第五章 結論與建議
第三節 研究限制與後續可能精進方向
國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
度,筆者的做法與倡議還可能會招致資訊原始人的罵名與譏諷,但在方便與資訊 自主權無法兼得的現實下,短期似乎也沒有更好的方法。
第三節 研究限制與後續可能精進方向
雖然筆者以盡其所能之注意,務求本研究各項細節的嚴謹執行,仍難免有其 限制與不足之處,也將於下文詳述,並建議後續可能精進的方向。然而除非必 要,下文將不再贅述受訪者人數,或原訂訪談題項沒問到等芝麻小事,而偏向從 較宏觀或方法學的角度為之。
一、 缺乏量化方法以推論利害關係人的行動態樣
本文採取質性訪談法訪談多個利害關係人,試圖以初探角度,了解其認為的 監理策略的執行狀態,也藉此試圖拼湊事實的樣貌。然而除了受訪人數少與同質 性高的先天限制外,缺乏量化的測量方法與標準化的基尺,也難以再依據受訪者 的性質與背景,從中建立假設推導其可能的態度與行動態樣,更別說建立理論。
建議後續研究可從本研究或相關成果中,擷取重要概念進行量化工具的繪製。
二、 缺乏具體的個案研究
筆者認為本文最嚴重的限制,便是缺乏具體與多重個案的比較。雖然以劍橋 分析事件作為本文楔子與假想對象,但是未能緊扣具代表性的個案,例如曾在法 院爭訟的案例,導致難以聚焦與衍生研究資源浪費,最後也只對於我國資料保護 政策的施行概況,提出相對空泛的結論。我國缺乏劍橋分析事件的直接受害者,
是難以進行個案研究的主要因素,雖然筆者嘗試以訪談普通商業網站資料外洩事 件受害者補足,但該事件性質與劍橋分析事件仍有相當差距。但是樂觀而言,政 府處理普通商業網站資料外洩的經驗,或許相當程度能類推至社群網站。
三、 增加多重與異質個案的比較
本研究所援引之劍橋分析事件,固然有社會影響的代表性,然而也非歷史上 唯一的重大資安事件。且縱使社群網站在常人看來是新科技,筆者相信普通商業 網站的治理經驗有機會類推適用,是此本文也大量引用普通的資料保護相關法令 的文獻。更為理想的探討方式,應該是將普通商業網站與社群網站具代表性的案 件並列,並比較多重案例之間,業者自律、法遵與政府監理方式與結果的異同,
如此也才有機會建立較為穩定的因果推論與理論架構。後續研究也宜延伸至異質
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
性更高的個案比較,例如資訊服務業與傳統產業、金融業等,檢測其在監理策略 執行的關鍵步驟與結果,是否存在相似的問題、處置程序與因果關係。反過來 說,社群網站的主管機關,也或可汲取若干特種行業,例如金融、食品與藥品等 的監理經驗,作為進一步擬定與改進的參考。
‧
人生,洪慧芳譯,台北:時報。譯自Digital Minimalism: Choosing a Focused Life in a Noisy World. Newport, C. 2019.史蒂格勒(1991)。人民與國家:管制經濟學論文集,吳惠林、鍾琴、黃美齡
(譯),台北:遠流。譯自The Citizen and the State: Essays on Regulation.
Stigler, G. J. 1975.
布特妮.凱瑟(2020)。操弄:劍橋分析事件大揭祕,楊理然、廬靜(譯),新 北:野人。譯自Targeted: The Cambridge Analytica Whistleblower’s Inside Story of How Big Data, Trump, and Facebook Broke Democracy and How It Can Happen Again. Kaiser, B. 2019.
江淑琳(2014)。流動的空間,液態的隱私:再思考社交媒體的隱私意涵。傳播
上網日期:2020 年 11 月 13 日,取自:https://nicst.ey.gov.tw/Page/
7CBD7E79D558D47C/282835f2-5d6c-466c-bd7e-de029ac7aa04
伯納賽克、蒙根(2015)。失控的大數據,吳慕書(譯),台北:商周出版。譯 自All You Can Pay: How Companies Use Our Data to Empty Our Wallets.
Bernasek, A. & D. T. Mongan. 2015.
