社群行銷所涉之資料共同控管者責任－以歐盟規範為中心

近年來社群媒體已深入大眾日常生活，人們透過社群媒體與他人溝通交流，取得最新資訊或消費購物。而社群媒體也以勢不可擋之姿，在網路世界中突破地域限制地快速成長，並不斷推出各種個人化及適性化服務。然而，社群媒體之所以能夠提供適性化服務，很多時候是基於大量蒐集分析用戶的個人資料。為有效管理社群媒體的個人資料蒐集、處理與利用情況，歐盟近年來陸續透過官方文件解釋，擴大資料控管者及資料共同控管者範圍，賦予社群媒體及其平台上的商業使用者，更明確的個資保護責任。本文藉由爬梳近年來歐盟個資法相關文件，嘗試釐清透過社群媒體行銷者，被賦予個資保護責任及相關立論。提供此議題上的歐盟法制趨勢觀察，及目前可能的因應之道。

關鍵字

個資保護；社群行銷；控管者；共同控管者

並列摘要

In recent years, social media have penetrated into our daily lives. People communicate with others, obtain the latest information, and even make purchases through social media. With an unstoppable posture, social media break through geographical restrictions and grow rapidly in the online world through various personalized services. Behind the scene of such an undeniable service is the collection and analysis of a large number of users' personal information. In order to effectively regulate the use of personal data on social media, in recent years, the EU has broaden the scope of personal data controller and given social media and its commercial users a clearer responsibility for personal data protection. This article scrutinizes the relevant document of EU personal data protection laws trying to clarify whether those who use the marketing services provided by social media will fall into the scope of data controller or joint controller under EU personal data protection laws. The article aims to provide observations on the trends of EU policies on this issue and to provide possible solutions.

並列關鍵字

Personal Data Protection ； Social Media Marketing ； Controller ； Joint Controller

參考文獻

Online Community, Cambridge Dictionary, https://dictionary.cambridge.org/dictionary/english/online-community (last visited Dec. 22, 2020).

Google Scholar

集客資料行銷觀察員，〈什麼是社群行銷？打破你對社群行銷的迷思！〉，集客，2019/01/23 14:09，https://inboundmarketing.com.tw/social-marketing/%E4%BB%80%E9%BA%BC%E6%98%AF%E7%A4%BE%E7%BE%A4%E8%A1%8C%E9%8A%B7%EF%BC%9F%E6%89%93%E7%A0%B4%E4%BD%A0%E5%B0%8D%E7%A4%BE%E7%BE%A4%E8%A1%8C%E9%8A%B7%E7%9A%84%E8%BF%B7%E6%80%9D%EF%BC%81.html (最後瀏覽日：2020/12/21)。

Google Scholar

律師談吉他(雷皓明律師)，〈如果你認真看過Facebook隱私政策，就知道「我對FB的隱私權聲明」這種貼文沒用〉，The News Lens關鍵，2020/04/14，https://www.thenewslens.com/article/133540 (最後瀏覽日：2020/12/21)。

Google Scholar

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), art. 4(8), art. 4(7), art. 26, art. 24, art. 6, art. 25, art. 13, art. 14, 2016 OJ (L 119) 1, 33.

Google Scholar

European Data Protection Board, Guidelines 07/2020 on the concepts of controller and processor in the GDPR (Sep. 25, 2020), at 10-13, 15-16, 19-20available at https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_202007_controllerprocessor_en.pdf (last visited Dec. 20, 2020).

Google Scholar

主題瀏覽