政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/128554
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 109952/140887 (78%)
Visitors : 46340841      Online Users : 415
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/128554


    Title: GDPR跨境傳輸例外規範與WTO規範下 GATS之合致性分析
    The legal analysis of GDPR cross-border data transfer exception regulation under GATS of WTO
    Authors: 張安潔
    Chang, Ann-Chie
    Contributors: 薛景文
    Hsueh, Ching-Wen
    張安潔
    Chang, Ann-Chie
    Keywords: 資料保護規範
    跨境資料傳輸
    GDPR
    GATS
    Data protection regulation
    Cross-border data transfers
    Date: 2020
    Issue Date: 2020-02-05 17:03:11 (UTC+8)
    Abstract: 2018年歐盟一般資料保護規則(General Data Protection Regulation,GDPR)正式實施為資料保護規範立下重要的里程碑。資料保護的範圍擴及到網路上的使用軌跡,強調資料主體擁有其資料的主權、資料控制者及處理者須嚴謹遵守其義務,除此之外, GDPR原則上禁止了將歐盟境內資料傳輸到境外,僅允許幾種特定的例外條款。此規定使得GDPR不僅對資料保護的發展帶來革新,也對國際貿易的規範帶來衝擊與影響。
    大數據時代的興起使得「資料」(Data)成為極具價值的資產,因為網路使得跨國的商業貿易突破地理界線的障礙,可以輕易地觸及跨國消費者。消費者在網路上所產生的資料,企業透過跨境蒐集與處理可以進行行銷分析,是商業發展重要的根據。然而GDPR原則上禁止跨境傳輸之規定,直接衝擊到在歐盟進行商業活動的企業,因此引發各界質疑該規範是否是以資料保護之名,行貿易障礙之實。本文聚焦於探討GDPR跨境傳輸的三種例外允許:國家適足性認定、適當保護措施以及資料主體同意是否實質上是難以通過的窄門,違反WTO最惠國待遇、國民待遇及相互承認等規範。
    本文透過整理法規及相關官方條文解釋文件,將歐盟的資料保護法制與背景,GDPR中關於資料的定義、資料主體及資料控制處理者之權利義務,以及跨境傳輸的原則及各項例外允許規範進行說明,以輔助後續合致性分析。同時本文以文獻回顧之研究方法,整理歸納各界學者探討GDPR跨境傳輸與WTO貿易法可能的潛在衝突及看法。本文藉由整理歸納WTO過往最惠國待遇、國民待遇及相互承認的案例以分析例外允許規範是否有違反WTO規範。整體而言,例外允許規範並沒有實質上違反WTO規範,並確實有許多國家及企業藉此進行跨境傳輸。惟其仍有值得改進之處,因為縱然其規範沒有違反WTO義務,其在申請的程序上多耗時且所費不貲,且追求與GDPR相當的資料保護程度,仍可能不利於中小企以及資料保護規範尚在發展中的國家。
    The adoption of General Data Protection Regulation in the European Union in 2018 is an important milestone for data protection regulations. The scope of data protection has been extended to the trajectory of use on the Internet, emphasizing that data subjects have sovereignty over their data, thus indicating data controllers and processors must strictly abide by their obligations. Furthermore, GDPR prohibits the cross-border transfer of data from EU to other countries with only a few specific exceptions. Hence, GDPR not only provides a new perspective to the development of data protection but also exert significant impact on the regulation of international trade.
    The rise of the era of big data makes "data" a very valuable asset because the Internet enables transnational commercial trade to break through the barriers of geographical boundaries and can easily reach multinational consumers. The data generated by consumers on the Internet can be analyzed by companies through cross-border collection and processing, which is an important basis for business development. However, the principle that the GDPR prohibits cross-border transmission in principle directly impacts companies doing business in the European Union, which has led to questions from all walks of life whether the norm is a barrier to trade in the name of data protection. This article focuses on the three exceptions to GDPR cross-border data transfers: Adequacy Decision, appropriate protection measures, and whether the data subject agrees that it is essentially a narrow gate that is difficult to pass, a violation of WTO most-favored-nation treatment, national treatment, and mutual recognition and other specifications.
    This paper analyzes the consistency of the exceptions of cross-border data transfers under GATS regulation especially in most favored nation treatment, national treatment, and mutual recognition. Overall, the exception regulations did not substantially violate the WTO regulations. However, further improvement is needed, due to its time-consuming and expensive application process, and also the requirement of data protection meeting the standard of GDPR may be cause negative impact to SMEs and developing countries.
