第六章 結論與建議
第三節 對我國行動軟體隱私保護法制之建議
國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
點在於法律遵循228。
TPIPAS是經濟部針對個資法而設計的管理制度,後續仍將配合 個資法修正及施行細則進行微調,並將討論與其他個資隱私標章交互 驗證的機制,待制度建立完善後,期望可交由民間法人團體自主營 運,政府只扮演監督的角色。TPIPAS未來也將可能成為國家標準229。 資策會於 2012 年 8 月邀集公協會與顧問公司等組織,如銀行公會、
醫師公會、會計師公會、證券商業同業公會、電機電子工業同業公會 等,成立個資管理標準推動聯盟。將草擬一套個資管理標準草案,參 考包括TPIPAS、公務機關個人資料保護執行程序暨考核作業手冊和 國際相關標準等,如草案通過審議,可成為各產業遵循的國家標準之 一230。
導入產業自律的標章驗證制度,將會因各國國情及法律素養的不 同,產生不同的成效。透過信賴標章這類產業自律規範,發展成為具 有效力之民間保護標準,甚至是國家標準,進而與國際標準接軌,至 少可以降低企業為遵守法規所投入之成本。
第三節 對我國行動軟體隱私保護法制之建議
國際上之個資法規範強調三個面向,1、法制與管理面:個資的 系統性保護、個資的自我治理-產業自律;2、技術面-個資安全:
將個資保護納入資訊安全解決方案、隱私保護技術;3、稽核面-個 資保護評鑑:稽核、認證制度。我國個資法規範模式源自德國立法,
可歸類為全方位式立法,著重政府主導功能。美國是以部門式規範隱 私保護的代表。部門式的隱私規範模式,強調產業自律,但在全方位 式立法規範的歐盟和我國並未排斥此做法。民國 81 年司法院大法官 會議釋字第 293 號解釋中首度提及隱私權。民國 94 年大法官釋字第 603 號,認為隱私權為憲法第二十二條保障之基本權利,資訊隱私權 賦予個人自主控制個人資料,資訊自主權交由當事人決定。我國個人 資料保護法告知後同意,指當事人可以自主決定是否交易「資訊隱私
228 面對個資風暴 善設資訊管理機制,DAF 2012 個資防護與網路安全應用研討會,2012 年 8
月 27 日,
http://www.digitimes.com.tw/tw/b2b/Seminar/shwnws_new.asp?CnlID=18&cat=99&product_id=051A 10816&id=0000299295_IFS1RCXBL6BR1O4ZCN1QZ,最後上網日期 2013/6/17。
229 廖珮君,TPIPAS 開放輔導權 未來有機會成為國家標準?! 資安人,2012 年 10 月 8 日,
http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=7087,最後上網日期 2013/6/17。
230 新版個資法預計 10 月正式上路,資訊工業策進會新聞中心,2012 年 8 月 8 日,
http://www.iii.org.tw/service/3_1_1_c.aspx?id=1037,最後上網日期 2013/6/22。
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
權」,並未排斥產業自律。我國個資法之立法背景自始與國際貿易有 關,為了使我國廠商爭取歐盟客戶,我國個資法縱有歐盟之政府管制 色彩,從經濟面上來看,亦有助產業之國際競爭力231。
日本在個資保護上,即是政府管制與產業自律併進的代表性案 例。日本的「個人資料保護法案(Personal Information Protection Act, PIPA)」在 2005 生效,強制使用超過 5,000 筆個人資料之資料庫進 行商業行為的公司或個人,必須遵守與處理個人資料相關的多種限 制;若違反PIPA的任何條款,監督個人資料處理者(Personal
Information Handlers, PIH)業務範圍的政府部門或機構可提出強制罰 責。日本政府透過P-Mark制度,協助企業不斷地發現問題,使企業自 覺地提升自我保護個人資料之能力,而非被動敷衍。日本的他律個人 資料保護法制,搭配自律之驗證制度,形成三層體系:法規層、標準 層、驗證層,將他律之要求經由國家工業標準制定及驗證過程,落實 到企業自律之行動232。日本更與PIPA法制結合,在日本商工會議推動 下,日本保險業者推出「個人資料外洩責任保險」,協助企業因應法 制推動後之風險,倘若投保公司發生個人資料外洩或遭不當利用的情 形,便可獲得保險理賠,保險公司還進一步協助企業進行危機處理,
如召開記者會等,使企業在擔負個人資料管理的責任時,能夠多一層 保障233。
如果 TPIPAS 通過成為我國家標準,我國之個資保護,可建構較 類似於日本之三層體系,朝政府管制和產業自律併進之模式邁進。隱 私保護標準涵蓋制度、技術、產業各層面,雖然沒有全球化的統一標 準,但我國企業在面臨國際貿易競爭壓力下,亦可以依歐盟 BCRs 的 建議作法,訂定跨國企業內部之自律規範,使得於各國設立的公司,
在處理跨國個資傳輸時,能共同遵循個資和隱私保護法制。
我國 2010 年新修正之個人資料保護法與國際接軌,採認「APEC 隱私保護綱領」所揭示的預防損害、告知、蒐集限制等原則納入規範,
適用範圍擴大至各行各業,另對於有關臉書、部落格等張貼有他人合 影的照片行為,如屬社交活動或家庭生活之目的範圍內,依個資法第 五十一條第一項規定可排除適用,回歸民法適用234。個資法第三條賦
231 廖緯民,論搜尋引擎的隱私權威脅,月旦民商法雜誌第 24 期,頁 34~37。
232 財團法人工業技術研究院,經濟部商業交易安全認證前瞻技術研發與應用委外案 網路交易
安全問題及企業應變架構之研究期末報告,2009 年 12 月。
233 個資法通過 誰有可能成為受惠產業?資安人科技網,2010 年 6 月 28 日,
http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=5786,最後上網日期 2013/6/21。
234 立法院三讀通過「個人資料保護法」,法務部新聞稿,法務部法律事務司,2010 年 4 月 27 日。
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
予當事人請求停止蒐集、處理或利用,以及請求刪除之權利,不得預 先拋棄或以特約限制之。雖然行動裝置使用者,有主動要求停止蒐 集、處理或利用之權利,但對於行動廣告線上追蹤、地理定位追蹤,
當事人如果不行使自主權,不自行啟動不被追蹤設定,即無法防堵 之。當歐盟正擬將地理定位資訊列為個資保護範圍,美國消費者團體 力主不被追蹤,「跟蹤Apps」法案正推動中,我國仍需密切關注歐美 個資與隱私保護趨勢,斟酌修訂個資法。我國個資法仍需關切新興科 技發展,如因應社群網路、雲端科技等,所衍生各式各樣的個人資料 保護問題。法務部將擬於個人資料保護法施行 1 年後,檢視其執行狀 況,並參考新興科技、自動化處理、網際網路等技術服務,擬自歐盟 和歐美各國取經,將重新檢討修正235。
