Abstract 摘要

The COVID-19 pandemic has spawned the spread of contact-tracing applications such as China's “Health Code” and Singapore’s “TraceTogether.” Balancing efficiency and privacy ethics in data governance has become a common problem faced by all countries using digital tracing tools to control the pandemic. The laws of both China and Singapore stipulate that prior to collecting personal information, organizations and institutions must clearly inform individuals about the types of personal information collected and the rules for the use of personal information, and must obtain authorized user consent. This article analyzes the privacy policies of Health Code in China and TraceTogether in Singapore and identifies five potential problems in Health Code’s privacy policies: the broad collection of personal information, multiple processing purposes, indeterminate storage time, ambiguous privacy policy content, and the ineffectiveness of informed consent, although Health Code has been deemed an efficient tool to fight against the pandemic. Singapore’s TraceTogether adheres to the principles of minimum information collection, limited information processing purposes, minimum duration of information storage, openness and transparency of privacy policies, and informed consent. These two models for using big data in the fight against the pandemic in China and Singapore suggest that data governance needs to reconcile public interests and individual rights, and should balance governance efficiency and data ethics.

新冠病毒疫情催生了以中國的“健康碼”和新加坡的“TraceTogether”為代表的接觸者追蹤應用程式在全球的應用和擴散。如何利用人工智慧科技,在資料治理中平衡效率與隱私倫理的闢係,成為使用數位追蹤工具進行疫情治理的國家共同面對的難題。兩國法律都規定,在收集個人資訊前必須向個人資訊主體明確告知所收集的個人資訊類型、使用個人資訊的規則,並獲得個人資訊主體的授權同意。本文通過對“健康碼”和“TraceTogether”隱私政策的對比分析發現,在應用 上,中國健康碼的使用有效幫助防控疫情,但是收集的個人資訊範園廣、處理目的多、存儲時間不明確、隱私政策内容較含糊、知情同意流於形式。新加坡的“TraceTogether”則更好地遵守了資訊收集最少夠用、資訊處理目的限定、資訊存儲時間最小化、隱私政策公開透明、知情同意等原則。中國和新加坡兩種利用資料抗疫的糢式表明,風險社會裡的資料治理需要進一步調和公共利益與個人權利,平衡治理效率和資料倫理的邊界。