- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 231 to 240 of 242 (0.067 seconds)| 231 |
Informerat samtycke till behandling av personuppgifter på webbplatser : En analys av hur kraven i dataskyddsförordningen kommer att påverka den personliga integriteten i praktiken / Informed consent to processing of personal data on websites : An analysis of how the requirements in the General Data Protection Regulation will affect privacy in practiceNilsson, Eric January 2017 (has links)
Frågan om rätten till personlig integritet är aktuell på ett helt annat sätt idag än den var på 1990-talet. Sedan dataskyddsdirektivet trädde i kraft har behandlingen av personuppgifter ökat exponentiellt. Informationsteknik har möjliggjort en omfattande kartläggning av personers beteenden online. Idag använder många webbplatser funktioner för att samla in och på andra sätt behandla sina besökares personuppgifter. Samtidigt har informationen om personuppgiftsbehandlingen som ges till enskilda på webbplatser i många fall blivit omfattande och komplicerad. Ett av syftena med den nya dataskyddsförordningen är att bygga upp konsumenters förtroende för handel på internet. Förordningen syftar även till att stärka skyddet för enskildas personliga integritet. Bestämmelserna kan anses vara svårtydda, vilket kan leda till att skyddet som bäst blir oförändrat. I ett samhälle som blir alltmer digitaliserat tycks det önskvärt att de moderna reglerna håller vad de lovar, annars kan konsekvenserna bli stora. I denna uppsats diskuteras om dataskyddsförordningens krav på informerat samtycke förbättrar förutsättningarna för ett effektivt skydd för den personliga integriteten. De nya bestämmelserna är mer omfattande men har kritiserats för att vara otydliga, närmare principer i direktiv snarare än direkt tillämplig förordningstext. Bestämmelserna behöver också vägas mot andra rättigheter. Därför kan bestämmelserna om samtycke och informationsplikt leda till ett sämre skydd för enskilde om inte tydlig vägledning ges. Det är därför en risk som kommer behöva beaktas vid tillämpningen av förordningen. Om personuppgiftsansvariga saknar vägledning finns en risk att bestämmelserna i praktiken inte ger enskilda den kontroll över sina personuppgifter som var avsedd.
|
| 232 |
Principe de finalité, protection des renseignements personnels et secteur public : étude sur la gouvernance des structures en réseau / Purpose principle, personal data protection and public sector : study on network-based structures governanceDuaso Calés, Rosario 14 October 2011 (has links)
La question de la protection des renseignements personnels présente des enjeux majeurs dans le contexte des réseaux. Les premières lois en la matière au Canada et en Europe avaient pour base une série de principes qui sont encore aujourd’hui d’actualité. Toutefois, l’arrivée d’Internet et des structures en réseau permettant l’échange d’un nombre infini d’informations entre organismes et personnes ont changé la donne et induisent de nouveaux risques informationnels. Le principe de finalité, pierre angulaire des systèmes de protection des renseignements personnels, postule le caractère adéquat, pertinent et non excessif des informations collectées par rapport à l’objet du traitement et exige qu’elles soient uniquement utilisées à des fins compatibles avec la finalité initiale. Nous retracerons l’historique de ce principe et analyserons la manière dont la doctrine, la jurisprudence et les décisions du CPVPC comme de la CNIL ont contribué à délimiter ses contours. Nous étudierons comment ce principe se manifeste dans la structure en réseau de l’administration électronique ou du gouvernement électronique et nous relèverons les nouveautés majeures que présente l’État en réseau par rapport au modèle d’État en silo, ainsi que la nécessité d’une gouvernance adaptée à cette structure. Nous examinerons également la présence de standards juridiques et de notions à contenus variable dans le domaine de la protection des renseignements personnels et nous tenterons de montrer comment la finalité, en tant que principe ou standard, a les capacités de s’adapter aux exigences de proportionnalité, d’ajustement et de mutation continuelle qui sont aujourd’hui au coeur des défis de la gouvernance des réseaux. Finalement, il sera question de présenter quelques pistes pour l’adoption de mécanismes