其他
孙远钊 | 论数据相关的权利保护和问题——美国与欧盟相关规制的梳理与比较(1)
【论文摘要】
数据的搜集、保存、转移、传输和分析已然成为当前整个电子商务最具关键的功能之一,犹如人体的神经系统和其中的讯号,带动著全球错综复杂而且相互依赖的产业链条能够有序运转。然而究竟数据应如何定义?其本身是否应该享有如何的权利保护?汇集数据的数据库又应如何?其背后所折射、反应的个人隐私信息究竟应当如何处理?如何在个人的隐私需求与国家和社会安全的需求之间求取平衡?这些问题自从电子商务开展以来便一直困扰著全球各国。本文拟从美、欧两地的发展、经验和实践进行概括的梳理并就其中发生的问题予以评论,以其对国内目前正在推展的相关立法提供参考。
【关键词】数据;大数据;数据库;隐私;《通用数据保护条例》;《加州消费者隐私法》;《加州隐私权法》
【作者】孙远钊(Andy Y. Sun),美国亚太法学研究院执行长,暨南大学知识产权学院特聘教授。本文不代表作者服务单位意见。
本文纸本版将发表于《知识产权研究》第28卷(2022)。
引言
数据的定义
数据的保护方式
一、数据本身
二、数据库
注释(上下滑动阅览)
【1】这句话可以溯源到1973年由Richard Serra和Carlota Fay Schoolman两位艺术家在一个名为“电视交付人类”(Television Delivers People)的短视频当中表演了一段关于讽刺电视广告的歌曲。当时的版本是“你不是顾客,你就是产品”(You’re Not the Customer; You’re the Product),后来经过多次的反转引用和改写逐渐成为现在的版本。【2】互联网最早是由美国国防部下属的国防尖端研究项目局(Defense Advanced Research Projects Agency,简称DARPA或ARPA)从1966年开始逐渐开发出来的“ARPANet”,目的是确保万一发生大规模毁灭性的事件(如核子战争)时,所有的军事通信网络依然可以顺利操作,不受影响。不过在之后的20年间,主要使用这套网络系统的反而是学术界的研究交流,后来更直接从国防部门转移到国家科学基金会(National Science Foundation,简称NSF)来管理运营,名称也改为“NSFNet”。从1980年代末期到1990年代初期,各项相关软、硬件的配套发展已经趋于成熟,尤其是“万维网”(World Wide Web)超文本链接(hyperlink)与“镶嵌”(Mosaic)浏览器的开发成功,让整个网络系统更容易操作,也导致了爆发式的普及(仅是1993年(“互联网零年”)的成长率就高达341,634%)。参见National Science Foundation, Fact Sheet: A Brief History of NSF and the Internet (August 13, 2003), available at https://www.nsf.gov/news/new_summ.jsp?cntn_id=103050。最后在政策上的“临门一脚”则是美国国会對国家科学基金会1993联邦会计年度的撥款正式解除了对网络系统的使用仅限于教学和研究的限制,也就是完全开放并容许各种的商业化与民间参与。參見Scientific and Advanced-Technology Act of 1992, § 4, Pub. L. 102-476, 106 Stat. 2297 (1993), codified at 42 U.S.C. § 1862(g) (2018, Supp. I)。另参见Shane Greenstein, Commercialization of the Internet: The Interaction of Public Policy and Private Choices or Why Introducing the Market Worked so Well, 1 INNOVATION POLICY AND THE ECONOMY 151 (2000);另参见Kevin Werbach, Digital Tornado: The Internet and Telecommunications Policy, FCC OFFICE OF PLANS AND POLICY WORKING PAPER No. 29, p. 13 (March 1997)。美国国会当时显然没有意识到,对这个条文文句的些微调整竟然成为无心插柳,彻底改变了全球社会与经济的未未来的发展并带动了新一波的工业革命。【3】微软公司的共同创始人及原总裁比尔‧盖茨(Bill Gates)于1996年1月3日在微软公司的官方网站上贴出了一篇题为《内容为王》(Content is King)的博客文章(blog),对于互联网未来的发展前景做出了许多的推导和预测,于是后来者由此先后提出了“数据为王”、“流量为王”等不同的表述,不过这些改版表述的原始的出处都难以确认核实。参见Bill Gates, Content is King, available at https://medium.com/@HeathEvans/content-is-king-essay-by-bill-gates-1996-df74552f80d9(微软公司后来已将此文从其官方网站上移除)。附带一提,官方媒体显然对“流量为王”的说法不以为然,曾刊载评论文章予以批评,主张“内容为王”永不过时。参见张一琪(云中漫笔),“流量为王”不可取,《人民日报》(海外版),2018年5月4日,载于http://media.people.com.cn/n1/2018/0504/c40606-29964056.html。【4】夏征农、陈至立主编,《大辞海:管理学卷》(2015年修订版),上海世纪出版有限公司,载于http://www.dacihai.com.cn/search_index.html?_st=1&keyWord=%E6%95%B0%E6%8D%AE&itemId=86775。附帶参酌《百度百科》的表述,“数据是指对客观事件进行记录并可以鉴别的符号,是对客观事物的性质、状态以及相互关系等进行记载的物理符号或这些物理符号的组合。它是可识别的、抽象的符号。它不仅指狭义上的数字,还可以是具有一定意义的文字、字母、数字符号的组合、图形、图像、视频、音频等,也是客观事物的属性、数量、位置及其相互关系的抽象表示。【5】MERRIAM-WEBSTER’S COLLEGIATE DICTIONARY (11TH ED. 2004), available at https://www.merriam-webster.com/dictionary/data.
【6】THE GARTNER GROUP GLOSSARY OF INFORMATION TECHNOLOGY ACRONYMS AND TERMS (MAY 2003), at 122, available at https://www.gartner.com/en/information-technology/glossary/big-data(其原文为:“Raw facts and figures that a computer processes into usable information”)。【7】同上注, 载于https://www.gartner.com/en/information-technology/glossary/big-data(其原文为:“Big data is high-volume, high-velocity and/or high-variety information assets that demand cost-effective, innovative forms of information processing that enable enhanced insight, decision making, and process automation”)。之后又有两个新的维度被提出:高精(veracity)和高值(value)。这是基于如何在海量的信息中能够精准的提取最为相关的数据从事分析并产出高价值的信息。
【8】Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the Legal Protection of Databases, 1996 O.J. L77-20, art. 1(2), available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:31996L0009&from=EN (其原文为:“[A] collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic or other means”)。【9】Stephen M. Maurer, Across Two Worlds: Database Protection in the United States and Europe, presentation at the 2001 Conference on Intellectual Property and Innovation and contained as Chapter 13 in JONATHAN D. PUTNAM (GENERAL EDITOR), INTELLECTUAL PROPERTY AND INNOVATION IN THE KNOWLEDGE-BASED ECONOMY (2008), available at https://www.researchgate.net/publication/228794091_Across_Two_Worlds_Database_Protection_in_the_United_States_and_Europe.
