雲端跨境資料傳輸管制政策之探討;Regulating Cross-Border Data Flow in the Era of Cloud Computing

NCUIR > School of Management at National Central University > Graduate Institute of Industrial Economics > Electronic Thesis & Dissertation > Item 987654321/82841

Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/82841

Title:	雲端跨境資料傳輸管制政策之探討;Regulating Cross-Border Data Flow in the Era of Cloud Computing
Authors:	林幸萱;Lin, Hsing-Hsuan
Contributors:	產業經濟研究所
Keywords:	隱私權;個人資料保護;跨境傳輸;雲端服務;資料安全
Date:	2020-01-20
Issue Date:	2020-06-05 17:23:34 (UTC+8)
Publisher:	國立中央大學
Abstract:	雲端運算(cloud computing)為一種大量且可擴充之電腦運算技術，透過網際網路，提供使用者各類型軟硬體資源，其高效能、高彈性，以及快速便捷之特性，受到大量用戶喜好。雲端服務已大幅改變人們儲存與處理資料之方式，從既有的本地儲存，移轉至雲上世界。而為了支持系統運營與承載巨量資料運算，雲端服務業者於不同國家設置數個資料中心以進行資料之處理與儲存。此等「異地儲存」之型態，使雲端之個人資料經常脫離其母國法律之地域管轄。資料經傳輸至他國後，其所受之隱私保護若不及於原先母國之標準，可能形成對於個人資料隱私保護之危險。為保障個人資料於雲端各地資料中心流動之隱私與安全，歐盟等諸多國家原則禁止跨境資料傳輸，惟我國個資法則採相當寬鬆之原則允許制。欲探究如何保護雲端個人資料跨境傳輸之安全，本文以使用者所在地為母國，依資料中心所在地將雲端服務區分為四種情境。分別將四種情境置於歐盟GDPR與我國個資法檢視何時構成跨境傳輸，並分析歐盟與我國跨境傳輸管制政策之優劣。限制資料跨境傳輸有其利弊，不同利益取捨，難謂有完美之道，惟就我國而言，限制傳輸係屬必要。近年來若干雲端服務業者將資料中心設置於隱私保護標準顯著低於我國之國家，蓋因我國未限制跨境傳輸，倘該等業者未為妥善保護措施或未經資料主體同意，逕將資料跨境傳輸至缺乏隱私保護之國家，我國資料主體之隱私遭受侵害時，將難以主張其權利。因此，本文建議個資法當務之急應先釐清跨境傳輸之定義，並適當限制資料跨境傳輸。參考歐盟之政策，建立屬於我國之資料保護分級名單，依資料傳輸至不同層級之國家予以不同程度之限制。而為了在保護個人隱私之餘，同時顧及資料流通之需求與利益，本文羅列數項例外允許傳輸之條件，提供未來立法者參考。 ;Cloud computing is a type of technique that can storage and process massive demands of data through the Internet. With its high flexibility and expansibility, cloud computing has soon become popular taste. It has changed the way people store and process data, from local storage into the world of cloud. In order to sustain monumental computing, cloud provider usually deploy several data centers in different countries around the world. This came into the result of transmitting data almost every moment in cloud computing. When personal data being stored or processed in the cloud, it might imperil the privacy of personal data. EU and some other countries restrict transferring data outside one′s jurisdiction, so as to protect information privacy of data subjects. By contrast, Personal Data Protection Act in our nation adopts a fairly loose principle of allowance. In purpose of finding how to maintain personal data protection in the cloud, this paper sets out four scenarios of cloud computing. The four scenarios are respectively placed under GDPR and Personal Data Protection Act to examine what scenario constitutes data transfer. Restricting data transfer has its own pros and cons, it′s hard to say there exit a perfect law policy that can fit in every country. By analyzing two different cogitations of policy (whether to restrict or not), this paper aims to find the best policy for our nation. This thesis argues our nation has the urgency to restrict personal data transfer. Recently, some cloud providers start to deploy their data centers in countries where it certainly lacks of data protection and privacy care. If we don′t restrict transferring data outside foreign countries, once the data subject gets hurt by unsafe transfer, he or she can hardly claim one’s rights. Therefore, in order to protect data subject, this paper suggests to restrict data transfer, and sets several ways for permitting transfer. With EU policy as reference, we can establish a data protection classification list of our nation, and restrict or ban data transmission to countries with low data protection levels. While protecting the individuals’ privacy, the needs of keeping data flow should be taken into account too, this paper proposes several methods that exceptionally allow transfer.
Appears in Collections:	[Graduate Institute of Industrial Economics] Electronic Thesis & Dissertation

Files in This Item:

File	Description	Size	Format
index.html		0Kb	HTML	145	View/Open

社群 sharing

Loading...