d’adaptation « réseautique » pour la protection des renseignements personnels et de montrer dans quelle mesure ce droit, capable de créer un cadre de protection adéquat, est également un « droit en réseau » qui possède tous les attributs du « droit post-moderne », attributs qui vont rendre possible une adaptation propre à protéger effectivement les renseignements personnels dans les structures, toujours changeantes, où circulent aujourd’hui les informations. / Personal data protection poses significant challenges in the context of networks. The first laws on this matter both in Canada and in Europe were based on a series of principles that remain valid today. Nevertheless, Internet and the development of network-based structures that enable infinite exchange of information between institutions and individuals are changing the priorities and, at the same time, present new risks related to data protection. The purpose principle,which is the personal data protection systems cornerstone, stresses the relevance and adequate yet not excessive nature of the collected information vis à vis the objective of data collection. The purpose principle also requires that the information shall not further be processed in a way incompatible with the initial purpose. We will describe the origins and evolution of this principle, as well as its present relevance and scope analysing the doctrine, jurisprudence and decisions of theOffice of the Privacy Commissioner in Canada and of the Commission nationale de l’informatique et des libertés (CNIL) in France. We will also examine how this principle is reflected in the network structure of the digital administration and of the electronic government. We will also underline the differences between a network based State and a « silo-based » State, each needing its structure of governance. Within the context of personal data protection, we will explore the presence of legal standards and of concepts with a changing nature. An effort will be made to highlight how purpose, be it as a principle or as a standard, has the capacity to adapt to the requirements of the core principles of the current network governance, such as proportionality, adjustment and continuous mutation. Finally, the objective is to reflect on some personal data protection network adaptation mechanisms, and to demonstrate how personal data protection can work in a network that includes all« post-modern law » elements that allow for true adaptation for effective personal data protection within the ever changing structures where data is being exchanged.
|
| 233 |
Eingriffe in den Internet-Datenverkehr zur Durchsetzung des UrheberrechtsFokken, Martin 28 October 2021 (has links)
Die auf mitgliedstaatlicher und EU-Ebene grundrechtlich verbürgte Freiheit des Eigen-tums verlangt, das Urheberrecht effektiv zu schützen. Staatlich durchgeführte oder ange-ordnete technische Maßnahmen wie Netzsperren (IP- oder DNS-Sperren) und Deep Packet Inspection ermöglichen es u.a., gezielt die Übertragung von Daten zu blockieren, deren unlizenzierter Austausch über das Internet – etwa über Streaming-Portale – das Urheber-recht verletzt. Im Internet besteht ohne derartige technische Maßnahmen ein Durchset-zungsdefizit, da die unmittelbaren („Content Provider“) und mittelbaren Anbieter („Host-Provider“) der Inhalte oft nicht effektiv in Haftung genommen werden können; die techni-schen Betreiber der Infrastruktur des Internets („Internet Service Provider“) hingegen können dem staatlichen Zugriff nicht ausweichen. Die angesprochenen technischen Maß-nahmen greifen jedoch in verschiedene Grundrechte des Grundgesetzes und der Charta der Grundrechte der Europäischen Union ein. Betroffen sind insbesondere die unterneh-merische Freiheit (Art. 16 Charta) der Internet Service Provider, die Informationsfreiheit (Art. 11 Abs. 1 Charta), das Recht auf Achtung der Kommunikation (Art. 7 Charta), das Recht auf Schutz personenbezogener Daten (Art. 8 Abs. 1 Charta) der Internet-Nutzer sowie die jeweiligen mitgliedstaatlichen Entsprechungen dieser Grundrechte. Der Gegen-stand dieser Arbeit ist die Untersuchung der Vereinbarkeit der Anwendung technischer Maßnahmen zur Durchsetzung des Urheberrechts mit europäischem Primärrecht und dem Grundgesetz. / The Fundamental Right to Property, which is guaranteed at Member State and EU level, requires that