此外值得注意的是,我國自 2013 年開放行動支付服務之後,如 同過去允許銀行、保險、證券等公司合併成立金控公司之時,同樣地 消費者將會面臨跨業服務,所衍伸行動支付應用軟體對個人資料的蒐 集、處理及利用問題。因應個資法,行動支付業者只要在使用者申請 使用行動支付服務時,告知消費者其蒐集個人資料之「特定目的」盡 可能「極大化」,包括消費者利用該行動支付所需填寫之個人資料、
悠遊卡等電子錢包或信用卡授權交易所需之資訊、每一次透過NFC傳 輸之交易資訊、結合智慧型手機有關定位之資訊、其他電子商務合作 廠商資訊(例如:手機中儲存之Groupon優惠券),都會在消費者一個
「概括」的同意之下,成為「與當事人有契約或類似契約之關係」範 圍內,而可以合法蒐集、處理及利用。消費者僅得依個人資料保護法 第三條要求「請求停止蒐集、處理或利用」或「請求刪除」。因現行 個人資料保護法並無單一主管機關,而是以各目的事業主管機關為
「主管機關」,但對於大型業者跨服務類別之個人資料蒐集、處理及 利用,宜要求不同服務類別在處理個人資料檔案時,不得進行內部的 流用,以確保消費者之個資自主權236。個資法所指之各目的事業主管 機關,須儘速訂定相關管理辦法,才能使各產業得有所適從。
國際行動應用軟體標準發展雖尚在萌芽階段,相關產業仍須密切 關注。可預見在科技推陳出新的時代中,類似如行動應用軟體所帶來 的隱私威脅,個資和隱私保護法制將不斷地受到衝擊與挑戰,為避免 問題反覆發生,標準制定推動者、立法者和執法者皆需與時俱進。
235 個資法兩階段施行,經建會網站,2012 年 10 月 24 日,
http://www.cepd.gov.tw/m1.aspx?sNo=0017751&ex=2,最後上網日期 2013/6/21。
236 個人資料保護法 Q&A-從 NFC 手機談個人資料的管制(上),2011 年 10 月 1 日,
http://www.is-law.com/post/4/765;個人資料保護法 Q&A-從 NFC 手機談個人資料的管制(中),2011 年 10 月 4 日,http://www.is-law.com/post/4/766;個人資料保護法 Q&A-從 NFC 手機談個人資料 的管制(下),2011 年 10 月 7 日,http://www.is-law.com/post/4/767,最後上網日期 2013/8/19。
‧
1. Abdelmounaam Rezgui, Mourad Ouzzani, Athman Bouguettaya, Brahim Medjahed, Preserving Privacy in Web Services, Proceedings of the 4th
international workshop on Web information and data management, November 2002
2. Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner, Android Permissions:User Attention, Comprehension, and
Behavior, Proceedings of the Eighth Symposium on Usable Privacy and Security, July 2012
3. Ali Grami and Bernadette H. Schell, Future Trends in Mobile Commerce: Service Offerings, Technological Advances and Security Challenges, Proceedings Second Annual Conference on Privacy, Security and Trust, October 13~15, 2004
4. Andre Charland, Brian LeRoux, Mobile Application Development: Web vs. Native, Association for Computing Machinery, Volume 9, Issue 4, April 2011
5. A standard for standards – Principles of standardization,
http://www.bsigroup.com/Documents/standards/bs0-pas0/BSI-BS0-Standard-for-S tandards-UK-EN.pdf, BSI Standards Publication, 2011
6. Biometrics and Standards, ITU-T Technology Watch Report, December 2009 7. Bob Toth, Putting the U.S. standardization system into perspective: new insights,
StandardView Vol. 4, No. 4, December 1996
8. D. Cracker , "Making standards the IETF Way" in ACM StandardView, Vol.1, No.1, September 1993
9. David Wright, Should privacy impact assessments be mandatory?, Communications of the ACM , Volume 54 Issue 8, August 2011 10. Davies, Simon,“Monitor: Extinguishing Privacy on the Information
Superhighway”, Pan Macmillan, Sydney, 1996
11. E-health Standards and Interoperability, ITU-T Technology Watch Report, April 2012
12. Emre Yildirim, Mobile Privacy: Is There An App For That? On smart mobile devices, apps and data protection, 2012
13. Hans Löhr, Ahmad-Reza Sadeghi, Marcel WinandySecuring the E-Health Cloud, IHI '10 Proceedings of the 1st ACM International Health Informatics Symposium, 2010
