| 研究生: |
林彥澄 Lin, Yen-Cheng |
|---|---|
| 論文名稱: |
暗室微光:論 AI Act 與 GDPR 架構下解釋權之實踐路徑與制度重構 A Glimmer in the Black Box: Practical Pathways and Regulatory Reform of the Right to Explanation under the AI Act and GDPR |
| 指導教授: |
鄭菀瓊
Cheng, Wan-Chiung |
| 口試委員: |
莊弘鈺
Chuang, Hung-Yu 何之行 Ho, Chih-hsing |
| 學位類別: |
碩士
Master |
| 系所名稱: |
商學院 - 科技管理與智慧財產研究所 Graduate Institute of Technology, Innovation and Intellectual Property Management |
| 論文出版年: | 2026 |
| 畢業學年度: | 114 |
| 語文別: | 中文 |
| 論文頁數: | 140 |
| 中文關鍵詞: | 解釋權 、可解釋性 、透明度 、歐盟一般資料保護規則 、歐盟人工智慧法 、人工智慧 、營業秘密 、合作監管 、量刑系統 、信用評分 、自動化決策 |
| 外文關鍵詞: | Right to Explanation, Explainability, Transparency, GDPR, EU AI Act, Artificial Intelligence, Trade Secret, Collaborative Governance, Sentencing Information System, Credit Scoring, Automated decision-making |
| 相關次數: | 點閱:209 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
在各領域中,透過AI系統產生對個體造成影響之自動化決策已逐漸普及,而可解釋性與透明度亦成為國際各界關注重點,2018年生效之歐盟一般資料保護規則(2018 General Data Protection Regulation)雖然提供個體請求解釋之權利,惟在歐盟新法人工智慧法(2025 Artificial Intelligence Act)自2025年起逐步實施後,因其亦賦予個體類似之解釋權,故二法在解釋權適用之門檻、範圍、舉證責任上,將產生互動與衝突,而個體應如何主張解釋權即至關重要。
鑒於二法解釋權規範文義存在模糊性,本文比較分析歐盟地區、美國法院判決,歸納出解釋權實踐之路徑,如主張之門檻、決策之判斷要件、重大影響之判別、有意義解釋之意涵、資訊揭露與營業秘密保障界線等。
如針對「有意義解釋」之詮釋,歐、美法院運用文義、體系、目的解釋,試圖充實、最大化「有意義」的內涵,並提出應用「範例解說」或「反事實解釋」之適用可能;關於營業秘密保障與資訊揭露落實之兩難議題,有法院認為宜揭露系統權重比例,亦有法院認定說明項目與結果之關聯,並形成「處理資料之想像畫面」已足;有法院從程序角度切入,援引正當法律程序原則,藉由專家證人協助「轉譯」資訊,增進資訊之可理解性。
關於透明化與可解釋性之關聯,實攸關「透明化」之功能定位,本文首先分析其究竟為一種揭露標準,亦或是資料經詮釋後之易懂結果。接著,本文透過學理上模型、主體中心解釋概念,觀察目前GDPR、AI Act與法院見解之傾向,釐清個體請求模型中心解釋,實因存在系統性歧視與結構性偏見,惟現階段GDPR與AI Act條文中,尚欠缺穩定得援引作為請求之依據。
為了彌補此制度空缺,本文提出解方,以個資保護影響評估(Data Protection Impact Assessment)與基本權利影響評估機制(Fundamental Rights Impact Assessment)作為事前解釋資料庫。
為減緩當前事前評估機制之封閉性,本文進一步討論合作監管機制,說明其如何結合ISO/IEC 42001國際標準,以最大化外部監督可能性,並藉此提供企業利益兼顧之方案。最後,本文回歸我國人工智慧基本法、金融業運用人工智慧(AI)指引、司法院之量刑系統,根據目前發展進程,針對可解釋性與透明度議題,提出其所適合的本土化實踐方案,期能為相關單位未來修法、監管,提供前瞻性之制度指引。
As automated decision-making in AI systems becomes increasingly prevalent across various fields, explainability and transparency have emerged as critical international concerns. While the EU General Data Protection Regulation (GDPR) currently provides individuals with the right to an explanation, the gradually implemented EU AI Act introduces similar provisions. Consequently, the interplay between these two legal frameworks becomes decisive, as individuals seek to exercise their rights under differing thresholds, scopes, and burdens of proof.
Given the ambiguities in both regulations, this article analyzes court judgments from the EU and the US to identify a practical path for exercising the right to explanation. This includes examining the threshold for asserting such rights, the legal elements of a decision, the determination of "significant impact," the substantive meaning of a "meaningful explanation," and the boundary between trade secret protection and information disclosure.