    Reference: 中文文獻
    日本取得歐盟GDPR例外適足性認定,台灣經貿網,2019年1月24日,https://reurl.cc/ObKN6g(最後瀏覽日:2020年1月13日)。
    林彩瑜,WTO制度與實務:世界貿組織法律研究(三),2版,頁308(2013年)。
    國家發展委員會,歐盟對台歐展開GDPR適足性對話表示歡迎,國家發展委員會,2019年3月11日,https://reurl.cc/72k4qN (最後瀏覽日:2019年12月31日)。
    凱君,創新金融模式 下一步是FinTech還是TechFin?,經濟日報,2019年6月5日,https://money.udn.com/money/story/5613/3855248(最後瀏覽日:2019年12月31日)
    鈦媒體,馬雲和他的兆元級「長子」螞蟻金服,數位時代,2019年1月3日,https://www.bnext.com.tw/article/51818/antfin-1000-billion-cny(最後瀏覽日:2019年12月31日)。
    印度IT-BPM資訊外包產業介紹(二之一) ,台灣經貿網,2015年8月24日,https://reurl.cc/pDekxZ(最後瀏覽日:2020年1月13日)。

    英文文獻
    書籍
    VAN DEN BOSSCHE, PETER & WERNER ZDOUC, THE LAW AND POLICY OF THE WORLD TRADE ORGANIZATION: TEXT, CASES AND MATERIALS 333 (3rd ed. 2013).
    Aaditya Mattoo,Thomas Cottier(eds.),Petros C. Mavroidis(eds.), REGULATORY BARRIERS AND THE PRINCIPLE OF NON-DISCRIMINATION IN WORLD TRADE LAW 2 (2000).
    期刊
    Jan Philipp Albrecht, How the GDPR Will Change the World, 2 EUR. DATA PROT. L. REV. 288, 287-289 (2016).
    Aaditya Mattoo, Joshua P. Meltzer, International Data Flows and Privacy: the Conflict and Its Resolution 21 J. INT. ECON. LAW 769, 779 (2018).
    Shin-yi Pent, ‘GATS and the Over-the-Top (OTT) Services—A Legal Outlook’, Journal of World Trade 50 (1), at 10-13.
    R. Fefer, S. Akhtar &W. Morrison, Digital Trade and US Trade Policy, CONGRESSIONAL RESEARCH SERVICE (Nov. 5, 2018), https://fas.org/sgp/crs/misc/R44565.pdf.
    Usman Ahmed, The Importance of Cross-Border Regulatory Cooperation in an Era of Digital Trade, 18 WORLD TRADE REVIEW, 99-120 (2019).
    Andrew D Mitchell & Neha Mishra, Regulating Cross-Border Data Flows in a Data Driven World: How WTO Law Can Contribute 22 J. INT. ECON. LAW, 3 (2019).
    Meltzer, Joshua, The Internet, Cross-Border Data Flows and International Trade, 2 ASIA & THE PACIFIC POLICY STUDIES 90, 90-102 (2013).
    官方文件
    OECD, OECD GUIDELINES ON THE PROTECTION OF PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA (1980).
    Directive 95/46/EC, of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, 1995 O.J. (L281/31).
    Regulation (EU) 2016/679, of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, 2016 O.J. (L 119).
    Draft Report on the Proposal For A Regulation of The European Parliament and of the Council on the Protection of Individual With Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation) (COM(2012)0011–C7-0025/2012–2012/0011(COD)), EUR PARL. DOC. PE501.927V02 (2012).
    Opinion of the Committee of the Regions on ‘Data protection package’, Dec. 18, 2012, 2012 O.J. (C391)127, at 127–133.
    Executive Summary of the Opinion of the European Data Protection Supervisor on ‘Meeting the challenges of big data: a call for transparency, user control, data protection by design and accountability’, Feb. 20, 2016, 2016 O.J. (C67)13, at 13–15.
    European Data Protection Board, Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) Version 2.0, Adopted on12 November 2019, https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_3_2018_territorial_scope_after_public_consultation_en.pdf [hereinafter Article 3 Guidelines].
    Article 29 Data Protection Working Party, Guidelines on Consent under Regulation 2016/679, Adopted on 28 November 2017, as Last Revised and Adopted on 10 April 2018, WP259 rev. 01
    Article 29 Data Protection Working Party, Adequacy Referential (updated), Adopted on 28 November 2017, WP254.
    2001/497/EC: Commission Decision of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC (Text with EEA relevance) (notified under document number C(2001) 1539).
    Commission Decision of 27 December 2004 amending Decision 2001/497/EC as regards the introduction of an alternative set of standard contractual clauses for the transfer of personal data to third countries (notified under document number C(2004) 5271)Text with EEA relevance, Dec. 29, 2014, O.J. L 385, at 74–84.
    2010/87/: Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (notified under document C(2010) 593) (Text with EEA relevance), Feb. 12, 2010,O.J. L 39, at 5–18.
    Article 29 Data Protection Working Party, Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR, Adopted on 11 April 2018, WP263 rev.01, at 1.
    Group of Negotiations on Services, Uruguay Round, Services Sectoral Classification List, Note by the Secretariat, MTN.GNS/W/120, 10 July 1991WTO Committee on Specific Commitments, Report of the Meeting Held on 18 September 2014, Note by the Secretariat, S/CSC/M/71.
    Comprehensive Economic and Trade Agreement Between Canada and the European Union and its Member States, Annex 9-B.