【10】Samuel E. Trosow, Sui Generis Database Legislation: A Critical Analysis, YALE J. OF LAW & TECHNOLOGY 534, 541 (2004-2005).【11】美国联邦最高法院表示,“没有作者可以对其自己的思想或其表述的事实享有著作权。”参见Harper & Row Publishers, Inc. v. Nation Enterprises, 471 U.S. 539, 556 (1985)(其原文为:“No author may copyright his ideas or the facts he narrates”)。这里所谓的“事实”未必等同“真理”。【12】《与贸易有关的知识产权保护协定》(Agreement on Trade-Related Aspects of Intellectual Property Protection,简称《TRIPs协定》)第10条第2款规定:“数据汇编或其他资料,无论机器可读还是其他形式,只要由于对其内容的选取或编排而构成智力创作,即应作为智力创作加以保护。该保护不得延伸至数据或资料本身,并不得损害存在于数据或资料本身的任何版权。”〔粗体为作者加列以示强调〕(其英文原文为:“Compilations of data or other material, whether in machine readable or other form, which by reason of the selection or arrangement of their contents constitute intellectual creations shall be protected as such. Such protection, which shall not extend to the data or material itself, shall be without prejudice to any copyright subsisting in the data or material itself”[Emphasis added by author of this article])。【13】参见Russell Ackoff, From Data to Wisdom, 16 JOURNAL OF APPLIED SYSTEMS ANALYSIS 3 (1989)。按,这个模式当中的各个元素,最早可上溯到1934年英国文学与剧作家T. S. 艾略特(Thomas Stearns Eliot OM)在其1934年的作品《磐石》(The Rock)当中的一段台词,后来由信息管理领域的学者继受并予以润饰,包括华裔的人文地理学者段义孚教授。所以Ackoff教授绝非这个系统概念首创者,但的确是首次将所有的概念予以层级、模式化并以金字塔的方式呈现,极大地帮助和影响了相关的研究。后来的学者又对此有不同的修饰增补,但皆属于对上端层级的补充或细化,对于数据与信息的关系则未做任何调整。相关的详细介绍可参见Anthony Figueroa, Data Demystified — DIKW Model, TOWARDS DATA SCIENCE, May 24, 2019, available at https://towardsdatascience.com/rootstrap-dikw-model-32cef9ae6dfb。【14】固然《民法典》第123条第2款第(5)项把商业秘密列为知识产权保护的“权利”之一,这明显是个错误。因为商业秘密既无明确的范围可以界定(事实上随时可能会产生变化,例如客户名单、商业运营信息、对制作产品的配方内涵等等),而且只要符合法定的要求(如持续保持秘密的状态没有成为公知信息或失去商业价值),也没有时间上的限制(也就是无固定的保护期间,理论上可以永续),皆与法定赋权必须以确定的期限保护和具有相对确定或可界定范围的基本前提不符,尤其不能作为行使排他的基础。反之,也正因为如此才容许他人可以用合法的反向工程手段来破解商业秘密。至于诸如客户名单与特定的配方等其本身也正是对特定事实的反应或呈现,尤其无法成为权利保护的客体。【15】Feist Publications, Inc. v. Rural Telephone Service Co., Inc., 499 U.S. 340 (1991).【16】同上注,第353页。【17】同上注,第349页(其原文为:“[C]opyright in a factual compilation is thin. Notwithstanding a valid copyright, a subsequent compiler remains free to use the facts contained in another’s publication to aid in preparing a competing work, so long as the competing work does not feature the same selection and arrangement”)。
【18】关于后续案件的详细讨论,可参见美国版权局在1997年出版的专题研究报告。U.S. COPYRIGHT OFFICE, REPORT ON LEGAL PROTECTION FOR DATABASES (August 1997), at 10, available at https://www.copyright.gov/reports/db4.pdf;再后续的立法及司法发展与分析可参见Mark Davison, Database Protection: Lessons from Europe, Congress, and WIPO, 57 CASE WESTERN RESERVE L. R. 829 (2007);Marshall Leaffer, Database Protection in the United States is Alive and Well: Comments on Davison, 57 CASE WESTERN RESERVE L. R. 855 (2007)。【19】Warren Publishing, Inc. v. Microdos Data Corporation, 115 F.3d 1509 (11th Cir. 1997); American Dental Association v. Delta Dental Plans Association, 126 F.3d 977 (7th Cir. 1997).【20】NATIONAL RESEARCH COUNCIL COMMITTEE FOR A STUDY ON PROMOTING ACCESS TO SCIENTIFIC AND TECHNICAL DATA FOR THE PUBLIC INTEREST, A QUESTION OF BALANCE: PRIVATE RIGHTS AND THE PUBLIC INTEREST IN SCIENTIFIC AND TECHNICAL DATABASES (1999), at 34, available at https://www.nap.edu/download/9692.【21】同上注,第41页(原宾州大学生物信息中心主任G. Christian Overton教授的评论)。【22】参见《欧盟数据库指令》,前言(7),同前注8。数据库的建立和维持需要巨大的投入,却可任由他人在其电脑上弹指之间便被任意取用,显然造成不公,因此成为欧盟主要的立法动机。
【23】同前注8。【24】美国国会自1996年首次出现了关于保护数据库的立法草案,但是遭到了科学研究与教育机构相当强烈的反对(尤其是国家科学研究委员会),认为这会对各种研究、交流增加许多无谓的障碍,导致对科技创新产生反效果。参见H.R. 3531, “Database Investment and Intellectual Property Antipiracy Act of 1996”, 104th Cong., 2nd Sess. (1996)。之后的历届国会不时有议员提出不同版本的立法草案,但最终都未能获得通过。至于合宪性的争议,《联邦宪法》第一条第八款第八项规定(即通称的《专利暨著作权条款》(Patent and Copyright Clause))只明文授权国会制订专利法和著作权法,并经联邦最高法院在19世纪判决的《商标案》判决确认无法扩及到其他的领域,因此宣告当时的商标法违宪。参见Trademark Cases, 100 U.S. 82 (1879)。这也迫使国会必须另辟蹊径,改以《联邦宪法》第一条第八款第三项(即通称的《州际商务条款》(Interstate Commerce Clause))作为后来制订商标法的法源依据。如国会想以此作为对数据库特别立法的依据,固然在表面上不失为一个好的策略,但只要其实质内容与著作权相仿(多个立法草案显然正是如此),就很有可能会遭到法院的质疑,认为无非是想“暗渡陈仓”,超越了《专利暨著作权条款》容许的范畴,对于根本不该受到著作权保护的“事实”或多个“事实”的汇集变相赋予一个“异化”的著作权。
【25】克林顿政府当时的策略显然是打算同时在美国国内和国际组织当中推动其“数字议程”(Digital Agenda),来补强《TRIPs协定》未能涵盖的部分,而且希望能藉助当时国际整合高涨的势头,相互为用,彼此拉抬,互做对方的杠杆。无论何者率先通过,都可以分别对国际社会和美国国会形成巨大的压力,产生必须搭上这一波国际保护列车的急迫感。关于整个历史过程的详细介绍与分析,参见Pamela Samuelson, The U.S. Digital Agenda at WIPO (WIPO Panel Principal Paper), 37 Va. J. Int’l L. 369 (1996-1997)。
【26】关于美国政府的提议,参见Proposal of the United States of America on Sui Generis Protection of Databases, WIPO Doc. BCP/CE/VII/2 – INR/VI/2 (May 20, 1996)。相关的具体条款(草案),参见Chairman of the Committees of Experts on a Possible Protocol to the Berne Convention and on a Possible Instrument for the Protection of the Rights of Performers and Producers of Phonograms, Basic Proposal for the Substantive Provisions of the Treaty on Intellectual Property in Respect of Databases to be Considered by the Diplomatic Conference, WIPO Diplomatic Conference on Certain Copyright and Neighboring Rights Questions, WIPO Doc. CRNR/DC/6 (August 30, 1996), available at https://www.wipo.int/meetings/en/doc_details.jsp?doc_id=2487。
【27】WIPO, Protection of Non-Original Databases, available at https://www.wipo.int/copyright/en/activities/databases.html.
【28】关于《欧盟数据库指令》的制订过程与详细分析,参见Davison, 同前注18。【29】以美国国会在1997年的立法草案为例,无非就是把既有的司法判例予以成文化,尤其是联邦第二巡回上诉法院在《国家篮球协会诉摩托罗拉公司》案判决的影响。参见H.R. 2652, “Collections of Information Antipiracy Act”, 105th Cong., 2nd Sess. (1997); National Basketball Association v. Motorola, 105 F.3d 841 (2d Cir. 1997)。关于美国历届国会的立法草案,参见Trosow,同前注10。
【30】Fixtures Marketing Ltd v. Oy Veikkaus AB, [2005] ECDR 2, [44] (ECJ)(C-46/02, 9 November 2004), Fixtures Marketing Ltd v. Svenska Spel AB (C-338/02, 9 November 2004); British Horseracing Board Ltd v. William Hill, [2005] E.C.R. 1, [80](ECJ 2004) (C-203/02, 9 November 2004); Fixtures Marketing Ltd v. OPAP (C-444/02, 9 November 2004).【31】European Commission, First Evaluation of Directive 96/9/EC on the Legal Protection of Databases, DG OF INTERNAL MARKET AND SERVICES WORKING PAPER (12 December 2005).【32】同上注,第24页。这个调研是聚焦于三个问题:(1)在“特殊权利”保护出台生效后,欧盟的数据库产业的成长率是否有所增长?(2)此一“特殊权利”的受益人是否因为受到此一保障的激励而开发出更多的数据库?(3)指令所提供的权利保护范围是否能针对欧盟鼓励创新的需求?
【33】同上注,第6页。
【34】参见Davison, 同前注18,第843页。【35】Groupe Moniteur v. Observatoire des Marches Publics, Cour d’appel Paris (4e ch. B), 18 June 1999, [2000] RIDA n. 183, p. 316; ESTELLE DERCLAYE, THE LEGAL PROTECTION OF DATABASES: A COMPARATIVE ANALYSIS (2007), at 81.【36】British Horseracing Board Ltd v. William Hill, [2001] EWHC 517, RPC 612.
【37】European Commission, Evaluation of Directive 96/9/EC on Legal Protection of Databases, COMMISSION STAFF WORKING DOCUMENT, SWD(2018) 146 final (25 April 2018).【38】同上注,第46~47页。
【39】Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on Copyright and Related Rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC, [2019] O.J. L 130/92.
