed During Weekends: Towards Data Minimisation for Smartphone Based Personality Classification, Springer International Publishing. 551-560.Kirchhoff, B. A., & Phillips, B. D. (1988). The effect of firm formation and growth on job creation in the United States. Journal of business venturing., 3(4), 261-272. doi:10.1016/0883-9026(88)90008-0Konczal, J. (2012). Evaluating the effects of accelerators? Not so fast. Forbes 2012 [cited Aug 8 2012].Laney, D. (2001). 3D Data Management: Controlling Data Volume, Velocity, and Variety . META Group .Layton, R., & Elaluf-Calderwood, S. (2019, November). A Social Economic Analysis of the Impact of GDPR on Security and Privacy Practices. In 2019 12th CMI Conference on Cybersecurity and Privacy (CMI) (pp. 1-6). IEEE.Lievens, E., & Milkaite, I. (2017). Age of consent in the GDPR: updated mapping of recent national guidance and proposals. Better Internet for Kids.Love, H. (2016). The Start-Up J Curve: The Six Steps to Entrepreneurial Success: Greenleaf Book Group.Machuletz, D., & Böhme, R. (2020). Multiple purposes, multiple problems: A user study of consent dialogs after GDPR. Proceedings on Privacy Enhancing Technologies, 2020(2), 481-498.Markman, G. D., Phan, P. H., Balkin, D. B., & Gianiodis, P. T. (2005). Entrepreneurship and university-based technology transfer. Journal of Business Venturing, 20(2), 241-263.Marr, B. (2017). Data strategy: How to profit from a world of big data, analytics and the internet of things: Kogan Page Publishers.Martin, N., Matt, C., Niebel, C., & Blind, K. (2019). How Data Protection Regulation Affects Startup Innovation. Information Systems Frontiers, 21(6), 1307-1324. doi:10.1007/s10796-019-09974-2Mason, C., & Brown, R. (2014). Entrepreneurial ecosystems and growth oriented entrepreneurship. Final report to OECD, Paris, 30(1), 77-102.Mourby, M., Mackey, E., Elliot, M., Gowans, H., Wallace, S. E., Bell, J., & Kaye, J. (2018). Are ‘pseudonymised’data always personal data? Implications of the GDPR for administrative data research in the UK. Computer Law & Security Review, 34(2), 222-233.Neumann, J. (2019 ). A Taxonomy of Moats. Retrieved from: http://reactionwheel.net/2019/09/a-taxonomy-of-moats.htmlPolit, D., & Beck, C. (2012). Essentials of nursing research. Ethics, 23(2), 145-160.Politou, E., Alepis, E., & Patsakis, C. (2018). Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions. Journal of Cybersecurity, 4(1), tyy001.Porter, M. E. (1991, Apr 1991). America`s Green Strategy. Scientific American, 264, 168.Porter, M. E., & Van der Linde, C. (1995). Toward a new conception of the environment-competitiveness relationship. Journal of Economic Perspectives, 9(4), 97-118.Provost, F., & Fawcett, T. (2013). Data science and its relationship to big data and data-driven decision making. Big Data, 1(1), 51-59.Punch, K. F. (2013). Introduction to social research: Quantitative and qualitative approaches: sage.Radinsky, K. (2015). Data monopolists like Google are threatening the economy. Harvard Business Review, Retrieved from: https://hbr.org/2015/03/data-monopolists-like-google-are-threatening-the-economyRobehmed, N. (2013). What is a Startup. Forbes, Retrieved from: https://www.forbes.com/sites/natalierobehmed/2013/12/16/what-is-a-startup/?sh=abec67840440Schumpeter, J. A. (1955). The theory of economic development : an inquiry into profits, capital, credit, interest, and the business cycle / by Joseph A. Schumpeter. Massachusetts: Harvard University