Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/128981
|
| Title: | Open banking 涉及之個人資料保護問題
Personal Data Protection Issues among Open Banking |
| Authors: | 林旻
Lin, Angela |
| Contributors: | 宋皇志
Sung, Huang-Chih
林旻
Lin, Angela |
| Keywords: | 金融科技
開放銀行
開放API
個人資料保護
消費者資料權
FinTech,
Open banking
Open API
Personal Data Protection
Consumer Data Right
PSD2
GDPR |
| Date: | 2020 |
| Issue Date: | 2020-03-02 11:35:51 (UTC+8) |
| Abstract: | 資訊科技的進步,令消費者個人資料之價值由於資料得以被運用在各式各樣的 金融科技而大幅提高,過去視客戶資料為商業機密之銀行,也逐漸願意、或者被迫開 放其持有之資料,成為開放銀行(Open banking)生態系統中的一員。即便開放銀行 目前在大部份的司法管轄區仍處於起步階段,其已經成為全球銀行業的趨勢。
Open banking的出現是銀行的機會,同時也是銀行的挑戰:其帶來更多創新產 品服務的可能,同時,銀行在個人資料保護以及資訊安全基礎設施上亦須投入大量成 本,避免在未經消費者同意利用其個人資料或是大規模消費者個人資料洩漏之情形, 造成不可回復之損害。不論是消費者害怕個人資料保護不夠周全,抑或是銀行與TPP 間之責任歸屬未明確釐清,都將有礙此種的新型態生態系統持續發展。
本論文聚焦於銀行利用API分享資料給第三方服務提供商的Open banking商業 模式,個人資料保護之部分則以歐盟之GDPR為重點,探討Open banking法制以及 GDPR兩者重疊之處如何調和,以及Open banking實際運作上,銀行及TPP應採取何種 適當手段以符合個人資料保護法。並藉由回顧奧地利ING-DiBa Direktbank以及德國銀 行產業委員會的兩個案例,探討Open banking概念發展歷程中,對於金融業產品服務 創新以及個人資料保護取得平衡的兩難。最後,本論文以國外Open banking政策及法 制為借鏡,針對我國正在發展的Open banking制度提供建議,使我國銀行與TPP在發 生Open banking相關個人資料保護爭議時,有兼顧消費者保障及責任分擔明確之治理 模式得以遵循。
As information technology develops rapidly, the applications of consumers’ personal data on financial technologies diversify significantly. This has given rise to the value of consumers’ personal data. Banks that used to see their clients’ financial data as classified trade secrets, whether it’s due to regulations or as a result of their business strategies, have also become more willing to share data with third party service providers in order to become a member of the Open banking system. Though Open banking is still in an embryonic stage in most jurisdictions, it has become an emerging global trend in recent years within the Banking industry.
For traditional banks, Open banking brings opportunities for financial innovation, but it also brings about challenges regarding data protection. Open banking introduces more possibilities for innovation of financial products and services. However, this also indicates that banks shall devote themselves to establish information security infrastructure to avoid processing of personal data without client consent or to prevent personal data leakage. These are both problems that may cause irreversible damage to consumers. Customers’ growing awareness of data protection and unclarified responsibilities between banks and TPPs will also hinder the development of the Open banking ecosystem.