杜希格(2012)。為什麼我們這樣生活,那樣工作?全球瘋行的習慣改造指南,
(鍾玉玨、許恬寧譯),台北:大塊出版。譯自The Power of Habit: Why We Do What We Do in Life and Business. Duhigg, C. 2012.
肖莎娜.祖博夫(2020)。監控資本主義時代,溫澤元、林怡婷、陳思穎(譯),
台北:時報出版。譯自The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. Zuboff, S. 2019.
邱映曦、劉敏慧、何寶中(2013)。我國個人資料保護法與個人資料管理制度。
‧
李世德(2018)。GDPR 與我國個人資料保護法之比較分析。台灣經濟論衡,
16(3),69-93。
周宥廷(2020)。簡述兩則近期美國聯邦貿易委員會與 Facebook、Google 及 Youtube 和解案。聖島智慧財產權實務報導,22(2),1-18。
周峻佑(2018 年 7 月 6 日)。劍橋分析事件爆發後,臉書仍舊提供 61 間公司使用 者個資的存取權。上網日期:2019 年 10 月 24 日,取自:https://
www.ithome.com.tw/news/124339
法務部(2015 年 4 月 21 日)。個人資料保護法非公務機關之中央目的事業主管 機關列表。上網日期:2020 年 10 月 14 日,取自:https://www.moj.gov.tw/
cp-793-47377-1acb3-001.html 要害。上網日期:2020 年 6 月 23 日,取自:https://ckhung0.blogspot.com/2 018/07/line.html
胡雅筑(2021 年 2 月 26 日)。Facebook 將停用歐洲使用者 Ig 及 Messenger 部分 功能。上網日期:2021 年 3 月 22 日,取自:https://hsu.legal/en/article/31 孫鈺婷(2016)。歐美跨境資料傳輸新框架-從歐美安全港協議無效談起。科技
法律透析,28(7),22-30。
‧
文化。譯自The Black Swan: The Impact of the Highly Improbable. Taleb, N.N. 2010. YouTube 和 IG。上網日期:2020 年 5 月 5 日,取自:https://www.iii.org.tw/
Press/NewsDtl.aspx?nsp_sqno=1934&fm_sqno=14
財團法人資訊策進會科技法律研究所(2019)。個資保護 2.0(二版)。台北:
書泉。
‧
網日期:2020 年 4 月 23 日,取自:https://www.ithome.com.tw/news/135154 高敬原(2018 年 4 月 12 日)。遇上一群「科技文盲」,兩天十小時國會聽證,看佐克伯如何全身而退。上網日期:2019 年 9 月 20 日,取自:https://
www.bnext.com.tw/article/48768/mark-zuckerberg-day-2-congressional-testimony-data-bias
國家發展委員會(2018 年 7 月 14 日)。回應 LINE 隱私政策變更新聞稿。上網日 期:2021 年 4 月 2 日,取自:https://www.ndc.gov.tw/nc_27_29932
國家發展委員會法制協調中心(2019 年 12 月 29 日)。國發會推動個資法修法, 法(上篇)。上網日期:2021 年 4 月 29 日,取自:https://blog.twnic.tw/
2021/01/29/16751/
‧
(譯),台北:天下文化。譯自Big Data: A Revolution That Will Transform How We Live, Work, and Think. Mayer-Schönberger, V & K. Cukier. 2013.
麥爾荀伯格、蘭姆格(2018)。大數據資本主義:金融資本主義退位,重新定義 市場、企業、金錢、銀行、工作與社會正義(林俊宏譯),台北:天下文 化。譯自Reinventing Capitalism In The Age Of Big Data. Mayer-Schönberger, V & T. Ramge. 2018.
麥爾荀伯格(2015)。大數據:隱私篇-數位時代,「刪去」是必要的美德(第一 版)(林俊宏譯)。台北:天下文化。譯自Delete: The Virtue of Forgetting in the Digital Age. Mayer-Schönberger, V. 2009.
彭慧明(2018 年 7 月 13 日)。LINE 調整隱私權政策。經濟日報,第 A14 版。 月30 日,取自:https://www.moeaidb.gov.tw/ctlr?
