(58) 透明原則要求任何傳達予公眾或資料主體之資訊皆須簡潔、容易 取得且容易理解，以清楚簡易之語言作成，並且適當地視覺化。該等 資訊之提供得以電子形式，例如要傳達給公眾時透過網站呈現。尤其 於行為者繁多且實務技術複雜之情形，會造成資料主體難以知悉並理 解其個人資料是否、由誰、以什麼目的被蒐集，例如網路廣告之情形。 有鑑於兒童值得特別保護，任何提供予兒童之資訊及溝通應採用兒童 易於理解之清楚簡易之語言。
(58) The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language and, additionally, where appropriate, visualisation be used. Such information could be provided in electronic form, for example, when addressed to the public, through a website. This is of particular relevance in situations where the proliferation of actors and the technological complexity of practice make it difficult for the data subject to know and understand whether, by whom and for what purpose personal data relating to him or her are being collected, such as in the case of online advertising. Given that children merit specific protection, any information and communication, where processing is addressed to a child, should be in such a clear and plain language that the child can easily understand.
(59) 為利於資料主體行使本規則之權利，應提供不同之免費管道，包 括請求之機制及（如有可能）獲得之機制，尤其是接近並更正或刪除 個人資料及行使拒絕權。控管者亦應提供電子化請求之方式，特別是 於個人資料係以電子方式處理時。控管者有義務回應資料主體之請求， 不得無故遲延且最遲於一個月內為之，並於控管者不同意該等請求時 附具理由。
(59) Modalities should be provided for facilitating the exercise of the data subject's rights under this Regulation, including mechanisms to request and, if applicable, obtain, free of charge, in particular, access to and rectification or erasure of personal data and the exercise of the right to object. The controller should also provide means for requests to be made electronically, especially where personal data are processed by electronic means. The controller should be obliged to respond to requests from the data subject without undue delay and at the latest within one month and to give reasons where the controller does not intend to comply with any such requests.
(64) 控管者應使用所有合理手段以驗證請求接近使用資料之資料主 體的身分，尤其是在網路服務或網路識別工具之情形。控管者不得為 了回應潛在請求之單獨目的而獲取個人資訊。
(64) The controller should use all reasonable measures to verify the identity of a data subject who requests access, in particular in the context of online services and online identifiers. A controller should not retain personal data for the sole purpose of being able to react to potential requests.