行動應用程式的個人資料保護── 公開透明原則的強化與本國實證研究

Abstract

智慧型裝置的普及，讓行動應用程式逐漸成為日常生活中不可或缺的重要工具，這也使行動應用程式不當蒐集、使用和揭露使用者個人資料的情形，更加引起社會關注。而行動應用程式的功能日趨多元，以及上下游供應鏈多重的個資蒐集處理業者，使得可能存在的個人隱私侵犯愈發複雜與嚴重。本文以行動應用程式的產業運作實況切入，從個人資料保護的目的與種類出發，分析行動應用程式對個資影響的深度和廣度。由於我國對行動應用程式招致的隱私議題，尚無明確的法律政策，本文藉由比較法分析途徑，針對歐盟與美國主管機關、以及國際組織在2013年先後發表的行動應用程式隱私保護意見書與規範建議，進行政策的比較研究。此外，透過問卷調查我國民眾對行動應用程式的隱私意識，以及目前行動應用程式產業提供的隱私通知之效度，作為本文提出政策建議的基礎。最後，針對現今各國通用的「通知和同意（notice and consent）機制｣在實際運作上所面臨的難題，以及我國個人資料保護法在行動應用程式議題上所面臨的困境，本文亦逐一加以剖析，並且研擬可能的因應對策與解決方案。

Smart devices and mobile applications (apps) are increasingly indispensable to modern people. When users operate their smart devices and apps, however, they share a variety of personal information with a multitude of known or unknown players, which significantly raises the public’s concerns on possible privacy invasion. How to protect user’s mobile privacy thus becomes a timely issue. This thesis explores how apps collect personal data, which type of data is collected, and why those practices impose risks on user’s personal privacy. The thesis further analyze the opinions and staff reports of the European Union, United States and International Governmental Organizations newly published in 2013, and find that the notice-and-consent mechanism remains a primary regulatory measure in securing mobile privacy. As identifying the key rule of transparency, the thesis makes an empirical study survey Taiwanese mobile apps user how their attitude and awareness toward current notice-and-consent mechanism and mobile privacy. Basing on the result of the survey, the thesis concludes the deficiencies of notice-and-consent mechanism and present an alternative approach to enhance the efficacy of privacy notice. On those bases, this thesis critically reviews Taiwan’s Personal Information Protection Act and other regulation pertinent to mobile privacy protection, and propose feasible resolutions to contemporary mobile privacy issues in Taiwan.