中文摘要 2011 年,我國通過新修正之個人資料保護法,敏感性個人資料規範在第六條,為有關醫療、基因、健康檢查、性生活與犯罪前科之個人資料。原則上不得蒐集、處理或利用,但規定四種例外情形下始得處理敏感性個人資料。 我國仿照歐盟指令,將個人資料分為一般性與敏感性。敏感性個人資料因其資料特殊性,不當蒐集、處理或利用容易侵害個人資訊隱私,但現行各款規定並未將當事人同意和維護公共利益列為例外條款,對敏感性個人資料之保護尚有不足。 在判斷敏感性個人資料之標準,以介紹兩個英國判決的方式來討論認定標準,並說明維護公共利益原則之重要性。
abstract Sensitive personal data is a sub-set of personal information and is given a higher level of protection under Personal Information Protection Act (PIPA) Art. 6(1). The definition of Sensitive personal data in the PIPA refers to information about an individual’s: medical treatment, genetic information, sexual life, health examination and criminal record. PIPA follows European Union that the personal data is divided into general data and sensitive data. PIPA prohibits government agency or non-government agency from collecting, processing and using sensitive personal data unless at least one of the conditions (exemption) set out in Art. 6(1) is fulfilled. Art. 6(1) should include “data subject’s informed consent” and “public interest “as exceptions for processing sensitive personal data. We study two U.K. judicial cases with respect to protecting sensitive personal data.