隨智慧聯網相關科技之蓬勃與普及、人口結構逐步高齡化帶動日常保健觀念抬頭，驅動 行動健康服務(Mobile Health, mHealth)快速發展。由於行動健康服務之特性，服務使用過程中 會密切、長時間不間斷得取用使用者之健康資料，容易涉及使用者之高度隱私，相對提升使 用者個人資料遭不當利用、隱私洩漏之風險。此外，行動健康服務的使用會促使健康資料的 大量探勘，經積累逐漸形成大數據環境，而服務之提供即係以健康相關大數據應用為基礎， 大數據複雜的分析與利用亦會大幅提升個人資料隱私安全之疑慮，故行動健康服務應用之推 動與個人資料隱私之保護形成兩難議題。 本文以歐盟為主要觀測對象，業者透過行動健康服務蒐集使用者資料必須遵循現行資料 保護指令(Data Protection Directive 95/46/EC)等歐盟指令之規範；此外，預計2018年生效之 「一般資料保護規則(General Data Protection Regulation)」進一步強化資料主體對其個人資料之掌控權利，並明訂資料控制者應遵循「資料最小化」、「從設計著手保護資料」、「以預設機制進行資料保護」三原則，皆會對行動健康服務使用者之個人資料隱私保護帶來正面影響。除了強制性規範，歐盟執委會目前正針對行動健康應用程式訂定產業為主導之行為守則，以協助開發者從研發階段即透過技術提升對使用者個人資料的保護。另針對健康相關大數據應用與個人資料保護之調和，根據歐盟行動健康綠皮書公眾諮詢結果報告綜整相關利害關係團體之建議，亦值得作為我國推動行動健康相關政策規劃參酌之方向。

With the thriving and popularization of Internet of Things, as well as the aging of population structure and the rising awareness of daily health, the mobile Health (hereafter "mHealth") is emerging and rapidly developing. Due to the characteristics of mHealth solutions, the user's health data could be collected in anytime, continuously and closely in the service course, which would increase the risks of the misuse of user's personal data and privacy leak. However, mHealth can facilitate the mining of large amounts of health data, Such data can be stored in large databases which will gradually formed "big data". The services of mHealth are based on the analysis and application of big health data, which also increase the risk of privacy safety significantly; therefore, there is a dilemma between the promotion of mHealth and the protection of personal data and privacy. In European Union, the operators have to comply with the relevant legal framework which is composed of the Data Protection Directive and the ePrivacy Directive when collecting user's data through mHealth solutions and devices. Moreover, the EU data protection reform of General Data Protection Regulation will become applicable across the EU in 2018. The new rules will strengthen the protection of personal data of mHealth users, empower individuals with more control over their personal data, and set the requirement for data controller to comply with the principles of "data minimisation", "data protection by design", and "data protection by default." In addition to the regulation, the European Commission now starts initiative on drawing up an industry-led Code of Conduct on mHealth applications. The main objective of this code is to help developers to take into account the data protection safeguards by technologies at the planning stage. And about the topic of the trade-off between the application of big health data and the protection of personal data, the suggestions from the related stakeholders according to the Green paper on mobile Health, cold be the reference directions of the promotion of mHealth for Taiwan.