全球數位經濟的時代發展下，資料的跨境傳輸已成為國際貿易與創新不可或缺的基礎，但同時也引發了主權、隱私與國家安全之間的深刻張力。本研究採規範性分析途徑，聚焦於2010年至今美歐資料治理實踐，透過歷史性言論分析，探討網路空間新興規範「資料主權」與既有「資料隱私保護」之間的規範互動關係。目的在於追蹤資料主權在美歐官方與企業言論中的關注程度與敘事變化，並評估其對既有隱私規範的影響，研究特別納入企業言論作為非國家行為者的倡議角色。本研究發現，美歐對於資料主權的認知存在根本性差異:歐盟將其定位為以人權為核心的規範性價值延伸，而美國則基於國家安全與經濟效率，將其工具性認知為數位貿易保護主義。此種規範性與工具性論述的衝突，是美歐資料傳輸協議(如隱私盾)長期反覆失效的結構性根源。此外，本研究進一步發現，科技巨擘的規範倡議角色已發生本質性轉變，它們依賴龐大的資料體量，從被動法遵者轉為積極的規範倡議者，主動推動「可互通」的全球資料標準，以確保其跨國商業利益。本研究深化了規範擴散理論在資料治理場域的應用理解，並深入探討科技巨擘在全球資料治理體系中的新興倡議能力。

The generational development of the global digital economy has made cross- border data transfer an indispensable foundation for international trade and its innovation. Yet, it simultaneously triggers profound tensions among sovereignty, privacy, and national security. This research adopts a normative analysis approach, focusing on the data governance practices of the United States and the European Union from 2010 to the present. Through historical discourse analysis, this thesis investigates the interactive relationship between the emerging norm of “data sovereignty” in cyberspace and the existing norm of “data privacy. ” The primary objective is to track the level of attention and the shifts in narratives surrounding data sovereignty within the official and corporate discourses of the U.S and the EU, and to assess its impacts on existing privacy norms. This research specifically incorporates corporate statements to examine the advocacy role of non-state actors.
This research reveals a fundamental divergence in the recognition of data sovereignty between the two powers: the EU frames it as an extension of normative values rooted in human rights, while the U.S, driven by national security and economic efficiency, applies an instrumental interpretation by labeling it as digital trade protectionism. Such conflict between normative and instrumental discourses is the structural root cause of the long-term, repeated failures of the EU-U.S data transfer agreements (such as the Privacy Shield). Furthermore, this thesis further indicates that the normative advocacy role of technology giants has undergone a fundamental transformation. Leveraging their vast data volume and economic scale, these big techs have shifted from passive compliance agents to active norm entrepreneurs, proactively promoting "interoperable" global data standards to safeguard their multinational business interests. Therefore, this research deepens the understanding of ‘‘norm diffusion’’ theory in the field of data governance and thoroughly examines the emerging advocacy capabilities of tech giants within the global data governance system.

專書、專書篇章
Balkin, J. M., and Information Society, Project. Cybercrime : Digital Cops in a Networked Environment / Edited by Jack M. Balkin .. [Et Al.]. 國科會補助人文及社會科學研究圖書設備計畫規劃主題:新媒體研究. New York, N.Y: New York University Press, 2007.
Carr, M. M., Erskine, T., Osula, A. M., and Roigas, H. "Beyond “Quasi-Norms”: The Challenges and Potential of Engaging with Norms in Cyberspace." NATO Cooperative Cyber Defence Centre of Excellence, 2016.
Choucri, Nazli. Cyberpolitics in International Relations / Nazli Choucri. Mit Press Direct. Cambridge, Mass: MIT Press, 2012.
DeNardis, Laura. The Global War for Internet Governance / Laura Denardis. 科技部補助人文及社會科學研究圖書設備計畫規劃主題:多元觀點下的法理論發展與變遷. New Haven: Yale University Press, 2013.
Dodge, Martin, and Kitchin, Rob. Mapping Cyberspace / Martin Dodge and Rob Kitchin. London ;: Routledge, 2001.
Katzenstein, Peter J. Cultural Norms and National Security : Police and Military in Postwar Japan / Peter J. Katzenstein. Cornell Studies in Political Economy. Ithaca, N.Y: Cornell University Press, 1996.
O'Hara, Kieron, and Hall, Wendy. Four Internets : Data, Geopolitics, and the Governance of Cyberspace / Kieron O'hara and Wendy Hall. Oxford Academic. New York, NY: Oxford University Press, 2021.
Percy, Sarah, and Oxford University, Press. Mercenaries the History of a Norm in International Relations / by Sarah Percy. Oxford Scholarship Online. Oxford: Oxford University Press, 2007.
Ruggie, John Gerard. Constructing the World Polity : Essays on International Institutionalization / John Gerard Ruggie. The New International Relations. London ;: Routledge, 1998.
Streinz, Thomas, Craig, Paul, and de Búrca, Gráinne. "The Evolution of European Data Law." 902-36. Oxford: Oxford University Press, 2021.
Wendt, Alexander. Social Theory of International Politics / Alexander Wendt. Cambridge Core. Cambridge: Cambridge University Press, 1999.
Wiener, Antje. Contestation and Constitution of Norms in Global International Relations / Antje Wiener, University of Hamburg and University of Cambridge. Cambridge: Cambridge University Press, 2018.
