(64) 控管者應使用所有合理手段以驗證請求接近使用資料之資料主 體的身分,尤其是在網路服務或網路識別工具之情形。控管者不得為 了回應潛在請求之單獨目的而獲取個人資訊。
(64) The controller should use all reasonable measures to verify the identity of a data subject who requests access, in particular in the context of online services and online identifiers.
A controller should not retain personal data for the sole purpose of being able to react to potential requests.
Source: https://www.ndc.gov.tw/Content_List.aspx?n=F98A8C27A0F54C30
The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.