Publications-Theses
Article View/Open
Publication Export
-
題名 人工智慧發展與個人資料保護之風險管理模式:以資料保護影響評估為中心
Risk Management Approach of Artificial Intelligence and Data Protection: Focusing on Data Protection Impact Assessment作者 林宛柔
Lin, Grace貢獻者 宋皇志
林宛柔
Lin, Grace關鍵詞 人工智慧
資料保護影響評估
自動化決策系統
風險管理
資料驅動
Artificial Intelligence
Data Protection Impact Assessment
Automated-decision System
Risk Management
Data-driven日期 2022 上傳時間 1-Mar-2022 18:16:28 (UTC+8) 摘要 在數位經濟、科技日新月異的發展中,數據是此一世代的「新石油(new oil)」,數據可以驅動創新商業模式及服務,也是人工智慧學習、發展及運作的養分。多種樣態的數據,可能是描述客體運作性質的數據,也可能是人類行為特徵的數據,當數據用以作為剖析、預測或是指示的應用時,數據蒐集、處理、運用的正當性及關聯性顯得至關重要。人工智慧的開發及運用,仰賴鉅量數據的導入,透過訓練與學習,幫助人類更加精準及有效率的工作、生活,然而,因為人工智慧的學習與發展時常為「黑盒子(black box)」,導致人類質疑其所為之建議、指示的正當性及關聯性,也害怕人工智慧的發展是否有所歧視與偏頗。針對這樣的趨勢,歐盟於2016年通過個人資料保護規則(General Data Protection Regulation),透過對於個人資料自主權及隱私權的賦權與保護,某種程度下平衡人工智慧、科技發展發展前端作業,數據資料蒐集、處理、使用過程中所可能致使的損害,其中,個人資料保護規則第35條所引進的資料保護影響評估(Data Protection Impact Assessments),更是組織企業在導入人工智慧的過程中,應特別注意執行涉及個人資料風險評估及保護措施的機制。本文將著重於探討人工智慧發展下的資料保護影響評估,參考歐洲對於資料保護影響評估的做法,嘗試分析人工智慧所帶來的風險,是否可以使用風險管理工具處理,及使用風險管理工具的好處,並點出台灣相關法規範的缺口,希冀台灣法制上能在人工智慧的發展及運用與個人資料保護間取得一個平衡。
In the rapid development of digital economy and technology, data can inspire innovative business models and services, it is also the source for artificial intelligence to learn, develop, and operate. When data is used for artificial intelligence to profile, predict, or instruct, the legal ground for data collection, processing, and application is crucial. However, there are concerns about the learning and development of artificial intelligence as a "black box", causing human to question the legitimacy and relevance of recommendations and instructions made by artificial intelligence, and fear that bias and discrimination are imbedded in the decisions made by artificial intelligence.In response to digital era, European Union passed the General Data Protection Regulation in 2016. Data Protection Impact Assessments (DPIA) was introduced in Article 35 of the Regulation to address the risks in the process of collecting, processing, and using personal data that may harm the fundamental rights of people. Evidently, this is one of the important mechanisms to identify risks and implement mitigation measures.This paper will focus on discussing Data Protection Impact Assessment under the concept of artificial intelligence development, as an attempt to introduce the risk management tool—DPIA, and to point out the notch in Taiwan laws and regulations, in the hope of regulating artificial intelligence that strikes a balance between technology development and personal data protection.參考文獻 一、 中文文獻(一) 專書劉靜怡,人工智慧相關法律議芻議,臺北市:元照,2018年11月。李開復、王詠剛,人工智慧來了,臺北市:遠見天下文化出版,2017年。周忠信,AI思維:不需要艱深技術,不用鉅額投資,任何企業都適用的進化關鍵,商周出版,2020年10月。李崇僖,人工智慧競爭與法制,臺北市:翰蘆圖書出版有限公司,2020年。李建良主編,法律思維與制度的智慧轉型,臺北市:元照,2020年11月。Maria Christina Caldarola, Joachim Schrey著,趙彥清、黃俊凱譯,林怡芳、陳秋華編,大數據與法律實務指南,臺北市:元照,2020年6月。(二) 期刊論文林勤富、劉漢威,人工智慧法律議題初探,月旦法學雜誌,274卷,頁195-215,2018年3月。郭戎晉,論人工智慧技術應用、法律問題定位及監管立法趨勢,成大法學,39期,頁173-235,2020年6月。楊惟任,人工智慧的挑戰和政府治理的因應,國會季刊,46卷2期,頁67-83,2018年6月。翁清坤,賦予當事人個人資料財產權地位之優勢與侷限:以美國法為中心,臺大法學論叢,47卷3期,頁941-1051,2018年9月。余和謙,人工智慧之治理—以機器學習公平性為中心,科技法律透析,32卷7期,頁83-72,2020年7月15日。