巨量資料使用如涉及個人資料的蒐集、處理與利用，將面臨諸多潛在法律風險。本研 究以我國2010年大幅修正之個人資料保護法出發1，研究發現，因為巨量資料的大量性、 強調速度與資料多樣性等特質，適用我國個資法架構時可能發生以下問題：(1) 無法完 全履行個資法第8 條與第9 條對於個人資料於蒐集、處理或利用時之告知義務、(2) 不 易符合個資法第11 條在特定目的消失或契約到期後，不得持有、處理或利用資料的規 定、(3) 部分蒐集方可能不符個資法第19 條須具有特定目的之要求、(4) 無法充分執行 個資法第20 條對特定目的外之利用及停止行銷相關要求、(5) 無法配合個資法第54 條 於首次利用時告知之要求等，顯見我國現行個資法可能對巨量資料應用產生重大法律 風險。

In spite of their underlying values, big data now present enormous challenges as their collection, processing and application are potentially susceptible to the legal risks under Personal Information Protection Act (PIPA 2010) in Taiwan. By putting big data under the analysis framework of PIPA, this paper notes that by taking into consideration the staggering volume, velocity and variety claimed by big data and the enactment of PIPA, problems might arise in a number of ways: (1) In terms of information disclosure, data collection and processing would not meet the requirement of Article 8 and Article 9 of PIPA; (2) Data controllers are very likely to breach the duty stipulated by Article 11 of PIPA, which is, deleting and discontinuing to process or use when the specific purpose no longer exists or contract period expires; (3) Some data collectors might fail to satisfy the specific purpose requirement set by Article 19 of PIPA; (4) Data controllers might violate Article 20 of PIPA at the first marketing action; (5) They also might not meet Article 54 of PIPA that requires a notification may be given at the time where such personal information is first used.