Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/98906
|
| Title: | 「從設計著手保護隱私」的法制化研究―以行動應用程式開發為例
LEGAL STUDY ON PRIVACY BY DESIGN FOR MOBILE APPLICATIONS DEVELOPMENT |
| Authors: | 張永慶
Chang, Yung Ching |
| Contributors: | 陳起行
Chen, Chi Shing
張永慶
Chang, Yung Ching |
| Keywords: | 從設計著手保護隱私
行動應用程式
行動隱私
個人資料保護法
電子參與
Privacy by Design
Mobile Applications
Mobile Privacy
Personal Information Protection Act
E-Participation |
| Date: | 2015 |
| Issue Date: | 2016-07-11 17:43:03 (UTC+8) |
| Abstract: | 在這資通訊技術快速發展的時代,人類對於智慧型手機與行動應用程式的使用持續的增加,然而行動應用程式的功能日趨多元,可能造成個人隱私與資料遭受到侵害的相關法律議題也引起政府官員、專家學者、法律人員、產業人士與消費者的關注。本文基於目前的行動應用程式產業提出了兩項非常重要的問題:(一)在設計與開發行動應用程式之前,是否有需要執行「從設計著手保護隱私」的法律機制來強化消費者隱私權的保護?(二)台灣是否應該將「從設計著手保護隱私」的法律機制納入個人資料保護法,以符合當代歐洲與美國的資訊隱私保護法制?
我國目前並無明確法律政策規範行動應用程式的隱私保護議題,本文藉由比較法分析途徑,針對歐盟與美國隱私保護主管機關所提出「從設計著手保護隱私」的意見書、規範建議與相關法律進行比較研究,並且研擬台灣政府與產業可能因應的對策與解決方案,使產品或服務在開發之初即納入隱私保護機制。此外,本文透過跨領域電腦科學的軟體工程方法與專家學者建議,評估導入「從設計著手保護隱私」機制於目前行動應用程式之隱私保護架構下所產生的效益與影響。
最後,本文亦逐一分析我國個人資料保護法以及歐美所提出的行動隱私相關規範,並且建議透過電子參與的方式讓政府官員、專家學者與企業可以定期對話,一起為將來的個人資料保護法制修訂,考量納入「從設計著手保護隱私」概念,強化行動隱私權之保護工作。
In the contemporary age of Information and Communication Technology (ICT), the rapid use of smartphones and mobile applications consistently increasing, legal issues regarding invasion of mobile privacy concern government officials, academics, industry experts and consumers. This thesis raises two overarching questions based on mobile applications (apps) industry: (i) Is it necessary to legally enforce Privacy by Design (PbD) into mobile apps development to ensure better protection of privacy right? (ii) Should Taiwan government incorporate PbD into its Personal Information Protection Act (PIPA) to conform the US and EU regulations?
This thesis use comparative jurisprudence approach to examine mobile privacy regulations by analyzing opinions, staff reports and regulations from the US and EU to determine how better Taiwan can emulate the US and EU’s guidelines on PbD to ensure that privacy protection mechanisms are implemented into product or service from the onset of mobile apps development. Furthermore, this thesis also assesses current privacy protection regulations and frameworks through a “bridging-approach” based on software engineering methodology where we conclude PbD results during mobile apps development cycle, and also demonstrate considerable interdisciplinary cooperation between legal science and computer science.
Finally, this thesis proposes feasible solutions to address contemporary mobile privacy issues in Taiwan through a critical review of Taiwan’s PIPA, US and EU’s mobile privacy regulations, and suggest e-participation approach to involve different stakeholders – government officials, academics, and industry experts for future PbD policy making and regular dialogs to ensure robust protections of mobile privacy right. |
| Reference: | Books
1 Daniel J. Solove and Paul M. Schwartz (2015), Privacy Law Fundamentals (Third Edition), International Association of Privacy Professionals (IAPP), Portsmouth, New Hampshire, USA.