周晨蕙,淺析日本人工智慧及資料利用規範,科技法律透析,31卷7期,頁33-42,2019年7月。范姜真媺,日本個人編號法對我國之借鏡--以個人資料保護監督機制之建立為主,東吳法律學報,26卷2期,頁1-33,2014年10月。范姜真媺,匿名加工資料制度之創設-因應大數據時代日本個人資料保護法之新進展,東海大學法學研究,59期,頁1-54,2020年5月。李沛宸,實施歐盟個人資料保護規章對人工智慧發展之影響,財金法學研究,2卷1期,2019年2月16日。張陳弘,科技智慧防疫與個人資料保護:陌生但關鍵的資料保護影響評估程序,臺大法學論叢,50卷2期,2021年6月。王廼宇、廖宜吉,環境影響評估法環評義務定性之研究,靜宜法學,6期,頁131-170,2017年。(三) 研究計畫報告達文西個資暨高科技法律事務所,韓國個人資料保護法制因應GDPR施行之調適委託研究計畫,國家發展委員會,2020年6月。項靖、陳曉慧、楊東謀、羅晉,開放資料及其對政府治理與個人隱私影響之研究,國家發展委員會,2015年2月。曾更瑩、吳志光(理律法律事務所),人工智慧之相關法規國際發展趨勢與因應委託研究計畫,國家發展委員會,2018年12月。鄭福田等編,環境影響評估制度與實務—風險評估與管理檢討,財團法人中技社,2011年1月。葉俊榮,環境影響評估制度問題之探討,行政院研究發展考核委員會,2010年6月。(四) 政府官方文獻人工智慧科研發展指引,科技部,2019年9月。(五) 網路資源詹峻陽,人工智慧三大關鍵技術,數位時代,2016年11月1日,檢自:https://www.bnext.com.tw/article/41534/3-key-techniques-of-ai。林文宏,歐盟執委會提出「數位服務法」及「數位市場法」草案,公平交易委員會電子報,166期,專題報導,檢自:https://www.ftc.gov.tw/upload/1100303-1.pdf。黃亞森,不只是金融業!淺談歐盟的數位服務法及數位市場法對科技業的影響和意義,數位時代,2021年3月17日,檢自:https://www.bnext.com.tw/article/61800/dsa-dma-law-influence。歐盟人工智慧規則草案,理慈國際科技法律事務所 Lee, Tsai & Partners,2021年7月1日,檢自:https://www.lexology.com/library/detail.aspx?g=7e79b67b-6a2e-4b63-8172-1ea2928a0c0e。李崇僖,先出發不一定比較快!微軟、Google人工智慧都出包 歐盟搶時機推倫理準則,未來城市@天下專欄,2019年5月6日,檢自:https://futurecity.cw.com.tw/article/633。王慕民,中國個人信息保護法倒數70天,10大重點讓你超前部署,達文西個資暨高科技法律事務所,2021年8月24日,檢自:https://www.davinci.idv.tw/news/977。邱錦田,日本實現超智慧社會(社會5.0)之科技創新策略,2017年12月25日,檢自:https://portal.stpi.narl.org.tw/index/article/10358。韓國人工智慧風險管理趨勢研析,資訊工業策進會科技法律研究所,2020年6月25日,檢自:https://stli.iii.org.tw/article-detail.aspx?no=64&tp=1&d=8530。尤晴韻,人工智慧發展趨勢與我國推動策略,經濟評論,2018 年 1 月 15 日,檢自:http://www.tier.org.tw/comment/pec5010.aspx?GUID=115b89d4-4a8b-4bd4-896b-bef78e3ab1fb。張麗卿,AI倫理準則及其對臺灣法制的影響,臺灣人工智慧行動網,2021年3月3日,檢自:https://ai.iias.sinica.edu.tw/ai-ethics-guidelines-in-taiwan/。二、 英文/外國文獻(一) 專書PARKER, CHRISTINE, META-REGULATION: LEGAL ACCOUNTABILITY FOR CORPORATE SOCIAL RESPONSIBILITY (2007).REJDA, GEORGE E., RISK MANAGEMENT AND INSURANCE, PERSON EDUCATION INC 13 (2005).MAYER-SCHONBERGER, VIKTOR & CUKIER, KENNETH, BIG DATA: THE ESSENTIAL GUIDE TO WORK, LIFE AND LEARNING IN THE AGE OF INSIGHT, HACHETTE UK (2013).(二) 期刊論文Hilbert, Martin, Big Data for Development: A Review of Promises and Challenges, 34(1) DEVELOPMENT POLICY REVIEW 135-174 (2016).Bieker, Felix, et al., A process for data protection impact assessment under the european general data protection regulation, ANNUAL PRIVACY FORUM, Springer Cham 21-37 (2016).Tancock, David & Pearson, Siani & Charlesworth, Andrew, The Emergence of Privacy Impact Assessments, HP LABORATORIES TECHNICAL REPORT (2010).IT Governance Privacy Team, EU general data protection regulation (gdpr)–an implementation and compliance guide. UNITED KINGDOM: IT GOVERNANCE PUBLISHING (2017).Quelle, Claudia, Enhancing compliance under the general data protection regulation: the risky upshot of the accountability-and risk-based approach, 9(3) EUROPEAN JOURNAL OF RISK REGULATION 502-526 (2018).Binns, Reuben, Data protection impact assessments: a meta-regulatory approach. 