PRO=filepath.DownloadFile&f=news&t=f&id=6512
‧
真心話?上網日期:2020 年 5 月 20 日,取自:https://www.nownews.com/
news/forum-2/celebritycomment-forum-2/3944889 台內容。上網日期:2021 年 5 月 7 日,取自:https://newtalk.tw/news/
view/2019-09-19/300680 政策。工商時報。上網日期:2021 年 5 月 8 日,取自:https://readers.ctee.c om.tw/cm/20210116/a06aa6/1105960/96d759c41f61d613d0328abfb1355f97/
Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509-514.
doi:10.1126/science.aaa1465
American Association of Advertising Agencies, Association of National Advertisers, Council of Better Business Bureaus, Direct Marketing Association, & Interactive Advertising Bureau. (2009, July). Self-Regulatory Principles for Online
Behavioral Advertising. Retrieved June 19, 2020, from
https://digitaladvertisingalliance.org/sites/aboutads/files/DAA_files/seven-principles-07-01-09.pdf
‧
Auxier, B., Rainie, L., Anderson, M., Perrin, A., & Kumar, M. (2019, November 15).
Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. Retrieved April 1, 2021, from
https://www.pewresearch.org/internet/wp-content/uploads/sites/9/2019/11/Pew-Research-Center_PI_2019.11.15_Privacy_FINAL.pdf
Barrett, C. (2020). Emerging Trends From The First Year Of EU GDPR Enforcement.
Scitech Lawyer, 16(3), 22-25,35.
Baruh, L., & Popescu, M. (2017). Big data analytics and the limits of privacy self-management. New Media & Society, 19(4), 579-596.
doi:10.1177/1461444815614001
Bernstein, M. H. (1955). Regulating Business by Independent Commission. Princeton, New Jersey: Princeton University Press.
Bostoen, F. (2019). Online platforms and pricing: Adapting abuse of dominance
assessments to the economic reality of free products. Computer Law & Security
Review, 35(3), 263-280. doi:10.1016/j.clsr.2019.02.004
Bowcott, I. T. O. (2015, October 6). Facebook row: US data storage leaves users open to surveillance, court rules. Retrieved June 10, 2020, from
https://www.theguardian.com/world/2015/oct/06/us-digital-data-storage-systems-enable-state-interference-eu-court-rules
Bowie, N. E., & Jamal, K. (2006). Privacy Rights on the Internet: Self-Regulation or Government Regulation? Business Ethics Quarterly, 16(3), 323-342.
doi:10.5840/beq200616340
Boyd, D. M., & Ellison, N. B. (2007). Social Network Sites: Definition, History, and Scholarship. Journal of Computer-Mediated Communication, 13(1), 210-230.
doi:10.1111/j.1083-6101.2007.00393.x
Brandtzaeg, P. B., Pultier, A., & Moen, G. M. (2019). Losing Control to Data-Hungry Apps: A Mixed-Methods Approach to Mobile App Privacy. Social Science
Computer Review, 37(4), 466-488. doi:10.1177/0894439318777706
Cho, H., Roh, S., & Park, B. (2019). Of promoting networking and protecting privacy:
Effects of defaults and regulatory focus on social media users’ preference settings. Computers in Human Behavior, 101, 1-13.
doi:10.1016/j.chb.2019.07.001
Christensson, P. (2014, May 26). Digital Footprint Definition. Retrieved May 5, 2021, from https://techterms.com/definition/digital_footprint
Christl, W. (2017a, June 8). Corporate Surveillance In Everyday Life (Web Version).
Retrieved December 16, 2019, from http://crackedlabs.org/en/corporate-surveillance
‧
Christl, W. (2017b, October). How Companies Use Personal Data Against People.
Retrieved January 1, 2020, from
https://crackedlabs.org/dl/CrackedLabs_Christl_DataAgainstPeople.pdf Christl, W., & Spiekermann, S. (2016). Networks of control: a report on corporate
surveillance, digital tracking, big data & privacy. Vienna: Facultas.
Constine, J. (2019, January 29). Facebook pays teens to install VPN that spies on them.