【40】参见ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir. 1996)。因为合同是否有效是依据各州州法(或普通法)管辖,著作权则完全是联邦立法和司法管辖的事项,当两者发生竞合时,一般是由联邦法规完全“先占”或取代州法的规制。这个判决出台后遭到了学界相当大的批判,认为形同开了一扇后门,让不具独创性的数据库所有人可以变相去除著作权法对于独创性的要求;另外则是这个判决形同变相默认了不具独创性的数据库所有人对那些纯粹只是反应事实的数据竟然还可以享有所有权。虽然这个判决迭遭批判,却没有减损对后来司法实践趋势的影响。参见Leaffer,同前注18,第858页。
【41】成立于1892年,是一个非官方的非营利组织。其全名是“统一州法委员全国会议”(National Conference of Commissioners on Uniform States Laws)。这个机构极具影响力,所推动的法律整合项目当中最知名的当属《统一商法典》(Uniform Commercial Code)。
【42】本法适用到所有不及于完整权益移转的电子交易(即不适用于买卖),但明文排除适用包括金融、保险、电影、广播、录音和新闻媒体等产业的计算机信息(数据)交易。参见UCITA, § 103(d)。
【43】法律统一委员会在1990年代初期在美国律师协会(American Bar Association,简称ABA)的支持下开始酝酿对《统一商法典》进行修改,增列关于计算机软件或其他电子数据的许可合同的规制。到了1995年终于组建完成了一个起草委员会,并获得了另一个极具影响力和权威性的组织—美国法律研究院(American Law Institute,简称ALI)—的支持和参与。原本计划在《统一商法典》第二编:产品销售(Article 2: Sale of Goods)之后再增列一个“第二编之二”(Article 2B),但是由于其中有太多极具争议性的问题和规定,委员会内部成员都难以达成共识,结果ALI方面在1999年极不寻常地宣布退出,也连带威胁到整个努力都可能胎死腹中(作为对《统一商法典》的修正,必须先得到ABA和ALI的支持通过才能推荐给各州的州议会)。为了挽救,法律统一委员会便将整个草案抽出,作为一个单行的“模范法规”并命名为《统一计算机信息交易法》。【44】不过爱荷华(Iowa)、北卡罗来纳(North Carolina)、佛蒙特(Vermont)、和西弗吉尼亚(West Virginia)等四个州也随即通过了所谓的“防空洞条款”(bomb shelter provisions),保护其州内居民不受此种准据法选择的影响。面对这些发展和来自ABA与ALI的批评,法律统一委员会在2002年对《统一计算机信息交易法》做了相当幅度的修改。【45】UCITA, § 106(a).【46】UCITA, § 105(a).【47】Ryanair Ltd v. PR Aviation BV (C-30/14, 15 January 2015).【48】同前注37,第34页。其原文为:“Contracts play a primordial role in protecting the investment in databases. Their importance is only matched by technological protection measures according to database makers. Unfair competition law seems to have considerably less importance”。【49】基于各种原因,包括新冠病毒疫情的影响,截至原订的截止期限为只还没有任何会员国正式完成国内的立法修正。目前只有捷克、法国与匈牙利等三国已自行设定以2021年7月6日作为完成转化立法的截止期限。【50】例如,News Sources Used in European Countries in 2020, STATISTA, available at https://www.statista.com/statistics/422687/news-sources-in-european-countries/;Katerina Eva Matsa, Most Western Europeans Prefer TV News While Use of Print Outlets Lags, PEW RESEARCH, September 27, 2018, available at https://www.pewresearch.org/fact-tank/2018/09/27/most-western-europeans-prefer-tv-news-while-use-of-print-outlets-lags/。【51】Diana Passinke, An Analysis of Articles 15 and 17 of the EU Directive on Copyright in the Digital Single Market: A boost for the Creative Industries or the Death of the Internet?, Stanford-Vienna Transatlantic Technology Law Forum, European Union Law Working Papers No. 49, available at https://law.stanford.edu/publications/no-49-an-analysis-of-articles-15-and-17-of-the-eu-directive-on-copyright-in-the-digital-single-market-a-boost-for-the-creative-industries-or-the-death-of-the-internet/.【52】Matthew Karnitschnig, Laura Kayali, Google’s Last Stand on Copyright, Politico, December 12, 2018, available at https://www.politico.eu/article/google-last-stand-copyright-rules-silicon-valley-eu-fight/ (Statement and quote of Richard Gingras, Vice President for News, Google, Inc.).【53】European Commission, Staff Working Document: Impact Assessment on the Modernisation of EU Copyright Rules, accompanying the document Proposal for a Directive of the European Parliament and of the Council on Copyright in the Digital Single Market and Proposal for a Regulation of the European Parliament and of the Council laying down Rules on the Exercise of Copyright and Related Rights applicable to Certain Online Transmissions of Broadcasting Organisations and Retransmissions of Television and Radio Programmes, SWD(2016) 301 final, Vol. 1, 155 (14 September 2016), available at https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=17211.
【54】Stavroula Karapapa, The Press Publication Right in the European Union: An Overreaching Proposal and the Future of News Online, contained in Enrico Bonadio and Nicola Lucchi (eds), Non-Conventional Copyright: Do New and Non-Traditional Works Deserve Protection? (Edward Elgar 2018), at 20-21。【55】Décision n° 20-MC-01 du 9 avril 2020 relative à des demandes de mesures conservatoires présentées par le Syndicat des éditeurs de la presse magazine, l'Alliance de la presse d'information générale e.a. et l’Agence France-Presse, https://www.autoritedelaconcurrence.fr/sites/default/files/integral_texts/2020-04/20mc01.pdf.【56】这是作为对澳大利亚《2010年竞争暨消费者法》(Competition and Consumer Act 2010)对于数字平台等部分的增补修正。参见Parliament of Australia, Treasury Laws Amendment (News Media and Digital Platforms Mandatory Bargaining Code) Bill 2021, available at https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6652。【57】同上注,Division 7 — Arbitration and Remuneration Issue。【58】Sara Morrison, Why Facebook Banned (and Then Unbanned) News in Australia, Vox/Recode, February 25, 2021, available at https://www.vox.com/recode/22287971/australia-facebook-news-ban-google-money.
【59】Parliament of Australia (Senate), Treasury Laws Amendment (News Media and Digital Platforms Mandatory Bargaining Code) Bill 2021, Revised Explanatory Memorandum, at 10-14.
【60】参见Rod McGuirk (Associated Press), In Australia, Google Makes Publisher Deals, Facebook Walks, ABC News, February 17, 2021, available at https://abcnews.go.com/Business/wireStory/australia-google-makes-publisher-deals-facebook-walks-75954101。谷歌更在其官网上发表了一封由该公司在澳大利亚的负责人(管理总监)具名签署的公开信,表达对澳大利亚媒体的支持和依据这个新法进行协商的最新状况。参见Mel Silva (Managing Director, Google Australia), Supporting Australian Journalism: A Constructive Path Forward: An update on the News Media Bargaining Code, available at https://about.google/google-in-australia/an-open-letter/。【61】例如The New Daily、The Mandarin、Crikey以及Country Press Association等规模较小的新闻媒体或协会组织变对这项立法采取了相当保留的态度。参见Parliament of Australia, Treasury Laws Amendment (News Media and Digital Platforms Mandatory Bargaining Code) Bill 2020 Bills Digest No. 48 (15 February 2021), at 41 (Statement of Eric Beeche, Chairman of Private Media and Solstice Media), available at https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/bd/bd2021a/21bd048。
【62】Rod McGuirk and Kelvin Chan, Australian Media Law Raises Questions about “Pay For Clicks”, Associated Press, February 18, 2021, available at https://apnews.com/article/business-europe-australia-media-journalism-771b10a4efd00d47a703655708f45e57.【63】James Griffin, The Human Right to Privacy, 44 San Diego L. R. 697, 698 (2007).【64】OECD, Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (23 September 1980), C(80)58/FINAL, available at https://www.oecd.org/digital/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm, as amended on 11 July 2013 by C(2013)79, available at https://www.oecd.org/sti/ieconomy/2013-oecd-privacy-guidelines.pdf.
【65】Barry Sookman, Sharing Information and Targeting Customers, Presentation at the 1999 Advertising Forum, https://marcomm.mccarthy.ca/pubs/share.htm.【66】Graham Greenleaf, Global Data Privacy Laws 2017: 120 National Data Privacy Laws, Including Indonesia and Turkey, 145 Privacy Laws & Business International Report 10 (2017), available at https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID3000244_code722134.pdf?abstractid=2993035&mirid=1.
【67】Samuel Warren and Louis Brandeis, The Right to Privacy, 4 Harvard L.R. 193 (1890)(据学者考证,虽然列为第二作者,这篇论文主要就是出自布兰代斯之手,其中的概念后来也反应到了他撰写的相关判决书之中)。【68】其原文为:“That the individual shall have full protection in person and in property is a principle as old as the common law; but it has been found necessary from time to time to define anew the exact nature and extent of such protection… Gradually the scope of these legal rights broadened; and now the right to life has come to mean the right to enjoy life, — the right to be let alone….”
