查看更多
导航
第一章 總則 (1-4)
第 1 條. 主旨與立法目的第 2 條. 實體適用範圍第 3 條. 領土適用範圍第 4 條. 定義
第二章 原則 (5-11)
第 5 條. 個人資料處理原則第 6 條. 處理之合法性第七條. 同意條件第 8 條. 涉及資訊社會服務適用兒童同意之條件第 9 條. 特殊類型之個人資料處理第 10 條. 涉及前科及犯罪之個人資料處理第 11 條. 不須識別之處理
第三章 資料主體之權利 (12-23)
第 12 條. 資料主體為行使其權利之透明資訊、溝通及管道第 13 條. 蒐集資料主體之個人資料時所提供之資訊第 14 條. 尚未自資料主體取得個人資料時所應提供之資訊第 15 條. 資料主體之接近使用權第 16 條. 更正權第 17 條. 刪除權(「被遺忘權」)第 18 條. 限制處理權第 19 條. 關於更正或刪除個人資料或限制處理之通知義務第 20 條. 資料可攜性權利第 21 條. 拒絕權第 22 條. 個人化之自動決策,包括建檔第 23 條. 限制
第四章 控管者及處理者 (24-43)
第 24 條. 主旨與立法目的第 25 條. 設計及預設之資料保護第 26 條. 共同控管者第 27 條. 非設立於歐盟境內控管者或處理者之代表第 28 條. 處理者第 29 條. 控管者或處理者之處理權限第 30 條. 處理活動之紀錄第 31 條. 與監管機關之合作第 32 條. 處理之安全第 33 條. 向監管機關進行個人資料侵害之通報第 34 條. 向資料主體為個人資料侵害之溝通第 35 條. 資料保護影響評估第 36 條. 事前諮詢第 37 條. 資料保護員之指定第 38 條. 資料保護員之職位第 39 條. 資料保護員之職務第 40 條. 行為守則第 41 條. 經核准之行為守則之監管第 42 條. 認證第 43 條. 認證機構
第五章 個人資料移轉至第三國或國際組織 (44-50)
第 44 條. 移轉之一般原則第 45 條. 基於充足程度保護決定之移轉第 46 條. 須遵守適當保護措施之移轉第 47 條. 有拘束力之企業守則第 48 條. 未獲歐盟法授權之移轉或揭露第 49 條. 特定情形下之例外第 50 條. 個人資料保護之國際合作
第六章 獨立監管機關 (51-59)
第 51 條. 監管機關第 52 條. 獨立第 53 條. 監管機關成員之一般條款第 54 條. 監管機關設立之規則第 55 條. 權限第 56 條. 領導監管機關之權限第 57 條. 職務第 58 條. 權力第 59 條. 活動報告
第七章 合作及一致性 (60-70)
第 60 條. 領導監管機關與其他相關監管機關間之合作
第 61 條. 互助第 62 條. 監管機關之聯合作業第 63 條. 一致性機制第 64 條. 委員會之意見第 65 條. 委員會之爭議解決第 66 條. 緊急程序第 67 條. 資訊交換第 68 條. 歐洲資料保護委員會第 69 條. 獨立性第 70 條. 委員會之任務第 71 條. 報告第 72 條. 程序第 73 條. 主席第 74 條. 主席之任務第 75 條. 秘書處第 76 條. 保密性
第 8 章 救濟、義務及處罰 (77-84)
第 77 條. 向監管機關提出申訴之權利第 78 條. 對監管機關提起有效司法救濟之權利第 79 條. 對於控管者或處理者提出有效司法救濟之權利第 80 條. 資料主體之代表第 81 條. 停止訴訟程序第 82 條. 賠償請求權及義務第 83 條. 裁處行政罰鍰之一般要件第 84 條. 罰則
第九章 特殊處理情況之規範 (85-91)
第 85 條. 處理與言論及資訊自由第 86 條. 官方文件之處理與公眾接近使用第 87 條. 國民身分證字號之處理第 88 條. 僱傭關係下之處理第 89 條. 為實現公共利益、科學或歷史研究目的或統計目的所為 處理之保護措施及例外規定第 90 條. 保密義務第 91 條. 教會及宗教組織現存之資料保護規定
第十章 授權法及施行法 (92-93)
第 92 條. 授權之行使第 93 條. 執委會之程序
第十一章 最終條款 (94-95)
第 94 條. 歐盟指令第 95/46/EU 號之廢止第 95 條. 與歐盟指令第 2002/58/EC 號之關係第 96 條. 與已締結之協議之關係第 97 條. 執委會報告第 98 條. 對其他資料保護歐盟法案之審查第 99 條. 生效及適用
GDPR > 第 60 條. 領導監管機關與其他相關監管機關間之合作
下载PDF

