摘要
网际网路改变个人资料流通方式,不再轻易受限於地理疆界,个人资料跨国传递已成很平常的现象。惟个人资料蒐集者(公务或非公务机关)无论出於商业、科技或国家安全的动机而为国际传递时,将面临前所未有的法律考验。因不少的国家或区域组织纷纷制定个人资料保护法规,甚至限制个人资料的跨国传递,而标准不一的各种个人资料保护法规阻碍企业或政府跨国处理个人资料的自由。数位化个人资料的流通具有全球化特性,已非单纯依靠国家内部管辖权便可解决。即使在国际层面上,以单边性或双边性措施亦难以完全有效地因应,甚至区域性国家结盟虽藉由立法(如欧盟资料保护指令)排除会员国间个人资料流通的障碍,但当个人资料流通至非会员国时,仍须藉由「资料禁运」的单边性措施来推销其较高的个人资料保护标准,惟采纳的国家数量终究极其有限,尚不足以完全因应个人资料保护议题全球化的新趋势。本文建议,为了彻底解决各国规范不一致而妨碍个人资料流通,惟有利用现有「信赖标志」产业的自律规范方式或透过全球性多边组织(如WTO)而建立一套适用於全球的个人资料保护标准,以降低跨国营运业务的法规遵守成本及确保个人资料的自由流通。
As the internet changes the method of personal information flow, it is not easily bound by geographic borders. The transborder transfer of personal information is a common phenomenon. However, conducting the transborder transfer of personal information for business, technological or national security purpose, information collectors, including government agencies and corporations, will face unprecedented legal challenges. A number of nations and regional organizations adopt laws to protect personal information and even to restrict the international transmission of personal information. As a consequence, the inconsistence of various information privacy protection levels hinders the free flow of personal information.The nature of the flow of digitalized personal information is inherently global. The issues arose from its transborder flow could not be solely resolved by one domestic jurisdiction. At the international level, unilateral or bilateral efforts are not sufficient. Although a regional alliance could remove the obstacles of personal information flow by enacting a law, such as the EU Data Protection Directive, to establish an unified standard of personal information protection, it still has to adopt unilateral efforts to promote its higher level of privacy by the threat of ”information embargo” when personal information is transferred to third countries. However, the number of third countries adopting the higher level of personal information protection is quite limited and, thus, the issues of personal information global flows can not be fully resolved by this approach.To overcome the hindrance of personal information flow due to the inconsistence of various information privacy laws, this paper suggests to establish a global unified standard of personal information protection under multilateral organizations, such as WTO, or the self-regulation mechanism of the existing trustmark industry.
