导航
GDPR > 第 1 條. 主旨與立法目的
下载PDF

第 1 條 GDPR. 主旨與立法目的

Article 1 GDPR. Subject-matter and objectives

1. 為規範關於保護個人資料處理與資料自由流通,特制定本規則。

1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

2. 本規則保護個人基本權與自由,尤其是保護個人資料之權利。

2. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

3. 個人資料於歐盟境內之自由流通,不得以保護個人資料處理有關 理由限制或禁止之。

3. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.

献技 发表评论
献技

(1) 個人資料處理之保護乃基本權。歐洲聯盟基本權利憲章(下稱憲 章)第 8 條第 1 項及歐洲聯盟運作條約(即 TFEU)第 16 條第 1 項 規定,任何人有保護其個人資料之權利。

(1) The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.

(2) 個人資料處理之保護原則與規則為應尊重其基本權及自由,尤其 是其保護個人資料之權利,而不問其國籍或住居所。本規則旨在實現 一個自由、安全及公義之經濟聯盟,促進經濟與社會進步,強化及融 合歐洲市場之經濟,並追求個人之福祉。

(2) The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should, whatever their nationality or residence, respect their fundamental rights and freedoms, in particular their right to the protection of personal data. This Regulation is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.

(3) 歐洲議會及歐盟理事會[4]之歐盟指令第 95/46/EC 號,旨在調和各 會員國間關於個人資料處理活動所涉及之個人基本權及自由之保護, 並確保會員國間個人資料之自由流通。

(3) Directive 95/46/EC of the European Parliament and of the Council [4] seeks to harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data between Member States.

[4] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, 23.11.1995, p. 31). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:1995:281:TOC

[4] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, 23.11.1995, p. 31). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:1995:281:TOC

(4) 個人資料之處理應為造福人類所設。個人資料保護之權利並非絕 對權;必須考慮到其在社會上之作用,依照比例原則,平衡兼顧其他 基本權。本規則尊重全部基本權,並遵守條約明訂受憲章所保障之自 由與原則,特別是尊重私人及家庭生活、住家及通訊、個人資料保護、 思想、良心及宗教自由、言論及資訊自由、營業自由、有效救濟及公 正審判之權利與文化、宗教及語言之多元性。

(4) The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. This Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to conduct a business, the right to an effective remedy and to a fair trial, and cultural, religious and linguistic diversity.

(5) 歐洲市場的運作所造成社會與經濟之融合已大幅增加個人資料 之跨境流通。個人資料在機關與私人間,包括橫跨歐盟之個人、組織 及企業間之交換已然增加。歐盟法律要求會員國之機關應合作並交換 個人資料,以便其能夠在其他會員國境內以機關身分履行職責或執行 任務。

(5) The economic and social integration resulting from the functioning of the internal market has led to a substantial increase in cross-border flows of personal data. The exchange of personal data between public and private actors, including natural persons, associations and undertakings across the Union has increased. National authorities in the Member States are being called upon by Union law to cooperate and exchange personal data so as to be able to perform their duties or carry out tasks on behalf of an authority in another Member State.

(6) 快速的科技發展及全球化對於個人資料之保護帶來了新的挑戰。 蒐集與共享個人資料之規模已顯著提升。科技使私人企業及公務機關 得以前所未見之規模利用個人資料開展活動。當事人日益使其個人資 料公開化及國際化。科技改變了經濟與社會生活,且應進一步促進個 人資料在歐盟內自由流通及在第三國及國際組織之移轉,並同時確保 個人資料之高度保護。

(6) Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data.

(7) 鑑於建立足使數位經濟在歐洲市場發展之信任有其重要性,實需 在歐盟內建構強力且更一致之資料保護框架,並落實執法。當事人應 有其個人資料之控制權。關於當事人、業者及公務機關方面之法及實 務之安定性均應予提昇。

(7) Those developments require a strong and more coherent data protection framework in the Union, backed by strong enforcement, given the importance of creating the trust that will allow the digital economy to develop across the internal market. Natural persons should have control of their own personal data. Legal and practical certainty for natural persons, economic operators and public authorities should be enhanced.

(8) 凡本規則明定以會員國法律來規範或限制之規定者,於為達一致 所必要,且為使內國規定為受規範者可得理解之範圍內,會員國得將 本規則之內容整合到其內國法規定。

(8) Where this Regulation provides for specifications or restrictions of its rules by Member State law, Member States may, as far as necessary for coherence and for making the national provisions comprehensible to the persons to whom they apply, incorporate elements of this Regulation into their national law.

(9) 歐盟指令第 95/46/EC 號之宗旨與原則仍屬健全,惟其已無法阻止 歐盟內資料保護之實行斷層、法的不確定性或對於個人資料保護具有 顯著風險之普遍大眾認知,特別是涉及網路活動時。各會員國對於當 事人權利及自由在保護程度上之差異,特別是在會員國境內之個人資 料處理而言,個人資料保護之權利落差可能阻止了個人資料在歐盟內 之自由流動。上述差異可能因此阻礙歐盟對於經濟活動之執行、造成 不當競爭及妨礙機關根據歐盟法所應履行之職責。上述保護程度上之 差異係源自於歐盟指令第 95/46/ EC 號在執行及實務應用上之良莠不 齊。

(9) The objectives and principles of Directive 95/46/EC remain sound, but it has not prevented fragmentation in the implementation of data protection across the Union, legal uncertainty or a widespread public perception that there are significant risks to the protection of natural persons, in particular with regard to online activity. Differences in the level of protection of the rights and freedoms of natural persons, in particular the right to the protection of personal data, with regard to the processing of personal data in the Member States may prevent the free flow of personal data throughout the Union. Those differences may therefore constitute an obstacle to the pursuit of economic activities at the level of the Union, distort competition and impede authorities in the discharge of their responsibilities under Union law. Such a difference in levels of protection is due to the existence of differences in the implementation and application of Directive 95/46/EC.