第 60 條 GDPR. 領導監管機關與其他相關監管機關間之合作

Article 60 GDPR. Cooperation between the lead supervisory authority and the other supervisory authorities concerned

1. 領導監管機關應依本條與其他相關監管機關合作並致力於達成共 識。領導監管機關及相關監管機關應彼此交換所有相關之資訊。

1. The lead supervisory authority shall cooperate with the other supervisory authorities concerned in accordance with this Article in an endeavour to reach consensus. The lead supervisory authority and the supervisory authorities concerned shall exchange all relevant information with each other.

2. 領導監管機關得於任何時候請求其他相關監管機關依第 61條提供 互助,並得依第 62 條採行聯合作業,特別係為了進行調查,或為了 監督關於在其他會員國設立之控管者或處理者之措施的施行。

2. The lead supervisory authority may request at any time other supervisory authorities concerned to provide mutual assistance pursuant to Article 61 and may conduct joint operations pursuant to Article 62, in particular for carrying out investigations or for monitoring the implementation of a measure concerning a controller or processor established in another Member State.

相关文章
相关文章

3. 領導監督機關應將該事項之相關資訊傳送予其他相關監管機關, 不得遲延。其應提交裁決草案予其他相關監管機關,不得遲延,以獲 得其等之意見並適當考量其等之觀點。

3. The lead supervisory authority shall, without delay, communicate the relevant information on the matter to the other supervisory authorities concerned. It shall without delay submit a draft decision to the other supervisory authorities concerned for their opinion and take due account of their views.

4. 當任一其他相關監管機關在依本條第 3 項受諮詢後四週內表達對 該裁決草案相關且合理之異議時,若領導監管機關不遵循該相關且合 理之異議,或認為該異議不相關或不合理者,則應將該事項提交予第 63 條所述之一致性機制。

4. Where any of the other supervisory authorities concerned within a period of four weeks after having been consulted in accordance with paragraph 3 of this Article, expresses a relevant and reasoned objection to the draft decision, the lead supervisory authority shall, if it does not follow the relevant and reasoned objection or is of the opinion that the objection is not relevant or reasoned, submit the matter to the consistency mechanism referred to in Article 63.

相关文章
相关文章

5. 當領導監管機關欲遵循該相關且合理之異議時,其應提交修訂裁 決草案予其他相關監管機關以獲得其等之意見。該修訂裁決草案應受 第 4 項所述程序之約束於兩週內為之。

5. Where the lead supervisory authority intends to follow the relevant and reasoned objection made, it shall submit to the other supervisory authorities concerned a revised draft decision for their opinion. That revised draft decision shall be subject to the procedure referred to in paragraph 4 within a period of two weeks.

6. 當無任何其他相關監管機關於第 4 項及第 5 項所述之期限內對領 導監管機關所提交之裁決草案提出異議者,應視為領導監管機關及相 關監管機關同意該裁決草案並應受其拘束。

6. Where none of the other supervisory authorities concerned has objected to the draft decision submitted by the lead supervisory authority within the period referred to in paragraphs 4 and 5, the lead supervisory authority and the supervisory authorities concerned shall be deemed to be in agreement with that draft decision and shall be bound by it.

