The new era of internet has not only changed the frequency and the habit of using internet, but also transformed the marketing model of the large-scale companies which provide internet-related services, such as Facebook and Google. In order to offer more efficient targeted advertising service, it is indispensable for the companies to collect personal data and tracking online behavior of users. However, when the companies use different techniques to collect, process or make use of the personal data, the information they provide for the users are not suffient to let users know the risk of providing personal data. It is the problem of “transparency”. After obtaining personal data, it will face the problems such as “Can users withdraw their consent?” or “Do users have rights or means to take control of their own personal data?. The problems bring about the phenomenon of information asymmetries and unequal status between network company and their users. Therefore, it is necessary to reassess the regulatory framework of data protection law in order to keep pace with the development of technology. In this regard, the European Union enact a new regulation on data protection, and also has other directives to protect information privacy. Unlike the data protection law in Taiwan, the European Union has a customized directive to regulate elaborately about cookies and similar technologies which collect personal information from users. In addition, EU data protection law not only sets a high standard for the modalities and the contents of providing information of processing, but also notices the problem of consent fatigue. Additionally, in the field of “data control”, EU data protection law stipulates a chapter about the rights of data subject, such as right to erasure, right to data portability, right to object and right to withdraw one’s consent，all with correspondent conditions in detail. The way European Union deal with the transparency and data control is worthy of emulation for Taiwan. This thesis compares data protection law in European Union with Taiwan when confronting e-commerce issues on the network platform, and has several suggestions on the data protection law in Taiwan. First of all, make sure cookies and similar technologies be included in the scope of data protection law. Secondly, reinforce the requirements of providing processing information from data controller. Thirdly, strengthen the right to withdraw consent and other rights for data subject to take back their control of personal data. Lastly, harsh punishments and other complementary measures like EU may also be necessary. This thesis hopes that the suggestions mentioned above can provide some directions for the amendments of Taiwan’s data protection law in the future and build up an adequate privacy protection system.