2 Daniel J. Solove and Paul M. Schwartz (2015), Information Privacy Law (Fifth Edition), Wolters Kluwer, New York, USA.
3 Demetrius Klitou (2014), Privacy-Invading Technologies and Privacy by Design: Safeguarding Privacy, Liberty and Security in the 21st Century, T.M.C Asser Press, Leiden, Netherlands.
4 Ian Sommerville (2015), Software Engineering (Tenth Edition), Addison-Wesley, Boston, Massachusetts, USA.
5 Viktor Mayer-Schönbergerand Kenneth Cukier (2013), Big Data: A Revolution That Will Transform How We Live, Work and Think, John Murray, London, UK.
6 G.W. van Blarkom, J.J. Borking, P. Verhaar (2003), Handbook of Privacy-Enhancing Technologies – The Case of Intelligent Software Agents, College Bescherming Persoonsgegevens, Hague, Netherlands.
Journal Articles
1 Axel Hoffmann, Holger Hoffmann, Silke Jandt, Alexander RoBnagel, and Jan Marco Leimeister, “Towards the Use of Software Requirement Patterns for Legal Requirements”, 2nd International Requirements Engineering Efficiency Workshop (REEW) 2012, Essen, Germany.
2 Chi-Shing Chen, “Privacy and the New Legal Paradigm: Tradition and Development in Taiwan”, Review of Policy Research,Vol. 29, No. 1 (January 2012, pp. 119-130).
3 Daniel Solove, “Privacy Self-Management and the Consent Dilemma”, Harvard Law Review, Vol. 126, No. 7 (May 2013, pp. 1880-1903).
4 David Krebs, “Privacy by Design: Nice-to-have or a Necessary Principle of Data Protection Law?”, Journal for Intellectual Property, Information Technology and Electronic Commerce Law (JIPITEC), Volume 4, Issue 1 (March 2013, pp. 2-20).
5 Dawn N. Jutla, Peter Bodorik, Sohail Ali, “Engineering Privacy for Big Data Apps with the Unified Modeling Language”, IEEE International Congress on Big Data (June 2013, pp. 38-45).
6 Eleanor Birrell and Fred B. Schneider, “Federated Identity Management Systems: A Privacy-Based Characterization”, IEEE Security & Privacy, Vol. 11, No. 5 (September 2013, pp. 36-48).
7 Ira S. Rubinstein, “Big Data: The End of Privacy or a New Beginning?”,International Data Privacy Law,Vol.3, No. 2, (May2013, pp. 74-87).
8 Ira S. Rubinstein, “Regulating Privacy by Design”, Berkeley Technology Law Journal, Vol. 26, No. 3 (June 2011, pp. 1409-1456).
9 Ira S. Rubinstein and Nathan Good, “Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents”, Berkeley Technology Law Journal, Vol. 28, No. 2 (December 2013, pp. 1333-1414).
10 Jenny Torres, Michele Nogueira, and Guy Pujolle, “A Survey on Identity Management for the Future Network”, IEEE Communications Surveys & Tutorials, Vol. 15, No. 2 (May 2013, pp. 787-802).
11 Joan Feigenbaum, Michael J. Freedman, Tomas Sander, Adam Shostack, “Privacy Engineering for Digital Rights Management Systems”, DRM ’01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management (2002, pp. 76-105).
12 Kenneth A. Bamberger and Deirdre K. Mulligan, “New Governance, Chief Privacy Officers, and the Corporate Management of Information Privacy in the United States: An Initial Inquiry”, Law and Policy, UC Berkeley Public Law Research Paper No. 1701087 (November 2011, 32 pages).
13 Lorrie Faith Cranor, Norman Sadeh, "A Shortage of Privacy Engineers", IEEE Security & Privacy, Vol.11, No. 2 (March 2013, pp. 77-79).
14 Matthias Pocs, “Will the European Commission be able to standardise legal technology design without a legal method?” Computer Law & Security Review, Vol. 28 (December 2012, pp. 641-650).
15 Robert R. Schriver, “You Cheated, You Lied: The Safe Harbor Agreement and its Enforcement by the Federal Trade Commission”, Fordham Law Review Volume 70, Issue 6 (2002, pp. 2777-2818).