    Privacy Shield Framework, PRIVACY SHIELD FRAMEWORK, https://www.privacyshield.gov/welcome.
    判決文件
    Judgment of the Court (Grand Chamber), 13 May 2014.Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González. Request for a preliminary ruling from the Audiencia Nacional. Personal data — Protection of individuals with regard to the processing of such data — Directive 95/46/EC — Articles 2, 4, 12 and 14 — Material and territorial scope — Internet search engines — Processing of data contained on websites — Searching for, indexing and storage of such data — Responsibility of the operator of the search engine — Establishment on the territory of a Member State — Extent of that operator’s obligations and of the data subject’s rights — Charter of Fundamental Rights of the European Union — Articles 7 and 8. Case C‑131/12.
    Case C-108/09, Ker-Optika bt v. ÀNTSZ Dél-dunántúli Regionális Intézete, 2010 E.C.J. I-12213, ¶¶ 22, 28.
    Judgment of the Court (Grand Chamber) of 6 October 2015. Maximillian Schrems v Data Protection Commissioner. Request for a preliminary ruling from the High Court (Ireland). Reference for a preliminary ruling — Personal data — Protection of individuals with regard to the processing of such data — Charter of Fundamental Rights of the European Union — Articles 7, 8 and 47 — Directive 95/46/EC — Articles 25 and 28 — Transfer of personal data to third countries — Decision 2000/520/EC — Transfer of personal data to the United States — Inadequate level of protection — Validity — Complaint by an individual whose data has been transferred from the European Union to the United States — Powers of the national supervisory authorities. Case C-362/14, ¶¶ 73, 74.
    Panel Report, United States-Measures Affecting the Cross-Border Supply of Gambling and Betting Services, ¶ 6.285–87, WT/DS285/R (Nov. 10, 2004).
    Appellate Body Report, United States— Measures Affecting the Cross-Border Supply of Gambling and Betting Services, ¶ 215, WT/DS285/AB/R (April 7, 2005).
    Appellate Body Report, United States — Import Prohibition of Certain Shrimp and Shrimp Products, ¶ 150, WTO Doc. WT/DS58/AB/R (Oct. 12, 1998).
    Appellate Body Report, Canada — Certain Measures Affecting the Automotive Industry, WTO Doc. WT/DS139/AB/R (adopted June 19, 2000).
    226 Justice K S Puttaswamy v Union of India and Ors, Supreme Court of India, Writ Petition (Civil) No. 494.
    Panel Report, European Communities — Regime for the Importation, Sale and Distribution of Bananas, WTO Doc. WT/DS27/R/ECU (adopted on May 22, 1997).
    Appellate Body Report, European Communities - Regime for the Importation, Sale and Distribution of Bananas, WTO Doc. WT/DS27/AB/R (adopted on Sept. 25, 1997).
    Panel Report, China - Certain Measures Affecting Electronic Payment Services, ¶ 7.699, WTO Doc. WT/DS413/R (adopted on Aug. 31, 2012)
    Appellate Body Report, Argentina - Measures Relating to Trade in Goods and Services, WTO Doc. WT/DS453/AB/R (adopted on May 9, 2016).
    Panel Report, European Economic Community - Imports of Beef from Canada, ¶ 4.2-4.3, WTO Doc. L/5099 (Mar. 10, 1981).
    網頁資料
    Matthew Rosenberg, Nicholas Confessore & Carole Cadwalladr, How Trump Consultants Exploited the Facebook Data of Millions, THE NEW YORK TIME (Mar. 17, 2018), https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-campaign.html?module=inline.
    EUROPEAN COMMISSION, Adequacy decisions How the EU determines if a non-EU country has an adequate level of data protection, EUROPEAN COMMISSION, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en (last visited Dec. 31, 2019).
    EUROPEAN COMMISSION, Binding Corporate Rules (BCR) Corporate rules for data transfers within multinational companies, EUROPEAN COMMISSION, https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en (last visited Dec. 31, 2019).
    EUROPEAN COMMISSION, List of companies for which the EU BCR cooperation procedure is closed, EUROPEAN COMMISSION, https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=61384 (last visited Dec. 31, 2019).
    Forbes Technology Council, 15 Unexpected Consequences of GDPR, FORBES, https://www.forbes.com/sites/forbestechcouncil/2018/08/15/15-unexpected-consequences-of-gdpr/#2770880794ad (last visited Dec. 31, 2019).
    Daniela Fabian Masoch, Why Should Companies Invest in Binding Corporate Rules, ICLG, https://iclg.com/practice-areas/data-protection-laws-and-regulations/3-why-should-companies-invest-in-binding-corporate-rules (last visited Dec. 31, 2019).
    Description: 碩士
    國立政治大學
    國際經營與貿易學系
    106351043
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0106351043
    Data Type: thesis
    DOI: 10.6814/NCCU202000087
    Appears in Collections:[Department of International Business] Theses

    Files in This Item:

    File SizeFormat
    104301.pdf1141KbAdobe PDF20View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback