93

臺大管理論叢

2017/5

第

27

卷第

2S

期

93-118

DOI:10.6226/NTUMR.2017.JUL.F104-009

巨量資料應用在台灣個資法架構下的法律風險

Personal Information Protection Act and the Legal Risk of Big

Data Applications in Taiwan

摘 要

巨量資料使用如涉及個人資料的蒐集、處理與利用，將面臨諸多潛在法律風險。本研

究以我國

2010

年大幅修正之個人資料保護法出發

1

，研究發現，因為巨量資料的大量性、

強調速度與資料多樣性等特質，適用我國個資法架構時可能發生以下問題：

(1)

無法完

全履行個資法第

8

條與第

9

條對於個人資料於蒐集、處理或利用時之告知義務、

(2)

不

易符合個資法第

11

條在特定目的消失或契約到期後，不得持有、處理或利用資料的規

定、

(3)

部分蒐集方可能不符個資法第

19

條須具有特定目的之要求、

(4)

無法充分執行

個資法第

20

條對特定目的外之利用及停止行銷相關要求、

(5)

無法配合個資法第

54

條

於首次利用時告知之要求等，顯見我國現行個資法可能對巨量資料應用產生重大法律

風險。

【關鍵字】

巨量資料、個人資料保護法、隱私權

Abstract

In spite of their underlying values, big data now present enormous challenges as their

collection, processing and application are potentially susceptible to the legal risks under

Personal Information Protection Act (PIPA 2010) in Taiwan. By putting big data under the

analysis framework of PIPA, this paper notes that by taking into consideration the staggering

volume, velocity and variety claimed by big data and the enactment of PIPA, problems might

arise in a number of ways: (1) In terms of information disclosure, data collection and

processing would not meet the requirement of Article 8 and Article 9 of PIPA; (2) Data

controllers are very likely to breach the duty stipulated by Article 11 of PIPA, which is,

deleting and discontinuing to process or use when the specific purpose no longer exists or

contract period expires; (3) Some data collectors might fail to satisfy the specific purpose

requirement set by Article 19 of PIPA; (4) Data controllers might violate Article 20 of PIPA

at the first marketing action; (5) They also might not meet Article 54 of PIPA that requires a

notification may be given at the time where such personal information is first used.

【

Keywords

】

big data, Personal Information Protection Act, the right to privacy

彭金隆

/

國立政治大學風險管理與保險學系副教授

Jin-Lung Peng

/ Associate Professor, Department of Risk Management and Insurance, National Chengchi

University

陳俞沛

/

國立成功大學醫學系臨床助理教授

Yu-Pei Chen

/ Assistant Professor, Department of Medicine, National Cheng Kung University

孫群

/

國立政治大學風險管理與保險學系博士生

Aureola Sun

/ Ph.D. Student, Department of Risk Management and Insurance, National Chengchi

University

Received, 2015/6, Final revision received 2016/7

1

我國個人資料保護法於

2010

年間修訂通過後，各界反應部分條文過於嚴格，因此保留第

6

條及第

54

條暫未施行，立法院遲至

2015

年

12

月

15

日三讀通過部分條文修正案，並於

12

月

30

日總統

公布修正第

6-8

、

11

、

15

、

16

、

19

、

20

、

41

、

45

、

53

、

54

條條文。