Wodak, Ruth, and Meyer, Michael. Methods of Critical Discourse Analysis Ruth Wodak and Michael Meyer. Sage Knowledge. London: SAGE, 2002.
期刊文章
Aaronson, Ariel Susan "Data Is Different, and That's Why the World Needs a New Approach to Governing Cross-Border Data Flows." Digital policy, regulation and governance 21, no. 5 (2019): 441-60. https://doi.org/10.1108/DPRG-03-2019-0021.
Albrecht, Jan Philipp. "How the Gdpr Will Change the World." Eur. Data Prot. L. Rev. 2 (2016): 287.
Almeida, Virgilio, Getschko, Demi, and Afonso, Carlos. "The Origin and Evolution of Multistakeholder Models." IEEE internet computing 19, no. 1 (2015): 74-79. https://doi.org/10.1109/MIC.2015.15.
Bakare, Seun Solomon, Adeniyi, Adekunle Oyeyemi, Akpuokwe, Chidiogo Uzoamaka, and Eneh, Nkechi Emmanuella. "Data Privacy Laws and Compliance: A Comparative Review of the Eu Gdpr and USA Regulations."  (2024).
Balzacq, Thierry, and Cavelty, Myriam Dunn. "A Theory of Actor-Network for Cyber-Security." European journal of international security 1, no. 2 (2016): 176-98. https://doi.org/10.1017/eis.2016.8.
Ben-Josef Hirsch, Michal, and Dixon, Jennifer M. "Conceptualizing and Assessing Norm Strength in International Relations." European journal of international relations 27, no. 2 (2021): 521-47. https://doi.org/10.1177/1354066120949628.
Berg, Bibi van den. "Dealing with Uncertainty in Cyberspace." Computers & security 144 (2024): 103939. https://doi.org/10.1016/j.cose.2024.103939.
Björkdahl, Annika. "Norms in International Relations: Some Conceptual and Methodological Reflections." Cambridge review of international affairs 15, no. 1 (2002): 9-23. https://doi.org/10.1080/09557570220126216.
Boyne, Shawn Marie. "Data Protection in the United States." The American journal of comparative law 66, no. suppl_1 (2018): 299-343. https://doi.org/10.1093/ajcl/avy016.
Braun, Matthias, and Hummel, Patrik. "Is Digital Sovereignty Normatively Desirable?". Information, communication & society  (2024): 1-14. https://doi.org/10.1080/1369118X.2024.2332624.
Burri, Mira. "The Regulation of Data Flows through Trade Agreements." Georgetown journal of international law 48, no. 2 (2017): 407.
Bygrave, Lee A. "Privacy Protection in a Global Context: A Comparative Overview." Scandinavian studies in law 47 (2004).
Calderaro, Andrea, and Craig, Anthony J. S. "Transnational Governance of Cybersecurity: Policy Challenges and Global Inequalities in Cyber Capacity Building." Third world quarterly 41, no. 6 (2020): 917-38. https://doi.org/10.1080/01436597.2020.1729729.
Carr, Madeline, and Lesniewska, Feja. "Internet of Things, Cybersecurity and Governing Wicked Problems: Learning from Climate Change Governance." International relations (London) 34, no. 3 (2020): 391-412. https://doi.org/10.1177/0047117820948247.
Carrier, Michael A. "How the Federal Trade Commission Can Use Section 5 to Strengthen the Right to Repair." Berkeley Tech. LJ 37 (2022): 1145.
Cortell, Andrew P., and Davis, James W. "How Do International Institutions Matter? The Domestic Impact of International Rules and Norms." International studies quarterly 40, no. 4 (1996): 451-78. https://doi.org/10.2307/2600887.
Cortell, Andrew P., and Davis Jr, James W. "Understanding the Domestic Impact of International Norms: A Research Agenda." International Studies Review 2, no. 1 (2000): 65-87. https://doi.org/10.1111/1521-9488.00184.
Couture, Stephane, and Toupin, Sophie. "What Does the Notion of “Sovereignty” Mean When Referring to the Digital?". New Media & Society 21, no. 10 (2019): 2305-22. https://doi.org/10.1177/1461444819865984.
Deibert, Ronald, and Rohozinski, Rafal. "Liberation Vs. Control: The Future of Cyberspace." Journal of democracy 21, no. 4 (2010): 43-57. https://doi.org/10.1353/jod.2010.0010.
Dunn Cavelty, Myriam, and Wenger, Andreas. "Cyber Security Meets Security Politics: Complex Technology, Fragmented Politics, and Networked Science." Contemporary security policy 41, no. 1 (2020): 5-32. https://doi.org/10.1080/13523260.2019.1678855.
Edler, Jakob, Blind, Knut, Kroll, Henning, and Schubert, Torben. "Technology Sovereignty as an Emerging Frame for Innovation Policy. Defining Rationales, Ends and Means." Research policy. 52, no. 6 (2023): 104765. https://doi.org/10.1016/j.respol.2023.104765.
Egloff, Florian J., and Smeets, Max. "Publicly Attributing Cyber Attacks: A Framework." Journal of strategic studies 46, no. 3 (2023): 502-33. https://doi.org/10.1080/01402390.2021.1895117.
Engelkamp, Stephan, and Glaab, Katharina. "Writing Norms: Constructivist Norm Research and the Politics of Ambiguity." Alternatives: global, local, political 40, no. 3/4 (2015): 201-18. https://doi.org/10.1177/0304375415612270.
