Title: | 被遺忘權與資料留存的悖論—以區塊鏈技術為中心 The Paradox of ‘the Right to be Forgotten’ and ‘Data Retention’: A focus on Blockchain Technology |
Authors: | 林宛誼 Lin, Wan-Yi |
Contributors: | 鄭菀瓊 Cheng, Wan-Chiung 林宛誼 Lin, Wan-Yi |
Keywords: | 區塊鏈 側鏈 一般資料保護規範 個人資料保護 隱私權 刪除權 被遺忘權 Blockchain Sidechain General Data Protection Regulation(GDPR) Personal information protection The Right of privacy The right to erasure The right to be forgotten(RtbF) |
Date: | 2021 |
Abstract: | 生物辨識技術及資訊科技的提升使數位足跡逐漸與個人身分合一,個人資料保護議題中被遺忘權(The right to be forgotten,RtbF)以及其下所關連之刪除權(The right to erasure)、刪除連結權(The right to de-listing)議題已受到多國重視;然而在實務運用中,資料留存基於產業分析、復盤、稽核、偵測、控管、舉證、法遵等原因,仍扮演舉足輕重的角色;兩者間的拮抗關係應如何取得衡平,值得研究。
被遺忘權概念可回溯自二戰時期,各國也逐步肯認其權利地位,其中,歐盟於1995年所制定的個人資料保護綱領(Data Protection Directive),及2016年所通過取代前述規範的一般資料保護規範(General Data Protection Regulation,GDPR)因具備高度監理性質及域外效力,而深刻影響其他國家對個人資料保護的立法趨勢。本研究將以歐盟、美國、中國、我國之法規及實務進行分析。
綜上,在巨量資料、高度重視個人資料安全的時代,企業如何在發展區塊鏈商業運用時確保被遺忘權合規將成為重要課題。而先前研究多建議採用「脫鏈儲存方式」解套;惟本研究以為,「脫鏈儲存」無法根本性處理此悖論問題,且此法將無法完整發揮區塊鏈優勢。故本研究嘗試以區塊鏈的「側鏈技術」作為悖論的解方,盼能為區塊鏈架構人員及企業(尤指易被認定為資料控管者(data controller)之類型)內部法遵人員及行銷人員提供建議。 As biometrics and information technology advancements gradually integrate digital footprints with individual identities, the right to be forgotten (RtbF) and its associated rights such as the right to erasure or the right to de-listing, have received significant attention among many countries. Yet, data retention still plays a crucial role in practice for industrial analysis, retrieval, auditing, detection, control, prosecution, and legal compliance reasons. How to balance the antagonistic relationship between the two is worth studying.
The decentralized ledger and the consensus mechanism have given blockchain technology a decentralized, hardly manipulate, and a high degree of transparency characteristic, thereby greatly contributing to the data retention of digital evidence. Consequently, the application of blockchain technology raises the concern that it may be incompatible with data protection, particularly concerning the right to be forgotten and cross-border transmission issues.
The concept of the right to be forgotten can be traced back to the WWII Era and has been progressively recognized as a right in different countries. The European Union General Data Protection Regulation (GDPR), which was adopted in 2016, has profoundly influenced the development of legislation on personal data protection by other countries owing to its extraterritorial effects. In this study, we will analyze the legal regulations as well as legal practices of the EU, the US, China, and Taiwan.
In sum, in the era of big data and heightened emphasis on personal data protection, it will be a crucial issue for enterprises to ensure oblivion compliance while developing commercial applications of the blockchain. Earlier studies have proposed the adoption of "off-chain storage" to solve this paradox, whereas, in this study, we believe that "off-chain storage" fails to fundamentally solve the paradox, nor can it fully exploit the strengths of blockchain. Hence, this study attempts to solve the paradox by considering the "sidechain technology" of the blockchain, with the hope of offering suggestions to both blockchain architects and in-house legal practitioners as well as marketing staff of enterprises (particularly of the type that would be considered as data controllers). |
Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0108364215 |
DOI: | 10.6814/NCCU202101487 |