copyright be effectively protected. Technical measures implemented by or required by states, such as IP/DNS blocking or Deep Packet Inspection, enable, inter alia, the targeted blocking of transmissions of data whose unlicensed exchange over the inter-net – e.g. via streaming portals – infringes copyrights. Without such technical measures, there is an enforcement deficit in the internet, as the direct ("content providers") and indi-rect providers ("host providers") of the content often cannot be effectively held liable; the technical operators of internet infrastructure ("internet service providers"), on the other hand, cannot evade governmental intervention. The technical measures mentioned, how-ever, affect various fundamental rights of the German Constitution (the “Grundgesetz”) and the Charter of Fundamental Rights of the European Union. The rights affected are, in particular, the Freedom to Conduct a Business (Article 16 of the Charter) of internet ser-vice providers, the Freedom of Information (Article 11(1) of the Charter), the Right to Re-spect for Communications (Article 7 of the Charter) and the Right to Protection of Person-al Data (Article 8 (1) of the Charter) of internet users, and the respective Member State equivalents of these fundamental rights. Subject matter of this thesis is to examine whether the use of technological measures to enforce copyrights is in compliance with Eu-ropean primary law and the German Grundgesetz.
|
| 234 |
La communication de la preuve civile au préalable dans les litiges commerciaux internationauxLesage-Bigras, Élisabeth 11 1900 (has links)
Dans l’ère économique actuelle où les transactions commerciales, propulsées par l’omniprésence des technologies de l’information, se font de plus en plus à l’échelle mondiale, les risques de conflits juridiques de nature internationale augmentent considérablement. Les entreprises québécoises faisant plus fréquemment affaire avec des partenaires étrangers, les litiges d’aujourd’hui confrontent les parties et leurs représentants à des dilemmes légaux nouveaux qui les forcent à interagir avec des cultures judiciaires, autres que québécoises, et ce, particulièrement lors de la communication au préalable de la preuve civile.
Nous nous pencherons donc sur l’analyse des divers enjeux légaux soulevés par ce processus afin de relever les considérations pratiques auxquelles seront soumises les parties à un conflit commercial international institué devant les tribunaux québécois. Ainsi, à l’aide d’un cas hypothétique, nous effectuerons l’étude des régimes procéduraux québécois, tant général que particulier, de communication de la preuve civile internationale, les restrictions applicables à la procédure ainsi que son encadrement supranational.
Puis, nous étudierons l’impact des technologies de l’information sur le régime québécois de communication au préalable de la preuve civile en mettant l’accent tout particulièrement sur la dématérialisation de la preuve civile internationale, les changements législatifs de la réforme du Code de procédure civile et la protection des renseignements personnels. / In the current economic era, where business transactions are more than ever globalized due to the increasing use of technologies, the risks of legal conflicts being international in nature are now higher. Since businesses from Québec are now frequently making transactions with foreign partners, litigation nowadays confronts parties and their lawyers with new legal dilemmas, forcing them to interact with different judicial cultures other than Québec’s, especially during the pre-trial discovery and disclosure process.
We will then analyze the many legal challenges resulting from this procedure to address the practical considerations that subject the parties of an international litigation instituted in front of Québec’s tribunals. Therefore, with the help of a hypothetical, we will study Québec’s general and specific procedures of discovery and disclosure of international civil evidence, its restrictions and the international legal frame surrounding it.
Also, we will discuss the impact of technologies on Québec’s pre-trial discovery and disclosure process focusing on the dematerialization of civil evidence, the legislative modifications of the reform of the Québec Code of Civil Procedure, and the protection of personal data.