Fahey, Elaine, and Terpan, Fabien. "Torn between Institutionalisation & Judicialisation: The Demise of the Eu-Us Privacy Shield." Indiana journal of global legal studies 28, no. 2 (2021): 205-44. https://doi.org/10.2979/INDJGLOLEGSTU.28.2.0205.
Finnemore, Martha. "Norms, Culture, and World Politics: Insights from Sociology's Institutionalism." International organization 50, no. 2 (1996): 325-47. https://doi.org/10.1017/S0020818300028587.
Finnemore, Martha, and Hollis, Duncan B. "Constructing Norms for Global Cybersecurity." The American journal of international law 110, no. 3 (2016): 425-79. https://doi.org/10.1017/S0002930000016894.
Finnemore, Martha, and Sikkink, Kathryn. "International Norm Dynamics and Political Change." International organization 52, no. 4 (1998): 887-917. https://doi.org/10.1162/002081898550789.
Greenhill, Brian. "The Company You Keep: International Socialization and the Diffusion of Human Rights Norms." International studies quarterly 54, no. 1 (2010): 127-45.
Greenleaf, Graham. "The Influence of European Data Privacy Standards Outside Europe: Implications for Globalization of Convention 108." International data privacy law 2, no. 2 (2012): 68-92. https://doi.org/10.1093/idpl/ips006.
Gurowitz, Amy. "The Diffusion of International Norms: Why Identity Matters." International politics (Hague, Netherlands) 43, no. 3 (2006): 305-41. https://doi.org/10.1057/palgrave.ip.8800145.
Hansen, Lene, and Nissenbaum, Helen. "Digital Disaster, Cyber Security, and the Copenhagen School." International studies quarterly 53, no. 4 (2009): 1155-75. https://doi.org/10.1111/j.1468-2478.2009.00572.x.
Henriksen, Anders. "The End of the Road for the Un Gge Process: The Future Regulation of Cyberspace." Journal of cybersecurity (Oxford) 5, no. 1 (2019). https://doi.org/10.1093/cybsec/tyy009.
Hitchens, Theresa, and Gallagher, Nancy W. "Building Confidence in the Cybersphere: A Path to Multilateral Progress." Journal of cyber policy 4, no. 1 (2019): 4-21. https://doi.org/10.1080/23738871.2019.1599032.
Hofmann, Jeanette, Katzenbach, Christian, and Gollatz, Kirsten. "Between Coordination and Regulation: Finding the Governance in Internet Governance." New media & society 19, no. 9 (2017): 1406-23. https://doi.org/10.1177/1461444816639975.
Hofmann, Stephanie C., and Pawlak, Patryk. "Governing Cyberspace: Policy Boundary Politics across Organizations." Review of international political economy : RIPE 30, no. 6 (2023): 2122-49. https://doi.org/10.1080/09692290.2023.2249002.
Hummel, Patrik, Braun, Matthias, Tretter, Max, and Dabrock, Peter. "Data Sovereignty: A Review." Big data & society 8, no. 1 (2021). https://doi.org/10.1177/2053951720982012.
Hurel, Louise Marie, and Lobato, Luisa Cruz. "Unpacking Cyber Norms: Private Companies as Norm Entrepreneurs." Journal of cyber policy 3, no. 1 (2018): 61-76. https://doi.org/10.1080/23738871.2018.1467942.
Kavalski, Emilian. "The Struggle for Recognition of Normative Powers: Normative Power Europe and Normative Power China in Context." Cooperation and conflict 48, no. 2 (2013): 247-67.
Kirby, M. D. "Transborder Data Flows and the Basic Rules of Data Privacy." Stanford journal of international law 16 (1980): 27-66.
Kuner, Christopher. "Reality and Illusion in Eu Data Transfer Regulation Post Schrems." German law journal 18, no. 4 (2017): 881-918. https://doi.org/10.1017/S2071832200022197.
Lambach, Daniel. "The Territorialization of Cyberspace." INTERNATIONAL STUDIES REVIEW 22, no. 3 (2020): 482-506. https://doi.org/10.1093/isr/viz022.
Lawless, Sarah, Song, Andrew M, Cohen, Philippa J, and Morrison, Tiffany H. "Rights, Equity and Justice: A Diagnostic for Social Meta-Norm Diffusion in Environmental Governance." Earth System Governance 6 (2020): 100052.
Leggett, Theo. "Amazon Hit with $886m Fine for Alleged Data Law Breach." (2021). https://www.bbc.com/news/business-58024116.
Lyon, David. "Surveillance, Snowden, and Big Data: Capacities, Consequences, Critique." Big data & society 1, no. 2 (2014): 2053951714541861.
Manners, Ian. "Normative Power Europe: A Contradiction in Terms?". JCMS: Journal of common market studies 40, no. 2 (2002): 235-58.
Maurer, Tim. "A Dose of Realism: The Contestation and Politics of Cyber Norms." Hague journal on the rule of law : HJRL 12, no. 2 (2020): 283-305. https://doi.org/10.1007/s40803-019-00129-8.
McLaughlin, Edward W. "Schrems's Slippery Slope: Strengthening Governance Mechanisms to Rehabilitate Eu-Us Cross-Border Data Transfers after Schrems Ii." Fordham L. Rev. 90 (2021): 217.