The object of this study is to provide strategies given current circumstances that comply with personal data protection law for banks and TPPs. Furthermore, this dissertation also proposes some advice related to personal data protection for the Taiwanese government during the development of Open banking. By reviewing the regulations and the reconciling PSD2 and GDPR, some strategies are made to help clarify the responsibility between banks and TPPs, at the same time enhancing protection of consumers’ data. |
| Reference: | 一、中文文獻
(一)期刊
1.李智仁(2005),日本金融隱私權保障規範之發展--兼論我國面臨之問題與對策,國立中正大學法學集刊,第19期,頁1-70。
2.臧正運(2019),從國際發展趨勢論我國推動開放銀行應有之思考,金融聯合徵信,第34期,2019年6月,頁4-12。
(二)網路資源
1.HKMA,香港銀行業開放API的實施階段,https://www.hkma.gov.hk/chi/key-functions/international-financial-centre/fintech/open-application-programming-interface-api-for-the-banking-sector/phase-approach/ (最後瀏覽日:2019年11月19日)。
2.王宏仁,2019年,「臺灣Open Banking銀行實例:華南銀行」數位轉型從開放銀行做起華南要靠開放API擴大異業結盟,iThome,https://www.ithome.com.tw/news/133685。
3.王宏仁,2019年,【開放銀行特別報導】跨海專訪英國Open Banking推手:英國開放銀行有成,API呼叫破億次觸及99%全英金融市場,iThome, https://www.ithome.com.tw/news/133675。
4.周霈翎,2019年,揭開開放銀行面紗,聯合新聞網, https://udn.com/news/story/6877/3864429。
5.麻布記帳,2019年,首家與20家銀行串接API的金融帳務整合服務誕生,「Moneybook麻布記帳」成功與20家銀行串接API, https://blog.moneybook.com.tw/2019/10/16/%e9%a6%96%e5%ae%b6%e8%88%8720%e5%ae%b6%e9%8a%80%e8%a1%8c%e4%b8%b2%e6%8e%a5api%e7%9a%84%e9%87%91%e8%9e%8d%e5%b8%b3%e5%8b%99%e6%95%b4%e5%90%88%e6%9c%8d%e5%8b%99%e8%aa%95%e7%94%9f%ef%bc%8c%e3%80%8cmoneyb/ 。
二、外文文獻
(一)書籍與專書論文
1.Jelena Madir, 2019. FinTech: Law and Regulation, Cheltenham: Edward Elgar Publishing Limitred.
2.Anna Omarini, 2015. Retail Banking: Business Transformation and Competitive Strategies for the Future. London: Palgrave MacMillan Publishers.
3.Blakstad S. and Allen R., 2018, New Standard Models for Banking. Pp 147- 166 in: FinTech Revolution, edited by Blakstad S. and Allen R., Cham: Palgrave MacMillan Publishers.
4.Ryan Mitchell, 2015, Web Scraping with Python: collecting data from the modern web. CA: O`Reilly Media.
(二)期刊論文
1.Anjan V. Thakor, 2019, Fintech and Banking: What Do We Know, Journal of Financial Intermediation. https://doi.org/10.1016/j.jfi.2019.100833
2.Anna Omarini, 2018, Banks and Fintechs: How to Develop a Digital Open Banking Approach for the Bank’s Future, International Business Research 11(9):23-36.
3.Arner, D. W., Barberis, J., & Buckley, R. P, 2015, The evolution of Fintech: A new post-crisis paradigm, Georgetown Journal of International Law 47:1271-1320.
4.Cortet Mounaim, Rijks Tom & Nijland Shikko, 2016, PSD2: The digital transformation accelerator for banks, Journal of Payments Strategy & Systems 10(1):13-27.
5.Hallam Stevens, 2019, Open data, closed government: Unpacking data.gov.sg, First Monday 24(4).
6.Jeffrey Kenneth Hirschey, 2014, Symbiotic Relationships: Pragmatic Acceptance of Data Scraping, Berkeley Technology Law Journal 29:897-928.
7.Neyer Gene, 2017, ‘Mobile First’ will become ‘API First’ — PSD2: Changing banking as we know it, Journal of Digital Banking 2(2):171-178.
(三)研究報告
1.Basel Committee on Banking Supervision, 2018, Bank for International Settlements, Sound Practices: Implications of Fintech Developments for Banks and Bank Supervisors.
2.Basel Committee on Banking Supervision, 2019, Report on open banking and application programming interfaces.
3.Capgemini & Efma, 2019, World Fintech Report 2019. Retrieve from https://www.capgemini.com/es-es/wp-content/uploads/sites/16/2019/06/World-FinTech-Report-WFTR-2019_Web.pdf
4.Consumers International, 2017, Banking on the Future: An Exploration of Fintech and the Consumer Interest.
5.Financial Stability Board, 2017, Financial Stability Implications from FinTech, Supervisory and Regulatory Issues that Merit Authorities’ Attention.
6.KPMG, 2019, PSD2 and Open Banking: Revolution or evolution.
7.KPMG, 2019, The future of banking Hong Kong Banking Report 2019.
8.PwC, 2018, The future of banking is open - how to seize the Open Banking opportunity.
9.PwC, 2018, What is Fintech.
10.Thomas I. Palley, 2007. Financialization: What It Is and Why It Matters Working Papers wp153, Political Economy Research Institute, University of Massachusetts at Amherst.