7. 領導監督機關應依其情形通過該裁決並告知控管者或處理者之主 要分支機構或單一分支機構,並向其他相關監管機關及委員會通知該 裁決,包括扼要之相關事實及理由。受理申訴之監管機關應向申訴人 通知該裁決。

7. The lead supervisory authority shall adopt and notify the decision to the main establishment or single establishment of the controller or processor, as the case may be and inform the other supervisory authorities concerned and the Board of the decision in question, including a summary of the relevant facts and grounds. The supervisory authority with which a complaint has been lodged shall inform the complainant on the decision.

ISO 27701 相关文章
ISO 27701
相关文章

8. 當申訴遭駁回或不予受理時,第 7 項之規定不適用之,受理申訴 之監管機關應通過該裁決並將其告知申訴人,並應通知控管者。

8. By derogation from paragraph 7, where a complaint is dismissed or rejected, the supervisory authority with which the complaint was lodged shall adopt the decision and notify it to the complainant and shall inform the controller thereof.

9. 若領導監管機關及相關監管機關同意駁回或不受理部分申訴而僅 對部分申訴採取行動,則應對該事項之每個部分採取個別之裁決。領 導監管機關應通過與控管者有關行動相關之裁決,且應將該裁決告知 控管者或處理者之主要分支機構或單一分支機構,並應通知申訴人, 而申訴人之監管機關應通過關於駁回或不受理該申訴部分之裁決,並 應將該裁決告知申訴人且通知控管者或處理者。

9. Where the lead supervisory authority and the supervisory authorities concerned agree to dismiss or reject parts of a complaint and to act on other parts of that complaint, a separate decision shall be adopted for each of those parts of the matter. The lead supervisory authority shall adopt the decision for the part concerning actions in relation to the controller, shall notify it to the main establishment or single establishment of the controller or processor on the territory of its Member State and shall inform the complainant thereof, while the supervisory authority of the complainant shall adopt the decision for the part concerning dismissal or rejection of that complaint, and shall notify it to that complainant and shall inform the controller or processor thereof.

10. 在依第 7 項及第 9 項受告知領導監管機關之裁決後,控管者及處 理者應採取必要措施以確保其所有於歐盟境內之分支機構的處理活 動皆有遵守該裁決。控管者或處理者應將為遵守該裁決所採取之措施 告知領導監管機關,領導監管機關並應通知其他相關監管機關。

10. After being notified of the decision of the lead supervisory authority pursuant to paragraphs 7 and 9, the controller or processor shall take the necessary measures to ensure compliance with the decision as regards processing activities in the context of all its establishments in the Union. The controller or processor shall notify the measures taken for complying with the decision to the lead supervisory authority, which shall inform the other supervisory authorities concerned.

11. 若在特殊情況下,相關監管機關有理由認為有緊急必要採取行動以保護資料主體之利益者,應適用第 66 條所述之緊急程序。

11. Where, in exceptional circumstances, a supervisory authority concerned has reasons to consider that there is an urgent need to act in order to protect the interests of data subjects, the urgency procedure referred to in Article 66 shall apply.

相关文章
相关文章

12. 領導監管機關及其他相關監管機關應使用標準化格式,以電子方 式互相提供本條所需之資訊。

12. The lead supervisory authority and the other supervisory authorities concerned shall supply the information required under this Article to each other by electronic means, using a standardised format.

通用数据保护条例(EU GDPR)

Source: https://www.ndc.gov.tw/Content_List.aspx?n=F98A8C27A0F54C30

General Data Protection Regulation (EU GDPR)

The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.

献技 指南和案例法 发表评论
献技

(124) 凡個人資料之處理係由控管者或處理者於歐盟境內之分支機 構所為,且該控管者或處理者在一個以上之會員國設立分支機構,或 凡資料處理係由控管者或處理者在歐盟境內之單一分支機構所為,而 該處理顯然影響或可能顯然影響一個以上會員國之資料主體者,該控 管者或處理者之主要分支機構或該單一分支機構之監管機關應擔任 領導機關之角色。因控管者或處理者在該會員國境內設有分支機構、 或因居住於該會員國境內之資料主體受到影響,或因已對該會員國之 監管機關提出申訴時,該領導機關應與其他相關機關合作。當資料主 體並非居住於某會員國,而對該國之監管機關提出申訴者,該監管機 關亦應屬相關監管機關。在委員會所負頒佈能涵蓋本規則適用所生任 何疑義之指導原則的任務中,其應得特別在考量因素之判斷標準上頒 佈指導原則,以確認該資料處理是否顯然影響一個以上會員國之資料 主體,以及何者能構成相關且合理之異議。