Mueller, Milton L. "Against Sovereignty in Cyberspace." INTERNATIONAL STUDIES REVIEW 22, no. 4 (2020): 779-801. https://doi.org/10.1093/isr/viz044.
Newhouse, John. "Diplomacy, Inc.: The Influence of Lobbies on Us Foreign Policy." Foreign Aff. 88 (2009): 73.
Novotny, E. J. "Transborder Data Flows and International-Law- a Framework for Policy-Oriented Inquiry." Stanford journal of international law 16 (1980): 141-80.
Obendiek, Anke Sophia. "What Are We Actually Talking About? Conceptualizing Data as a Governable Object in Overlapping Jurisdictions." International studies quarterly. 66, no. 1 (2022): sqab080. https://doi.org/10.1093/isq/sqab080.
Pohle, Julia, and Santaniello, Mauro. "From Multistakeholderism to Digital Sovereignty: Toward a New Discursive Order in Internet Governance?". Policy and internet 16, no. 4 (2024): 672-91. https://doi.org/10.1002/poi3.426.
Pohle, Julia, and Thiel, Thorsten. "Digital Sovereignty." Internet policy review 9, no. 4 (2020): 1-19. https://doi.org/10.14763/2020.4.1532.
Post, Robert C. "Three Concepts of Privacy." The Georgetown law journal 89, no. 6 (2001): 2087-98.
Reidenberg, Joel R. "Resolving Conflicting International Data Privacy Rules in Cyberspace." Stanford law review 52, no. 5 (2000): 1315-71. https://doi.org/10.2307/1229516.
Risse, Thomas. "“Let's Argue!”: Communicative Action in World Politics." International organization 54, no. 1 (2000): 1-39. https://doi.org/10.1162/002081800551109.
Sarker, Iqbal H., Kayes, A. S. M., Badsha, Shahriar, Alqahtani, Hamed, Watters, Paul, and Ng, Alex. "Cybersecurity Data Science: An Overview from Machine Learning Perspective." Journal of big data 7, no. 1 (2020): 1-29. https://doi.org/10.1186/s40537-020-00318-5.
Schwartz, Paul M. "Global Data Privacy: The Eu Way." NYUL Rev. 94 (2019): 771.
Schwartz, Paul M., and Peifer, Karl-Nikolaus. "Transatlantic Data Privacy Law." The Georgetown law journal 106, no. 1 (2017): 115-79.
Simmons, B. A. "Compliance with International Agreements." Annual review of political science 1, no. 1 (1998): 75-93. https://doi.org/10.1146/annurev.polisci.1.1.75.
Sloan, Robert H., and Warner, Richard. "Beyond Notice and Choice: Privacy, Norms, and Consent." Journal of high technology law 14, no. 2 (2014): 370.
Svantesson, D. . "Data Localisation Trends and Challenges: Considerations for the Review of the Privacy Guidelines, Oecd Digital Economy Papers, No. 301." (2020). https://doi.org/10.1787/7fbaed62-en.
van Eeten, Michel J. G., and Mueller, Milton. "Where Is the Governance in Internet Governance?". New media & society 15, no. 5 (2013): 720-36. https://doi.org/10.1177/1461444812462850.
Viljoen, Salomé. "A Relational Theory of Data Governance." The Yale Law Journal  (2021): 573-654.
von Scherenberg, Franziska, Hellmeier, Malte, and Otto, Boris. "Data Sovereignty in Information Systems." Electronic markets 34, no. 1 (2024): 15. https://doi.org/10.1007/s12525-024-00693-4.
Winston, Carla. "Norm Structure, Diffusion, and Evolution: A Conceptual Approach." European journal of international relations 24, no. 3 (2018): 638-61. https://doi.org/10.1177/1354066117720794.
Woods, Andrew Keane. "Litigating Data Sovereignty." The Yale Law Journal Vol. 128, No. 2 (2018): 328-406.
Zalnieriute, Monika. "Data Transfers after 'Schrems Ii': The Eu-Us Disagreements over Data Privacy and National Security." Vanderbilt journal of transnational law 55, no. 1 (2022): 1-48.
國家與國際組織官方文件
APEC. "Apec Privacy Framework." (2005). ttps://www.apec.org/docs/default-source/publications/2005/12/apec-privacy-framework/05_ecsg_privacyframewk.pdf?sfvrsn=d3de361d_1.
Article 29 Data Protection Working Party. "Chairman of the Article 29 Working Party: Proposals a Chance for Better Protection." (2012). https://ec.europa.eu/justice/article-29/press-material/press-release/art29_press_material/2012/20120125_pr_dp_proposals_en.pdf.
———. "Cjeu’s Judgment on the Right to Be Forgotten: The Wp29 Will Meet with Search Engines on July 24th." (2014). https://ec.europa.eu/justice/article-29/press-material/press-release/art29_press_material/2014/20140717_wp29_press_release_meeting_with_search_engines.pdf.
———. "Data Protection Authorities Call for Strict General Privacy Agreement with United States." (2010). https://ec.europa.eu/justice/article-29/press-material/press-release/art29_press_material/2010/pr_19_11_10_en.pdf.
———. "Eu Data Protection Group Says Google, Microsoft and Yahoo! Do Not Comply with Data Protection Rules." (2010). https://ec.europa.eu/justice/article-29/press-material/press-release/art29_press_material/2010/pr_26_05_10_en.pdf.