To define a “meaningful explanation,” courts in the EU and the U.S. have used literal, systematic, and teleological interpretation to give fuller meaning to the term, while also suggesting methods such as illustrative examples and counterfactual explanations. In balancing trade secret protection against information disclosure, some courts have required explanations of the decisive factors and their relative weight, while others have found it sufficient to explain the link between relevant factors and the outcome, allowing individuals to form a mental picture of the processing. Other judgments, drawing on due process, have suggested that expert witnesses can help achieve a “meaningful explanation” by translating technical information for affected individuals.
This article examines the relationship between “transparency” and “explainability,” asking whether transparency is a disclosure standard or an intelligible result of interpretation. It analyzes the GDPR, the AI Act, and relevant judgments through the concepts of “model-centric explanation” and “subject-centric explanation,” finding that requests for “model-centric explanation” arise from attempts to challenge systematic prejudice. However, there is little regulatory support for such requests.
Observing a lack of legal support for the specific types of explanations individuals require, this article proposes a solution by utilizing Data Protection Impact Assessments (DPIA) and Fundamental Rights Impact Assessments (FRIA) as a "prior explanation database."
To address the closed nature of current impact assessment mechanisms, this article further explores how collaborative governance, integrated with international standards, can provide corporate incentives while meeting the needs for greater disclosure and supervision. Lastly, the article reviews the Artificial Intelligence Fundamental Act, the Guidelines for Artificial Intelligence (AI) Applications in the Financial Industry, and the Sentencing Information System of the Judicial Yuan in Taiwan. By seeking localized solutions for explainability and transparency based on current developments, this article serves as a guide for future legislative amendments and regulatory practices.
第一章、緒論 11
第一節、研究動機與目的 11
第二節、研究架構 12
第三節、研究範圍與限制 13
第二章、GDPR與AI Act中形塑的解釋權 14
第一節、解釋權概念 14
第二節、GDPR與AI Act中的解釋權 17
第三節、GDPR與AI Act 在解釋權上的對比與界線 22
第三章、司法案例中的解釋權觀察 28
第一節、解釋權之啟動門檻:「純」自動化與「決策」定性 29
第二節、何謂「有意義」?——解釋之實質意涵與揭露範圍 39
第三節、「有意義資訊」之邊界:資訊揭露與營業秘密保護 42
第四節、建構制度解決方案 46
第五節、GDPR與AI Act於解釋權行使之交互影響與界線 51
第四章、以解釋權為核心的制度調和 58
第一節、何謂「皆大歡喜」的解釋權? 58
第二節、事前影響評估機制與解釋權之關聯 75
第三節、從事前影響評估到合作監管:建構可解釋性迴圈 85
第四節、合作監管制度展望:面對營業秘密保障與可信度的權衡方案 95
第五節、小結 104
第五章、我國法之建議 107
第一節、法律制度建議 107
第二節、我國司法AI應用情形 120
第三節、小結 131
第六章、結論 133
參考文獻 136
中文文獻
期刊論文
1. 文家倩,量刑與 AI 的交會──淺談司法院量刑資訊系統的革新,當代法律,10期,2022年。
2. 林勤富,歐盟《人工智慧法》之制度設計、規範內涵與治理侷限,中研院法學期刊,36 期,2025 年。
3. 林勤富,智慧法院之發展與界限(下)──演算法、科技治理與司法韌性,月旦法學雜誌,324期,2022年。
4. 林輝煌,我國人工智慧基本法之制度性侷限與法治落實之道-從刑事程序、行政法與憲法審查觀點出發,最高檢察署月刊,41期,2026年。
5. 陳家駿、黃信瑋,從我國新通過之人工智慧基本法-談金融業運用AI之風險管理,萬國法律,265期,2026年。
6. 黃詩淳,AI 可解釋性的法學意義及其實踐,臺大法學論叢,52卷特刊,2023年。
7. 葛如鈞、林玧希、張正蒓,臺灣AI治理北極星:我國首部《人工智慧基本法》的誕生、抉擇與未竟之路,當代法律,50期,2026年。
8. 蘇凱平,以人工智慧輔佐法院之刑罰裁量:破譯「黑盒子」的可能與顧慮,臺大法學論叢,54卷3期,2025年。
網路文獻
1. 司法院刑事廳,本院新聞「司法院開放事實型量刑資訊系統供民眾使用 回應各界對量刑妥適性之期待」,司法院官網,2024年11月27日,https://www.judicial.gov.tw/tw/cp-1887-1207000-1faaf-1.html(最後瀏覽日:2026/03/01)。
2. 金融科技發展與創新中心,新聞稿「金管會發布『金融業運用人工智慧(AI)指引』」,金融監督管理委員會官網,2024年6月20日,https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202406200001&dtable=News(最後瀏覽日:2026/03/04)。
英文文獻
官方文件
1. Art. 29 Data Protection Working Party, Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (WP251rev.01 2018).
2. Art. 29 Data Protection Working Party, Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 (WP 248 rev.01 2017).
3. European Commission, WHITE PAPER On Artificial Intelligence - A European approach to excellence and trust, COM(2020) 65 final (2020/02/19), https://ec.europa.eu/info/consultations_en.