14. Haris Hamidovic, JOnline: An Introduction to the Privacy Impact Assessment Based on ISO 223, ISACA, Volume 4, 2010,
http://www.isaca.org/Journal/Past-Issues/2010/Volume-4/Pages/JOnline-An-Introd uction-to-the-Privacy-Impact-Assessment-Based-on-ISO22307.aspx
15. Heejin Lee, Sangjo Oh, The political economy of standards setting by
newcomers:China’s WAPI and South Korea’s WIPI, Telecommunication Policy 32, ScienceDirect, 2008
16. HL7 Europe Newsletter , May 2013
17. Ian Reay, Scott Dick, and James Muller, A large-scale empirical study of P3P privacy policies: Stated actions vs. legal obligations, Transactions on the Web (TWEB) , Volume 3 Issue 2, Article 6, April 2009
18. Ivo Salmre, Writing Mobile Code: Essential Software Engineering for Building
Mobile Applications, Addison-Wesley Professional, 2005
‧
19. John Martin Ferris, Privacy Impact Assessment, The ISO PIA Standard for Financial Services, Law, Governance and Technology Series , Volume 6, Springer Netherland, 2012
20. Jonathan A. Morell and Selden Stewart, Standards Development for Information Technology: Best Practices for the United States, StandardView Vol. 4, No. 1, March 1996
21. Kobayashi, M. and Takeda, K, Information retrieval on the web, ACM Computing Surveys (ACM Press) 32 (2), 2000
22. Matthias Finkbeiner, Atsushi Inaba, Reginald Tan, Kim Christiansen,
Hans-Jürgen Klüppel, The New International Standards for Life Cycle Assessment:
ISO 14040 and ISO 14044, The International Journal of Life Cycle Assessment, Volume 11, Issue 2, March 2006
23. Mobile Applications, ITU-T TechWatch Alert, 1, July 2009
24. Robert M. Gellman, Can Privacy Be Requlated Effectively on a National Level?
Thoughts on the Possible Need for International Privacy Rules, Villanova Law Review, Vol. 41, Iss. 1, Art. 2, 1996
25. Robert P. Minch, Privacy Issues in Location-Aware Mobile Devices,
Proceedings of the 37th Hawaii International Conference on System Sciences, 2004
26. Ronald Dworkin, Liberty and Liberalism, In Taking Rights Seriously, Cambridge, NA:Harvard University Press, 1977
27. Serge Egelman, Lorrie Faith Cranor, Abdur Chowdhury, An analysis of P3P-enabled web sites among top-20 search results, August 2006
28. Shane Greenstein, Victor Stango, Standards and Public Policy, Cambridge University Press, 2007
29. Shirley Chan, Heejin Lee, Sangjo Oh, An International Mobile Security Standard Dispute: From the Actor—Network Perspective, Designing Ubiquitous
Information Environments: Socio-Technical Issues and Challenges, IFIP — The International Federation for Information Processing Volume 185, 2005
30. Stephen T. Kent, Internet Privacy Enhanced Mail, Communications of the ACM , Volume 36 Issue 8, August 1993
31. The Inadequacy of Self Regulation within the Internet Behavioral Advertising Industry, Brooklyn Journal of Corporate, Financial & Commercial Law, 7 Brook. J.