16 Sarah Spiekermann and Lorrie F. Caranor, “Engineering Privacy”, IEEE Transactions on Software Engineering, Vol. 35, No. 1 (January 2009, pp. 67-80).
17 Susan Landau, “Educating Engineers: Teaching Privacy in a World of Open Doors”, IEEE Security & Privacy, Vol. 12, No. 3 (May 2014, pp. 66-70)
18 Ting-Chi Liu, “The Definition of Personal Data, Data Protection Principles, and the Exemptions of the Personal Information Protection Law – Using CCTV as an Example (1)”, Taiwan Jurist, No. 115 (May 2012, pp. 42-54).
19 Ting-Chi Liu, “The Definition of Personal Data, Data Protection Principles, and the Exemptions of the Personal Information Protection Law – Using CCTV as an Example (2)”, Taiwan Jurist, No. 119 (September 2012, pp. 39-53).
20 Ting-Chi Liu, “Cloud Computing and Personal Data Protection – A Comparative Study between Taiwan’s Personal Data Protection Act and European Data Protection Directive”, Tunghai University Law Review, No. 43 (August 2014, pp. 53-106).
21 Paul M. Schwartz, “Information Privacy in the Cloud”, Universityof Pennsylvania Law Review, Vol.161, No. 1623(May 2013, pp. 1623-1662).
22 Paul M. Schwartz and Daniel Solove, “The PII Problem: Privacy and a New Concept of Personally Identifiable Information”,New York University Law Review, Vol. 86(December 2011, pp. 1814-1894).
23 Viktor Mayer-Schönberger, “Beyond Privacy, Beyond Rights – Towards a “Systems” Theory of Information Governance”, California Law Review, Vol. 98, No. 6 (December 2010, pp. 1853-1886).
Online Articles
1 Ann Cavoukian, Privacy by Design – Take The Challenge (January 2009), http://www.privacybydesign.ca/index.php/paper/pbd-book/
2 Ann Cavoukian, Privacy by Design –The 7 Foundational Principles(August 2009), http://www.privacybydesign.ca/index.php/about-pbd/7-foundational-principles/
3 Ann Cavoukian, The 7 Foundational Principles: Implementation and Mapping of Fair Information Practices (May 2010), https://www.privacybydesign.ca/index.php/paper/implementation-and-mapping-of-fair-information-practices/
4 Ann Cavoukian, Privacy by Design in Law, Policy and Practice: A While Paper for Regulators, Decision-makers and Policy-markers (August 2011), https://www.privacybydesign.ca/index.php/paper/privacy-by-design-in-law-policy-and-practice-a-white-paper-for-regulators-decision-makers-and-policy-makers/
5 Ann Cavoukian and Jeff Jonas, Privacy by Design in the Age of Big Data (June, 2012), https://www.privacybydesign.ca/index.php/paper/privacy-by-design-in-the-age-of-big-data/
6 Ann Cavoukian, Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices (December 2012) https://www.privacybydesign.ca/index.php/paper/operationalizing-privacy-by-design-a-guide-to-implementing-strong-privacy-practices/
7 Ann Cavoukian, Stuart Shapiro and Jason Cronk, Privy Engineering: Proactively Embedding Privacy, by Design (January 2014), https://www.privacybydesign.ca/index.php/paper/privacy-engineering-proactively-embedding-privacy-design/
8 Ann Cavoukian, Privacy by Design – From Rhetoric to Reality (January 2014), http://www.privacybydesign.ca/index.php/paper/privacy-design-rhetoric-reality/
9 Ann Cavoukian, Fred Carter, Dawn Jutla, John Sabo, Frank Dawson, Jonathan Fox, Tom Finneran, and Sander Fieten, Privacy by Design Documentation for Software Engineers Version 1.0 (June 2014), http://docs.oasis-open.org/pbd-se/pbd-se/v1.0/pbd-se-v1.0.html
10 Electronic Privacy Information Center (EPIC), EU Data Protection Directive, https://epic.org/privacy/intl/eu_data_protection_directive.html
11 European Commission, Privacy and Data Protection Impact Assessment Framework for RFID Applications (January 2011), http://cordis.europa.eu/fp7/ict/enet/documents/rfid-pia-framework-final.pdf
12 EU Article 29 Data Protection Working Party, Directive 95/46/EC of the European Parliament and the Council of Europe on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data (October 1995), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML
13 EU Article 29 Data Protection Working Party, Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications (February 2011), http://cordis.europa.eu/fp7/ict/enet/documents/rfid-pia-framework-a29wp-opinion-11-02-2011_en.pdf
14 EU Article 29 Data Protection Working Party, Opinion 02/2013 on Apps on Smart Devices (February 2013), http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp202_en.pdf
15 EU Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individual with Regard to the Processing of Personal Data and on the Free Movement of such Data(General Data Protection Regulation, January 2012 ), http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52012PC0011&from=EN
16 Garner, Worldwide Mobile Apps Downloads 2012-2017 (September 2013), http://www.gartner.com/newsroom/id/2592315
17 GSM Association (GSMA), Mobile Privacy Principles (January 2011), http://www.gsma.com/publicpolicy/mobile-and-privacy/mobile-privacy-principles
18 GSM Association (GSMA), Privacy Design Guidelines for Mobile Application Development (February 2012), http://www.gsma.com/publicpolicy/privacy-design-guidelines-for-mobile-application-development
19 International Data Protection and Privacy Commissioners, Resolution on Privacy by Design (October 2010), 32nd International Conference, http://www.justice.gov.il/NR/rdonlyres/F8A79347-170C-4EEF-A0AD-155554558A5F/26502/ResolutiononPrivacybyDesign.pdf
20 International Data Protection and Privacy Commissioners, Resolution Big Data (October 2014), 36th International Conference, http://www.privacyconference2014.org/media/16427/Resolution-Big-Data.pdf
21 International Data Corporation (IDC), Worldwide Mobile Phone 2015-2019 Forecast and Analysis (April 2015), http://www.idc.com/getdoc.jsp?containerId=255079
22 James Denvil, Hogan Lovells, Insights on the Consumer Privacy Bill of Rights Act of 2015 (March 2015), http://www.hldataprotection.com/2015/03/articles/consumer-privacy/insights-on-the-consumer-privacy-bill-of-rights-act-of-2015/
23 Kamala D. Harris, Attorney General, California Department of Justice, Privacy On the Go: Recommendations for the Mobile Ecosystem (January 2013), http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/privacy_on_the_go.pdf
24 Organization for Economic Cooperation and Development (OECD), The OECD Privacy Framework (July 2013), http://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf
25 Paul M. Schwartz, The Privacy Projects, Managing Global Data Privacy (August 2009), http://theprivacyprojects.org/wp-content/uploads/2009/08/The-Privacy-Projects-Paul-Schwartz-Global-Data-Flows-20093.pdf
26 Taiwan Ministry of Justice, Personal Information Protection Act (May 2010), http://law.moj.gov.tw/Eng/LawClass/LawAll.aspx?PCode=I0050021
27 UK Information Commissioner’s Office (ICO), Privacy by Design (November 2008), https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-by-design
28 UK Information Commissioner’s Office (ICO), Privacy in Mobile Apps – Guidance for App Developers (December 2013), https://ico.org.uk/for-organisations/guide-to-data-protection/online-and-apps/
29 UK Information Commissioner’s Office (ICO), Conducting Privacy Impact Assessments Code of Practice (February 2014), https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf
30 UK Information Commissioner’s Office (ICO), Big Data and Data Protection (July 2014), https://ico.org.uk/for-organisations/guide-to-data-protection/big-data/
31 US Depart of Health, Education, and Welfare (HEW), Secretary’s Advisory Committee on Automated Personal Data Systems, Computers, and Rights of Citizens (July 1973), http://www.justice.gov/opcl/docs/rec-com-rights.pdf
32 US Federal Trade Commission (FTC), Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policy Makers (March 2012), https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf
33 US Federal Trade Commission (FTC), Mobile Privacy Disclosures: Building Trust Through Transparency (February 2013), http://www.ftc.gov/reports/mobile-privacy-disclosures-building-trust-through-transparency-federal-trade-commission