(124) Where the processing of personal data takes place in the context of the activities of an establishment of a controller or a processor in the Union and the controller or processor is established in more than one Member State, or where processing taking place in the context of the activities of a single establishment of a controller or processor in the Union substantially affects or is likely to substantially affect data subjects in more than one Member State, the supervisory authority for the main establishment of the controller or processor or for the single establishment of the controller or processor should act as lead authority. It should cooperate with the other authorities concerned, because the controller or processor has an establishment on the territory of their Member State, because data subjects residing on their territory are substantially affected, or because a complaint has been lodged with them. Also where a data subject not residing in that Member State has lodged a complaint, the supervisory authority with which such complaint has been lodged should also be a supervisory authority concerned. Within its tasks to issue guidelines on any question covering the application of this Regulation, the Board should be able to issue guidelines in particular on the criteria to be taken into account in order to ascertain whether the processing in question substantially affects data subjects in more than one Member State and on what constitutes a relevant and reasoned objection.

(125) 關於執行依本規則所授予之權力的措施,領導機關應有權限通 過有拘束力之裁決。在身為領導機關之資格下,監管機關應於裁決過 程中密集參與並協調相關監管機關。當該裁決係全部或部分駁回資料 主體之申訴時,受理該申訴之監管機關即應採納該裁決。

(125) The lead authority should be competent to adopt binding decisions regarding measures applying the powers conferred on it in accordance with this Regulation. In its capacity as lead authority, the supervisory authority should closely involve and coordinate the supervisory authorities concerned in the decision-making process. Where the decision is to reject the complaint by the data subject in whole or in part, that decision should be adopted by the supervisory authority with which the complaint has been lodged.

(126) 該裁決應經領導監管機關及相關監管機關共同同意,且應係直 接針對控管者或處理者之主要分支機構或單一分支機構,並對該控管 者或處理者發生拘束力。控管者或處理者應採取必要之措施來確保本 規則之遵循,及領導監管機關對於控管者或處理者之主要分支機構關 於歐盟境內資料處理所為裁決之執行。

(126) The decision should be agreed jointly by the lead supervisory authority and the supervisory authorities concerned and should be directed towards the main or single establishment of the controller or processor and be binding on the controller and processor. The controller or processor should take the necessary measures to ensure compliance with this Regulation and the implementation of the decision notified by the lead supervisory authority to the main establishment of the controller or processor as regards the processing activities in the Union.

(127) 當控管者或處理者設立於一個以上會員國之分支機構,但特定 資料處理之標的僅涉及於單一會員國境內所為之處理,且僅涉及該單 一會員國境內之資料主體時,例如,涉及在某一會員國之特定勞雇環 境下之受雇者的個人資料時,非作為領導監管機關之各監管機關應有 權限處理該等當地案件。在該等案件中,監管機關應將該案件通知領 導監管機關,不得遲延。領導監管機關於受通知後,應決定是否由其 依照領導監管機關及其他相關監管機關間合作之相關規範來處理該 案件(即「單一窗口機制」),或係由為通知之監管機關以當地層級 來處理該案件。在領導監管機關決定是否將由其處理該案件時,其應 考量在為通知之監管機關所屬之會員國境內是否有控管者或處理者 之分支機構,以確保對於控管者或處理者所為之裁決能有效施行。當 領導監管機關決定處理該案件時,應給予為通知之監管機關有提交裁 決草案之機會,而應由領導監管機關在單一窗口機制下準備其裁決草 案時盡最大程度考量之。