|
| 235 |
Competition and Data Protection Law in Conflict : Data Protection as a Justification for Anti-Competitive Conduct and a Consideration in Designing Competition Law RemediesBornudd, David January 2022 (has links)
Competition and data protection law are two powerful regimes simultaneously shaping the use of digital information, which has given rise to new interactions between these areas of law. While most views on this intersection emphasize that competition and data protection law must work together, nascent developments indicate that these legal regimes may sometimes conflict. In the first place, firms faced with antitrust allegations are to an increasing extent invoking the need to protect the privacy of their users to justify their impugned conduct. Here, the conduct could either be prohibited by competition law despite of data protection or justified under competition law because of data protection. In the EU, no such justification attempt has reached court-stage, and it remains unclear how an enforcer ought to deal with such a claim. In the second place, competition law can mandate a firm to provide access to commercially valuable personal data to its rivals under a competition law remedy. Where that is the case, the question arising in this connection is whether an enforcer can and should design the remedy in a way that aligns with data protection law. If so, the issue remains of how that ought to be done. The task of the thesis has been to explore these issues, legally, economically, and coherently. The thesis has rendered four main conclusions. First, data protection has a justified role in EU competition law in two ways. On the one hand, enhanced data protection can increase the quality of a service and may thus be factored in the competitive analysis as a dimension of quality. On the other, data protection as a human right must be guaranteed in the application of competition law. Second, these perspectives can be squared with the criteria for justifying competition breaches, in that data protection can be invoked to exculpate a firm from antitrust allegations. Third, in that context, the human rights dimension of data protection may entail that the enforcer must consider data protection even if it is not invoked. However, allowing data protection interests to override competition law in this manner is relatively inefficient as it may lead to less innovation, higher costs, and lower revenues. Fourth, the profound importance of data protection in the EU necessarily means that enforcers should accommodate data protection interests in designing competition law remedies which mandate access to personal data. This may be done in several ways, including requirements to anonymize data before providing access, or to oblige the firm to be compliant with data protection law in the process of providing access. The analysis largely confirms that anonymization is the preferable option.
|
| 236 |
Unexpected consequences for the Swedish signals intelligence in the light of the European Court of Justice’s case law? : An analysis of the implications the joined cases La Quadrature du Net and others and the case Privacy International might have for the Swedish signals intelligencevon Hofsten, Jarl January 2022 (has links)
The Court of Justice of the European Union has in its case law been strict in its approach towards Member States’ legislative measures providing for retention of and access to data relating to electronic communications. In recent case law the Court has made clear that also such provisions with the object of safeguarding national security need to comply with EU law and the Court’s jurisprudence. This might mean that the Swedish cable-based signals intelligence is within the scope of EU law contrary to the previous conception. It is decisive for whether the Swedish signals intelligence is within the scope of EU law whether the requirement on the providers of electronic communications systems to transfer all signals crossing the Swedish border to collaboration points, in order for the signals intelligence to be carried out, is to be interpreted as a requirement on the providers to process personal data. If within the scope of EU law, a great majority of the Swedish signals intelligence could be disproportionate in the light of the Court’s case law and thus contrary to EU law. Since the signals intelligence is considered to be an indispensable tool to solve all tasks the Swedish foreign intelligence encompasses this could affect the capability of the foreign intelligence.