———. "Eu-Us Tftp Agreement Not in Line with Privacy Legislation European Data Protection Authorities Not Satisfied with Safeguards in Eu-Us Financial Transactions Agreement." (2010). https://ec.europa.eu/justice/article-29/press-material/press-release/art29_press_material/2010/pr_25_06_10_en.pdf.
———. "European Commission Vice-President Reding: Data Protection Authorities Should Be Strengthened." (2010). https://ec.europa.eu/justice/article-29/press-material/press-release/art29_press_material/2010/pr_15_07_10_en.pdf.
———. "Issued by the Article 29 Data Protection Working Party." (2014). https://ec.europa.eu/justice/article-29/press-material/press-release/art29_press_material/2014/20140410_pr_surveillance_programmes.pdf.
———. "Press Release Issued by the Article 29 Data Protection Working Party, 23rd, May 2014.". (2014). https://ec.europa.eu/justice/article-29/press-material/press-release/art29_press_material/2014/20140523_wp29_press_release_ecj_google.pdf.
———. "Statement of the Article 29 Working Party on the Opinion on the Eu-U.S. Privacy Shield." (2016). https://ec.europa.eu/justice/article-29/press-material/press-release/art29_press_material/2016/press_release_shield_en.pdf.
California Privacy Protection Agency. "Laws & Regulations." (2025). https://cppa.ca.gov/regulations/.
Casalini, Francesca, and López González, Javier. "Trade and Cross-Border Data Flows." In Documents de travail de l'OCDE sur la politique commerciale, OECD Publishing, 2019.
Commission Nationale pour la Protection des Données. "Decision Regarding Amazon Europe Core S.à R.L.". (2021). https://cnpd.public.lu/en/actualites/international/2021/08/decision-amazon-2.html.
EUR-Lex. "Charter of Fundamental Rights of the European Union." (2009). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A12010P%2FTXT&qid=1756174336143.
———. "Communication from the Commission to the European Parliament and the Council on the Transfer of Personal Data from the Eu to the United States of America under Directive 95/46/Ec Following the Judgment by the Court of Justice in Case C-362/14 (Schrems)." (2015). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52015DC0566&qid=1756466104950.
———. "Communication from the Commission to the European Parliament and the Council Transatlantic Data Flows: Restoring Trust through Strong Safeguards." (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52016DC0117&qid=1756466453935.
———. "Judgment of the Court (Grand Chamber) of 6 October 2015." (2015). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:62014CJ0362
———. "Judgment of the Court (Grand Chamber) of 16 July 2020." (2020). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:62018CJ0311_RES&qid=1743403055413.
———. "Judgment of the Court (Grand Chamber), 13 May 2014. Google Spain Sl and Google Inc. V Agencia Española De Protección De Datos (Aepd) and Mario Costeja González.". (2014). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62012CJ0131&qid=1756175151602.
———. "Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation)." (2012). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52012PC0011.
———. "Regulation (Eu) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/Ec (General Data Protection Regulation) (Text with Eea Relevance)." (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679.
———. "Regulation (Eu) 2024/1689 of the European Parliament and of the Council of 13 June 2024 Laying down Harmonised Rules on Artificial Intelligence and Amending Regulations (Ec) No 300/2008, (Eu) No 167/2013, (Eu) No 168/2013, (Eu) 2018/858, (Eu) 2018/1139 and (Eu) 2019/2144 and Directives 2014/90/Eu, (Eu) 2016/797 and (Eu) 2020/1828 (Artificial Intelligence Act) (Text with Eea Relevance)." (2024). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689.
———. "Report from the Commission to the European Parliament and the Council on the First Annual Review of the Functioning of the Eu–U.S. Privacy Shield." (2017). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52017DC0611&qid=1756467006237.
———. "Report from the Commission to the European Parliament and the Council on the Second Annual Review of the Functioning of the Eu-U.S. Privacy Shield." (2018). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52018DC0860&qid=1756467123460.
———. "Report from the Commission to the European Parliament and the Council on the Third Annual Review of the Functioning of the Eu-U.S. Privacy Shield." (2019). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52019DC0495&qid=1756467254534.
European Commission. "Eu and Japan Conclude Landmark Deal on Cross-Border Data Flows at High-Level Economic Dialogue." (2023). https://ec.europa.eu/commission/presscorner/detail/en/ip_23_5378.
———. "Eu Data Act Gives Users Control over Data from Connected Devices." (2025). https://digital-strategy.ec.europa.eu/en/news/eu-data-act-gives-users-control-over-data-connected-devices.
———. "A Europe Fit for the Digital Age Empowering People with a New Generation of Technologies." (2025). https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age_en.
———. "European Commission Calls on the U.S. To Restore Trust in Eu-U.S. Data Flows." (2013). https://ec.europa.eu/commission/presscorner/detail/en/ip_13_1166.
———. "European Data Union Strategy." (2025). https://digital-strategy.ec.europa.eu/en/policies/data-union.
———. "First Report on the Application of Data Protection Rules for Eu Institutions, Bodies, Offices and Agencies." (2022). https://ec.europa.eu/newsroom/just/items/761864/en.
———. "Getting a Grip on That Data: Why the Eu Must Lead on Data Governance." (2021). https://joint-research-centre.ec.europa.eu/jrc-news-and-updates/getting-grip-data-why-eu-must-lead-data-governance-2021-03-10_en.