(127) Each supervisory authority not acting as the lead supervisory authority should be competent to handle local cases where the controller or processor is established in more than one Member State, but the subject matter of the specific processing concerns only processing carried out in a single Member State and involves only data subjects in that single Member State, for example, where the subject matter concerns the processing of employees' personal data in the specific employment context of a Member State. In such cases, the supervisory authority should inform the lead supervisory authority without delay about the matter. After being informed, the lead supervisory authority should decide, whether it will handle the case pursuant to the provision on cooperation between the lead supervisory authority and other supervisory authorities concerned (‘one-stop-shop mechanism’), or whether the supervisory authority which informed it should handle the case at local level. When deciding whether it will handle the case, the lead supervisory authority should take into account whether there is an establishment of the controller or processor in the Member State of the supervisory authority which informed it in order to ensure effective enforcement of a decision vis-à-vis the controller or processor. Where the lead supervisory authority decides to handle the case, the supervisory authority which informed it should have the possibility to submit a draft for a decision, of which the lead supervisory authority should take utmost account when preparing its draft decision in that one-stop-shop mechanism.

(128) 有關領導監管機關及單一窗口機制之規範不應適用於公務機 關或私人基於公共利益所為之資料處理的情形。在該等案件中唯一有 權限行使依本規則所授予之權力的監管機關,應係該公務機關或私人 設立所在會員國之監管機關。

(128) The rules on the lead supervisory authority and the one-stop-shop mechanism should not apply where the processing is carried out by public authorities or private bodies in the public interest. In such cases the only supervisory authority competent to exercise the powers conferred to it in accordance with this Regulation should be the supervisory authority of the Member State where the public authority or private body is established.

(130) 當受理申訴之監管機關並非領導監管機關時,領導監管機關應 依照本規則所定合作及一致性之相關規範,與受理申訴之監管機關緊 密合作。在該等案件中,當欲採取產生法律效果之措施,包括處以行 政罰鍰時,領導監管機關應盡可能考量受理申訴且應保有權限在其所 屬會員國境內進行調查之監管機關的立場,並與該管監管機關保持聯 繫。

(130) Where the supervisory authority with which the complaint has been lodged is not the lead supervisory authority, the lead supervisory authority should closely cooperate with the supervisory authority with which the complaint has been lodged in accordance with the provisions on cooperation and consistency laid down in this Regulation. In such cases, the lead supervisory authority should, when taking measures intended to produce legal effects, including the imposition of administrative fines, take utmost account of the view of the supervisory authority with which the complaint has been lodged and which should remain competent to carry out any investigation on the territory of its own Member State in liaison with the competent supervisory authority.

(131) 當有另一監管機關應就控管者或處理者之資料處理活動擔任 領導監管機關,但申訴之具體標的或可能之違法行為僅涉及到該控管 者或處理者在受理申訴或所調查出可能違法行為所在會員國之處理 活動,且該標的並不會或較無可能對其他會員國之資料主體造成重大 影響時,該受理申訴或查得或由其他管道得知疑似有違反本規則情況 之監管機關應與該控管者尋求友好解決,若證實前述為不可行時,則 應行使其完整之權力。此應包括:在該監管機關所屬會員國境內或就 該會員國境內之資料主體所為之特定資料處理;在提供商品或服務的 情況下特別針對該監管機關所屬會員國境內之資料主體所為之資料 處理;或應以會員國法所課予之相關法律義務進行評估之資料處理。

(131) Where another supervisory authority should act as a lead supervisory authority for the processing activities of the controller or processor but the concrete subject matter of a complaint or the possible infringement concerns only processing activities of the controller or processor in the Member State where the complaint has been lodged or the possible infringement detected and the matter does not substantially affect or is not likely to substantially affect data subjects in other Member States, the supervisory authority receiving a complaint or detecting or being informed otherwise of situations that entail possible infringements of this Regulation should seek an amicable settlement with the controller and, if this proves unsuccessful, exercise its full range of powers. This should include: specific processing carried out in the territory of the Member State of the supervisory authority or with regard to data subjects on the territory of that Member State; processing that is carried out in the context of an offer of goods or services specifically aimed at data subjects in the territory of the Member State of the supervisory authority; or processing that has to be assessed taking into account relevant legal obligations under Member State law.

指南和案例法 发表评论
[js-disqus]