Corp. Fin. & Com. L. 277, Fall 2012
32. Warren and Brandeis,“The Right to Privacy”, Harvard Law Review, Vol. IV, December 15, 1890
33. Warwick Ford, Advances in Public-key Certificate Standards, SIGSAC Review , Volume 13 Issue 3, July 1995
中文文獻
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
6. 李震山,電腦處理個人資料保護法之回顧與前瞻,中正法學集刊第 14 期,2003 年 12 月。
7. 周慧蓮,隱私標準保護爭議之國際化,月旦法學雜誌第 104 期,2004 年 1 月。
8. 邱文聰,從資訊自決與資訊隱私的概念區分 - 評「電腦處理個人資料保護 法修正草案」的結構性問題,月旦法學雜誌 No.168,2009 年 5 月。
9. 翁清坤,論個人資料保護標準之全球化,東吳法律學報第 22 卷第 1 期,2010 年。
10. 財團法人工業技術研究院,經濟部商業交易安全認證前瞻技術研發與應用委 外案 網路交易安全問題及企業應變架構之研究期末報告,2009 年 12 月。
11. 財團法人中華民國國家資訊基本建設產業發展協進會,深入國際標準化組 織,產業技術標準活絡及推廣委辦計畫,經濟部標準檢驗局,2009 年 6 月。
12. 財團法人資訊工業策進會,符合 W3C 標準之網頁製作基本指引結構篇 - XHTML1.0,2006 年 10 月。
13. 許孝萱,行動 RFID 私密性研究,2008 年 6 月。
14. 陳起行,資訊隱私法理探討 - 以美國法為中心,政大法學評論,第 64 期,
2000 年 12 月。
15. 湯亦敏,標準制定組織之智慧財產保護政策及競爭法問題探討,2006 年 6 月。
16. 葉英秋,論個人隱私與公共利益-以警察資料之取得與運用為中心,2008 年。
17. 詹文男暨 MIC 研究團隊,2012 資通訊產業發展十大趨勢,財團法人資訊工 業策進會產業情報研究所(MIC),2012 年。
18. 廖緯民,論搜尋引擎的隱私權威脅,月旦民商法雜誌第 24 期。
19. 劉靜怡,資訊隱私權保護的國際化爭議 – 從個資保護體制的規範到國際貿 易規範的適用,月旦法學雜誌,第 86 期,2002 年。
20. 劉靜怡,網際網路時代的資訊使用與隱私權保護規範:個人、政府與市場的 拔河,資訊管理研究第四卷第三期,2002 年 11 月。
21. 樊國禎、黃健誠,「後檯實名,前檯匿名」與隱私架構初探:根基於 ISO/IEC 29100:2011-12-15 標準系列,網路通訊國家型科技計畫簡訊,第 50 期,2013 年 4 月。
22. 蕭文生譯,關於「1983 年人口普查法」之判決 - 聯邦憲法法院判決第 65 輯第 1 頁以下,西德聯邦憲法法院裁判選輯(一),司法院,1990 年 10 月。
中文網站部份
1. "金錢損失"和"隱私洩露" 網路安全亂象如何治?,解放日報,2013 年 2 月 13 日,
http://www.ce.cn/cysc/tech/07hlw/guonei/201302/13/t20130213_21336538.shtml。
2. 10 萬隱私地雷!近三成 Android 應用程式越矩取個資,2012 年 11 月 5 日 , http://news.cnyes.com/Content/20121105/KFNV4RYTE6QW7.shtml。
3. 2012 中華民國電子商務年鑑:環境篇,
http://eccommerceenvironment.blogspot.tw/2012/11/blog-post_9665.html。
4. BS 10012 個資保護標準的 10 大實務作法,
http://www.ithome.com.tw/itadm/article.php?c=62797&s=4。
‧ 年 9 月 3 日, http://www.netadmin.com.tw/article_content.aspx?sn=1208280009 16. 面對個資風暴 善設資訊管理機制,DAF 2012 個資防護與網路安全應用研
討會,2012 年 8 月 27 日,
http://www.digitimes.com.tw/tw/b2b/Seminar/shwnws_new.asp?CnlID=18&cat=9 9&product_id=051A10816&id=0000299295_IFS1RCXBL6BR1O4ZCN1QZ。
17. 個人資料保護法 Q&A-從 NFC 手機談個人資料的管制(上),2011 年 10 月 1 日,http://www.is-law.com/post/4/765;個人資料保護法 Q&A-從 NFC 手機談 個人資料的管制(中),2011 年 10 月 4 日,http://www.is-law.com/post/4/766;
個人資料保護法 Q&A-從 NFC 手機談個人資料的管制(下),2011 年 10 月 7 日,
‧
http://www.ietf82.tw/2011_IETF82_Taipei-final-chn.pdf,2011 年。
21. 財團法人臺灣網路資訊中心新聞稿,2012 年 7 月 9 日, 結,2012 年 12 月 19 日,http://www.ithome.com.tw/privacylaw/article/77886。
29. 廖珮君,TPIPAS 開放輔導權 未來有機會成為國家標準?! 資安人,2012 年
1. A High Level Reference Architecture for Mobile Health, GSMA, March 29, 2012, http://www.gsma.com/connectedliving/wp-content/uploads/2012/03/mobilearchite ctureinteractive241111.pdf
2. Alex Simonelis, A Concise Guide to the Major Internet Bodies, Magazine Ubiquity, Feburary 2005,
http://ubiquity.acm.org.autorpa.lib.nccu.edu.tw/article.cfm?id=1071915http://ubiqu ity.acm.org.autorpa.lib.nccu.edu.tw/article.cfm?id=1071915
3. Anderson, Chris, The Long Tail, Wired Magazine, 12.10, October 2004,
http://www.thelongtail.com/about.html
‧
4. Andreas U. Schmidt, Nicolai Kuntze, Michael Kasper, On the deployment of Mobile Trusted Modules,
http://sit.sit.fraunhofer.de/smv/publications/download/MTM_deployment_paper.