【69】例如,仅在2020年,已知至少有20个美国联邦政府机构、北大西洋公约组织、以及包括微软公司在内的上千家企业因为黑客成功渗透到一个名为“太阳风”(SolarWinds)的云计算系统而导致大规模的数据信息外泄。迄今无法统计经济与非经济性的损失。参见Isabella Jibilian and Katie Canales, The US Is Readying Sanctions against Russia over the SolarWinds Cyber Attack. Here’s A Simple Explanation of How the Massive Hack Happened and Why It’s Such A Big Deal, Business Insider, April 15, 2021, available at https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12。
【70】Dan Swinhoe, The 15 Biggest Data Breaches of the 21st Century, CSO (affiliate of International Data Group (IDG) Communications), January 8, 2021, available at https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html.【71】《联邦宪法》第三修正条款禁止军队在任何时期(尤其是战争期间)在未经屋主同意的情况下强占民宅;第四修正条款旨在禁止無正当理由的搜索和扣押,要求搜查和扣押狀的签发必须有相當理由的支持并经过正当法律程序(due process of law);第五修正条款明订任何人不得因同一犯罪行为而两次遭受生命或身体的危害、不得在任何刑事案件中被迫自证其罪、不经正当法律程序,不得被剥夺生命、自由或财产、不给予公平赔偿,私有财产不得充作公用。以上皆是立宪之初附加在宪法本文之后的《民权条款》(Bill of Rights)的一部份。第十四修正条款第一款则是延伸适用到各州的《平等保护条款》(Equal Protection Clause),规定“任何州都不得制定或实施限制合众国公民的特权或豁免权的法律;不经正当法律程序,不得剥夺任何人的生命、自由或财产;在州管辖范围内,也不得拒绝给予任何人以平等法律保护。”【72】Katz v. United States, 389 U.S. 347 (1967)(联邦最高法院在本案把个人可以排除政府(如警察等执法人员或机构)从事不当搜索与扣押的隐私保护范围扩大到包括“任何人寻求作为保留属于其私人的范畴,即使是公众可以出入的区域”)。【73】例如,美国联邦最高法院在Whalen v. Roe, 429 U.S. 589 (1977)案首次宣示宪法所保障的隐私权事实上涵盖了两种不同的法益,一是避免揭露其个人事务的个别利益,另一则是对某些类型的事务独立做出重要决定的利益(后者是涉及与其身体具有亲密关系的是务,如是否堕胎等)。即使如此,在该案与后续的案件,法院却一再判决政府部门被指控侵害当事人隐私的项目胜诉。甚至在一个判决中还暗示根本不存在由宪法所附与的信息隐私权。参见National Aeronautics and Space Administration (NASA) v. Nelson, 562 U.S. 134 (2011)。
【74】National Collegiate Athletic Association (NCAA) v. Tarkanian, 488 U.S. 179, 191 (1988).【75】Daniel Solove and Woodrow Hartzog, The FTC and the New Common Law of Privacy, 114 Columbia L. Rev. 583, 587 (2014).
【76】Pub L. 93-579, 88 Stat. 1896 (1974), codified at 5 U.S.C. § 552a (2018, Supp. I)。这个立法的提案人,时任参议院司法委员会主席、北卡罗来纳州的民主党籍参议员山谬‧厄尔文(Samuel J. Ervin Jr.)表示,“如果我们从过去一年的水门事件当中学习到了任何事情,那就是政府对每个公民所能知悉的必须设限。”参见Senate Committee on Government Operations & House of Representatives on Government Operations, 94th Cong., Legislative History of the Privacy Act of 1974 S. 3418 (Public Law 93-579): Source Book on Privacy, at 4 (Comm. Print 1976), available at https://www.justice.gov/opcl/paoverview_sourcebook.【77】As Title III of E-Government Act of 2002, Pub.L. 107-347, 116 Stat. 2899, 2946 (2002); amended by The Federal Information Security Modernization Act of 2014, Pub.L. 113-283, 128 Stat. 3073 (2014), codified at 44 U.S.C. Ch. 1 and 35 (2018, Supp. I).【78】Pub. L. 106–102, 113 Stat. 1138 (1999), codified at 15 U.S.C. §§ 6801–6809 (2018, Supp. I).【79】Pub. L. 104–191, 110 Stat. 1936 (1996).【80】45 C.F.R. Parts 160, 162 and 164 (2020).【81】Pub. L. 91–508, 84 Stat. 1114, 1127 (1996), codified at 15 U.S.C. § 1681 et seq. (2018, Supp. I).
【82】Pub. L. 104–104, 110 Stat. 56 (1996), codified at 47 U.S.C. Ch. 5 (2018, Supp. I).【83】47 U.S.C. § 222 (2018, Supp. I)(除此之外,有线操作者和卫星承载者还要承担比一般承载者更多的义务,参见47 U.S.C. §§ 338(i)(3)–(4), 551(b)–(c) (2018, Supp. I))。【84】Protecting the Privacy of Customers of Broadband and Other Telecommunications Services, 81 Fed. Reg. 87274 (2016).【85】Senate Joint Resolution 34, 115th Cong. (2017)(共和党(当时参议院的多数政党)方面认为这个定义和加诸于提供通信服务厂家的义务已经对受规制对象的言论自由构成了不当的限制)。另参见Congressional Review Act, as Subtitle E of Contract with America Advancement Act of 1996, Pub. L. 104-121, 110 Stat. 847, 868 (1996), codified at 5 U.S.C. Ch. 8 (2018, Supp. I)。【86】47 U.S.C. §§ 501–503 (2018, Supp. I).
【87】Pub. L. 100-618, 102 Stat. 3195 (1988), codified at 18 U.S.C. § 2710 (2018, Supp. I).【88】§ 513 (adding § 438 to the General Education Provisions Act), Pub. L. 93-380, 88 Stat. 484, 571 (1974), codified at 20 U.S.C. § 1232g (2018, Supp. I).
【89】Gonzaga University v. Doe, 536 U.S. 273 (2002).【90】15 U.S.C. §§ 78a–78qq (2018, Supp. I).
【91】Security Exchange Commission, SEC Release No. 34-84429, Report of Investigation Pursuant to 21(A) of the Securities and Exchange Act of 1934 Regarding Certain Cyber-Related Frauds Perpetrated against Public Companies and Related Internal Accounting Controls Requirements (Oct. 16, 2018), https://www.sec.gov/litigation/investreport/34-84429.pdf.【92】Pub. L. 105-277, 112 Stat. 2681 (1998), codified at 15 U.S.C. §§ 6501–6506 (2018, Supp. I).
【93】Pub. L. 99-508, 100 Stat. 1848 (1986), as amended most recently by Foreign Intelligence Surveillance Act of 1978 (FISA) Amendments Act of 2008, Pub. L. 110-261, 122 Stat. 2436 (2008), codified at 50 U.S.C. ch. 36.【94】Solove and Hartzog,同前注75,第592页。此外,如《窃听法》容许所谓的“通信当事人”(party-to-the-communication)与“同意”(consent)例外,法院往往认为网站或第三方广告商对使用者线上活动从事的追踪便落入了这两种例外,因此不构成对使用者的“监听”与“窃取”。参见《谷歌公司涉嫌侵害消费者隐私诉讼》案,In re Google Inc. Cookie Placement Consumer Privacy Litigation, 806 F.3d 125 (3rd Cir. 2015)。【95】Pub. L. 99-474, 100 Stat. 1213 (1986), as amended most recently by Identity Theft Enforcement and Restitution Act of 2008 (ITERA), Pub. L. No. 108-275, Title II, 122 Stat. 356 (2008), codified at 18 U.S.C. § 1030 (2018, Supp. I).【96】LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009).
【97】18 U.S.C. §§ 1030(c)(4)(A)(g), (i);《谷歌公司涉嫌侵害消费者隐私诉讼》案,同前注94。
【98】Van Buren v. United States, 593 U.S. __ (2021).
【99】Pub. L. 63-203, 38 Stat. 717 (1914), as amended most recently by Undertaking Spam, Spyware, and Fraud Enforcement with Enforcers beyond Borders (US SAFE WEB) Act of 2006, Pub. L. 109-455, 120 Stat. 3372 (2006), codified at 15 U.S.C. §§ 41-58.
【100】Federal Trade Commission Act Amendments of 1938 (a/k/a Wheeler-Lea Act), Pub. L. 75-447, 52 Stat. 11 (1938).【101】LabMD, Inc. v. Federal Trade Commission, 894 F.3d 1221 (11th Cir. 2018).
【102】Solove and Hartzog,同前注75,第628页。【103】In the Matter of Sears Holdings Management, Decision and Order, Docket No. C-4264 (August 31, 2009), available at https://www.ftc.gov/sites/default/files/documents/cases/2009/09/090604searsdo.pdf。
【104】必须提及,联邦贸易委员会在2018年2月27日同意了本案被告的申请,决定重新审查并修改2009年的命令当中对于“追踪应用程序”(Tracking Application)的定义,明确排除消费者所预期的信息追踪部分。这是基于情势变更的考虑,因为经过近10年的演进发展,当前适用于移动装置的应用软件几乎无一不包含某种信息追踪的功能(尤其是具有互动性质的应用程序),这已经成为一般消费者所知悉并具有合理预期的一种常态,也就让原命令中要求必须事先给予使用者醒目显著的通知不再必要。参见Order Reopening and Modifying Order, In the Matter of Sears Holdings Management, Docket No. C-4264 (February 27, 2018), available at https://www.ftc.gov/system/files/documents/cases/c4264searsordergrantingpetition.pdf;Federal Trade Commission, Protecting Consumer Privacy in an Era of Rapid Change, at 36 (March 2012), available at https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacy report.pdf。【105】Complaint Count 3, ¶ 29, In the Matter of Facebook, FTC File No. 0923184 (FTC November 9, 2011), available at https://www.ftc.gov/sites/default/files/documents/cases/2011/11/111129facebookcmpt.pdf; Agreement Containing Consent Order, Part II (November 29, 2011), available at https://www.ftc.gov/sites/default/files/documents/cases/2011/11/111129facebookagree.pdf.【106】Stipulated Final Order for Permanent Injunction, Federal Trade Commission v. Frostwire LLC, Case No. 11-23643-CV-GRAHAM (S.D. Fla October 12, 2011), available at https://www.ftc.gov/sites/default/files/documents/cases/2011/10/111012frostwirestip.pdf. 【107】Complaint at 8 , United States v. Rental Research Services, Inc., No. 0:09-cv-00524-PJS-JJK (D. Minn. March 5, 2009), available at https://www.ftc.gov/sites/default/files/documents/cases/2009/03/090305rrscmpt.pdf.
