Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/134191
|
Title: | 台灣創業生態系之個人資料管理與法遵議題 Personal Data Management and Legal Compliance Issue of Taiwan Entrepreneurial Ecosystem |
Authors: | 黃炳曄 Huang, Bing-Yeh |
Contributors: | 鄭至甫 Jeng, Jyh-Fu 黃炳曄 Huang, Bing-Yeh |
Keywords: | 新創 創業 生態系 歐盟 個資 法遵 台灣 GDPR personal data startup start-up entrepreneurial ecosystem compliance Taiwan |
Date: | 2021 |
Issue Date: | 2021-03-02 14:53:29 (UTC+8) |
Abstract: | 在巨量資料的時代裡,企業運用資料來進行分析以及驅動人工智慧模型來進行決策,藉以獲得豐厚的商業利潤。其中,個人資料所蘊含的商業價值更讓人無法忽視。因此,企業透過各種不同的手段來蒐集並使用個人資料,卻因此造成隱私權受侵害的事件不斷發生。有鑑於此,歐盟在2016年頒布了GDPR,並於2018年開始實施,藉此規範了企業使用個人資料的方式。台灣為了接軌國際,預計以GDPR作為基礎來對個人資料保護法進行修法。由於GDPR包含了為數眾多地新的個人資料使用概念,因此勢必對台灣之商業環境造成衝擊,尤其是台灣創業生態系將首當其衝。 本研究旨在探討台灣創業生態系之個人資料管理與法遵議題,因此必須先檢視台灣創業生態系現行個人資料管理與法遵之現況,並再以未來台灣個人資料保護法將類比GDPR規格之修法前提下,探討台灣創業生態系之應對與調整。為了達到前述研究目的,本研究透過深度訪談法對台灣創業生態系的不同角色進行訪問,並且依據訪談結果與次級資料提出台灣創業生態系應對之策。 首先,本研究發現,新創公司在包含知情同意以及資料安全性等方面的法遵措施的投入程度皆與新創公司的規模以及其蒐用資料的方式有關,並且遵循一法遵成長脈絡。此外,台灣創業生態系不同角色在個人資料管理與法遵議題上對新創公司的協助相當有限。 接著,本研究透過分析GDPR與現行個人資料保護法的差異,並整理出法規遵循上的先後順序,藉此提供新創公司法遵上的建議。 最後,本研究依據對台灣創業生態系的了解以及法規分析,對創業生態系提出關於去識別化與跨領域教育等方面之建議。如此一來,新創公司才能提早進行法遵,並有效節省法遵成本。另外,雖然仍有像是刪除權與兒童隱私保護等難以遵循之規定,但合規輔助者的出現,可望解決這些難解之題,並成為創新的契機。 In the age of big data, enterprises utilize data analytics and artificial intelligence models to make important decisions, thereby obtaining great commercial profits. Especially, the commercial value brought by personal data is significant. Enterprise collects and uses personal data with a variety of methods, this has however resulted in frequent violations of privacy. In view of this, GDPR, the regulation to restrict enterprise’s personal data usage, was adopted in 2016 and became enforceable beginning in 2018. In order to connect with the world, the Taiwan government is expected to amend the personal data protection law based on GDPR. As GDPR contains various new concepts in the use of personal data, it is bound to have an impact on Taiwan business environment, especially on the Taiwan entrepreneurial ecosystem will bear the brunt. This research aimed to discuss the personal data management and legal compliance issue of Taiwan entrepreneurial ecosystem. Therefore, it is necessary to review the current situation of personal data management and legal compliance in Taiwan entrepreneurial ecosystem, and then discuss Taiwan entrepreneurial ecosystem’s response and adjustment to the future change of Taiwan new personal data protection law when it amended in accordance with GDPR. In order to achieve the aforementioned purposes of research, this research conducted in-depth interviews on different roles in Taiwan entrepreneurial ecosystem, based on the interview results and secondary data, this research proposed countermeasures for Taiwan entrepreneurial ecosystem. Firstly, this research found that the legal compliance investment (including informed consent and data security) of startup companies are related to the scale of startup companies and the way they process personal data, startup companies also follow a certain law-compliance growth path. In addition, with regard to personal data management and legal compliance issue, the current assistance provided by different roles in Taiwan entrepreneurial ecosystem is still limited. Next, this research analyzed the differences between GDPR and the current Taiwan personal data protection law, and points out the priority when complying regulation, for startup companies. Finally, based on the understanding of Taiwan entrepreneurial ecosystem and legal analysis, this research puts forward suggestions on de-identification and interdisciplinary education for the entrepreneurial ecosystem. Thus, startup companies can implement legal compliance earlier and save legal compliance costs effectively. In addition, although there are still difficult-to-compliance regulations such as the right to delete and the protection of children`s privacy, the emergence of Compliance Supporter is expected to solve these difficult problems and become an opportunity for innovation. |