5. Apple Accused in Suit of Tracking IPad, IPhone User Location , April 26, 2011, http://www.bloomberg.com/news/2011-04-25/apple-accused-in-suit-of-tracking-i pad-iphone-user-location-1-.html
6. Apple Beefs Up Privacy Protections In iOS 7, June13, 2013,
http://www.mediapost.com/publications/article/202222/apple-beefs-up-privacy-p rotections-in-ios-7.html#ixzz2W4zRaWQr
7. Apple Sneaks A Big Change Into iOS 5: Phasing Out Developer Access To The UDID, August 19, 2011,
http://techcrunch.com/2011/08/19/apple-ios-5-phasing-out-udid/
8. Armin Hornung, Gleb Krivosheev, Noor Singh, Jeff Bilger, Standards War, CSEP 590A: History of Computing, Autumn 2006,
http://www.cs.washington.edu/education/courses/csep590/06au/projects/standard s-wars.pdf
9. Bill would put mobile app vendors on the hook for privacy in US, May 10, 2013, http://www.computerworlduk.com/news/networking/3446597/bill-would-put-mo bile-app-vendors-on-the-hook-for-privacy/
10. Boris Segalis, Mobile Location Privacy Opinion Adopted by Europe’s WP29, May 19, 2011,
http://www.infolawgroup.com/2011/05/articles/data-privacy-law-or-regulation/m obile-location-privacy-opinion-adopted-by-europes-wp29/
11. CEN BOSS(Business Operations Support System),
http://www.cen.eu/boss/supporting/Guidance%20documents/GD026%20-%20St andards%20and%20Regulations/Pages/default.aspxhttp://www.ithome.com.tw/it adm/article.php?c=78611
12. Chantal Tode, FTC wants mobile firms to do more to protect consumer privacy, February 5, 2013,
http://www.mobilemarketer.com/cms/news/legal-privacy/14723.html
13. Chris Brook, FTC Endorses New Privacy Guidelines, Do Not Track for Mobile Apps, Devices, February 4, 2013 ,
http://threatpost.com/ftc-endorses-new-privacy-guidelines-do-not-track-mobile-a pps-devices-020413/
14.
http://clicktoverify.truste.com/pvr.php?page=validate&url=www.trav elzoo.com&sealid=102&lang=zh-tw15. Cloud Security Alliance Announces Key Initiative in Development of Cloud Security Standards in Partnership with ISO/IEC, 2011 CSA Press Release, April 20, 2011,
https://cloudsecurityalliance.org/csa-news/key-initiative-in-development-of-clou d-security-standards-in-partnership-with-isoiec/
16. Colin Bennett, An International Standard for Privacy Protection: Objections to the Objections, Jurisdiction II: Global Networks/Local Rules, Internet Law and Policy Forum, September 11~12, 2000,
http://www.ilpf.org/events/jurisdiction2/presentations/bennett_pr/#f2 17. Colleen Frye, A look at the W3C’s mobile Web application best practices,
January 2011,
http://searchsoa.techtarget.com/tip/A-look-at-the-W3Cs-mobile-Web-application
-best-practices
‧
18. Daneil Castro, Benefits and Limitations of Industry Self-Regulation for Online Behavioral Advertising, The Information Technology & Innovation Fundation, December 2011,
http://www.ntia.doc.gov/files/ntia/2011-self-regulation-online-behavioral-adverti sing.pdf
19. Durlak, Jerry, “Privacy and Security”, Communication for Tomorrow, http://renda.colunato. yorku.ca/com4tomo/1296.html
20. European data protection authorities publish their joint opinion on mobile apps, Press Release, ARTICLE 29 DATA PROTECTION WORKING PARTY, 14 March, 2013,
http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/
art29_press_material/20130314_pr_apps_mobile_en.pdf
21. First California lawsuit over mobile privacy issues crashes, May14, 2013,
http://www.computerworlduk.com/news/public-sector/3447146/first-california-la wsuit-over-mobile-privacy-issues-crashes/?intcmp=rel_articles;ntwrkng;link_1 22. First FTC Privacy Action Against Mobile App Publisher Alleging COPPA
Violation Results in $50,000 Settlement, August 2011,
http://digilaw.edwardswildman.com/blog.aspx?entry=3813 15
23. FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers, December 1, 2010,
http://www.ftc.gov/opa/2010/12/privacyreport.shtm
24. FTC Staff Report Recommends Ways to Improve Mobile Privacy Disclosures, Released by FTC, Feburary 1, 2013,
http://www.ftc.gov/opa/2013/02/mobileprivacy.shtm 25. Galen Gruman,
http://www.infoworld.com/d/mobile-technology/3-easy-steps-more-secure-iphon e-or-ipad-204930, October 16, 2012
26. Gartner Highlights Top Consumer Mobile Applications and Services for Digital Marketing Leaders, October 11, 2012,
http://www.gartner.com/newsroom/id/2194115 27. Geolocation API Specification,
http://dev.w3.org/geo/api/spec-source.html#security 28. Geolocation Privacy Legislation, April 10, 2013,
http://www.gps.gov/policy/legislation/gps-act/
29. GlobalPlatform and TCG to work on mobile security standards, July 3, 2012 http://www.nfcworld.com/2012/07/03/316640/globalplatform-and-tcg-to-work-o n-mobile-security-standards/