(四)司法裁判
1.Case C‑191/17 Bundeskammer für Arbeiter und Angestellte v ING-DiBa Direktbank Austria Niederlassung der ING-DiBa AG, ECLI:EU:C:2018:809.
2.Case C-41/90 Höfner and Elser v Macrotron, ECLI:EU:C:1991:161.
3.Joined Cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others, ECLI:EU:C:2014:238.
4.Joined Cases C-203/15 and C-698/15 Tele2 Sverige AB and Secretary of State for the Home Department, ECLI:EU:C:2016:970.
(五)政府機關文獻
1.ACCC, 2018, CDR Rules Outline.
2.ACCC, 2019, Consumer Data Right Supplementary accreditation guidelines: insurance.
3.ACCC, 2019, CDR draft accreditation guidelines.
4.Article 29 Data Protection Working Party, Guidelines on Consent under Regulation 2016/679.
5.Consumer Financial Protection Bureau, 2017, Consumer Protection Principles: Consumer-Authorized Financial Data Sharing and Aggregation.
6.Council of the European Union, 2019, Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications). Retrieve from https://data.consilium.europa.eu/doc/document/ST-12633-2019-INIT/en/pdf.
7.EBA Working Group on Electronic Alternative Payments, 2016, Understanding the business relevance of Open APIs and Open Banking for banks. Retrieve from https://www.abe-eba.eu/media/azure/production/1522/business-relevance-of-open-apis-and-open-banking-for-banks.pdf
8.European Banking Authority, 2017, Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance or other comparable guarantee under Article 5(4) of Directive (EU) 2015/2366 (PSD2).
9.European Banking Authority, 2018, Opinion of the European Banking Authority on the implementation of the RTS on SCA and CSC.
10.ECN SUBGROUP Banking and Payments, 2012, INFORMATION PAPER ON COMPETITION ENFORCEMENT IN THE PAYMENTS SECTOR. Retrieve from https://ec.europa.eu/competition/sectors/financial_services/information_paper_payments_en.pdf (last visited:2019/11/26).
11.European Banking Authority, 2019, Opinion of the European Banking Authority on the elements of strong customer authentication under PSD2.
12.European Commission, 2013, Proposal for a directive of the European parliament and of the Council on payment services in the internal market and amending Directives 2002/65/EC, 2013/36/UE and 2009/110/EC and repealing Directive 2007/64/EC and Proposal for a Regulation of the European Parliament and of the Council on interchange fees for card-based payment transactions. Retrieve from: https://eur-lex.europa.eu/resource.html?uri=cellar:906ed6d3-f509-11e2-a22e-01aa75ed71a1.0001.04/DOC_2&format=PDF (last visited: 2019/11/27).
13.European Commission, 2019, Frequently Asked Questions: Making electronic payments and online banking safer and easier for consumers.
14.European Data Protection Board, 2018, PSD2 Letter. Retrieve from https://edpb.europa.eu/sites/edpb/files/files/news/psd2_letter_en.pdf (last visited: 2019/11/18).
15.European Data Protection Supervisory, 2014, Guidelines on Data Protection in EU Financial Services Regulation, at 15.
16.HKMA, 2018, Open API Framework for the Hong Kong Banking Sector.
17.JBA Review Committee on Open APIs, 2017, Report of Review Committee on Open APIs: Promoting Open Innovation. Retrieve from : https://www.zenginkyo.or.jp/fileadmin/res/news/news290713_3.pdf (last visited: 2019/11/18 ).
18.MAS &ABS, 2016, Finance-as-a-Service: API Playbook.
19.Murray, 2014, Financial System Inquiry Final Report.
20.OBWG, 2016, Open Banking Standard.
21.ODI & Fingleton Associates, 2014, Data Sharing and Open Data for Banks A report for HM Treasury and Cabinet Office.
22.Open Banking Ltd, 2018, Open Banking Guidelines for Open Data Participants.
23.Open Banking Ltd, 2018, Open Banking Guidelines for Read/Write Participant
24.Open Data Institute, 2016, Introducing the Open Banking Standard: Helping customers, banks and regulators take banking into a truly 21st-century, connected digital economy.
25.Open Data Institute & Fingleton, 2019, Open Banking Preparing for lift off.
26.Productivity Commission, 2017, Data Availability and Use.