|
| 237 |
Försäkringsskydd för skadeståndsansvar vid dataskyddsöverträdelser : En undersökning av försäkringsvillkorens omfattning och eventuella begränsningar i förhållande till art. 82 GDPR och grupptalan / Insurance coverage for liability in case of data protection breaches : An investigation into the extent and potential limitations of insurance terms in relation to art. 82 GDPR and class action lawsuitsNahlbom, Robin January 2024 (has links)
I uppsatsen utreds försäkringsskyddet för skadeståndsansvar vid dataskyddsöverträdelser. GDPR är den centrala regleringen för personuppgiftsbehandling och fastställer ett antal principer som måste upprätthållas för att den ansvarige ska få behandla personuppgifter. Bryter den ansvarige mot förordningens principer har den registrerade rätt att kräva skadestånd enligt art. 82.1 GDPR. Förordningen fastställer tre kumulativa krav som måste vara uppfyllda för att skadeståndsskyldighet ska föreligga. Det innefattar att en överträdelse av GDPR har skett, att materiell eller immateriell skada till följd av denna överträdelse har uppstått och att det föreligger ett orsakssamband mellan skadan och överträdelsen. Förordningen innehåller även en bestämmelse som tar över medlemsstaternas nationella skadeståndsrättsliga bestämmelser, vilket innebär att GDPR ska tillämpas enligt sin ordalydelse och att de kumulativa kraven enligt art. 82.1 GDPR måste följas. Det innebär att nationella skadeståndsrättsliga begrepp inte bör jämställas med begrepp som framgår av art. 82.1 GDPR eftersom begreppen har tillkommit i en helt annan kontext. Exempelvis översätts i vissa fall materiella och immateriella skador till ekonomiska och ideella skador. Begreppen är inte synonyma och bör inte tillställas samma betydelse eftersom terminologin i art. 82.1 GDPR kan misstolkas. Försäkringsvillkoren som reglerar skadeståndsskyldigheten för dataskyddsöverträdelser och som även hänvisar till art. 82.1 GDPR, innehåller i vissa fall nationella skadeståndsrättsliga begrepp och även andra begrepp som inte framgår av förordningen. Det kan leda till att kongruensen mellan villkorens utformning och förordningens ordalydelse medför tolkningsproblematik vid bedömning om skadeståndsskyldighet föreligger. Därför bör försäkringsvillkoren endast innehålla sådan terminologi som framgår av art. 82.1 GDPR. Dataskyddsöverträdelser medför oftast att en stor grupp människor lider skada varför förordningen tillåter registrerade att föra grupptalan med hjälp av en ideell organisation enligt art. 80 GDPR. Teoretiskt sett kan skadeståndsbeloppen bli högre än försäkringsbeloppen varför det i sådana fall saknas ett försäkringsskydd för grupptalan för den personuppgiftsansvarige. Försäkringsvillkoren anger däremot ingenting om att försäkringen inte täcker ett sådant anspråk. Därmed ställs försäkringsbolagen inför utmaningen att hantera sådana anspråk, varför försäkringen bör uppdateras för att möta skadestånd i en grupptalan vid dataskyddsöverträdelser. / The essay investigates insurance coverage for liability for damages in the event of data protection breaches. GDPR is the central regulation for the processing of personal data and establishes a number of principles that must be upheld for the data controller to process personal data. If the data controller breaches the principles of the regulation, the data subject has the right to claim damages under Art. 82.1 GDPR. The regulation sets out three cumulative requirements that must be met for liability for damages to arise. This includes that a breach of the GDPR has occurred, that material or immaterial damage as a result of this breach has arisen, and that there is a causal link between the damage and the breach. The regulation also includes a provision that supersedes the national tort law provisions of Member States, which means that the GDPR shall be applied according to its wording and that the cumulative requirements under Art. 82.1 GDPR must be followed. This means that national tort law concepts should not be equated with concepts as set out in Art. 82.1 GDPR as the concepts have arisen in a completely different context. For example, in some cases, material and immaterial damages are translated into economic and non-economic damages. The concepts are not synonymous and should not be attributed the same meaning as the terminology in Art. 82.1 GDPR can be misinterpreted. The insurance terms and conditions that regulate liability for damages in the event of data protection breaches and also refer to Art. 82.1 GDPR, in some cases contain national tort law concepts and other concepts that are not evident in the regulation. This may lead to a lack of congruence between the wording of the terms and conditions and the wording of the regulation, resulting in interpretation issues when assessing whether liability for damages exists. Therefore, the insurance terms and conditions should only contain terminology as set out in Art. 82.1 GDPR. Data protection breaches usually result in harm to a large group of people, which is why the regulation allows data subjects to bring a collective action with the assistance of a not-for-profit organization under Art. 80 GDPR. Theoretically, damages awarded may exceed insurance coverage, which means there is no insurance coverage for collective actions for the data controller in such cases. However, the insurance terms and conditions do not specify that the insurance does not cover such a claim. Therefore, insurance companies are faced with the challenge of handling such claims, which is why the insurance should be updated to cover damages in a collective action in the event of data protection breaches.