Press.Shah, A., Banakar, V., Shastri, S., Wasserman, M., & Chidambaram, V. (2019). Analyzing the Impact of {GDPR} on Storage Systems. Paper presented at the 11th {USENIX} Workshop on Hot Topics in Storage and File Systems (HotStorage 19).Siteimprove. (2019). GDPR Doesn`t Only Protect EU Citizens - Who Does GDPR Affect? Retrieved from: https://siteimprove.com/en/gdpr/who-gdpr-affects-and-whose-data-is-protected/Song, A. K. (2019). The Digital Entrepreneurial Ecosystem—a critique and reconfiguration. Small Business Economics, 53(3), 569-590.Spacey, J. (2016). Data Security vs Information Security. Retrieved from: https://simplicable.com/new/data-security-vs-information-securityStake, R. E. (1995). The art of case study research: sage.Startup Genome. (2019). Global startup ecosystem report 2019. Retrieved from: https://startupgenome.com/gser2019Startup Genome. (2020). Global startup ecosystem report 2020. Retrieved from: https://startupgenome.com/gser2020Subrahmanya, M. H. B. (2017). Comparing the entrepreneurial ecosystems for technology startups in Bangalore and Hyderabad, India. Technology Innovation Management Review, 7(7), 47–62.The Economist (2017). The world’s most valuable resource is no longer oil, but data. The Economist: New York, NY, USA.Trendall, S. (2019, 2019 Jul 09). ICO slaps record £183m fine on British Airways for GDPR breach. Public Technology.Voss, W. G. (2020). Airline Commercial Use of EU Personal Data in the Context of the GDPR, British Airways and Schrems II. British Airways and Schrems II (September 30, 2020), 19(2).Yin, R. (2003). Designing case studies. Qualitative Research Methods, 359-386.Zarsky, T. Z. (2016). Incompatible: the GDPR in the age of big data. Seton Hall Law Review., 47, 995-1020.中文文獻Mayer-Schönberger, V., & Cukier, K. (2013)。大數據: 「數位革命」之後,「資料革命」登場: 巨量資料掀起生活、工作和思考方式的全面革新。台北:天下遠見出版。Ryan,什麼是孵化器(Incubator)/加速器(Accelerator)?硬塞科技字典,上網日期2016年07月21日,檢自:https://www.inside.com.tw/article/6694-what-is-incubator-accelerator羅凱揚&蘇宇暉,有效提昇決策品質─資料導向決策,上網日期2018年06月22日,檢自:https://medium.com/marketingdatascience/%E8%B3%87%E6%96%99%E5%B0%8E%E5%90%91%E6%B1%BA%E7%AD%96-data-driven-decision-making-73cdd3581092李為, (2015)。德國生態環境保護的觀察與思考(簡體中文)。科學與管理,35(02),55-59。Jonathan Tepper&Denise Hearn,(2020)。競爭之死:高度壟斷的資本主義,是延誤創新、壓低工資、拉大貧富差距的元凶。吳慧珍、曹嬿恆譯 (初版 ed.)。台北市:麥田出版。林于蘅,台歐27日三度協商GDPR認定 國發會:個資法勢必修法,上網日期2019年01月26日,檢自:https://udn.com/news/story/7238/4188419阿文哥,【台灣軟體人看世界 #1】少了軟體的科技之島,上網日期2017年01月23日, 檢自:https://blog.gaaiho.com/2017/01/1.html范姜真媺, (2013)。 個人資料保護法關於「個人資料」保護範圍之檢討. [Personal Data Protection Act Applies to the Scope of Personal Data],東海大學法學研究(41),91-123。徐仕瑋,(2014)。個資法所保護個人資料之範圍界定--評臺灣臺北地方法院一○三年度北小字第一三六○號小額民事判決。月旦裁判時報, 總號:30,, 123-138。常紀文 & 尹立霞,霧霾治理的國際經驗(簡體中文) ,上網日期2016年06月09日,檢自:http://huanbao.bjx.com.cn/news/20160616/743006-2.shtml張陳弘,(2016)。個人資料之認定-個人資料保護法適用之啟動閥。法令月刊, 67(5),67-101。張陳弘& 莊植寧,(2019)。新時代之個人資料保護法制:歐盟GDPR與臺灣個人資料保護法的比較說明 (李啟琳 Ed. 1st ed.)。台北市:新學林出版股份有限公司。陳君毅,巨頭聯手!Facebook、Google、微軟要將個人資料所有權還給使用者,上網日期2018年07月23日,檢自:https://www.bnext.com.tw/article/49966/the-data-transfer-project鈕文英, (2012)。 質性硏究方法與論文寫作 (初版 ed.), 臺北市: 雙葉書廊.蕭佑和,【新創融資】種子輪、天使輪、A輪、B輪、C輪,你都弄懂了嗎. 大和有話說,上網日期2018年12月02日,檢自:https://dahetalk.com/2018/12/02/%E3%80%90%E6%96%B0%E5%89%B5%E8%9E%8D%E8%B3%87%E3%80%91%E7%A8%AE%E5%AD%90%E8%BC%AA%E3%80%81%E5%A4%A9%E4%BD%BF%E8%BC%AA%E3%80%81a%E8%BC%AA%E3%80%81b%E8%BC%AA%E3%80%81c%E8%BC%AA%EF%BC%8C%E4%BD%A0/唐子晴,當區塊鏈遇上GDPR,相愛或相殺?,上網日期2018年08月13日,檢自:https://www.bnext.com.tw/article/50219/when-blockchain-meet-gdpr zh_TW dc.identifier.doi (DOI) 10.6814/NCCU202100235 en_US