27.Professor ian Harper, Peter Anderson, Su Mccluskey & Michael o’Bryan Qc, 2015, Competition Policy Review Final Report.
28.The European Banking Federation, 2016, Guidance for implementation of the revised Payment Services Directive.
29.The parliament of the commonwealth of Australia, 2019, Explanatory memorandum of Treasury Laws Amendment (Consumer Data Right) Bill 2019.
30.The Treasury of Australian government, 2019, Consumer Data Right Overview.
31.The Treasury of Australian government, 2019, Explanatory materials of Treasury Laws Amendment (Consumer Data Right) Bill 2019. Retrieve from https://treasury.gov.au/sites/default/files/2019-06/t364234-explanatory-materials.docx (last visited: 2019/11/20).
32.日本金融庁,2019年,電子決済等代行業者の登録申請時の留意事項等。
33.金融審議会,2016年,金融制度ワーキング・グループ報告 ―オープン・イノベーションに向けた制度整備について―。
34.首相官邸,2019年,産官協議会「FinTech/キャッシュレス化」第1回議事要旨。搜尋自:http://www.kantei.go.jp/jp/singi/keizaisaisei/miraitoshikaigi/sankankyougikai2019/fintech/dai1/gijiyousi.pdf(最後瀏覽日:2019/12/1)。
(六)網路資料
1.Alberto Di Felice, 2019, Study of proposal for an ePrivacy Regulation, https://www.digitaleurope.org/resources/study-of-proposal-for-an-eprivacy-regulation/.
2.Arpan, 2012, Data Scraping vs. Data Crawling, PROMPT CLOUD, https://www.promptcloud.com/blog/data-scraping-vs-data-crawling/.
3.Bird & Bird, 2018, The CJEU provides clarity on the definition of a "payment account", https://www.twobirds.com/en/news/articles/2018/global/the-cjeu-provides-clarity-on-the-definition-of-a-payment-account.
4.Bundeskartellamt, 2016, Restriction of online payment services by German banking industry in violation of competition law, https://www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2016/05_07_2016_Sofort%C3%BCberweisung.html.
5.CMA, 2014, Personal current account and small business banking face full competition investigation, https://www.gov.uk/government/news/personal-current-account-and-small-business-banking-face-full-competition-investigation.
6.CMA, 2016, Retail banking market investigation: overview, https://www.gov.uk/government/publications/retail-banking-market-investigation-overview.
7.Data.gov.sg, https://data.gov.sg/about.
8.DBS, 2017, Reimagining banking, DBS launches world’s largest banking API developer platform, https://www.dbs.com/newsroom/Reimagining_banking_DBS_launches_worlds_largest_banking_API_developer_platform
9.Deloitte, PSD2 and GDPR – Harmony or Dissonance?, https://www2.deloitte.com/cz/en/pages/legal/articles/psd2-a-gdpr-harmonie-ci-disonance.html (last visited: 2019/11/18).
10.EBA, 2018, Consent for the provision of PIS and AIS, https://eba.europa.eu/single-rule-book-qa/-/qna/view/publicId/2018_4309.
11.EBA, 2019, EBA goes live with its central register of payment and electronic money institutions under PSD2, https://eba.europa.eu/eba-goes-live-with-its-central-register-of-payment-and-electronic-money-institutions-under-psd2.
12.Eileen Yu, 2017, Singapore government assures SingPass-MyInfo will stay secure, https://www.zdnet.com/article/singapore-government-assures-singpass-myinfo-will-stay-secure/.
13.European Data Protection Supervisory, The History of the General Data Protection Regulation, https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en# (last visited:2019/11/27).
14.FCA, Account Information & Payment Initiation Service Providers, https://register.fca.org.uk/shpo_searchresultspage?preDefined=AIPISP&TOKEN=3wq1nht7eg7tr (last visited: 2019/11/27).
15.Finextra, 2019, Open Banking vs. Screen Scraping: looking ahead in 2019, https://www.finextra.com/blogposting/16494/open-banking-vs-screen-scraping-looking-ahead-in-2019.
16.Finextra, 2019, Working with Technical Service Providers under PSD2, https://www.finextra.com/blogposting/17686/working-with-technical-service-providers-under-psd2.
17.GDPR Enforcement Tracker, https://www.enforcementtracker.com/.