———. "Intensifying Negotiations on Transatlantic Data Privacy Flows: A Joint Press Statement by European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Gina Raimondo." (2021). https://ec.europa.eu/commission/presscorner/detail/en/STATEMENT_21_1443.
———. "Joint Press Statement by Didier Reynders, Commissioner for Justice of the European Commission, and Yoon Jong in, Chairperson of the Personal Information Protection Commission of the Republic of Korea." (2021). https://ec.europa.eu/commission/presscorner/detail/en/statement_21_6915
———. "Simpler Eu Digital Rules and New Digital Wallets to Save Billions for Businesses and Boost Innovation." (2025). https://ec.europa.eu/commission/presscorner/detail/en/ip_25_2718.
European Data Protection Board. "1.2 Billion Euro Fine for Facebook as a Result of Edpb Binding Decision." (2023). https://www.edpb.europa.eu/news/news/2023/12-billion-euro-fine-facebook-result-edpb-binding-decision_en.
———. "Binding Decision 1/2023 on the Dispute Submitted by the Irish Sa on Data Transfers by Meta Platforms Ireland Limited for Its Facebook Service (Art. 65 Gdpr)." (2023). https://www.edpb.europa.eu/system/files/202305/edpb_bindingdecision_202301_ie_sa_facebooktransfers_en.pdf.
———. "Edpb Adopts Statement on the New Trans-Atlantic Data Privacy Framework, Letter Concerning Independence of Belgian Sa & Discusses Membership Spring Conference." (2022). https://www.edpb.europa.eu/news/news/2022/edpb-adopts-statement-new-trans-atlantic-data-privacy-framework-letter-concerning_en.
———. "Edpb Welcomes Improvements under the Eu-U.S. Data Privacy Framework, but Concerns Remain." (2023). https://www.edpb.europa.eu/news/news/2023/edpb-welcomes-improvements-under-eu-us-data-privacy-framework-concerns-remain_en.
———. "The Eu’s Data Act: Data Protection Must Prevail to Empower Data Subjects." (2022). https://www.edpb.europa.eu/news/news/2022/eus-data-act-data-protection-must-prevail-empower-data-subjects_en.
———. "European Data Protection Board - 41st Plenary Session: Edpb Adopts Recommendations on Supplementary Measures Following Schrems Ii." (2020). https://www.edpb.europa.eu/news/news/2020/european-data-protection-board-41st-plenary-session-edpb-adopts-recommendations_en.
———. "European Data Protection Board - Second Plenary Meeting: Icann, Psd2, Privacy Shield." (2018). https://www.edpb.europa.eu/news/news/2018/european-data-protection-board-second-plenary-meeting-icann-psd2-privacy-shield_en.
———. "French Sa: Cookies and Advertisements Inserted between Emails: Google Fined 325 000 000 Eur by the Cnil." (2025). https://www.edpb.europa.eu/news/national-news/2025/french-sa-cookies-and-advertisements-inserted-between-emails-google-fined_en.
———. "Statement on the Court of Justice of the European Union Judgment in Case C-311/18 - Data Protection Commissioner V Facebook Ireland and Maximillian Schrems." (2020). https://www.edpb.europa.eu/news/news/2020/statement-court-justice-european-union-judgment-case-c-31118-data-protection_en.
European Data Protection Supervisor. "Digital Euro: Ensuring the Highest Data Protection and Privacy Standards." (2023). https://www.edps.europa.eu/press-publications/press-news/press-releases/2023/digital-euro-ensuring-highest-data-protection-and-privacy-standards_en.
———. "Edps Statement Following the Court of Justice Ruling in Case C-311/18 Data Protection Commissioner V Facebook Ireland Ltd and Maximilian Schrems (“Schrems Ii”)." (2020). https://www.edps.europa.eu/press-publications/press-news/press-releases/2020/edps-statement-following-court-justice-ruling_en.
———. "The Eu as a Beacon of Respect for Data Protection and Privacy." (2015). https://www.edps.europa.eu/press-publications/press-news/press-releases/2015/eu-beacon-respect-data-protection-and-privacy_en.
———. "Opinion on the Eu-U.S. Privacy Shield Draft Adequacy Decision." (2016). https://www.edps.europa.eu/sites/default/files/publication/16-05-30_privacy_shield_en.pdf.
Federal Trade Commission. "Federal Register / Vol. 76, No. 233." (2011). https://www.ftc.gov/sites/default/files/documents/cases/2011/12/111205facebookfrn.pdf.
———. "Federal Trade Commission Enforcement of the U.S.-Eu and U.S.-Swiss Safe Harbor Frameworks." (2012). https://www.ftc.gov/business-guidance/resources/federal-trade-commission-enforcement-us-eu-us-swiss-safe-harbor-frameworks.
———. "Ftc Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook." (2019). https://www.ftc.gov/news-events/news/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions-facebook.
———. "Ftc Joins New Asia-Pacific Multinational Network of Privacy Enforcement Authorities." (2010). https://www.ftc.gov/news-events/news/press-releases/2010/07/ftc-joins-new-asia-pacific-multinational-network-privacy-enforcement-authorities.
———. "Ftc Proposes Blanket Prohibition Preventing Facebook from Monetizing Youth Data." FTC says that the company violated 2020 privacy order; proposes new protections for children and teens. (2023). https://www.ftc.gov/news-events/news/press-releases/2023/05/ftc-proposes-blanket-prohibition-preventing-facebook-monetizing-youth-data.