(10) 為確保對當事人維持一致且高度之保護,並排除個人資料在歐 盟間流通之阻礙,關於資料處理之個人權利及自由之保護程度應於全 體會員國間一體適用。關於保護個人資料處理之個人基本權及自由所 涉及之規範應確保得以持續劃一地在歐盟中加以執行。關於個人資料 處理,為遵守法定義務、符合公共利益執行職務或委託資料控管者行 使公權力,會員國應被允許維持或採用其內國法規定,以進一步具體 化本規則所定規範之適用。與為實行第 95/46/EC 號歐盟指令關於資 料保護普遍及水平適用之法律相結合,會員國就幾個領域之特定部門 法尚需更多具體化之規定。本規則亦提供會員國變通條款以具體化其 規範,包括對特殊類型之個人資料(「敏感資料」)之處理。在此範 圍內,本規則並未排斥會員國法律依其國情為特定資料處理情形作出 規定,包括更精準地決定在何種特定情況所為之個人資料處理係屬合 法。

(10) In order to ensure a consistent and high level of protection of natural persons and to remove the obstacles to flows of personal data within the Union, the level of protection of the rights and freedoms of natural persons with regard to the processing of such data should be equivalent in all Member States. Consistent and homogenous application of the rules for the protection of the fundamental rights and freedoms of natural persons with regard to the processing of personal data should be ensured throughout the Union. Regarding the processing of personal data for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, Member States should be allowed to maintain or introduce national provisions to further specify the application of the rules of this Regulation. In conjunction with the general and horizontal law on data protection implementing Directive 95/46/EC, Member States have several sector-specific laws in areas that need more specific provisions. This Regulation also provides a margin of manoeuvre for Member States to specify its rules, including for the processing of special categories of personal data (‘sensitive data’). To that extent, this Regulation does not exclude Member State law that sets out the circumstances for specific processing situations, including determining more precisely the conditions under which the processing of personal data is lawful.

(11) 歐盟境內對於個人資料之有效防護需要加強,且需要詳細列明 資料主體之權利及個人資料處理者與其決定者之義務,以及為監測及 確保個人資料保護符合法規之相當權力與對於會員國內所生侵權行 為之相當制裁。

(11) Effective protection of personal data throughout the Union requires the strengthening and setting out in detail of the rights of data subjects and the obligations of those who process and determine the processing of personal data, as well as equivalent powers for monitoring and ensuring compliance with the rules for the protection of personal data and equivalent sanctions for infringements in the Member States.

(12) 歐洲聯盟運作條約第 16 條第 2 項授權歐洲議會及歐盟理事會擬 定關於保護個人資料處理及自由流通之規則。

(12) Article 16(2) TFEU mandates the European Parliament and the Council to lay down the rules relating to the protection of natural persons with regard to the processing of personal data and the rules relating to the free movement of personal data.

(13) 為確保歐盟境內對於當事人之保護程度一致,並防止差異性阻 礙了歐洲市場內個人資訊的自由流通,本規則有必要為業者(包括微 型及中小型企業)提供具法律確定性及透明度之規範,且為個人提供 在全部會員國境內對於控管者與處理者有相同程度之法律上可執行 的權利、義務及責任,以確保不同會員國之監管機關對於個人資料處 理之一致監控、等效制裁及有效合作。為使歐洲市場正常運作,個人資料於歐盟境內之自由流通不得以保護個人資料處理為由而予以限 制或禁止。慮及微型及中小型企業之具體情況,本規則就員工人數少 於 250 人之組織在記錄保存方面定有排除適用條款。此外,本規則鼓 勵歐盟組織及機構以及會員國及其監管機關,考量微型及中小型企業 在適用本規則時之具體需求。所謂微型及中小型企業之定義,應依據 執委會 2003 年公佈之第 2003/361/EC 號建議書附件第 2 條規定定之 [5]。

(13) In order to ensure a consistent level of protection for natural persons throughout the Union and to prevent divergences hampering the free movement of personal data within the internal market, a Regulation is necessary to provide legal certainty and transparency for economic operators, including micro, small and medium-sized enterprises, and to provide natural persons in all Member States with the same level of legally enforceable rights and obligations and responsibilities for controllers and processors, to ensure consistent monitoring of the processing of personal data, and equivalent sanctions in all Member States as well as effective cooperation between the supervisory authorities of different Member States. The proper functioning of the internal market requires that the free movement of personal data within the Union is not restricted or prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. To take account of the specific situation of micro, small and medium-sized enterprises, this Regulation includes a derogation for organisations with fewer than 250 employees with regard to record-keeping. In addition, the Union institutions and bodies, and Member States and their supervisory authorities, are encouraged to take account of the specific needs of micro, small and medium-sized enterprises in the application of this Regulation. The notion of micro, small and medium-sized enterprises should draw from Article 2 of the Annex to Commission Recommendation 2003/361/EC [5].

[5] Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (C(2003) 1422) (OJ L 124, 20.5.2003, p. 36). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2003:124:TOC

[5] Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (C(2003) 1422) (OJ L 124, 20.5.2003, p. 36). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2003:124:TOC

发表评论