【108】LabMD, Inc. v. Federal Trade Commission, 同前注101。联邦贸易委员的行政执法途径有二,一是透过该委员会内部的行政诉讼机制起诉,由一名行政法官(administrative law judge)独立审判,如判决委员会胜诉,即可能签发禁制令(往往是具有一定急迫性的案件);另一是向法院起诉寻求民事损害赔偿或禁令、强迫返还(disgorgement)与民事惩罚(civil penalty)等其他救济(行政部门内部的准司法诉讼程序无权处置他人的财产)。请求民事处罚是以被指控人违反了禁制令、“同意令”(consent decree)或“贸易规定法则”(TRRs)。绝大多数的案件是双方达成和解,此时委员会就会依据和解的具体内容签发一个同意令作为未来监管执行被指控人的依据。参见FTC, A Brief Overview of the Federal Trade Commission's Investigative, Law Enforcement, and Rulemaking Authority (revised October 2019), available at https://www.ftc.gov/about-ftc/what-we-do/enforcement-authority。【109】Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. 111-203, 124 Stat. 1376 (2010), Titles X, codified in relevant part at 12 U.S.C. § 5301, §§ 5481-5603, and in laws amended (Title X); and 12 U.S.C. § 5481 note, 15 U.S.C. § 1601 note, § 1602, and § 1631 et seq. (Title XIV).【110】12 U.S.C. § 5531(a) (2018, Supp. I).【111】12 U.S.C. § 5481(15) (2018, Supp. I).【112】Joanathan G. Cedarbaum, The Consumer Financial Protection Bureau as a Privacy & Data Security Regulator, 17 Fintech L. Rept. 1 (2014).
【113】Consent Order, In the Matter of Dwolla, Inc., File No. 2016-CFPB-0007 (February 27, 2016), available at https://files.consumerfinance.gov/f/201603_cfpb_consent-order-dwolla-inc.pdf.
【114】John Contrubis, Executive Orders and Proclamations, Congress Research Service for Congress (Updated March 9, 1999), at 2.
【115】例如,5 U.S.C. § 3302 (对联邦政府的人事调配),8 U.S.C. § 1185 (对本国公民与外国人士的旅游管制)……等等。【116】例如,Ex parte Merryman, 17 F. Cas. 144 (C.C.D. Md. 1861) (No. 9487);Youngstown Sheet & Tube Co. v. Sawyer, 343 U.S. 579 (1952)(通称“钢铁征收案”;法院的表述原文是:“The President's power, if any, to issue the order must stem either from an act of Congress or from the Constitution itself”)。【117】这是因为联邦最高法院认为总统行政命令的制订,本身不受联邦《行政程序法》的约束,而且可以直接推翻或修改联邦政府各个部门制订的既有行政规定。但此一行政权力依然不能逾越法律的授权范围或抵触宪法。参见Franklin v. State of Massachusetts, 505 U.S. 788 (1992)。【118】Executive Order 10290, Prescribing Regulations Establishing Minimum Standards for the Classification, Transmission and Handling of Official Information Which Requires Safeguarding in the Interest of Security, 16 Fed. Reg. 188 (1951).【119】美国在1917年“一战”方酣之际通过了《对敌贸易法》(Trading with the Enemy Act),授予总统在战时或宣布国家进入紧急状态时享有极大的权限,而且一旦作此宣布,也没有任何期间的限制。结果发生了罗斯福总统1933年因为处理经济大萧条对金融事业宣布的“紧急状态”经过了40几年,情况早已不同却还没有解除。此外,杜鲁门总统在朝鲜战争时期为了确保武器等战略物资的制造不受当时钢铁工人罢工的影响,就援引了这个法律想直接以行政手段强制接管钢铁工厂,不料却引发了一场影响深远的法律诉讼,即上引的“钢铁征收案”,结果联邦最高法院判决总统行政命令违宪。由于这个法律的施行一直以来产生了不少问题,而且时不时会造成行政、立法和司法三个部门之间的紧张关系,美国国会在1977年年底通过了对此法的修正,以澄清和限制总统的紧急处置权力只及于来自对应境外的威胁而且应有期间限制(原则上不超过两年,但可以例外的延续)。其中的第二部分称为《国际紧急经济权力法》(International Emergency Economic Powers Act, Pub. L. 95-223, 91 Stat. 1626 (1977),简称IEEPA,列于《美国法典汇编》第50编第1701至1707条(codified at 50 U.S.C. §§ 1701-07))。2001年的“9‧11”恐怖攻击事件让情况发生了变化。国会在通过《美国爱国者法》(USA PATRIOT Act)时,反而扩大了总统可以依据IEEPA阻挠任何敌对的外国政府或境外组织的资产在美国境内的流通,而且只要还在调查期间就可以执行,不需要等待调查结束,也不需要提供任何的证据。【120】参见Executive Order 13942, Addressing the Threat Posed by TikTok, and Taking Additional Steps to Address the National Emergency with Respect to the Information and Communications Technology and Services Supply Chain, 85 Fed. Reg. 48637 (2020); Executive Order 13943, Addressing the Threat Posed by WeChat, and Taking Additional Steps to Address the National Emergency with Respect to the Information and Communications Technology and Services Supply Chain, 85 Fed. Reg. 48641 (2020); and Executive Order 13971, Addressing the Threat Posed by Applications and Other Software Developed or Controlled by Chinese Companies, 86 Fed. Reg. 1249 (2021)。【121】Order and Memorandum Opinion, TikTok, Inc. v. Trump, Case No. 1:20-cv-2658 (CJN)(D.D.C. November 7, 2020); Opinion, Marland v. Trump, Case No. 20-4597 (E.D. Pa October 30, 2020); U.S. WeChat Users Alliance v. Trump, 488 F.Supp.3d 912 (N.D. Cal. 2020).【122】Order, U.S. WeChat Users Alliance v. Trump, Case No. 20-16908 (9th Cir. October 26, 2020).【123】Executive Order 14028, Improving the Nation’s Cybersecurity, 86 Fed. Reg. 26633 (2021)。这是拜登政府在全美最大的油管运输厂家殖民管线公司(Colonial Pipeline Co.)于当地时间2021年5月7日遭到勒索软件的攻击,导致整个美国东、南半部的17个州与首都哥伦比亚特区的汽油供给遭到瘫痪将近一周,并支付了75单位的比特币(Bitcoins,或440万美元)赎金的严重事故后所采取的对应行动,也把对网络安全的管辖扩大到了所有的政府合同承揽人。
【124】Executive Order 14034, Protecting Americans’ Sensitive Data From Foreign Adversaries, 86 Fed. Reg. 31423 (2021).
【125】Henry N. Butler and Joshua D. Wright, Are State Consumer Protection Acts Really Little-FTC Acts?, 63 Fla. L. Rev. 163 (2011).【126】参见2018 Cal. Legis. Serv. Ch. 55 (A.B. 375), as amended and codified as Title 1.81.5 [§§ 1798.100 - 1798.199.100] of the California Civil Code, available at https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5。这个新法和之前的《加州消费者隐私法》都是由加州的一位地产开发商Alastair Mactaggart领头主导。不过这次的《加州隐私权法》是透过全州公民创制投票,完全绕过了州议会的审议表决程序,结果获得了56.1%的选民支持通过。一旦通过便立即、直接成为法律。由于美国与互联网关系密切的高科技产业几乎都聚集在北加州的旧金山湾区(也就是通称的“硅谷地区”(Silicon Valley),无论是总部或主要的运营、决策所在地),这个法律自然会直接对这些企业的运营政策和方式产生直接的冲击。此外,由于这个法律适用到任何涉及向加州居民的信息搜集与存取,因此即使是加州以外地区或国家的使用者也会直接或间接受到一定程度的影响,也就是说它在事实上已经产生了对美国各地乃至国际性的影响力。【127】同上注,参见各条文之后的注释说明。【128】CPRA, Section 14 (adding Cal. Civ. Code § 1798.140(ae)).
【129】CPRA, Section 21 (adding Cal. Civ. Code § 1798.185(a)(19)(A)).【130】CPRA, Section 21 (adding Cal. Civ. Code § 1798.185(a)(14)).【131】Cal. Bus. & Prof. Code §§ 22575 et seq.【132】CPRA, Section 9 (adding Cal. Civ. Code § 1798.120(c)).【133】“特征剖析”的定义是指“以任何自动化处理个人信息的形式……来评价关于一个自然人的某些个人特征,尤其是关于该自然人的工作表现、经济状况、健康、个人喜好、兴趣、可靠性、行为、所在位置或动态的分析或预测”。参见CPRA, Section 14 (adding Cal. Civ. Code § 1798.140(z))(其原文为:“‘Profiling’ means any form of automated processing of personal Information, … to evaluate certain personal aspects relating to a natural person, and in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements”)。
【134】CPRA, Section 21 (adding Cal. Civ. Code § 1798.185(a)(16))。
【135】CPRA, Section 14 (adding Cal. Civ. Code § 1798.140(h)).