30. Google Calls for International Standards on Internet Privacy, September 15, 2007,
http://www.washingtonpost.com/wp-dyn/content/article/2007/09/13/AR2007091 302248.html
31. Hannes Tschofenig, Henning Schulzrinne, Andrew Newton, Jon Peterson, Allison Mankin, Siemens Networks GmbH Co KG, The IETF Geopriv and Presence Architecture Focusing on Location Privacy, October 18, 2006, http://www.w3.org/2006/07/privacy-ws/papers/26-tschofening-geopriv/
Hans J. Kleinsteuber, Self-regulation, Co-regulation, State Regulation, http://www.osce.org/fom/13844
34. How Mobile Apps are Invading Your Privacy Infographic, May 31, 2012,
http://www.veracode.com/blog/2012/05/how-mobile-apps-are-invading-your-priva
cy-infographic/
‧
35. How secure is your personal health information? ISO provides guidelines for health care organizations, ISO news, September 29, 2004,
http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref934 36. http://ec.europa.eu/justice/data-protection/document/international-transfers/bindi
ng-corporate-rules/index_en.htm 37. http://en.wikipedia.org/wiki/Privatus
38. http://isotc.iso.org/livelink/livelink?func=ll&objId=8862396&objAction=browse
&sort=name
39. http://standards.ieee.org/develop/
40. http://uddi.xml.org
41. http://welcome.hp.com/country/tw/zh/privacy/p3p_popup.html 42. http://www.bsigroup.tw/;http://www.bsigroup.com
43. http://www.cgmopen.org 44. http://www.dcml.org
45. http://www.ehealth.scot.nhs.uk/
46. http://www.gs1tw.org/twct/web/gs1_wordshowdetail.jsp?MID=DT200606068 47. http://www.gsma.com
48. http://www.hl7.org.tw/about.htm
49. http://www.hl7.org/implement/standards/index.cfm?ref=nav 50. http://www.hl7.org/implement/standards/nocost.cfm
51. http://www.ietf.org 52. http://www.iso.org
53. http://www.iso.org/iso/home/standards_development/list_of_iso_technical_com mittees/jtc1_home/jtc1_sc37_home.htm
54. http://www.itu.int
55. http://www.itu.int/en/ITU-T/about/groups/Pages/sg17.aspx 56. http://www.legalxml.org
57. http://www.mefmobile.org/about-mef
58. http://www.mefmobile.org/activities-and-analytics/analytics/global-privacy-surv ey-2013
59. http://www.mefmobile.org/Regions/north-america/MEF_NA_mcommerce_Steer ing_Committee/ASC_X9
60. http://www.mefmobile.org/Regions/north-america/MEF_NA_mcommerce_Steer ing_Committee/webinar-driving-mobile-security-standards-in-m-commerce 61. http://www.oasis-pki.org/
62. http://www.rsa.com/rsalabs/node.asp?id=2306 63. http://www.tpipas.org.tw
64. http://www.truste.com/consumer-privacy/about-oba/
65. http://www.trustedcomputinggroup.org/about_tcg 66. http://www.w3.org/
67. http://www.w3.org/2005/10/Process-20051014/tr 68. http://www.w3.org/TR/mwabp/
69. http://www.w3.org/TR/ws-arch/#whatis
70. https://cloudsecurityalliance.org/research/mobile/
71. https://www.oasis-open.org
72. https://www.pcisecuritystandards.org 73. https://www.x9.org/about/
74. Industry Renews Plea To Keep "Do Not Track" Off By Default, April 29, 2013,
http://www.adexchanger.com/online-advertising/industry-renews-plea-to-set-do-no
t-track-off-by-default/
‧
75. Inside iOS 5: privacy change kills app developers' access to UDID, 19 August, 2011,
77. ISO/IEC 15944-8:2012(E) Information technology — Business Operational View — Part 8: Identification of privacy protection requirements as external constraints on business transactions, first edition 2012/04/01
78. ISO/IEC 24745:2011,
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5 2946
79. ISO/IEC 24760, first Edition 2011/12/15,
http://webstore.iec.ch/preview/info_isoiec24760-1%7Bed1.0%7Den.pdf 80. ISO/IEC 24760-1:2011,
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5 7914
81. ISO/IEC 27018, http://www.iso27001security.com/html/27018.html 82. ISO/IEC 29100:2011,
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4 5123
83. ISO/IEC 29176 Information technology — Mobile item identification and management — Consumer privacy-protection protocol for Mobile RFID services, first edition 2011/10/15
84. ISO/IEC 29176:2011,
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4 5255
85. ISO/IEC 29187-1 ed1.0, Information technology -- Identification of privacy protection requirements pertaining to learning, education and training (LET) -- Part 1: Framework and reference model
86. ISO/IEC 29187-1:2013,
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4 5266
87. ISO/IEC Directives Supplement — Procedures specific to JTC 1, First edition, 2010
88. ISO/IEC Directives, Part 1, Ninth edition, 2012,
http://www.iec.ch/members_experts/refdocs/iec/isoiecdir-1%7Bed9.0%7Den.pdf 89. ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between