34 US Federal Trade Commission (FTC), Mobile App Developers: Start with Security (February 2013), http://business.ftc.gov/documents/bus83-mobile-app-developers-start-security
35 US Federal Trade Commission (FTC), HTC America Settles FTC Charges It Failed to Secure Millions of Mobile Devices Shipped to Consumers (February 2013), http://www.ftc.gov/news-events/press-releases/2013/02/htc-america-settles-ftc-charges-it-failed-secure-millions-mobile
36 US White House, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy (February 2012), https://www.whitehouse.gov/sites/default/files/privacy-final.pdf
37 US White House, Administration Discussion Draft: Consumer Privacy Bill of Rights Act of 2015 (February 2015), https://www.whitehouse.gov/sites/default/files/omb/legislative/letters/cpbr-act-of-2015-discussion-draft.pdf
38 Seda Curses, Carmela Troncoso, and Claudia Diaz, Engineering Privacy by Design (January 2011), http://www.cosic.esat.kuleuven.be/publications/article-1542.pdf
Online Resources
1 Advancing Open Standards for the Information Society (OASIS), Privacy by Design Documentation for Software Engineers (PbD-SE) Technical Committee, https://www.oasis-open.org/committees/pbd-se/
2 Computing Community Consortium, Visioning Activities – Privacy by Design, http://www.cra.org/ccc/visioning/visioning-activities/privacy-by-design/
3 Electronic Privacy Information Center (EPIC), Privacy Issues, https://epic.org/privacy/
4 European Commission, Article 29 Working Party Documentation, http://ec.europa.eu/justice/data-protection/article-29/documentation/index_en.htm
5 European Commission, Data Protection, http://ec.europa.eu/justice/data-protection/index_en.htm
6 European Union’s Seventh Framework Program (EU FP7) for Research, Preparing Industry to Privacy-by-Design by Supporting its Application in Research, http://pripareproject.eu/research/
7 European Commission, Network and Information Security (NIS) Directive, https://ec.europa.eu/digital-single-market/en/news/network-and-information-security-nis-directive
8 Future of Privacy Forum, Application Privacy, http://www.applicationprivacy.org/
9 Harvard University School of Law, Harvard Law Review, http://www.harvardlawreview.org/
10 Ian Sommerville, Software Engineering Book 10th Edition, http://iansommerville.com/software-engineering-book/
11 Oxford Journals, International Data Privacy Law, http://idpl.oxfordjournals.org/
12 Stanford University School of Law, Stanford Technology Law Review, https://journals.law.stanford.edu/stanford-technology-law-review
13 Tutorials Points, Software Engineering Tutorial, http://www.tutorialspoint.com/software_engineering/
14 The Future of Privacy Forum (FPF), Application Data Privacy Project, http://www.applicationprivacy.org/learn-resources/
15 UK Information Commissioner’s Office, Guide to Data Protection, https://ico.org.uk/for-organisations/guide-to-data-protection/
16 UC Berkeley School of Law, Berkeley Technology Law Journal, http://scholarship.law.berkeley.edu/btlj/
17 UC Berkeley School of Law, Paul M. Schwartz, http://www.paulschwartz.net/
18 UC Hastings College of the Law, Privacy and Technology – Developer Resources, http://innovation.uchastings.edu/focus-areas/privacy-and-technology/developer-resource-guide/
19 Viktor Mayer-Schönbergerand Kenneth Cukier, The Big Data Book, http://www.big-data-book.com/
20 White House Office of Science & Technology Policy and MIT, Big Data Privacy Workshop (2014), http://web.mit.edu/bigdata-priv/index.html |
| Description: | 碩士
國立政治大學
法學院碩士在職專班
99961029 |
| Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0099961029 |
| Data Type: | thesis |
| Appears in Collections: | [Master of Laws Program for Executives] Theses
|
Files in This Item:
| File |
Description |
Size | Format | |
|---|
| 102901.pdf | | 1140Kb | Adobe PDF2 | 218 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|