7(1) INTERNATIONAL DATA PRIVACY LAW 22-35 (2017).Parker, Christine, Meta-regulation: Legal Accountability for Corporate Social Responsibility, 29 THE NEW CORPORATE ACCOUNTABILITY: CORPORATE SOCIAL RESPONSIBILITY AND THE LAW 1-49 (2007).Clarke, Roger, Privacy impact assessment: Its origins and development, 25(2) COMPUTER LAW & SECURITY REVIEW 123-135 (2009).Kloza, Dariusz, et al., Data protection impact assessments in the European Union. Complementing the new legal framework towards a more robust protection of individuals (2017).Wright, David, Should privacy impact assessments be mandatory?, 54(8) COMMUNICATIONS OF THE ACM 121-131 (2011).Yordanov, Atanas, Nature and Ideal Steps of the Data Protection Impact Assessment under the General Data Protection Regulation, 3 EUR. DATA PROT. L. REV. 486-495 (2017).De Hert, Paul & Kloza, Dariusz & Wright, David, Recommendations for a privacy impact assessment framework for the European Union (2012).Bisztray, Tamas & Gruschka, Nils, Privacy impact assessment: comparing methodologies with a focus on practicality, NORDIC CONFERENCE ON SECURE IT SYSTEMS Springer Cham 3-19 (2019).Quelle, Claudia, Enhancing compliance under the general data protection regulation: The risky upshot of the accountability-and risk-based approach, 9(3) EUROPEAN JOURNAL OF RISK REGULATION 502-526 (2018).Wright, David, The state of the art in privacy impact assessment, 28(1) COMPUTER LAW & SECURITY REVIEW 54-61 (2012).(三) 研究計畫報告New York City Automated Decision Systems Task Force, Automated Decision Systems Task Force Report (Nov. 2019), https://www1.nyc.gov/assets/adstaskforce/downloads/pdf/ADS-Report-11192019.pdf.Venier, Silvia, Emilio Mordini, Michael Friedewald, Philip Schütz, Dara Hallinan, David Wright, Rachel L. Finn, Serge Gutwirth, Raphaël Gellert, and Bruno Turnheim, Final Report – A Privacy and Ethical Impact Assessment Framework for Emerging Sciences and Technologies (Mar. 25, 2013), http://www.prescient-project.eu.(四) 法律規範Regulation (EU) 2016/679, The protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), European Parliament and of the Council, https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.European Commission, Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC (COM/2020/825 final), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52020PC0825&from=en.European Commission, Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on contestable and fair markets in the digital sector (Digital Markets Act) (COM/2020/842 final), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52020PC0842&from=en.European Commission, Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonized Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Act (COM/2021/206 final), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52021PC0206&from=EN.H.R.2231 - 116th Congress (2019-2020): Algorithmic Accountability Act of 2019, H.R.2231, 116th Cong. (2019), https://www.congress.gov/bill/116th-congress/house-bill/2231.(五) 政府官方文獻High-Level Expert Group on AI set by the European Commission, Ethics Guidelines for Trustworthy AI (Apr. 8, 2019), https://www.aepd.es/sites/default/files/2019-12/ai-ethics-guidelines.pdf.High-Level Expert Group on AI set by the European Commission, The Assessment List for Trustworthy AI (Jul. 17, 2020), https://airegio.ems-carsa.com/nfs/programme_5/call_3/call_preparation/ALTAI_final.pdf.European Commission, A European strategy for data (Feb. 19, 2020), https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/european-data-strategy_en.The Secretary of State for Digital, Culture, Media and Sport, National AI Strategy (Sept. 2021), https://www.gov.uk/government/publications/national-ai-strategy.Department for Digital, Culture Media, and Sport, Data: A new direction (Sep. 10, 2021), https://www.gov.uk/government/consultations/data-a-new-direction.Executive Office of the President, Guidance for Regulation of Artificial Intelligence Applications (Nov. 17, 2020), https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-06.pdf.Article 29 Data Protection Working Party, Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 (2017/EN/WP248), https://ec.europa.eu/newsroom/article29/items/611236.Supervision pursuant to the General Data Protection Regulation (EU) 2016/679 – facial recognition used to monitor the attendance of students, Decision Ref. no. DI-2019-2221 Swedish Data Protection Authority (Aug. 20, 2019).European Parliament Committee on Legal Affairs, Artificial Intelligence Potential Benefits and Ethical Considerations (2016), https://www.europarl.europa.eu/RegData/etudes/BRIE/2016/571380/IPOL_BRI(2016)571380_EN.pdf.Select Committee on Artificial Intelligence, AI in UK: ready, willing and able? (2018), https://publications.parliament.uk/pa/ld201719/ldselect/ldai/100/100.pdf.European Data Protection Supervisor, Accountability on the ground Part II: Data Protection Impact Assessments & Prior Consultation (Jul. 2019), https://edps.europa.eu/sites/edp/files/publication/18-02-06_accountability_on_the_ground_part_2_en.pdf.(六) 網路資源Elleena Abd Wahab, Artificial Intelligence: The European Approach and Beyond, LEXOLOGY (Sep. 14, 2021), https://www.lexology.com/library/detail.aspx?g=4ccb3afd-3ae1-451c-905d-0695108857eb.Mike Pierides, Charlotte Roxon, Legislative Approaches to AI: European Union v. United Kingdom, MORGAN LEWIS (Oct. 5, 2021), https://www.morganlewis.com/blogs/sourcingatmorganlewis/2021/10/legislative-approaches-to-ai-european-union-v-united-kingdom#page=1.발행일정부, AI국가전략발표…”AI반도체세계1위목표”, Bloter (Dec. 17, 2019), http://www.bloter.net/archives/364678. 描述 碩士
國立政治大學
科技管理與智慧財產研究所
108364210資料來源 http://thesis.lib.nccu.edu.tw/record/#G0108364210 資料類型 thesis dc.contributor.advisor 宋皇志 zh_TW dc.contributor.author (Authors) 林宛柔 zh_TW dc.contributor.author (Authors) Lin, Grace en_US dc.creator (作者) 林宛柔 zh_TW dc.creator (作者) Lin, Grace en_US dc.date (日期) 2022 en_US dc.date.accessioned 1-Mar-2022 18:16:28 (UTC+8) - dc.date.available 1-Mar-2022 18:16:28 (UTC+8) - dc.date.issued (上傳時間) 1-Mar-2022 18:16:28 (UTC+8) - dc.identifier (Other Identifiers) G0108364210 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/139309 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 科技管理與智慧財產研究所 zh_TW dc.description (描述) 108364210 zh_TW dc.description.abstract (摘要) 在數位經濟、科技日新月異的發展中,數據是此一世代的「新石油(new oil)」,數據可以驅動創新商業模式及服務,也是人工智慧學習、發展及運作的養分。多種樣態的數據,可能是描述客體運作性質的數據,也可能是人類行為特徵的數據,當數據用以作為剖析、預測或是指示的應用時,數據蒐集、處理、運用的正當性及關聯性顯得至關重要。人工智慧的開發及運用,仰賴鉅量數據的導入,透過訓練與學習,幫助人類更加精準及有效率的工作、生活,然而,因為人工智慧的學習與發展時常為「黑盒子(black box)」,導致人類質疑其所為之建議、指示的正當性及關聯性,也害怕人工智慧的發展是否有所歧視與偏頗。