———. "Ftc Settlement Bans Online U.S. Electronics Retailer from Deceiving Consumers with Foreign Website Names." (2011). https://www.ftc.gov/news-events/news/press-releases/2011/06/ftc-settlement-bans-online-us-electronics-retailer-deceiving-consumers-foreign-website-names.
———. "Google Privacy Assessment." (2012). https://www.ftc.gov/legal-library/browse/frequently-requested-foia-records/google/google-privacy-assessment.
———. "Letter from Chairwoman Edith Ramirez to Vĕra Jourová, Commissioner for Justice, Consumers and Gender Equality of the European Commission, Describing Federal Trade Commission Enforcement of the New Eu-U.S. Privacy Shield Framework." (2016). https://www.ftc.gov/legal-library/browse/cases-proceedings/public-statements/letter-chairwoman-edith-ramirez-vera-jourova-commissioner-justice-consumers-gender-equality-european.
———. "Preliminary Ftc Staff Privacy Report." (2010). https://www.ftc.gov/legal-library/browse/cases-proceedings/public-statements/preliminary-ftc-staff-privacy-report.
———. "Privacy Enforcement and Safe Harbor: Comments of the Ftc Staff to European Commission Review of the U.S.-Eu Safe Harbor Framework." (2013). https://www.ftc.gov/legal-library/browse/cases-proceedings/staff-letters/privacy-enforcement-safe-harbor-comments-ftc-staff-european-commission-review-us-eu-safe-harbor.
———. "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers." (2012). https://www.ftc.gov/reports/protecting-consumer-privacy-era-rapid-change-recommendations-businesses-policymakers.
———. "U.S. Safe Web Act." (2025). https://www.ftc.gov/legal-library/browse/statutes/us-safe-web-act.
NATO. "North Atlantic Treaty Article 5." (1949). https://www.nato.int/nato_static_fl2014/assets/pdf/stock_publications/20120822_nato_treaty_en_light_2009.pdf.
OECD. "Cross-Border Data Flows: Taking Stock of Key Policies and Initiatives, Oecd Publishing." (2022). https://doi.org/10.1787/5031dd97-en.
———. "The Intersection between Competition and Data Privacy – Note by the United States." (2024). Accessed 10, June. https://one.oecd.org/document/DAF/COMP/WD(2024)29/en/pdf.
———. "Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data." (1980). https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0188.
Office of the General Counsel. "The Invalidation of the Eu-Us Privacy Shield and the Future of Transatlantic Data Flows." (2020). https://www.commerce.gov/ogc/testimony/invalidation-eu-us-privacy-shield-and-future-transatlantic-data-flows.
Office of the United States Trade Representative. "Fact Sheet on the 2020 National Trade Estimate: Strong, Binding Rules to Advance Digital Trade." (2020). https://ustr.gov/about-us/policy-offices/press-office/fact-sheets/2020/march/fact-sheet-2020-national-trade-estimate-strong-binding-rules-advance-digital-trade.
———. "Fact Sheet on U.S.-Japan Digital Trade Agreement." (2019). https://ustr.gov/about-us/policy-offices/press-office/fact-sheets/2019/october/fact-sheet-us-japan-digital-trade-agreement.
U.S. Department of Commerce. "U.S.-Eu Trade and Technology Council Inaugural Joint Statement." (2021). https://www.commerce.gov/news/press-releases/2021/09/us-eu-trade-and-technology-council-inaugural-joint-statement.
United Nations. "A/65/201." (2010). https://docs.un.org/en/A/65/201.
———. "A/68/98." (2013). https://docs.un.org/en/A/68/98.
———. "A/69/723." (2015). https://docs.un.org/en/A/69/723.
———. "A/70/174." (2015). https://docs.un.org/en/A/70/174.
———. "A/76/135." (2021). https://digitallibrary.un.org/record/3934214?v=pdf.
———. "A/Res/58/32." (2004). https://docs.un.org/en/A/RES/58/32.
———. "United Nations Charter Article 4 (2)." (1945). https://www.un.org/en/about-us/un-charter/full-text.
United Treaties Collection. "Constitution and Convention of the International Telecommunication Union." (1994). https://treaties.un.org/doc/Publication/UNTS/Volume%201825/volume-1825-I-31251-English.pdf.
World Bank. "Global Conference on Cyber Capacity Building (Gc3b)." (2023). https://www.worldbank.org/en/events/2024/01/04/global-conference-on-cyber-capacity-building-gc3b.
網路資源
法源法律網. "行政院會通過「國家安全法」修正草案." (2022). https://www.lawbank.com.tw/news/NewsContent.aspx?NID=182755.00.
Amazon. "Aws Digital Sovereignty Pledge: Announcing a New, Independent Sovereign Cloud in Europe." (2023). https://aws.amazon.com/tw/blogs/security/aws-digital-sovereignty-pledge-announcing-a-new-independent-sovereign-cloud-in-europe/.
———. "Aws Digital Sovereignty Pledge: Announcing New Dedicated Infrastructure Options." (2023). https://press.aboutamazon.com/sg/2023/8/aws-digital-sovereignty-pledge-announcing-new-dedicated-infrastructure-options?utm_source=chatgpt.com.
———. "How Aws Can Help You Navigate the Complexity of Digital Sovereignty." (2024). https://aws.amazon.com/tw/blogs/security/how-aws-can-help-you-navigate-the-complexity-of-digital-sovereignty/.