|
| 238 |
美國財務資訊隱私權保護規定之研究 / A Study of American Regulations on the Protection of Credit Information Privacy陳妍沂, Chen,Yen Yi Unknown Date (has links)
本研究探討金融機構對於客戶個人資料之蒐集與處理,所涉及之個人資訊隱私權保護議題,分為三個面向,第一是金融機構本身對於客戶個人資料之處理,尤其是金融集團內部之個人資料分享,或將個人資料提供予他人使用,第二是政府機關向金融機構要求提供客戶資料時,涉及之個人資訊隱私權保護,第三是信用資料機構對於個人資料之處理,例如我國之金融聯合徵信中心,或美國之信用報告機構對於消費者信用報告之蒐集與流通使用.
本研究所探討之法規,包括:美國金融服務業現代化法案第五章,美國財務隱私權法,美國公平信用報告法,我國電腦處理個人資料保護法,銀行法第四十八條第二項,以及其他金融法令中涉及金融機構對個人資料處理及隱私權保護之規定.最後並將美國規定與我國規定作一比較,參酌國際上對於資訊隱私權保護之立法原則,以及我國常見之資訊隱私權爭議類型,對我國金融機構之財務資訊隱私權保護規範,提出修法方向建議. / 隨著資訊科技之發展,個人資料之流通較以往普遍且迅速,加以在商業社會中,個人資訊具有行銷方面之商品價值,常成為交易標的之內容,因此保護個人資訊隱私權,已成為各國政府共同努力的目標之一。
隱私權的概念係起源於美國,其在金融業所適用之個人財務資訊隱私權方面所提供之保障程度如何,為本研究所探討之主題,所涉及之法規,包括:美國金融服務業現代化法案、財務隱私權法、公平信用報告法。
研究結果發現,美國1999年通過之金融服務業現代化法案,雖訂有隱私權保護專章,但主要規定係要求金融機構應提供顧客隱私權保護政策通知,以及在將個人資料提供予金融集團外第三人時,應提供顧客選擇退出之機會,並未涵蓋國際上認為資訊隱私權保護應包括之各種面向,且其對於金融集團運用個人資料之限制較少,消費者控制個人資訊之權利較為不足,當金融機構違反規定時,消費者亦無向金融機構提起民事訴訟求償之權利,顯示美國在金融集團之個人資料運用方式,較重視金融集團運用個人資料所能產生之經濟效益,對於個人資訊隱私權僅提供有限程度之保障。
美國1978年財務隱私權法,係規定求政府在向金融機構要求提供顧客財務紀錄時,應遵守法定程序,包括:以法定職掌所需之攸關性資料為限,必須向顧客進行通知,使其瞭解受調查之性質以及個人資料被使用情形,個人並有提出異議以阻止政府取得其財務紀錄之機會,若政府或金融機構違反規定而取得或提供其財務紀錄,個人得向政府或金融機構提起民事訴訟求償。雖然仍有學者對該規定所提供之保障範圍或者個人行使權利之便利性,提出些微批評,但整體而言,該規定促使政府部門在向金融機構要求提供顧客財務紀錄時,應自行檢視符合法定程序,且受到司法監督,對於政府所進行之調查程序,已提供較合理之個人資訊隱私權保障。
美國公平信用報告法,係因其商業化的信用資訊機構,在蒐集與流通個人資料時,有過度侵害個人資訊隱私權之虞,故於1970年通過該法案,其後歷經1996年及2003年之修正。該法規定消費者報告機構(即信用資訊機構)、消費者報告使用者、個人資料提供者應遵循之義務,以及消費者得享有之權利,用以維護個人資訊隱私權之方法,主要是限制消費者報告僅得提供予具有合法用途之報告使用者,以及儘可能的維護個人資料之正確性,以免報告使用者依據錯誤的資料,作成相關交易決定,而損及個人之權益。該法案呈現出美國對於個人資料之態度,是認為個人資料之流通使用,對於商業交易之順利進行以及經濟發展,甚至個人順利取得融資,均有助益,故不應予以嚴格限制,以享受資訊產生之價值,但另一方面提供個人得以知悉其個人資料內容、得以提出資料更正要求、報告使用者對個人作成不利交易決定時須通知報告當事人,用這些機制,來使個人有機會確保其資料之正確性,使其在商業交易中得以受到公平合理之信用評價。
本研究最後亦就我國相關規定加以檢視,並與美國規定作一比較,結果發現,我國由於早在民國84年即已通過電腦處理個人資料保護法,對於個人資訊隱私權已提供全面性之保障,僅須對於金融業或信用資訊機構部分,再補充較為詳細的行政規定,即可減少金融業之個人資訊隱私權爭議;至於政府向金融機構要求提供顧客財務紀錄之規定,我國目前係以行政函令加以規範,且採取非公開原則,民眾尚無從知悉其個人資料被政府調閱取用之情形,此部分我國之個人資訊隱私權保障,主要係仰賴政府部門之自我監督,其對個人資訊隱私權之保障程度較難以評估。
本研究對於我國金融業財務隱私權保護規範之主要建議,包括:(1)針對金融業之資料保護進行領域專精化之法令規範,(2)設置專責「資料保護監察人」制度監督政府個人資料保護行為,並確保人民隱私權受侵害之救濟,(3)改善金融機構向客戶通知其個人資料蒐集與運用事宜之程序,(4)對於政府取得金融機構客戶資料提供更完善之程序性保障,(5)對於金融聯合徵信中心蒐集處理個人資料賦予更明確之法律地位及規範。
|
| 239 |