Reference: | 英文文獻 Acs, Z. J., Stam, E., Audretsch, D. B., & O’Connor, A. (2017). The lineages of the entrepreneurial ecosystem approach. Small Business Economics, 49(1), 1-10. doi:10.1007/s11187-017-9864-8 Adner, R. (2016). Ecosystem as Structure: An Actionable Construct for Strategy. Journal of Management, 43(1), 39-58. doi:10.1177/0149206316678451 Grow Advisors. (2017). The Startup Ecosystem White Paper. Retrieved from: https://www.startupcommons.org/download-documents.html Alm, J. G. (2015). The Privacies of Life: Automatic License Plate Recognition in Unconstitutional under the Mosaic Theory of Fourth Amendment Privacy Law. HAmLINE L. REv., 38, 127. Basin, D., Debois, S., & Hildebrandt, T. (2018). On Purpose and by Necessity: Compliance Under the GDPR, Berlin, Heidelberg: Springer. Blank, S., & Dorf, B. (2012). The startup owner`s manual: The step-by-step guide for building a great company, U.S, Hoboken: John Wiley & Sons. Bosma, N., Acs, Z. J., Autio, E., Coduras, A., & Levie, J. (2008). Global entrepreneurship monitor executive report. Santiago, London: Babson Park. Boyce, C., & Neale, P. (2006).Conducting in-depth interviews: A guide for designing andconducting in-depth interviews for evaluation input. Pathfinder International Watertown, MA. Cadwalladr, C., & Graham-Harrison, E. (2018, Mar 17). Revealed: 50 million facebook profiles harvested for cambridge analytica in major data breach. The Observer Retrieved from: https://login.autorpa.lib.nccu.edu.tw/login?url=https://www.proquest.com/newspapers/revealed-50-million-facebook-profiles-harvested/docview/2014573719/se-2?accountid=10067 Cavoukian, A. (2009). Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada, 5. Chou, C.-f., & Shy, O. (1990). Network effects without network externalities. International Journal of Industrial Organization, 8(2), 259-270. Clement, J. (2019). Number of monthly active Facebook users worldwide as of 4th quarter 2019. Retrieved from: https://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/ Carter, N., Bryant-Lukosius, D., DiCenso, A., Blythe, J., & Neville, A. J. (2014). The use of triangulation in qualitative research. Oncology nursing forum, 41(5), 545-547. doi:10.1188/14.onf.545-547 Cormack, A. (2020). An Introduction to the GDPR. IDPro Body of Knowledge, 1(1). Crabtree, B. F., & Miller, W. L. (1992). Doing qualitative research. Paper presented at the Annual North American Primary Care Research Group Meeting, 19th, May, 1989, Quebec, PQ, Canada. Crabtree, B. F., & Miller, W. L. (1999). Doing Qualitative Research, 2d Edition. Newbury Park,CA: Sage Publications. Creswell, J. W., & Creswell, J. D. (2017). Research design: Qualitative, quantitative, and mixed methods approaches Newbury Park,CA: Sage Publications. Dempwolf, C. S., Auer, J., & D’Ippolito, M. (2014). Innovation accelerators: Defining characteristics among startup assistance organizations. Small Business Administration, Retrieved from: https://www.sba.gov/ Denzin, N. (1970). Strategies of multiple triangulation. The Rresearch Act In Sociology: A Theoretical Iintroduction To Sociological Method, 297(1970), 313. Denzin, N. K. (1978). Triangulation: A case for methodological evaluation and combination. Sociological Methods, pp. 339-357. Evans, D. S., Schmalensee, R., Noel, M. D., Chang, H. H., & Garcia‐Swartz, D. D. (2011). Platform Economics: Essays on Multi‐Sided Businesses. In D. S. Evans (Ed.), Competition Policy International. Available at SSRN: https://ssrn.com/abstract=1974020. European Commission. (2018a). Who does the data protection law apply to? Retrieved from :https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en European Commission. (2018b). Does my company/organisation need to have a Data Protection Officer (DPO)? Retrieved from: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/data-protection-officers/does-my-company-organisation-need-have-data-protection-officer-dpo_en Fan, Z., & Gupta, A. (2018). The Dangers of Digital Protectionism. Retrieved