我國行政院於民國99 年核定「雲端運算產業發展方案」後,便陸續推動政府各部門之雲端運算計畫。在預定建置之12 種政府雲中,衛生福利部於民國104 年提出「健康雲跨領域研究」計畫,期將現有全民健保資料與雲端運算技術結合,藉以做為我國未來醫療決策之科學依據。惟探究臺北高等行政法院判決後可知,健保署究竟能否將蒐集之全民健保資料釋出供第三人為原始蒐集目的以外之利用,恐將成為政府日後倘欲建置健康雲端資料庫時首要面臨之法律爭議。本文以為,此爭議除應遵循大法官於相關釋字所揭櫫憲法保障個人資訊自主權之精神外,亦應考量我國個人資料保護法之修法目的與評估雲端運算技術可能對現行個人資料保護法所造成之衝擊。據此,本文將由解析歐盟、英國與美國等立法例對「雲端運算」與「個人資料」之定義出發,進而評估雲端運算技術可能對個人資料以及隱私權所帶來之風險,並藉由各國立法例採取之應對措施反思我國現行個人資料保護法於未來擬建置雲端資料庫時,是否仍能同時兼顧公共利益與隱私權(特別是個人資訊自主權)之保障。
The Taiwanese government has recently promoted the adoption of cloud services in its government agencies since the Executive Yuan (Cabinet) approved its "Cloud Computing Industrial Development Plan" in 2010. Among the twelve government’s proposed cloud service schemes, the "Health Cloud Project", which has been initiated and funded by the Ministry of Health and Welfare since 2015, aims at applying cloud computing techniques to the National Health Insurance Database to help improve health care delivery. By analyzing the Taipei High Administrative Court’s judgments, this paper argues that whether the National Health Insurance Bureau is entitled to release its national health insurance data to third parties for the purpose of secondary use is not without controversy. It further pinpoints that in addition to recognizing information autonomy, which has been proposed by the Grand Justices’ constitutional interpretation, as well as considering the legislative purpose of the revision of the Personal Data Protection Act in Taiwan, there is a need to re-evaluate the challenges that cloud computing techniques could have brought to the implementation of the Personal Data Protection Act. This article adopts a comparative legal perspective to analyze different rules and governance frameworks implemented by the EU, UK and the US in their various definitions of personal data and the regulation of risks associated with applying cloud computing techniques to personal data. It plans to reflect an adequate way to address the balance of individual privacy and public interest, especially the protection of personal and information autonomy that the government in Taiwan shall take into consideration for its cloud computing application.