AWS Seurity Blog. "Aws Cloud Services Adhere to Cispe Data Protection Code of Conduct for Added Gdpr Assurance." (2022). https://aws.amazon.com/tw/blogs/security/aws-cloud-services-adhere-to-cispe-data-protection-code-of-conduct/.
Charles river. "Charles River Laboratories Website Privacy Notice." https://www.criver.com/about-us/privacy-policy.
congress.gov. "Foreign Intelligence Surveillance Act (Fisa)." (2024). https://www.congress.gov/crs-product/IF11451.
———. "H.R.1428 - Judicial Redress Act of 2015." (2016). https://www.congress.gov/bill/114th-congress/house-bill/1428.
———. "H.R.2048 - USA Freedom Act of 2015." (2015). https://www.congress.gov/bill/114th-congress/house-bill/2048/text.
———. "H.R.4943 - Cloud Act." (2018). https://www.congress.gov/bill/115th-congress/house-bill/4943.
———. "Hearings to Examine the Invalidation of the European Union-United States Privacy Shield and the Future of Transatlantic Data Flows." (2020). https://www.congress.gov/event/116th-congress/senate-event/328385?q=%7B%22search%22%3A%22privacy+shield%22%7D&s=3&r=1.
———. "S.754 - an Act to Improve Cybersecurity in the United States through Enhanced Sharing of Information About Cybersecurity Threats, and for Other Purposes.". (2015). https://www.congress.gov/bill/114th-congress/senate-bill/754.
———. "S.Hrg. 115-895 — Consumer Data Privacy: Examing Lessons from the European Union’s General Data Protection Regulation and the California Consumer Privacy Act." (2018). https://www.congress.gov/event/115th-congress/senate-event/LC73653/text?q=%7B%22search%22%3A%22the+EU+data+privacy%22%7D&s=8&r=7.
———. "S.Hrg. 116-659 — Policy Principles for a Federal Data Privacy Framewrk in the United States." (2019). https://www.congress.gov/event/116th-congress/senate-event/LC74474/text?q=%7B%22search%22%3A%22the+EU+data+privacy%22%7D&s=8&r=17.
DW. "Hamburg's Top Data Protection Official Has Banned Facebook from Using Whatsapp Customer Data, Citing Concerns over the "Mass Building" of User Profiles That Could Be Exploited. Facebook Says It Will Appeal the Move.". (2021). https://www.dw.com/en/german-regulator-bans-facebook-from-using-whatsapp-data/a-57500583.
Global Network Initiative. "About Gni." (2025). https://globalnetworkinitiative.org/about/.
Google. "Eu-Us Privacy Shield: Restoring Faith in Data Flows and Transatlantic Relations." (2016). https://blog.google/around-the-globe/google-europe/eu-us-privacy-shield-restoring-faith-in/.
———. "Supporting the Eu and Securing the Digital Space." (2022). https://blog.google/technology/safety-security/supporting-the-eu-and-securing-the-digital-space/.
———. "The Urgent Necessity of Enacting a National Privacy Law." (2022). https://blog.google/outreach-initiatives/public-policy/the-urgent-necessity-of-enacting-a-national-privacy-law/.
Meta. "Ftc Agreement Brings Rigorous New Standards for Protecting Your Privacy." (2019). https://about.fb.com/news/2019/07/ftc-agreement/.
———. "Our Commitment to the Facebook Community." (2011). https://about.fb.com/news/2011/11/our-commitment-to-the-facebook-community/.
———. "Understanding the Value of Transatlantic Data Flows." (2021). https://about.fb.com/news/2021/06/understanding-the-value-of-transatlantic-data-flows/.
———. "Upholding Our Commitment to Protecting Your Privacy: What the Ftc Gets Wrong." (2023). https://about.fb.com/news/2023/05/upholding-our-commitment-to-protecting-your-privacy/.
Microsoft. "Continuing Data Transfers That Apply to All Eu Data Boundary Services." (2025). https://learn.microsoft.com/en-us/privacy/eudb/eu-data-boundary-transfers-for-all-services?source=recommendations.
———. "Microsoft Cloud for Sovereignty Now Generally Available, Opening New Pathways for Government Innovation." (2023). https://blogs.microsoft.com/blog/2023/12/14/microsoft-cloud-for-sovereignty-now-generally-available-opening-new-pathways-for-government-innovation/.
———. "Microsoft Completes Landmark Eu Data Boundary, Offering Enhanced Data Residency and Transparency." (2025). https://blogs.microsoft.com/on-the-issues/2025/02/26/microsoft-completes-landmark-eu-data-boundary-offering-enhanced-data-residency-and-transparency/.
———. "The Need for a Digital Geneva Convention." (2017). https://blogs.microsoft.com/on-the-issues/2017/02/14/need-digital-geneva-convention/.
———. "What Is the Eu Data Boundary?". (2025). https://learn.microsoft.com/en-us/privacy/eudb/eu-data-boundary-learn.
ONYX. "Onyx Privacy Policy." https://onyxgfx.com/privacy-policy/.
Progressive Gaitways. "Privacy Policy." (2025). https://gaitways.com/policies/privacy-policy.
Reform Government Sureillance. "Advocating for Global Government Surveillance Reform." (2025). https://www.reformgovernmentsurveillance.com/.