from Harvard Business Review website: https://hbr.org/2018/08/the-dangers-of-digital-protectionism Farboodi, M., Mihet, R., Philippon, T., & Veldkamp, L. (2019). Big data and firm dynamics. Paper presented at the AEA papers and proceedings. Feld, B. (2020). Startup communities: Building an entrepreneurial ecosystem in your city ,U.S, Hoboken: John Wiley & Sons. Freitas, M. D. C., & Mira da Silva, M. (2018). GDPR Compliance in SMEs: There is much to be done. Journal of Information Systems Engineering & Management, 3(4), 30. Gapper, J. (2016). LinkedIn Swaps Business Cards with Microsoft. Financial Times, 15. Gartner. (2017). Gartner Says Organizations Are Unprepared for the 2018 European Data Protection Regulation. Retrieved from: https://www.gartner.com/en/newsroom/press-releases/2017-05-03-gartner-says-organizations-are-unprepared-for-the-2018-european-data-protection-regulation Goddard, M. (2017). The EU General Data Protection Regulation (GDPR): European regulation that has a global impact. International Journal of Market Research, 59(6), 703-705. Graham, P. (2012). Startup= growth. Retrieved from: http://www.paulgraham.com/growth.html Grilo, A., Águeda, A., Zutshi, A., & Nodehi, T. (2017). Relationship between investors and european startup ecosystems builders. Paper presented at the 2017 International Conference on Engineering, Technology and Innovation (ICE/ITMC). Herrington, M., Kew, J., Kew, P., & Monitor, G. E. (2010). Tracking entrepreneurship in South Africa: A GEM perspective . South Africa: Graduate School of Business, University of Cape Town. Hintze, M., & LaFever, G. (2017). Meeting Upcoming GDPR Requirements While Maximizing the Full Value of Data Analytics. Available at SSRN 2927540. Holvast, J. (2007). 27 - History of privacy. In K. D. Leeuw & J. Bergstra (Eds.), The History of Information Security (pp. 737-769). Amsterdam: Elsevier Science B.V. Iansiti, M., & Levien, R. (2004). Strategy as ecology. Harvard business review, 82(3), 68-78. Isaak, J., & Hanna, M. J. (2018). User data privacy: Facebook, Cambridge Analytica, and privacy protection. Computer, 51(8), 56-59. Jia, J., Jin, G. Z., & Wagman, L. (2018). The short-run effects of gdpr on technology venture investment (No. w25248). National Bureau of Economic Research. Jiao, Y., Wang, P., Niyato, D., Alsheikh, M. A., & Feng, S. (2017). Profit maximization auction and data management in big data markets. Paper presented at the 2017 IEEE Wireless Communications and Networking Conference (WCNC). Jones, C. (2019). France issues Google with the heaviest GDPR fine to date. IT Pro. Retrieved from: https://www.itpro.co.uk/general-data-protection-regulation-gdpr/32811/france-issues-google-with-the-heaviest-gdpr-fine-to Khwaja, M., & Matic, A. (2019). Personality Is Revealed During Weekends: Towards Data Minimisation for Smartphone Based Personality Classification, Springer International Publishing. 551-560. Kirchhoff, B. A., & Phillips, B. D. (1988). The effect of firm formation and growth on job creation in the United States. Journal of business venturing., 3(4), 261-272. doi:10.1016/0883-9026(88)90008-0 Konczal, J. (2012). Evaluating the effects of accelerators? Not so fast. Forbes 2012 [cited Aug 8 2012]. Laney, D. (2001). 3D Data Management: Controlling Data Volume, Velocity, and Variety . META Group . Layton, R., & Elaluf-Calderwood, S. (2019, November). A Social Economic Analysis of the Impact of GDPR on Security and Privacy Practices. In 2019 12th CMI Conference on Cybersecurity and Privacy (CMI) (pp. 1-6). IEEE. Lievens, E., & Milkaite, I. (2017). Age of consent in the GDPR: updated mapping of recent national guidance and proposals. Better Internet for Kids. Love, H. (2016). The Start-Up J Curve: The Six Steps to Entrepreneurial Success: Greenleaf Book Group. Machuletz, D., & Böhme, R. (2020). Multiple purposes, multiple problems: A user study of consent dialogs after GDPR. Proceedings on Privacy Enhancing Technologies, 2020(2), 