18.GoCardless, 2017, Screen scraping 101: Who, What, Where, When?, https://openbankinghub.com/screen-scraping-101-who-what-where-when-f83c7bd96712.
19.HKMA, 2019, Open API Framework for the Banking Sector: One year on, https://www.hkma.gov.hk/eng/news-and-media/press-releases/2019/07/20190731-3/#2.
20.Innopay, PSD2 licensing: solving the puzzle of becoming a Third Party Provider, https://www.innopay.com/en/publications/psd2-becoming-a-third-party-provider(last visited: 2019/11/27).
21.John Wagnon, 2013, Web Scraping-DataCollection or Ilegal Activity, DEVCENTRAL, https://devcentral.f5.com/s/articles/web-scraping-data-collection-or-illegal-activity.
22.Kwok Quek Sin, 2019, Inside Singapore’s National Digital Identity programme, https://www.techradar.com/news/inside-singapores-national-digital-identity-programme.
23.Lester Hio, 2017, MyInfo access extended to local businesses, https://www.straitstimes.com/singapore/myinfo-access-extended-to-local-businesses.
24.MAS, Financial Industry API Register, https://www.mas.gov.sg/development/fintech/financial-industry-api-register (last visited:2019/11/19).
25.MAS, Fintech and Innovation Group, https://www.mas.gov.sg/who-we-are/Organisation-Structure/Fintech-and-Innovation (last visited: 2019/11/12).
26.Niels Vandezande, 2019, Reconciling Consent in PSD2 and GDPR, https://thepaypers.com/expert-opinion/reconciling-consent-in-psd2-and-gdpr/777976.
27.Norman T.L. Chan, 2017, A New Era of Smart Banking, https://www.hkma.gov.hk/eng/news-and-media/speeches/2017/09/20170929-1.
28.Open Banking Ltd, About us, https://www.openbanking.org.uk/about-us/ (last visited: 2019/11/5).
29.Open Banking Ltd, Open Banking APIs Performance, https://www.openbanking.org.uk/providers/account-providers/api-performance/ (last visited: 2019/11/11).
30.Open Banking Ltd, Website Glossary, https://www.openbanking.org.uk/about-us/glossary/ (last visited: 2019/11/11).
31.Open Banking Ltd, What is Open Banking? , https://www.openbanking.org.uk/customers/what-is-open-banking/ (last visited: 2019/11/11).
32.Open Data Institute, About the ODI, https://theodi.org/about-the-odi/ (last visited: 2019/11/5).
33.Open Data Institute, Projects and services, https://theodi.org/project/open-banking-setting-a-standard-and-enabling-innovation/ (last visited: 2019/11/5).
34.Orenstein D., 2000, Quick Study: Application Programming Interface (API). https://www.computerworld.com/article/2593623/application-programming-interface.html
35.Sean Creehan and Paul Tierno, 2019, The Slow Introduction of Open Banking and APIs in Japan, https://www.frbsf.org/banking/asia-program/pacific-exchanges-podcast/open-banking-apis-japan/.
36.Sing Pass, About us, https://www.singpass.gov.sg/singpass/common/aboutus.
37.Smart Nation Singapore, 2014, Transcript of speech by speech by prime minister Lee Hsien Loong at smart nation launch, https://www.smartnation.sg/whats-new/speeches/smart-nation-launch/.
38.STET, PSD2 API V1.4, https://www.stet.eu/en/psd2/.
39.The Berlin Group, https://www.berlin-group.org/psd2-access-to-bank-accounts.
40.The finance, 2017, 改正銀行法で何が変わる? オープンAPIとFinTechの推進, https://thefinance.jp/law/170906.
41.The Treasury of Australian government, Consumer Data Right, https://treasury.gov.au/consumer-data-right.
42.日本金融庁,2019,電子決済等代行業を営むみなさまへ,https://www.fsa.go.jp/common/shinsei/dendai/index.html。 |
| Description: | 碩士
國立政治大學
科技管理與智慧財產研究所
106364218 |
| Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0106364218 |
| Data Type: | thesis |
| DOI: | 10.6814/NCCU202000212 |
| Appears in Collections: | [科技管理與智慧財產研究所] 學位論文
|
Files in This Item:
| File |
Size | Format | |
|---|
| 421801.pdf | 2363Kb | Adobe PDF2 | 260 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|