銀行國際傳輸客戶資料保護規範--以英國法為中心 / The study of the regulations on the protection of international data transfers in U.K. banks林詩韻, Lin, Shih Yun Unknown Date (has links)
隨著資訊技術之快速發展及受到金融交易全球化之影響,在營運模式及法令遵循之需求下,使得銀行業將客戶個人資料跨境傳輸至其他國家之公務或非公務機關所產生之資料保護或對資訊隱私權衝擊等議題漸增。為調和不同國家間對於個人資料保護文化及規範程度之差異,各國及各國際組織間均致力於如何在不影響商業交易需要、個人資料隱私安全及資訊自由流通之前提下,經由適當法律規範對於資料管理者國際傳輸個人資料之行為,予以適當控管。
隱私權之概念雖起源於美國,惟現行各國對於個人資料國際傳輸保護規範仍以歐盟委員會於1995年發布之個人資料隱私保護指令(Directive 95/46/EC)最為重要且影響層面較大。在歐盟指令仍須各會員國將其轉化為國內法,始得有效執行之前提下,本研究以金融服務產業發展較為領先之國家—英國,以英國銀行業適用之個人資料國際傳輸保護規範為研究主題,所涉法規包括:歐盟指令、英國1998年資料保護法(Data Protection Act, DPA)及英國金融服務業適用之相關規範等。
研究結果發現,英國1998年資料保護法在參照歐盟指令之相關規範下,對於資料管理者將個人資料國際傳輸已訂有相關限制規定及如何符合相關豁免規定之作業流程及評估程序,英國專責資料保護之監理機關(資訊自由及保護委員會),並已依據歐盟指令,發布規定授權英國企業得採用標準契約範本及經其個案核准採用共同約束條款,顯示英國對於國際傳輸之個人資料已有一定程度之保障。惟如同歐盟委員會之研究報告所述,英國相對於歐盟其他會員國,並未將國際傳輸規範明訂於資料保護法之本文,對於當事人資訊隱私權保護之法律位階,仍有待加強。
不同於我國係於銀行法明定銀行對客戶資料之保密義務,英國法院認為銀行對於客戶資料之保密責任,原始存在於銀行與客戶間之契約。惟英國與我國相同於金融相關法令中僅針對銀行境外委外所涉之國際傳輸訂有相關監理規範(包括境外委外事先申請核准、申請程序及應檢附之文件),以透過銀行與委外服務供應商之委外契約,確保金融監理機關能跨國有效行使其監理權限,保護當事人之權益,至於銀行因非委外事項,將客戶資料跨境傳輸至其他國家時,仍應回歸適用資料保護法有關國際傳輸之相關規定。
本研究最後就我國與英國對於個人資料國際傳輸相關保護規範之比較結果發現,我國個人資料保護法雖已於99年修正發布(新個資法),但對於國際傳輸之限制規定,修法後雖已明定國際傳輸之定義及加重非公務機關違反國際傳輸規定之罰則,惟未修正其實質規範內容,仍僅授權中央目的事業主管機關於非公務機關有第21條所列四項情形之一時,得限制其進行國際傳輸。在新個資法下,非公務機關對於個人資料之國際傳輸,已無須取得目的事業主管機關登記,並取得執照,雖有利於資料之國際流通,惟為保護當事人個人資料於傳輸後之安全,我國是否尚須其他配套措施,以落實個人資料於國際傳輸層面之保障,值得深思。
本研究對於我國銀行業國際傳輸個人資料保護規範之主要建議,包括(1)宜透過各中央目的事業主管機關對被監理機構之監理及其與相關公益團體間之合作,以強化各界對於個人資料保護之重視,(2)國際傳輸之限制規定應予細緻化,並透過產業自治逐步達成個人資料保護之目的,(3)金融監理機關宜配合個人資料保護法之修正,訂定銀行業國際傳輸之作業規範,(4)宜透過租稅合作協定,在不違反我國個人資料保護法及銀行法之原則下,協助我國金融機構解決美國「外國帳戶稅收遵從法」之實施,衍生對於個人財務資訊隱私權及跨境傳輸個人資料保護之問題。
|
| 240 |
Protection of Personal Data, a Power Struggle between the EU and the US: What implications might be facing the transfer of personal data from the EU to the US after the CJEU’s Safe Harbour ruling?Strindberg, Mona January 2016 (has links)