【136】同上注。所谓的“黑暗模式”或“互联网陷阱”是泛指一切具有误导性的行销操作。一个典型的例子是,当消费者利用网络从事旅游的安排时,在不经意的情况下就买了保险或是支付了额外的“服务”费用。又如,在购买高铁车票时,虽然事实上还有相当多的空位,相关的网络平台服务提供者却使用诸如“座位将满,点选XX金卡服务助您优先抢到座位”等等宣传手法让消费者产生如不赶快同意购买,就将失去机会的错觉,从而愿意支付各种额外的“会费”。【137】CPRA, Section 15 (amending Cal. Civ. Code § 1798.145(a)(2)).【138】CPRA, Section 25(a)(“…such amendments are consistent with and further the purpose and intent of this Act as set forth in Section 3, including amendments to the exemptions in Section 1798.145 if the laws upon which the exemptions are based are amended to enhance privacy and are consistent with and further the purposes and intent of this Act….”).
【139】CPRA, Section 24 (adding Cal. Civ. Code § 1798.199.10(a)).【140】同上注。【141】Cal. Civ. Code § 1798.185(t).
【142】CPRA, Section 14 (adding Cal. Civ. Code § 1798.140(ad)).
【143】Cal. Civ. Code § 1798.140(c).
【144】CPRA, Section 14 (amending Cal. Civ. Code § 1798.140(d)(4)).
【145】CPRA, Section 14 (amending Cal. Civ. Code § 1798.140(v)(2)).
【146】同上注。
【147】Cal. Civ. Code § 1798.100(b).
【148】CPRA, Section 4 (adding Cal. Civ. Code § 1798.100(a)(3)).
【149】Cal. Civ. Code § 1798.140(v).
【150】CPRA, Section 4 (adding Cal. Civ. Code § 1798.100(d)).
【151】Kendra Clark, The Current State of US State Data Privacy Laws, The Drum, April 26, 2021, available at https://www.thedrum.com/news/2021/04/26/the-current-state-us-state-data-privacy-laws.
【152】Va. Code Ann. §§ 59.1-571 through 59.1-581 (2021)[S.B. 1392]; Colorado Privacy Act [S.B. 21-190], codified as part 13 to article 1 of title 6.
【153】Uniform Law Commission, Uniform Personal Data Protection Act (as approved, 2021), available at https://www.uniformlaws.org/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=bb7e5654-86aa-ebf8-dd85-b89c0dea4bc5&forceDialog=0.
【154】Convention for the Protection of Human Rights and Fundamental Freedoms, as amended by Protocol No. 15, entry into force on 1 August 2021.
【155】Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, as amended by Protocol CETS No. 223.
【156】"Bundesdatenschutzgesetz vom 30. Juni 2017 (BGBl. I S. 2097), das durch Artikel 10 des Gesetzes vom 23. Juni 2021 (BGBl. I S. 1858) geändert worden ist".
【157】Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, [1995] O.J. L 281。德国于1990年完成统一(Deutsche Einheit)后,原本由东德情报部门(Stasi)控制的无数文件资料一时成为许多机构、企业甚至个人争相索要的目标。由于其中包含巨量的个人信息,而且使用几乎毫无节制,造成了许多侵害个人隐私等严重的问题,于是出现了需要对个人信息给予妥善、有效保护的强烈呼吁,并扩及到其他的国家和地区。鉴于当时欧盟的成员也开始逐步扩大,但是各成员国对信息保障的国内法规制极不一致,因此在欧盟层级要求整合、统一相关规制的呼声也愈来愈强烈,最终促使欧盟采取行动的是一名谷歌使用者起诉指控该公司未经同意在后台扫描电子邮件。参见European Data Protection Supervisor, The History of the General Data Protection Regulation, available at https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en;Electronic Privacy Information Center (EPIC), Marquis v. Google, https://www.epic.org/amicus/massachusetts/google/。
【158】Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), [2016] O.J. L 119, available at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679。这套规则的草案于2012年提出,经过了四年与各界的协商和修正才获通过。正式生效日期是2018年5月25日。
【159】Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on A Framework for the Free Flow of Non-Personal Data in the European Union, [2018] O.J. L 303/59.
【160】Directive 2002/58/EC of 12 July 2002 Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector (Directive on Privacy and Electronic Communications), [2002] O.J. L 201/37.【161】Commission Regulation (EU) 611/2013 of 24 June 2013 on the Measures Applicable to the Notification of Personal Data Breaches under Directive 2002/58/EC of the European Parliament and of the Council on Privacy and Electronic Communications, [2013] O.J. L 173/2.
【162】Regulation (EU) 2017/1128 of 14 June 2017 on Cross-Border Portability of Online Content Services in the Internal Market, [2017] O.J. L 168/1.【163】Agreement on the European Economic Area, Article 36.2 and Annex XI, Electronic Communication, Audio Visual Services and Information Society, as updated, [1994] O.J. L 1, at 12 and 17。由于双方已在同个经济区域,所以不需要纳入关于跨界携带的规定。【164】EFTA, Incorporation of the General Data Protection Regulation (GDPR) into the EEA Agreement and continued application of Directive 95/46/EC, EFTA News, 5 June 2018, available at https://www.efta.int/About-EFTA/news/Incorporation-General-Data-Protection-Regulation-GDPR-EEA-Agreement-and-continued-application-Directive-9546EC-508856.。由于瑞士必须保持中立,所以未参与EEA的整合工作,而是透过缔结双边条约或协定来达到相同的目的。【165】GDPR, Article 3.【166】GDPR, Article 4(1) (“personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).
【167】GDPR, Recitals (10) and (51); Articles 9 and 10.
【168】GDPR, Article 4(5).
【169】GDPR, Article 4(7), (8).【170】GDPR, Article 26; see also European Data Protection Board (EDPB), Guidelines 07/2020 on the Concepts of Controller and Processor in the GDPR (version 1.0, 2020), at 3, available at https://edpb.europa.eu/sites/default/files/consultation/edpb_guidelines_202007_controllerprocessor_en.pdf.
【171】Peter Leonard, Beyond Data Privacy: Data “Ownership” and Regulation of Data-Driven Business, American Bar Association (ABA) SciTech Lawyer, January 17, 2020, available at https://www.americanbar.org/groups/science_technology/publications/scitech_lawyer/2020/winter/beyond-data-privacy-data-ownership-and-regulation-datadriven-business/.
【172】GDPR, Article 3(1).
【173】GDPR, Article 5.【174】GDPR, Articles 24(3), 40(3), and 42(2).
【175】GDPR, Article 5(1)(e).
【176】EU, What Is GDPR, the EU’s New Data Protection Law?, available at https://gdpr.eu/what-is-gdpr/?cn-reloaded=1.
【177】GDPR, Article 25.
【178】GDPR, Articles 33(1) and 83(4).【179】GDPR, Article 6.
【180】United Kingdom Information Commissioner’s Office (ICO), Guide to the General Data Protection Regulations (GDPR)(1 January 2021), at 75, available at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/.
【181】GDPR, Article 7.
【182】GDPR, Article 37(1).
【183】GDPR, Articles 38 and 39.
【184】GDPR, Article 13.
【185】GDPR, Article 15。消费者也可以口头或书面行使此一权利,又称为“主体取用要求”(Subject Access Request,简称SAR)。在《条例》施行前,行使“主体取用要求”必须承担10欧元的手续费。《条例》基本上免除了这个费用。据报道,有媒体记者向交友网站Tinder索取对自己的相关数据处理资料,结果收到了800页的记录,其中包括了对该应用软件的使用状况、详细的教育背景、适合交往的年龄层和所以有的约会地点,甚至包括购买观赏现场足球赛的花费细节以及在亚马逊网站上浏览购物时的每一个点击记录等等。参见Judith Duportail, I Asked Tinder for my Data. It Sent Me 800 Pages of My Deepest, Darkest Secrets, The Guardian, 26 September 2017, available at https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold。
【186】GDPR, Article 16.
