导航
GDPR > 第 26 條. 共同控管者
下载PDF

第 26 條 GDPR. 共同控管者

Article 26 GDPR. Joint controllers

1. 兩個或兩個以上控管者共同決定處理之目的及方式時,其應為共 同控管者。共同控管者應以透明之方式,彼此間安排,確定其各自履 行本規則所定義務之責任,尤其是關於資料主體行使其權利及其各自 對於第 13 條及第 14 條所定提供資訊所負之責任,但控管者受拘束之 歐盟法或會員國法已就控管者各自之責任定有明文者不在此限。該安 排得指定資料主體之聯絡對口。

1. Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by Union or Member State law to which the controllers are subject. The arrangement may designate a contact point for data subjects.

相关文章

2. 第 1 項所定安排應適當反映共同控管者對於資料主體各自之任務 及關係。該安排之重點應提供予資料主體。

2. The arrangement referred to in paragraph 1 shall duly reflect the respective roles and relationships of the joint controllers vis-à-vis the data subjects. The essence of the arrangement shall be made available to the data subject.

相关文章

3. 不問第一項所定安排之條款為何,資料主體得依據本規則對任一 控管者行使其權利。

3. Irrespective of the terms of the arrangement referred to in paragraph 1, the data subject may exercise his or her rights under this Regulation in respect of and against each of the controllers.

專家評論 ISO 27701 献技 指南和案例法 发表评论
專家評論

(EN) The expression “joint controller” is one of the most difficult to grasp in practice. It is nonetheless essential to delimit the role of the parties involved in the processing of personal data to determine their responsibilities under the General Data Protection Regulation (GDPR).


访问全文

(EN) Author
Louis-Philippe Gratton
(EN) Louis-Philippe Gratton PhD, LLM
(EN) Privacy Expert
ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to articles 26(1), 26(2), and 26(3) GDPR:

7.2.7 Joint PII controller

Control

The organization should determine respective roles and responsibilities for the processing of PII (including PII protection and security requirements) with any joint PII controller.

Implementation guidance

Roles and responsibilities for the processing of PII should be determined in a transparent manner.


访问全文

献技

(79) 資料主體之權利與自由保護與控管者及處理者之責任與義務 (此也均與監管機關之監控與其手段有關)應依本規則予以明確分配, 包括於控管者與其他控管者共同決定資料處理之目的與手段時,或是 由控管者之代表進行處理活動時。

(79) The protection of the rights and freedoms of data subjects as well as the responsibility and liability of controllers and processors, also in relation to the monitoring by and measures of supervisory authorities, requires a clear allocation of the responsibilities under this Regulation, including where a controller determines the purposes and means of the processing jointly with other controllers or where a processing operation is carried out on behalf of a controller.

指南和案例法 发表评论