4. European Parliament, The impact of the General Data Protection Regulation (GDPR) on artificial intelligence, STOA Study, QA-02-20-399-EN-N (2020).
5. OECD, Recommendation of the Council on Artificial Intelligence, OECD/LEGAL/0449 (2024).
6. P. Jonathon Phillips et al., Four Principles of Explainable Artificial Intelligence, NISTIR 8312 (Sept. 2021), https://doi.org/10.6028/NIST.IR.8312.
7. UNESCO, Recommendation on the Ethics of Artificial Intelligence (2021).
期刊論文
1. Antoni Roig, Safeguards for the Right Not to Be Subject to a Decision Based Solely on Automated Processing (Article 22 GDPR), 8 Eur. J. L. & Tech. (2017).
2. Anna Thomaidou & Konstantinos Limniotis, Navigating Through Human Rights in AI: Exploring the Interplay Between GDPR and Fundamental Rights Impact Assessment, 5 J. Cybersecur. Priv. 7 (2025).
3. Asymina Aza, Scores as Decisions? Art. 22 GDPR and the Judgment of the CJEU in SCHUFA Holding (Scoring) in the Labour Context, 53 Indus. L.J. 840 (2024).
4. Dillon Reisman et al., Algorithmic Impact Assessments: A Practical Framework for Public Agency Accountability (AI Now Inst. 2018).
5. Goodman Ellen P . & Trehu Julia, ALGORITHMIC AUDITING: CHASING AI ACCOUNTABILITY, 39 Santa Clara High Tech. L.J. 289 (2023).
6. Hans-Wolfgang Micklitz, The External Dimension of AI Standards in EU Digital Policy Legislation, 60 Tex. Int'l L.J. 129 (2024).
7. Kassem Saleh & Hanady Abdulsalam, Operationalizing ISO/IEC 42001: Requirements and Conformance Evidence for AI Management Systems, in 2025 International Conference on Artificial Intelligence for Sustainable Innovation (AI-SI) (2025).
8. Lilian Edwards & Michael Veale, Slave to the Algorithm? Why a ‘Right to an Explanation’ Is Probably Not the Remedy You Are Looking For, 16 Duke L. & Tech. Rev. 18 (2017).
9. Ljubiša Metikoš & Jef Ausloos, The right to an explanation in practice: insights from case law for the GDPR and the AI Act, 17:1 Law, Innovation and Technology 205 (2025).
10. Ljupcho Grozdanovski & Jérôme De Cooman, Forget The Facts, Aim For The Rights! On The Obsolescence Of Empirical Knowledge In Defining The Risk/Rights-Based Approach To Ai Regulation In The European Union, 49 Rutgers Computer & Tech. L.J. 207 (2023).
11. Maja Nisevic et al., Explainable AI: Can the AI Act and the GDPR go out for a date?, in Proceedings of the 2024 International Joint Conference on Neural Networks (IJCNN) 1 (IEEE ed., 2024).
12. Margot E. Kaminski, Binary Governance: Lessons from the GDPR’s Approach to Algorithmic Accountability, 92 S. Cal. L. Rev. 1529 (2019).
13. Margot E. Kaminski & Gianclaudio Malgieri, Multi-layered Explanations from Algorithmic Impact Assessments in the GDPR, in Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency 68 (2020).
14. Natalija Parlov et al., Structuring AI Risk Management Framework: EU AI Act FRIA, GDPR DPIA and ISO 42001/23894, in 2025 14th MECO (2025).
15. Philipp Hacker & Jan-Hendrik Passoth, Varieties of AI Explanations Under the Law: From the GDPR to the AIA, and Beyond, in xxAI - Beyond Explainable AI 343 (Andreas Holzinger et al. eds., 2022).
16. Ran Xi, A Systems Approach to Shedding Sunlight on AI Black Boxes, 53 Hofstra L. Rev. 441 (2025).
17. Valérie Beaudouin et al., Flexible and Context-Specific AI Explainability: A Multidisciplinary Approach, arXiv (2020).
網路文獻
1. Explainable Artificial Intelligence (XAI), DARPA, https://www.darpa.mil/research/programs/explainable-artificial-intelligence (last visited 2025/11/04).
2. Implementation Timeline, Future of Life Institute, https://artificialintelligenceact.eu/implementation-timeline/ (last visited 2026/02/07).
3. Role of the EDPB, European Data Protection Board, https://www.edpb.europa.eu/role-edpb_en (last visited 2026/01/06).
4. Symbolic Reasoning (Symbolic AI) and Machine Learning, Pathmind, https://wiki.pathmind.com/symbolic-reasoning (last visited 2025/12/19).
全文公開日期 2031/06/02