Retrieved October 24, 2019, from https://techcrunch.com/2019/01/29/facebook-project-atlas/
Council of the EU, Presidency. (2021, February 10). Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)-Mandate for negotiations with EP. Retrieved April 29, 2021, from
Cowen, T., & Glazer, A. (1996). More monitoring can induce less effort. Journal of
Economic Behavior & Organization, 30(1), 113-123.
doi:10.1016/S0167-2681(96)00845-1Crain, M. (2018). The limits of transparency: Data brokers and commodification. New
Media & Society, 20(1), 88-104. doi:10.1177/1461444816657096
Culnan, M. J. (2000). Protecting Privacy Online: Is Self-Regulation Working? Journal
of Public Policy & Marketing, 19(1), 20-26. doi:10.1509/jppm.19.1.20.16944
Dabrowski, A., Merzdovnik, G., Ullrich, J., Sendera, G., & Weippl, E. (2019).Measuring Cookies and Web Privacy in a Post-GDPR World. In D. Choffnes &
M. Barcellos (Eds.), Passive and Active Measurement (Vol. 11419, pp. 258-270). Cham, Switzerland: Springer International Publishing. doi:10.1007/978-3-030-15986-3_17
Davies, R., & Rushe, D. (2019, July 24). Facebook to pay $5bn fine as regulator settles Cambridge Analytica complaint. Retrieved January 17, 2021, from
http://www.theguardian.com/technology/2019/jul/24/facebook-to-pay-5bn-fine-as-regulator-files-cambridge-analytica-complaint
Davis, K. E., & Marotta-Wurgler, F. (2019). Contracting for Personal Data Symposium.
New York University Law Review, 94(4), 662-705.
Determann, L. (2012). Social Media Privacy: A Dozen Myths and Facts. Stanford
Technology Law Review, (July), 1-14.
Digital Advertising Alliance. (2011, November). Self-Regulatory Principles for Multi-Site Data. Retrieved June 19, 2020, from
https://digitaladvertisingalliance.org/sites/aboutads/files/DAA_files/Multi-Site-Data-Principles.pdf
‧
Digital Advertising Alliance. (2013, July). Application of Self-Regulatory Principles to the Mobile Environment. Retrieved June 19, 2020, from
https://digitaladvertisingalliance.org/sites/aboutads/files/DAA_files/
DAA_Mobile_Guidance.pdf
Digital Advertising Alliance. (2015, November). Application of the DAA Principles of Transparency and Control to Data Used Across Devices. Retrieved June 19, 2020, from
https://digitaladvertisingalliance.org/sites/aboutads/files/DAA_files/
DAA_Cross-Device_Guidance-Final.pdf
Digital Advertising Alliance. (2018, May). Application of the DAA Principles of Transparency & Accountability to Political Advertising. Retrieved June 19, 2020, from https://aboutpoliticalads.org/sites/politic/files/DAA_files/DAA_Self-Regulatory_Principles_for_Political_Advertising_May2018.pdf
Dixon, P. (2007, December 19). A Brief Introduction to Fair Information Practices.
Retrieved May 22, 2020, from
https://www.worldprivacyforum.org/2008/01/report-a-brief-introduction-to-fair-information-practices/
Duhigg, C. (2013). How Companies Learn Your Secrets. In D. Starkman (Ed.), The
Best Business Writing 2013 (pp. 421-444). New York: Columbia University
Press. doi:10.7312/star16075-025Eisner, M. A., Worsham, J., & Ringquist, E. J. (2000). Contemporary regulatory policy.
Boulder, Colorado: Lynne Rienner Publishers.
European Data Protection Board. (2020, September 20). Guidelines 08/2020 on the Targeting of Social Media Users. Retrieved November 30, 2020, from
https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_202008_on thetargetingofsocialmediausers_en.pdf
European Parliament. (2021, March 20). Legislative train schedule. Retrieved April 29, 2021, from https://www.europarl.europa.eu/legislative-train
Facebook. (2020a, March 30). Updating Our Data Access Tools. About Facebook.