針對這樣的趨勢,歐盟於2016年通過個人資料保護規則(General Data Protection Regulation),透過對於個人資料自主權及隱私權的賦權與保護,某種程度下平衡人工智慧、科技發展發展前端作業,數據資料蒐集、處理、使用過程中所可能致使的損害,其中,個人資料保護規則第35條所引進的資料保護影響評估(Data Protection Impact Assessments),更是組織企業在導入人工智慧的過程中,應特別注意執行涉及個人資料風險評估及保護措施的機制。本文將著重於探討人工智慧發展下的資料保護影響評估,參考歐洲對於資料保護影響評估的做法,嘗試分析人工智慧所帶來的風險,是否可以使用風險管理工具處理,及使用風險管理工具的好處,並點出台灣相關法規範的缺口,希冀台灣法制上能在人工智慧的發展及運用與個人資料保護間取得一個平衡。 zh_TW dc.description.abstract (摘要) In the rapid development of digital economy and technology, data can inspire innovative business models and services, it is also the source for artificial intelligence to learn, develop, and operate. When data is used for artificial intelligence to profile, predict, or instruct, the legal ground for data collection, processing, and application is crucial. However, there are concerns about the learning and development of artificial intelligence as a "black box", causing human to question the legitimacy and relevance of recommendations and instructions made by artificial intelligence, and fear that bias and discrimination are imbedded in the decisions made by artificial intelligence.In response to digital era, European Union passed the General Data Protection Regulation in 2016. Data Protection Impact Assessments (DPIA) was introduced in Article 35 of the Regulation to address the risks in the process of collecting, processing, and using personal data that may harm the fundamental rights of people. Evidently, this is one of the important mechanisms to identify risks and implement mitigation measures.This paper will focus on discussing Data Protection Impact Assessment under the concept of artificial intelligence development, as an attempt to introduce the risk management tool—DPIA, and to point out the notch in Taiwan laws and regulations, in the hope of regulating artificial intelligence that strikes a balance between technology development and personal data protection. en_US dc.description.tableofcontents 第一章 緒論 1第一節 研究動機與目的 1第二節 研究方法 3第三節 研究範圍與限制 3第四節 論文架構 4第二章 人工智慧之法律議題 6第一節 人工智慧簡介 7第一項 人工智慧的定義 7第二項 人工智慧的分類 8第三項 人工智慧的技術:資料驅動 8第二節 人工智慧的影響 11第一項 人工智慧的正面影響 11第二項 人工智慧的負面影響與風險 12第三節 人工智慧相關法律爭議 15第一項 責任分配挑戰 15第二項 市場競爭挑戰 17第四節 人工智慧之個人資料保護與監管 19第一項 資料之定性 21第二項 個人資料保護與風險管理 22第三章 各國人工智慧法律及政策比較 25第一節 歐盟 26第一項 當事人權利保護角度 28第二項 市場競爭角度 29第三項 人工智慧法草案 30第二節 英國 33第一項 國家人工智慧政策 33第二項 資料保護法 35第三節 美國 37第四節 亞洲 42第一項 中國大陸 42第二項 日本 45第三項 韓國 50第五節 小結 53第四章 個人資料保護影響評估之法制架構與實踐 55第一節 資料保護影響評估程序 55第一項 背景 55第二項 資料保護影響評估之內容 59第三項 檢視事項與內容 78第二節 資料保護影響評估之功能 81第一項 正當法律程序 82第二項 組織內部管理、法律遵循工具 83第三項 供他方檢視 84第三節 人工智慧系統未執行影響評估的案例 85第四節 台灣法規範之缺口 88第一項 個人資料保護法 89第二項 人工智慧倫理法制化 91第三項 影響評估的定位 93第五章 結論與建議 95第一節 結論 95第一項 風險管理的規範模式取向 95第二項 影響評估後設管制的定位 96第三項 我國人工智慧規範之不足 97第二節 建議 98參考文獻 101 zh_TW dc.format.extent 2601550 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0108364210 en_US dc.subject (關鍵詞) 人工智慧 zh_TW dc.subject (關鍵詞) 資料保護影響評估 zh_TW dc.subject (關鍵詞) 自動化決策系統 zh_TW dc.subject (關鍵詞) 風險管理 zh_TW dc.subject (關鍵詞) 資料驅動 zh_TW dc.subject (關鍵詞) Artificial Intelligence en_US dc.subject (關鍵詞) Data Protection Impact Assessment en_US dc.subject (關鍵詞) Automated-decision System en_US dc.subject (關鍵詞) Risk Management en_US dc.subject (關鍵詞) Data-driven en_US dc.title (題名) 人工智慧發展與個人資料保護之風險管理模式:以資料保護影響評估為中心 zh_TW dc.title (題名) Risk Management Approach of Artificial Intelligence and Data Protection: Focusing on Data Protection Impact Assessment en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) 一、 中文文獻(一) 專書劉靜怡,人工智慧相關法律議芻議,臺北市:元照,2018年11月。李開復、王詠剛,人工智慧來了,臺北市:遠見天下文化出版,2017年。周忠信,AI思維:不需要艱深技術,不用鉅額投資,任何企業都適用的進化關鍵,商周出版,2020年10月。李崇僖,人工智慧競爭與法制,臺北市:翰蘆圖書出版有限公司,2020年。李建良主編,法律思維與制度的智慧轉型,臺北市:元照,2020年11月。Maria Christina Caldarola, Joachim Schrey著,趙彥清、黃俊凱譯,林怡芳、陳秋華編,大數據與法律實務指南,臺北市:元照,2020年6月。(二) 期刊論文林勤富、劉漢威,人工智慧法律議題初探,月旦法學雜誌,274卷,頁195-215,2018年3月。郭戎晉,論人工智慧技術應用、法律問題定位及監管立法趨勢,成大法學,39期,頁173-235,2020年6月。楊惟任,人工智慧的挑戰和政府治理的因應,國會季刊,46卷2期,頁67-83,2018年6月。翁清坤,賦予當事人個人資料財產權地位之優勢與侷限:以美國法為中心,臺大法學論叢,47卷3期,頁941-1051,2018年9月。余和謙,人工智慧之治理—以機器學習公平性為中心,科技法律透析,32卷7期,頁83-72,2020年7月15日。周晨蕙,淺析日本人工智慧及資料利用規範,科技法律透析,31卷7期,頁33-42,2019年7月。范姜真媺,日本個人編號法對我國之借鏡--以個人資料保護監督機制之建立為主,東吳法律學報,26卷2期,頁1-33,2014年10月。范姜真媺,匿名加工資料制度之創設-因應大數據時代日本個人資料保護法之新進展,東海大學法學研究,59期,頁1-54,2020年5月。李沛宸,實施歐盟個人資料保護規章對人工智慧發展之影響,財金法學研究,2卷1期,2019年2月16日。張陳弘,科技智慧防疫與個人資料保護:陌生但關鍵的資料保護影響評估程序,臺大法學論叢,50卷2期,2021年6月。王廼宇、廖宜吉,環境影響評估法環評義務定性之研究,靜宜法學,6期,頁131-170,2017年。(三) 研究計畫報告達文西個資暨高科技法律事務所,韓國個人資料保護法制因應GDPR施行之調適委託研究計畫,國家發展委員會,2020年6月。項靖、陳曉慧、楊東謀、羅晉,開放資料及其對政府治理與個人隱私影響之研究,國家發展委員會,2015年2月。曾更瑩、吳志光(理律法律事務所),人工智慧之相關法規國際發展趨勢與因應委託研究計畫,國家發展委員會,2018年12月。鄭福田等編,環境影響評估制度與實務—風險評估與管理檢討,財團法人中技社,2011年1月。葉俊榮,環境影響評估制度問題之探討,行政院研究發展考核委員會,2010年6月。(四) 政府官方文獻人工智慧科研發展指引,科技部,2019年9月。(五) 網路資源詹峻陽,人工智慧三大關鍵技術,數位時代,2016年11月1日,檢自:https://www.bnext.com.tw/article/41534/3-key-techniques-of-ai。林文宏,歐盟執委會提出「數位服務法」及「數位市場法」草案,公平交易委員會電子報,166期,專題報導,檢自:https://www.ftc.gov.tw/upload/1100303-1.pdf。黃亞森,不只是金融業!淺談歐盟的數位服務法及數位市場法對科技業的影響和意義,數位時代,2021年3月17日,檢自:https://www.bnext.com.tw/article/61800/dsa-dma-law-influence。歐盟人工智慧規則草案,理慈國際科技法律事務所 Lee, Tsai & Partners,2021年7月1日,檢自:https://www.lexology.com/library/detail.aspx?g=7e79b67b-6a2e-4b63-8172-1ea2928a0c0e。李崇僖,先出發不一定比較快!微軟、Google人工智慧都出包 歐盟搶時機推倫理準則,未來城市@天下專欄,2019年5月6日,檢自:https://futurecity.cw.com.tw/article/633。王慕民,中國個人信息保護法倒數70天,10大重點讓你超前部署,達文西個資暨高科技法律事務所,2021年8月24日,檢自:https://www.davinci.idv.tw/news/977。邱錦田,日本實現超智慧社會(社會5.0)之科技創新策略,2017年12月25日,檢自:https://portal.stpi.narl.org.tw/index/article/10358。韓國人工智慧風險管理趨勢研析,資訊工業策進會科技法律研究所,2020年6月25日,檢自:https://stli.iii.org.tw/article-detail.aspx?no=64&tp=1&d=8530。尤晴韻,人工智慧發展趨勢與我國推動策略,經濟評論,2018 年 1 月 15 日,檢自:http://www.tier.org.tw/comment/pec5010.aspx?GUID=115b89d4-4a8b-4bd4-896b-bef78e3ab1fb。張麗卿,AI倫理準則及其對臺灣法制的影響,臺灣人工智慧行動網,2021年3月3日,檢自:https://ai.iias.sinica.edu.tw/ai-ethics-guidelines-in-taiwan/。二、 英文/外國文獻(一) 專書PARKER, CHRISTINE, META-REGULATION: LEGAL ACCOUNTABILITY FOR CORPORATE SOCIAL RESPONSIBILITY (2007).REJDA, GEORGE E., RISK MANAGEMENT AND INSURANCE, PERSON EDUCATION INC 13 (2005).MAYER-SCHONBERGER, VIKTOR & CUKIER, KENNETH, BIG DATA: THE ESSENTIAL GUIDE TO WORK, LIFE AND LEARNING IN THE AGE OF INSIGHT, HACHETTE UK (2013).