Since the US National Security Agency’s former contractor Edward Snowden exposed the Agency’s mass surveillance, the EU has been making a series of attempts toward a more safeguarded and stricter path concerning its data privacy protection. On 8 April 2014, the Court of Justice of the European Union (the CJEU) invalidated the EU Data Retention Directive 2006/24/EC on the basis of incompatibility with the Charter of Fundamental Rights of the European Union (the Charter). After this judgment, the CJEU examined the legality of the Safe Harbour Agreement, which had been the main legal basis for transfers of personal data from the EU to the US under Decision 2000/520/EC. Subsequently, on 6 October 2015, in the case of Schrems v Data Protection Commissioner, the CJEU declared the Safe Harbour Decision invalid. The ground for the Court’s judgment was the fact that the Decision enabled interference, by US public authorities, with the fundamental rights to privacy and personal data protection under Article 7 and 8 of the Charter, when processing the personal data of EU citizens. According to the judgment, this interference has been beyond what is strictly necessary and proportionate to the protection of national security and the persons concerned were not offered any administrative or judicial means of redress enabling the data relating to them to be accessed, rectified or erased. The Court’s analysis of the Safe Harbour was borne out of the EU Commission’s own previous assessments. Consequently, since the transfers of personal data between the EU and the US can no longer be carried out through the Safe Harbour, the EU legislature is left with the task to create a safer option, which will guarantee that the fundamental rights to privacy and protection of personal data of the EU citizens will be respected. However, although the EU is the party dictating the terms for these transatlantic transfers of personal data, the current provisions of the US law are able to provide for derogations from every possible renewed agreement unless they become compatible with the EU data privacy law. Moreover, as much business is at stake and prominent US companies are involved in this battle, the pressure toward the US is not only coming from the EU, but some American companies are also taking the fight for EU citizens’ right to privacy and protection of their personal data.
|
Page generated in 0.1042 seconds