Retrieved July 14, 2020, from https://about.fb.com/news/2020/03/data-access-tools/
Facebook. (2020b, June 2). Introducing Manage Activity. Retrieved April 2, 2021, from https://about.fb.com/news/2020/06/introducing-manage-activity/
Facebook. (2020c, October 3). What ‘The Social Dilemma’ Gets Wrong. Retrieved November 13, 2020, from
https://about.fb.com/wp-content/uploads/2020/09/What-The-Social-Dilemma-Gets-Wrong.pdf
‧
Facebook. (n.d.). General Data Protection Regulation. Retrieved July 14, 2020, from https://en-gb.facebook.com/business/gdpr
Falahrastegar, M., Haddadi, H., Uhlig, S., & Mortier, R. (2016). Tracking Personal Identifiers Across the Web. In T. Karagiannis & X. Dimitropoulos (Eds.),
Passive and Active Measurement (pp. 30-41). Cham, Switzerland: Springer
International Publishing. doi:10.1007/978-3-319-30505-9_3Federal Trade Commission. (2012, August 10). FTC Approves Final Settlement With Facebook. Retrieved April 24, 2020, from
https://www.ftc.gov/news-events/press-releases/2012/08/ftc-approves-final-settlement-facebook
Federal Trade Commission. (2019, July 24). FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook. Retrieved April 24, 2020, from https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions
Fox, C. (2019, January 21). Google hit with £44m GDPR fine. Retrieved May 25, 2020, from https://www.bbc.com/news/technology-46944696
Fuller, C. S. (2019). Is the market for digital privacy a failure? Public Choice, 180(3), 353-381. doi:10.1007/s11127-019-00642-2
G’sell, F. (2021, January 25). The Digital Markets Act Is Changing EU’s Approach to Digital Gatekeepers. Retrieved April 29, 2021, from
https://promarket.org/2021/01/25/europe-digital-markets-act-new-approach-gatekeepers/
Gonçalves, M. E. (2020). The risk-based approach under the new EU data protection regulation: a critical perspective. Journal of Risk Research, 23(2), 139-152.
doi:10.1080/13669877.2018.1517381
Graef, I., Clifford, D., & Valcke, P. (2018). Fairness and enforcement: bridging competition, data protection, and consumer law. International Data Privacy
Law, 8(3), 200-223. doi:10.1093/idpl/ipy013
Hirsch, D. D. (2011). The Law and Policy of Online Privacy: Regulation,
Self-Regulation, or Co-Regulation? Seattle University Law Review, 34(2), 439-480.
Hoofnagle, C. J. (2005, March 4). Privacy Self Regulation: A Decade of Disappointment. Retrieved October 12, 2019, from
https://www.epic.org/reports/decadedisappoint.pdf
Hoofnagle, C. J. (2018). The Federal Trade Commission’s Inner Privacy Struggle. In
The Federal Trade Commission’s Inner Privacy Struggle (pp. 168-183).
Cambridge, United Kingdom: Cambridge University Press.
‧
Hoofnagle, C. J., & Whittington, J. (2014). Free: Accounting for the Costs of the Internet’s Most Popular Price. UCLA Law Review, 61, 606-670.
Hu, X., & Sastry, N. (2019). Characterising Third Party Cookie Usage in the EU after
GDPR. In Proceedings of the 10th ACM Conference on Web Science - WebSci
’19 (pp. 137-141). Boston, MA. doi:10.1145/3292522.3326039
Huber, P. (1983). Exorcists vs. Gatekeepers in Risk Regulation. Regulation, 7(6), 23-32.
ICO. (n.d.). What methods can we use to provide privacy information? ICO. Retrieved April 30, 2021, from
https://ico.org.uk/for-organisations/guide-to-data- protection/guide-to-the-general-data-protection-regulation-gdpr/the-right-to-be-informed/what-methods-can-we-use-to-provide-privacy-information/
Jackson, O. (2018a). GDPR implementation is harder than expected. International
Financial Law Review. Retrieved March 24, 2020, from
https://search.proquest.com/docview/2137332713?accountid=10067
Jackson, O. (2018b). GDPR: on the right path? International Financial Law Review.
Retrieved April 24, 2020, from
https://www-proquest-com.autorpa.lib.nccu.edu.tw/scholarly-journals/gdpr-on-right-path/docview/
2045017398/se-2?accountid=10067
Johnson, G. A., Shriver, S. K., & Du, S. (2020). Consumer Privacy Choice in Online
Johnson, G. A., Shriver, S. K., & Du, S. (2020). Consumer Privacy Choice in Online