481-498. Markman, G. D., Phan, P. H., Balkin, D. B., & Gianiodis, P. T. (2005). Entrepreneurship and university-based technology transfer. Journal of Business Venturing, 20(2), 241-263. Marr, B. (2017). Data strategy: How to profit from a world of big data, analytics and the internet of things: Kogan Page Publishers. Martin, N., Matt, C., Niebel, C., & Blind, K. (2019). How Data Protection Regulation Affects Startup Innovation. Information Systems Frontiers, 21(6), 1307-1324. doi:10.1007/s10796-019-09974-2 Mason, C., & Brown, R. (2014). Entrepreneurial ecosystems and growth oriented entrepreneurship. Final report to OECD, Paris, 30(1), 77-102. Mourby, M., Mackey, E., Elliot, M., Gowans, H., Wallace, S. E., Bell, J., & Kaye, J. (2018). Are ‘pseudonymised’data always personal data? Implications of the GDPR for administrative data research in the UK. Computer Law & Security Review, 34(2), 222-233. Neumann, J. (2019 ). A Taxonomy of Moats. Retrieved from: http://reactionwheel.net/2019/09/a-taxonomy-of-moats.html Polit, D., & Beck, C. (2012). Essentials of nursing research. Ethics, 23(2), 145-160. Politou, E., Alepis, E., & Patsakis, C. (2018). Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions. Journal of Cybersecurity, 4(1), tyy001. Porter, M. E. (1991, Apr 1991). America`s Green Strategy. Scientific American, 264, 168. Porter, M. E., & Van der Linde, C. (1995). Toward a new conception of the environment-competitiveness relationship. Journal of Economic Perspectives, 9(4), 97-118. Provost, F., & Fawcett, T. (2013). Data science and its relationship to big data and data-driven decision making. Big Data, 1(1), 51-59. Punch, K. F. (2013). Introduction to social research: Quantitative and qualitative approaches: sage. Radinsky, K. (2015). Data monopolists like Google are threatening the economy. Harvard Business Review, Retrieved from: https://hbr.org/2015/03/data-monopolists-like-google-are-threatening-the-economy Robehmed, N. (2013). What is a Startup. Forbes, Retrieved from: https://www.forbes.com/sites/natalierobehmed/2013/12/16/what-is-a-startup/?sh=abec67840440 Schumpeter, J. A. (1955). The theory of economic development : an inquiry into profits, capital, credit, interest, and the business cycle / by Joseph A. Schumpeter. Massachusetts: Harvard University Press. Shah, A., Banakar, V., Shastri, S., Wasserman, M., & Chidambaram, V. (2019). Analyzing the Impact of {GDPR} on Storage Systems. Paper presented at the 11th {USENIX} Workshop on Hot Topics in Storage and File Systems (HotStorage 19). Siteimprove. (2019). GDPR Doesn`t Only Protect EU Citizens - Who Does GDPR Affect? Retrieved from: https://siteimprove.com/en/gdpr/who-gdpr-affects-and-whose-data-is-protected/ Song, A. K. (2019). The Digital Entrepreneurial Ecosystem—a critique and reconfiguration. Small Business Economics, 53(3), 569-590. Spacey, J. (2016). Data Security vs Information Security. Retrieved from: https://simplicable.com/new/data-security-vs-information-security Stake, R. E. (1995). The art of case study research: sage. Startup Genome. (2019). Global startup ecosystem report 2019. Retrieved from: https://startupgenome.com/gser2019 Startup Genome. (2020). Global startup ecosystem report 2020. Retrieved from: https://startupgenome.com/gser2020 Subrahmanya, M. H. B. (2017). Comparing the entrepreneurial ecosystems for technology startups in Bangalore and Hyderabad, India. Technology Innovation Management Review, 7(7), 47–62. The Economist (2017). The world’s most valuable resource is no longer oil, but data. The Economist: New York, NY, USA. Trendall, S. (2019, 2019 Jul 09). ICO slaps record £183m fine on British Airways for GDPR breach. Public Technology. Voss, W. G. (2020). Airline Commercial Use of EU Personal Data in the Context of the GDPR, British Airways and Schrems II. British Airways and Schrems II (September 30, 2020), 19(2). Yin, R. (2003). Designing case studies. Qualitative Research Methods, 359-386. Zarsky, T. Z. (2016). Incompatible: the GDPR in the age of big data. Seton Hall Law Review., 47, 995-1020.