systems
90. ISO/TC 68 Financial services,
http://www.iso.org/iso/iso_technical_committee.html?commid=49650 91. ISO/TR 12859:2009,
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5 2052
92. ISO/TS 13582:2013,
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=5
4037
‧
93. ISO/TS 21547:2010,
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4 4479
94. ISO/TS 25237:2008,
http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=4 2807
95. Jason Cipriani, How to control Your Privacy Settings on iOS 6,
http://howto.cnet.com/8301-11310_39-57507698-285/how-to-control-your-privacy -settings-on-ios-6/, September 19, 2012
96. Jim Brock, Do Not Track arrives for mobile apps, courtesy of Apple and Google (really) , September 27, 2012 ,
http://blog.privacychoice.org/2012/09/27/do-not-track-arrives-for-mobile-apps-cou rtesy-of-apple-and-google-really/
97. John J. Altorelli and Amy L. Rosenberg , California Enacts Nation’s First State Online Privacy Protection Act, December 2003,
http://www.paulhastings.com/Resources/Upload/Publications/256.pdf
98. Kai Rannenberg , A framework for identity management (ISO/IEC 24760) , Mobile Business & Multilateral Security, June 2006,
http://fg-secmgt.gi.de/fileadmin/gliederungen/fb-sec/Workshops_neu/WS_2012-06 _IdentityMgmt/6_Rannenberg_framework_for_identity_management.pdf
Katy Bachman, What Exactly Does 'Do Not Track' Mean? Digital Advertising Alliance is fighting misinformation, May 6, 2013,
http://www.adweek.com/news/technology/what-exactly-does-do-not-track-mean-1 49149
99. Location-based mobile services are profiting but need to do more to ease privacy fears, March 22, 2013,
http://www.computerworlduk.com/news/mobile-wireless/3346389/location-based-mobile-services-are-profiting-but-need-ease-privacy-fears/
Mathew J. Schwartz, W3C Proposes Do Not Track Privacy Standard, November 14, 2011,
http://www.informationweek.com/security/privacy/w3c-proposes-do-not-track-priv acy-standa/231902974
100. MEF joins ASC X9 to develop essential standards for advancing Mobile Commerce (M-Commerce) in the US, May 10, 2011,
http://www.mefmobile.org/News/mef-news/21/mef-joins-asc-x9-to-develop-essent ial-standards-for-advancing-mobile-commerce-m-commerce-in-the-us
101. MEF launches App Privacy Initiative to build Consumer Trust around User Data Collection , April 25, 2012,
http://www.mefmobile.org/News/mef-news/197/mef-launches-app-privacy-initiati ve-to-build-consumer-trust-around-user-data-collection
102. MEF tackles Mobile Threats and Security implications as next phase of its m-Commerce Initiative, May 14, 2012,
http://internetretailing.net/2012/05/mef-tackles-mobile-threats-and-security-implic ations-as-next-phase-of-its-m-commerce-initiative/
103. Mike Clendenin, ISO rejects China's WLAN standard, December 3, 2006, http://www.eetimes.com/electronics-news/4059133/ISO-rejects-China-s-WLAN-st andard
104. Minutes of JTC1 Ad Hoc Meeting, January 19, 2012,
https://mentor.ieee.org/802.11/dcn/12/11-12-0199-00-0jtc-jacksonville-minutes-jan
-2012.doc
‧
105. Mobile and Privacy, GSM Association 2012, February 2012,
http://www.gsma.com/publicpolicy/wp-content/uploads/2012/03/gsmaprivacydesig nguidelinesformobileapplicationdevelopmentv1.pdf
Mobile App Developers: Start with Security, February 2013,
http://business.ftc.gov/documents/bus83-mobile-app-developers-start-security 106. Mobile Apps Developer Settles FTC Charges It Violated Children's Privacy Rule,
August 15, 2011, http://www.ftc.gov/opa/2011/08/w3mobileapps.shtm
107. Mobile Privacy Disclosures:Building Trust Through Transparency , FTC Staff Report, February 2013,
http://www.ftc.gov/os/2013/02/130201mobileprivacyreport.pd
108. Mobile Web Standards (OMA, BONDI, GSMA OneAPI, HTML5), https://developer.att.com/developer/tierNpage.jsp?passedItemId=2400412
109. Opinion 02/2013 on apps on smart devices, ARTICLE 29 DATA PROTECTION WORKING PARTY, Adopted on February27, 2013,
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recom mendation/files/2013/wp202_en.pdf
110. P3P and Privacy:An Update for the Privacy Community, March 2009, http://www.ipc.on.ca/images/Resources/p3p.pdf
111. Paper, Plastic... or Mobile? An FTC Workshop on Mobile, March 2013, Paymentshttp://www.ftc.gov/os/2013/03/130306mobilereport.pdf
112. Pareto principle,
http://www.businessdictionary.com/definition/Pareto-principle.html
113. PCI Mobile Payment Acceptance Security Guidelines for Developers, September 2012,
https://www.pcisecuritystandards.org/documents/Mobile_Payment_Security_Guid elines_Developers_v1.pdf