【187】GDPR, Article 17。形式上这个权利是由欧盟法院于2014年出台的一个判决创设。这个案件是起因于一位名叫马里欧˙冈萨雷斯(Mario Costeja González)的西班牙人不满谷歌对于涉及他个人的搜索结果中出现了当地报纸在1998年所刊登、一则关于对其房屋予以没收拍卖的消息而发。欧盟法院最终判决,从此一信息的年份和敏感性而言,其与谷歌搜索从事编列索引并从中提取信息的宗旨“显然…不合适、不相关或是不再相关,甚至已经超越。”法院认为,谷歌方面未能举证出实质明确的理由,显示出它们对于该特定信息的取用,在检索的内涵之下,具有优势的公共利益(preponderance interest of the public)。法院还是依据欧盟1995年的《数据保护指令》判决本案,但是当时《条例》的草案已经提出,其中已列示了“删除权”或“被遗忘权”(就是列在第17条)。所以这个判决显然受到了制订《条例》相关思维的影响。不过在没有任何前例与配套规制的情况下,该判决引起了非常大的争议,因为其中涉及如何与刊载“合法事实”与社会公众“知的权利”相互平衡,是否会因此导致网络搜索引擎的检索结果质量降低反而无法全面覆盖、造成失真,以及此一判决是否具有针对性(美国的谷歌公司)等许多问题。此外,纵使谷歌依循了当事人的主张将特定的信息从检索结果移除,依然无法删除原始出处的信息或数据,况且房地产法拍原本就是公开信息,而且是法院的正式通知,受不利影响的当事人显然无权要求删除,所以也引起了这宗判决是否本末倒置的评论。参见Case C-131/12, Google Spain SL v. Agencia Española de Protección de Datos (AEPD) (May 13, 2014), ECLI:EU:C:2014:317, available at https://curia.europa.eu/juris/liste.jsf?num=C-131/12; 另参见EC, Proposal for a Regulation on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data, COM/2012/011 final 2012/0011 (COD)(即《条例》的原始立法草案)。
【188】GDPR, Article 18(1).【189】GDPR, Article 20.【190】GDPR, Article 21.【191】GDPR, Article 22.【192】GDPR, Article 22(2).【193】GDPR, Article 82.【194】主要包括欧洲数据保护理事会(European Data Protection Board,简称EDPB)和各成员国依其国内法设置的执法部门或机构。【195】GDPR, Article 83.【196】GDPR, Article 83(5).【197】DLA Piper, GDPR Fines and Data Breach Survey: January 2021, available at https://www.dlapiper.com/en/us/insights/publications/2021/01/dla-piper-gdpr-fines-and-data-breach-survey-2021/.【198】同上注。【199】18 Biggest GDPR Fines of 2020 and 2021 (So Far), Tessian Blog, 21 May 2021, available at https://www.tessian.com/blog/biggest-gdpr-fines-2020/. 【200】EC, Communication on Data Protection as A Pillar of Citizens’ Empowerment and the EU’s Approach to the Digital Transition – Two Years of Application of the General Data Protection Regulation, COM(2020) 264 final (24 June 2020).【201】C-362/14, Schrems v. Data Protection Commissioner (6 October 2015), EU:C:2015:650; C-311/18, Data Protection Commissioner v. Facebook Ireland Ltd., et al. (16 July 2020), EU:C:2020:559.【202】Pub. L. 95-511, 92 Stat. 1783 (1978), codified at 50 U.S.C. ch. 36. § 1801 et seq.【203】Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC on the Adequacy of the Protection Provided by the EU-U.S. Privacy Shield, [2016] O.J. L 207/1.【204】据媒体的报道,爱尔兰数据保护委员会已经于当地时间2020年9月9日签发了一个临时禁制令,立即禁止脸书公司将其欧洲的使用者数据传输到美国。此举势将引发一波新的跨大西洋数字危机。参见Adrian Weckler, Irish Data Regulator Orders Facebook to Stop Sending Personal Data to the US, Independent.ie (Irish Independent), September 9, 2020, available at https://www.independent.ie/business/technology/irish-data-regulator-orders-facebook-to-stop-sending-personal-data-to-the-us-39518775.html。【205】欧盟于1998年开始施行1995年通过的《数据保护指令》后,欧、美之间于1998-2000年建构了一套名为《国际隐私安全港原则》(International Safe Harbor Privacy Principles)的机制来规制和对应双方的数据传输,主要是为了防制涉及储存消费者数据的非官方组织或机构(包括互联网平台或电子商务的运营者)意外揭露或遗失个人数据。美国的企业可以选择加入并需通过其中的认证程序。一旦获得认证即取得了进入“安全港”的资格,可以自由从事跨境数据传输。参见https://webarchive.loc.gov/all/20150410181019/http://www.export.gov/safeharbor/eu/eg_main_018475.asp。欧盟法院于2015年10月6日在Schrems I案宣判这套安全港机制无效。法院认为,“当一个立法容许公权利可以在一个概括性的基础上对〔私人的〕电子通信内容从事取用必须被视为破坏了尊重私人生活根本权利的本质”(其原文为:“… legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life”)。参见C-362/14, 前注190。为了补救此一判决出台后两地之间数据传输所形成的缺口,美国商务部和欧盟执行委员会又重新协商制订了“隐私盾框架”,并经欧盟执行委员会裁定通过,并于2016年7月12日生效启用。参见上注。由于“隐私盾框架”在欧盟法院2020年7月16日对Schrems II案的判决出台时立即失效,欧、美双方从当年的8月份便重新展开了新的协商。由于《条例》的规定和欧盟法院的判决没有留下太大的弹性和空间,美国方面在短期内也不太可能为此去修改相关的法律,加上原本已然相当紧绷的贸易关系,这就使得相关的谈判格外艰辛。参见EC, Intensifying Negotiations on Transatlantic Data Privacy Flows: A Joint Press Statement by European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Gina Raimondo, 25 March 2021, available at https://ec.europa.eu/commission/presscorner/detail/en/STATEMENT_21_1443。
【206】Samuel Stolton, EP’s COVID Website Overrun with US Web Trackers, MEP Raises Data Concerns, Euractiv, 28 October 2020, available at https://www.euractiv.com/section/digital/news/eps-covid-website-overrun-with-us-web-trackers-mep-raises-data-concerns/.【207】European Parliament Resolution of 20 May 2021 on the ruling of the CJEU of 16 July 2020 – Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems (‘Schrems II’), Case C-311/18, P9_TA(2021)0256, available at https://www.europarl.europa.eu/doceo/document/TA-9-2021-0256_EN.html。例如,决议文对于爱尔兰数据保护委员从2018年5月25日《通用条例》开始施行的当天便收到的多起申诉案件迄今只对其中的一件(被告是推特(Twitter))做成裁定表达了严重的关切;另外也对欧盟法院出台了Schrems II案的判决后该委员会迄今未对后续的事宜做出裁决表达了不满。决议还对该委员会仍在使用老旧过时的系统表达严重的关切。这个决议之所以盯上了爱尔兰的执法部门是因为该国为许多美国互联网企业在欧洲的主要运营处所,相关的数据处理和转移也几乎都是在该国境内发生。【208】Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on Standard Contractual Clauses for the Transfer of Personal Data to Third Countries Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, [2021] O.J. L 199/31, available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en。与之前的版本只针对数据控制者彼此之间的转移设定合同条款相较,新版采取了模块组合方式(modular approach),就控制者与处理者之间可能产生的四种交叉组合分别列出相关的条款。此外,新版标准规范的第14条则是对Schrems II案判决的合规要求明确了当事人必须采取的步骤等。详细的介绍与分析可参见Kwabena Appenteng, Zoe Argento, and Philip Gordon, The European Union’s New Standardized Data Transfer Agreement: Implications for Multinational Employers, Littler Insight, June 9, 2021, available at https://www.littler.com/publication-press/publication/european-unions-new-standardized-data-transfer-agreement-implications。【209】EDPB, Recommendations 01/2020 on Measures That Supplement Transfer Tools to Ensure Compliance with the EU Level of Protection of Personal Data (v. 2.0), adopted 18 June 2021, available at https://edpb.europa.eu/our-work-tools/our-documents/recommendations/recommendations-012020-measures-supplement-transfer_en。欧洲数据保护理事会推荐的六个步骤是:(1)明确数据转移或传输的内容(即须做好对数据的映射和配置(data mapping)),确保必须符合适当、相关与必要限度的要求;(2)确认从事数据转移所依赖的传输工具,做到符合《通用条例》第五章的要求;(3)评估数据转移目的地(第三国)的相关法规与实践是否提供有效、等同的安保措施;(4)识别并采取必要的补充措施以确保相关的数据安保措施达到与欧盟相当的水平;(5)采取正式的程序以完善采用各项补充措施的要求,并充分配合《通用条例》第46条规定;(6)在适当的阶段不断从事再评估以确保对个人数据在第三国境内受到的保障维持欧盟规制的要求。【210】Case C-131/12, 同前注187。
【211】GDPR, Article 17(3).【212】EU Commissioner: Right to be Forgotten Is No Harder to Enforce Than Copyright, THE GUARDIAN, 4 June 2014, available at https://www.theguardian.com/technology/2014/jun/04/eu-commissioner-right-to-be-forgotten-enforce-copyright-google.【213】Google, Requests to Delist Content under European Privacy Law, GOOGLE TRANSPARENCY REPORT, available at https://transparencyreport.google.com/eu-privacy/overview?hl=en_GB.
【214】Case C-507/17, Google LLC v. Commission nationale de l’informatique et des libertés (CNIL)(24 September 2019), ECLI:EU:C:2019:772, available at https://curia.europa.eu/juris/document/document.jsf?text=&docid=218105&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=980009.