(二) 期刊論文Hilbert, Martin, Big Data for Development: A Review of Promises and Challenges, 34(1) DEVELOPMENT POLICY REVIEW 135-174 (2016).Bieker, Felix, et al., A process for data protection impact assessment under the european general data protection regulation, ANNUAL PRIVACY FORUM, Springer Cham 21-37 (2016).Tancock, David & Pearson, Siani & Charlesworth, Andrew, The Emergence of Privacy Impact Assessments, HP LABORATORIES TECHNICAL REPORT (2010).IT Governance Privacy Team, EU general data protection regulation (gdpr)–an implementation and compliance guide. UNITED KINGDOM: IT GOVERNANCE PUBLISHING (2017).Quelle, Claudia, Enhancing compliance under the general data protection regulation: the risky upshot of the accountability-and risk-based approach, 9(3) EUROPEAN JOURNAL OF RISK REGULATION 502-526 (2018).Binns, Reuben, Data protection impact assessments: a meta-regulatory approach. 7(1) INTERNATIONAL DATA PRIVACY LAW 22-35 (2017).Parker, Christine, Meta-regulation: Legal Accountability for Corporate Social Responsibility, 29 THE NEW CORPORATE ACCOUNTABILITY: CORPORATE SOCIAL RESPONSIBILITY AND THE LAW 1-49 (2007).Clarke, Roger, Privacy impact assessment: Its origins and development, 25(2) COMPUTER LAW & SECURITY REVIEW 123-135 (2009).Kloza, Dariusz, et al., Data protection impact assessments in the European Union. Complementing the new legal framework towards a more robust protection of individuals (2017).Wright, David, Should privacy impact assessments be mandatory?, 54(8) COMMUNICATIONS OF THE ACM 121-131 (2011).Yordanov, Atanas, Nature and Ideal Steps of the Data Protection Impact Assessment under the General Data Protection Regulation, 3 EUR. DATA PROT. L. REV. 486-495 (2017).De Hert, Paul & Kloza, Dariusz & Wright, David, Recommendations for a privacy impact assessment framework for the European Union (2012).Bisztray, Tamas & Gruschka, Nils, Privacy impact assessment: comparing methodologies with a focus on practicality, NORDIC CONFERENCE ON SECURE IT SYSTEMS Springer Cham 3-19 (2019).Quelle, Claudia, Enhancing compliance under the general data protection regulation: The risky upshot of the accountability-and risk-based approach, 9(3) EUROPEAN JOURNAL OF RISK REGULATION 502-526 (2018).Wright, David, The state of the art in privacy impact assessment, 28(1) COMPUTER LAW & SECURITY REVIEW 54-61 (2012).(三) 研究計畫報告New York City Automated Decision Systems Task Force, Automated Decision Systems Task Force Report (Nov. 2019), https://www1.nyc.gov/assets/adstaskforce/downloads/pdf/ADS-Report-11192019.pdf.Venier, Silvia, Emilio Mordini, Michael Friedewald, Philip Schütz, Dara Hallinan, David Wright, Rachel L. Finn, Serge Gutwirth, Raphaël Gellert, and Bruno Turnheim, Final Report – A Privacy and Ethical Impact Assessment Framework for Emerging Sciences and Technologies (Mar. 25, 2013), http://www.prescient-project.eu.(四) 法律規範Regulation (EU) 2016/679, The protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), European Parliament and of the Council, https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.European Commission, Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC (COM/2020/825 final), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52020PC0825&from=en.European Commission, Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on contestable and fair markets in the digital sector (Digital Markets Act) (COM/2020/842 final), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52020PC0842&from=en.European Commission, Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonized Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Act (COM/2021/206 final), https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52021PC0206&from=EN.H.R.2231 - 116th Congress (2019-2020): Algorithmic Accountability Act of 2019, H.R.2231, 116th Cong. (2019), https://www.congress.gov/bill/116th-congress/house-bill/2231.(五) 政府官方文獻High-Level Expert Group on AI set by the European Commission, Ethics Guidelines for Trustworthy AI (Apr. 8, 2019), https://www.aepd.es/sites/default/files/2019-12/ai-ethics-guidelines.pdf.High-Level Expert Group on AI set by the European Commission, The Assessment List for Trustworthy AI (Jul. 17, 2020), https://airegio.ems-carsa.com/nfs/programme_5/call_3/call_preparation/ALTAI_final.pdf.European Commission, A European strategy for data (Feb. 19, 2020), https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/european-data-strategy_en.The Secretary of State for Digital, Culture, Media and Sport, National AI Strategy (Sept. 2021), https://www.gov.uk/government/publications/national-ai-strategy.Department for Digital, Culture Media, and Sport, Data: A new direction (Sep. 10, 2021), https://www.gov.uk/government/consultations/data-a-new-direction.Executive Office of the President, Guidance for Regulation of Artificial Intelligence Applications (Nov. 17, 2020), https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-06.pdf.Article 29 Data Protection Working Party, Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 (2017/EN/WP248), https://ec.europa.eu/newsroom/article29/items/611236.Supervision pursuant to the General Data Protection Regulation (EU) 2016/679 – facial recognition used to monitor the attendance of students, Decision Ref. no. DI-2019-2221 Swedish Data Protection Authority (Aug. 20, 2019).European Parliament Committee on Legal Affairs, Artificial Intelligence Potential Benefits and Ethical Considerations (2016), https://www.europarl.europa.eu/RegData/etudes/BRIE/2016/571380/IPOL_BRI(2016)571380_EN.pdf.Select Committee on Artificial Intelligence, AI in UK: ready, willing and able? (2018), https://publications.parliament.uk/pa/ld201719/ldselect/ldai/100/100.pdf.European Data Protection Supervisor, Accountability on the ground Part II: Data Protection Impact Assessments & Prior Consultation (Jul. 2019), https://edps.europa.eu/sites/edp/files/publication/18-02-06_accountability_on_the_ground_part_2_en.pdf.(六) 網路資源Elleena Abd Wahab, Artificial Intelligence: The European Approach and Beyond, LEXOLOGY (Sep. 14, 2021), https://www.lexology.com/library/detail.aspx?g=4ccb3afd-3ae1-451c-905d-0695108857eb.Mike Pierides, Charlotte Roxon, Legislative Approaches to AI: European Union v. United Kingdom, MORGAN LEWIS (Oct. 5, 2021), https://www.morganlewis.com/blogs/sourcingatmorganlewis/2021/10/legislative-approaches-to-ai-european-union-v-united-kingdom#page=1.발행일정부, AI국가전략발표…”AI반도체세계1위목표”, Bloter (Dec. 17, 2019), http://www.bloter.net/archives/364678. zh_TW dc.identifier.doi (DOI) 10.6814/NCCU202200324 en_US