114. PCI Security Standards Council Releases Gudiance for Merchants on Mobile Payment Acceptance Security, February 14, 2013,
https://www.pcisecuritystandards.org/pdfs/13_02_13_Mobile_Press_Release.pdf 115. Peter Fleischer , The need for global privacy standards, September 14, 2007,
http://portal.unesco.org/ci/fr/files/25452/11909026951Fleischer-Peter.pdf/Fleischer -Peter.pdf
116. Privacy Requirements for Mobile Services, Approved Version 1.0.1 – 07 Aug 2007,
http://technical.openmobilealliance.org/technical/release_program/docs/Privacy/V1 _0-20070807-A/OMA-RD-Privacy-V_1_0_1-20070807-A.pdf
117. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), Brussels, 25.1.2012, COM(2012) 11 final,
http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en .pdf
118. Rockefeller Reintroduces, Do Not Track Act Privacy heats up again in Congress , Febuary 28, 2013,
http://www.adweek.com/news/technology/rockefeller-reintroduces-do-not-track-ac t-147610
119. Ron Kim, Trusted Platform Module and Privacy:Promises and Limitations,
http://www.cs.auckland.ac.nz/compsci725s2c/archive/termpapers/skim.pdf
‧
120. Rajnish Tiwari1, Stephan Buse and Cornelius Herstatt, From Electronic to
Mobile Commerce: Technology Convegence Enables Innovative Business Services, http://www.mobile-prospects.com/publications/files/E2M-Commerce.pdf
121. Richard Santalesa , W3C Publishes Draft “Do-Not-Track” Standard, November 18, 2011,
http://www.infolawgroup.com/2011/11/articles/privacy-law/w3c-publishes-draft-d onottrack-standards/
122. S. Thrum and Y. Kane, Your Apps are Watching You, Wall Street Journal, http://online.wsj.com/, 2010
123. Scott Bradner, IETF Structure and Internet Standards Process, 62nd IETF, March 2005, http://www.ietf.org/newcomers.html
124. Standards for Web Applications on Mobile: current state and roadmap, May 2012, http://www.w3.org/2012/05/mobile-web-app-state/
125. The History of the Do Not Track Header, January 21, 2011,
http://paranoia.dubfire.net/2011/01/history-of-do-not-track-header.html
126. TECH SENSE: What “Do Not Track” Means for Advertisers, February 21, 2013, http://blog.pointroll.com/aducation/tech-sense-what-do-not-track-means-for-advert isers/
127. ITU-T Report, “Measuring and Reducing the Standards Gap” , December 4, 2009, http://itu.int/en/ITU-T/gap
128. The Application Privacy, Protection, and Security (APPS) Act of 2013 (Discussion Draft),
http://hankjohnson.house.gov/sites/hankjohnson.house.gov/files/documents/APPS_
Act_Key_Provisions.pdf
129. The APPS Act – a proposal to protect users’ mobile privacy, May 17, 2013, http://www.infosecurity-magazine.com/view/32482/the-apps-act-a-proposal-to-pro tect-users-mobile-privacy/
130. The New Firefox Cookie Policy, Feburary 22, 2013,
http://webpolicy.org/2013/02/22/the-new-firefox-cookie-policy/
131. The Rise of China in Technology Standards: New Norms in Old Institutions, January 16, 2013,
http://origin.www.uscc.gov/sites/default/files/Research/RiseofChinainTechnologyS tandards.pdf
132. Tracking Preference Expression (DNT), W3C Working Draft, April 30, 2013, http://www.w3.org/TR/2013/WD-tracking-dnt-20130430/
133. United States of America (For the Federal Trade Commission), Plaintiff, v. Path, Inc., Defendant (United States District Court for the Northern District of California, San Francisco Division), Case No. C 13 0448, FTC File No. 122 3158,
http://www.ftc.gov/opa/2013/02/path.shtm
134. United States of America, Plaintiff v. W3 Innovations, LLC, also d/b/a Broken Thumbs Apps, and Justin Maples, individually and as an officer of W3 Innovations, LLC, Defendants (United States District Court for the Northern District of
California) Case No. CV-11-03958-PSG, FTC File No. 102 3251, http://ftc.gov/os/caselist/1023251/
135. US regulators probe mobile app developing firms over violation of children's privacy,
http://appdev.cbronline.com/news/us-regulators-probe-mobile-app-developing-firm s-over-violation-of-childrens-privacy-111212, December 11, 2012
136. W3C Workshop: Do Not Track and Beyond, November 26~27, 2012,
http://www.w3.org/2012/dnt-ws/report
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
137. Why Europe’s Do Not Track stance could spark a trade war, March 22, 2013, http://lastwatchdog.com/europes-track-stance-spark-trade-war/
138. http://www.sans.org/reading-room/whitepapers/privacy/comparison-online-priva cy-seal-programs-685
139. Xinwen Zha ng, Onur Acıiçmez, and Jean-Pierre Seifert, A Trusted Mobile Phone Reference Architecture via Secure Kernel, 2007,
http://profsandhu.com/zhang/pub/zhang-stc07.pd
在文檔中
行動應用軟體隱私保護標準研究 - 政大學術集成
(頁 105-120)