【215】目前美国已有48个州、哥伦比亚特区(首都华盛顿市)以及波多黎各和维京群岛、关岛、马歇尔群岛等托管地等都以《统一商业秘密法》(Uniform Trade Secrets Act,简称USTA,载于https://www.uniformlaws.org/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=e19b2528-e0b1-0054-23c4-8069701a4b62&forceDialog=1)做为蓝本通过了自己的商业秘密保护法,不过最终的具体条文内容还是互有差异,相关的司法实践也还不一致,所以并不是真正的“统一”。还未采纳的是纽约(New York)与北卡罗来纳(North Carolina)两州。至于联邦层级的立法是《2016年防卫商业秘密法》(Defend Trade Secrets Act of 2016, Pub. L. 114-153, 130 Stat. 376 (2016), codified at 18 U.S.C. § 1836, et seq.)和《1996年经济间谍法》(Economic Espionage Act of 1996, Pub. L. 104-294, 110 Stat. 3488 (1996), codified at 18 U.S.C. § 1831 et seq.),后者是关于涉及窃取商业秘密的刑事责任规定,只能由检察官提起公诉,当事人没有自诉权。
【216】RESTATEMENT (SECOND) OF TORTS, §§ 766, 766B (1979).
【217】“第82条 求偿权及责任1.任何人因控制者或处理者对本条例的违反而受到重大或非重大的损害都有权从请求损害赔偿。2.任何涉及数据处理的控制者应对其违反本条例的处理所导致的损害承担责任。处理者仅于未符合本条例针对处理者的义务要求,或是其行为逾越或违反了控制者的合法指示时应对其处理所导致的损失承担责任。3.控制者或处理者如能证明对引起损失的事件无论如何均无须负责时,即可免除承担第2款所规定的责任。……”参见GDPR art. 82。另参见《欧洲联盟运行条约》(Treaty on the Functioning of the European Union,简称TFEU)第102条。【218】Case C-420/11, Leth v. Republik Österreich (Republic of Austria)(14 March 2013), ECLI:EU:C:2013:166, available at https://curia.europa.eu/juris/document/document.jsf;jsessionid=33DE46A998FB414166CECAD24A3D3948?text=&docid=135025&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=1023324.【219】Tim F. Walree and Pieter T. J. Wolters, The Right to Compensation of A Competitor for A Violation of the GDPR, 10 International Data Privacy Law 346, 350 (¶ 3.3.1) (2020), available at https://academic.oup.com/idpl/article-pdf/10/4/346/36139160/ipaa018.pdf.【220】GDPR, arts 2(2)(c), 4(1), (4), (5), (13), (14), (15), 6(1)(d), 9(1), (2)(c), 12(6), 32(4), and 35(3)(a); recitals 14, 18, 24, 26, 34, 35, 46, 51, 57, 71, 85, 86, 94, 148, and 162.
【221】Case C-253/00, Antonio Muñoz y Cia SA (17 September 2002), ECLI:EU:C:2002:497, available at https://curia.europa.eu/juris/document/document.jsf?text=&docid=47664&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1031281.【222】同前注218,351-2 (¶ 3.3.1)。
【223】Gesetz gegen den unlauteren Wettbewerb (UWG) § 3a (其原文为:“Rechtsbruch Unlauter handelt, wer einer gesetzlichen Vorschrift zuwiderhandelt, die auch dazu bestimmt ist, im Interesse der Marktteilnehmer das Marktverhalten zu regeln, und der Verstoß geeignet ist, die Interessen von Verbrauchern, sonstigen Marktteilnehmern oder Mitbewerbern spürbar zu beeinträchtigen”)。【224】例如,PAUL VOIGT AND AXEL VON DEM BUSSCHE, THE EU GENERAL DATA PROTECTION REGULATION (GDPR): A PRACTICAL GUIDE (2017), at 205-207; Heledd Lloyd-Jones and Peter Carey, The Rights of Individuals, as chapter 7 in PETER CAREY (ED.), DATA PROTECTION. A PRACTICAL GUIDE TO UK AND EU LAW (5TH ed. 2018) at 122, 153; PHILIP LAUE AND SACHA KREMER, DAS NEUE DATENSCHUTZRECHT IN DER BETRIEBLICHEN PRAXIS (2019) 370–71; Roman Dickmann, Nach dem Datenabfluss: Schadenersatz nach art 82 der Datenschutz-Grundverordnung und die Rechte des Betroffenen an seinen personenbezogenen Daten, [2018] RECHT UND SCHADEN 345。【225】Oberlandesgericht Hamburg, 25 October 2018, 3 U 66/17.
【226】Oberlandesgericht München, 7 February 2019, 37 O 6840/17; Landgericht Würzburg, 13 September 2018, 11 O 1741/18 UWG.【227】其原文为:“[A]ny possible issues relating to the sensitivity of personal data are not, as such, a matter for competition law, they may be resolved on the basis of the relevant provisions governing data protection”。参见Case C-238/05, Asnef-Equifax, Servicios de Información sobre Solvencia y Crédito, SL v. Asociación de Usuarios de Servicios Bancarios (Ausbanc) (23 November 2006) ¶ 63 (citing Advocate General’s opinion at ¶ 56), ECLI:EU:C:2006:734, available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:62005CJ0238&from=EN。【228】U.S. HOUSE OF REPRESENTATIVES SUBCOMMITTEE ON ANTITRUST, COMMERCIAL AND ADMINISTRATIVE LAW OF THE COMMITTEE ON THE JUDICIARY, INVESTIGATION OF COMPETITION IN DIGITAL MARKETS: MAJORITY STAFF REPORT AND RECOMMENDATIONS (OCTOBER 2020), available at https://judiciary.house.gov/uploadedfiles/competition_in_digital_markets.pdf.【229】同上注,第51页(其原文为:“The persistent collection and misuse of consumer data is an indicator of market power in the digital economy. Traditionally, market power has been defined as the ability to raise prices without a loss to demand, such as fewer sales or customers. Scholars and market participants have noted that even as online platforms rarely charge consumers a monetary price—products appear to be “free” but are monetized through people’s attention or with their data—traditional assessments of market power are more difficult to apply to digital markets”)。【230】Complaint, United States v. Google LLC, Case No. 1:20-cv-03010 (D.D.C. October 20, 2020), available at https://www.justice.gov/atr/case-document/file/1329131/download.【231】Executive Order 14036, Promoting Competition in the American Economy, § 1, ¶ 7, 88 FED. REG. 36987 (2021), available at https://www.govinfo.gov/content/pkg/FR-2021-07-14/pdf/2021-15069.pdf(其原文为:“The American information technology sector has long been an engine of innovation and growth, but today a small number of dominant Internet platforms use their power to exclude market entrants, to extract monopoly profits, and to gather intimate personal information that they can exploit for their own advantage. Too many small businesses across the economy depend on those platforms and a few online marketplaces for their survival. And too many local newspapers have shuttered or downsized, in part due to the Internet platforms’ dominance in advertising markets”[Emphasis added.])。【232】JACQUES CRÉMER, YVES-ALEXANDRE DE MONTJOYE, AND HEIKE SCHWEITZER FOR EUROPEAN COMMISSION, COMPETITION POLICY FOR THE DIGITAL ERA (FINAL REPORT)(2019), available at https://op.europa.eu/en/publication-detail/-/publication/21dc175c-7b76-11e9-9f05-01aa75ed71a1/language-en.【233】Proposal for a Regulation on Contestable and Fair Markets in the Digital Sector (Digital Markets Act), COM/2020/842 final (15 December 2020), available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52020PC0842&from=en; Proposal for a Regulation on a Single Market for Digital Services (Digital Services Act) and Amending Directive 2000/31/EC, COM/2020/825 final (15 December 2020), available at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52020PC0825&from=en.【234】European Commission, Data Act & Amended Rules on the Legal Protection of Databases, available at https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/13045-Data-Act-&-amended-rules-on-the-legal-protection-of-databases_en.【235】European Commission, Antitrust: Commission Opens Investigation into Possible Anticompetitive Conduct by Google in the Online Advertising Technology Sector, 22 June 2021, available at https://ec.europa.eu/commission/presscorner/detail/en/ip_21_3143.【236】这句话是英国的数学家Clive Robert Humby在2006年首创。其原文是:“Data is the new oil. It’s valuable, but if unrefined it cannot really be used. It has to be changed into gas, plastic, chemicals, etc. to create a valuable entity that drives profitable activity; so must data be broken down, analyzed for it to have value”。参见Michael Palmer, Data is the New Oil, CMO News, November 3, 2006, available at https://ana.blogs.com/maestros/2006/11/data_is_the_new.html.【237】Carrick Mollenkamp, Serena Ng, Liam Pleven and Randall Smith, Behind AIG’s Fall, Risk Models Failed to Pass Real-World Test, WALL STREET JOURNAL, October 31, 2008, available at https://www.wsj.com/articles/SB122538449722784635。可以预期,戈顿教授本人会有非常不同的观点,后来更出版了多本书为自己辩解。例如,GARY B. GORTON, MISUNDERSTANDING FINANCIAL CRISES: WHY WE DON’T SEE THEM COMING (2012)。【238】摘引自美国计算机程序专家及科幻小说作家Daniel Keys Moran的表述,原始出处待考(其原文为:“You can have data without information, but you cannot have information without data”)。
作者:孙远钊
编辑:Sharon
点击图片查看文章
扫码购买观看(长期有效)
(www.caiips.com)
(www.meddeviceip.com)
(www.giips.cn)
(www.pharmaip.cn)
(www.ipforefront.com)