中文文獻 Mayer-Schönberger, V., & Cukier, K. (2013)。大數據: 「數位革命」之後,「資料革命」登場: 巨量資料掀起生活、工作和思考方式的全面革新。台北:天下遠見出版。 Ryan,什麼是孵化器(Incubator)/加速器(Accelerator)?硬塞科技字典,上網日期2016年07月21日,檢自:https://www.inside.com.tw/article/6694-what-is-incubator-accelerator 羅凱揚&蘇宇暉,有效提昇決策品質─資料導向決策,上網日期2018年06月22日,檢自:https://medium.com/marketingdatascience/%E8%B3%87%E6%96%99%E5%B0%8E%E5%90%91%E6%B1%BA%E7%AD%96-data-driven-decision-making-73cdd3581092 李為, (2015)。德國生態環境保護的觀察與思考(簡體中文)。科學與管理,35(02),55-59。 Jonathan Tepper&Denise Hearn,(2020)。競爭之死:高度壟斷的資本主義,是延誤創新、壓低工資、拉大貧富差距的元凶。吳慧珍、曹嬿恆譯 (初版 ed.)。台北市:麥田出版。 林于蘅,台歐27日三度協商GDPR認定 國發會:個資法勢必修法,上網日期2019年01月26日,檢自:https://udn.com/news/story/7238/4188419 阿文哥,【台灣軟體人看世界 #1】少了軟體的科技之島,上網日期2017年01月23日, 檢自:https://blog.gaaiho.com/2017/01/1.html 范姜真媺, (2013)。 個人資料保護法關於「個人資料」保護範圍之檢討. [Personal Data Protection Act Applies to the Scope of Personal Data],東海大學法學研究(41),91-123。 徐仕瑋,(2014)。個資法所保護個人資料之範圍界定--評臺灣臺北地方法院一○三年度北小字第一三六○號小額民事判決。月旦裁判時報, 總號:30,, 123-138。 常紀文 & 尹立霞,霧霾治理的國際經驗(簡體中文) ,上網日期2016年06月09日,檢自:http://huanbao.bjx.com.cn/news/20160616/743006-2.shtml 張陳弘,(2016)。個人資料之認定-個人資料保護法適用之啟動閥。法令月刊, 67(5),67-101。 張陳弘& 莊植寧,(2019)。新時代之個人資料保護法制:歐盟GDPR與臺灣個人資料保護法的比較說明 (李啟琳 Ed. 1st ed.)。台北市:新學林出版股份有限公司。 陳君毅,巨頭聯手!Facebook、Google、微軟要將個人資料所有權還給使用者,上網日期2018年07月23日,檢自:https://www.bnext.com.tw/article/49966/the-data-transfer-project 鈕文英, (2012)。 質性硏究方法與論文寫作 (初版 ed.), 臺北市: 雙葉書廊. 蕭佑和,【新創融資】種子輪、天使輪、A輪、B輪、C輪,你都弄懂了嗎. 大和有話說,上網日期2018年12月02日,檢自:https://dahetalk.com/2018/12/02/%E3%80%90%E6%96%B0%E5%89%B5%E8%9E%8D%E8%B3%87%E3%80%91%E7%A8%AE%E5%AD%90%E8%BC%AA%E3%80%81%E5%A4%A9%E4%BD%BF%E8%BC%AA%E3%80%81a%E8%BC%AA%E3%80%81b%E8%BC%AA%E3%80%81c%E8%BC%AA%EF%BC%8C%E4%BD%A0/ 唐子晴,當區塊鏈遇上GDPR,相愛或相殺?,上網日期2018年08月13日,檢自:https://www.bnext.com.tw/article/50219/when-blockchain-meet-gdpr |
Description: | 碩士 國立政治大學 科技管理與智慧財產研究所 107364119 |
Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0107364119 |
Data Type: | thesis |
DOI: | 10.6814/NCCU202100235 |
Appears in Collections: | [科技管理與智慧財產研究所] 學位論文
|
Files in This Item:
File |
Description |
Size | Format | |
411901.pdf | | 4919Kb | Adobe PDF2 | 0 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|