导航
GDPR > 第 89 條. 為實現公共利益、科學或歷史研究目的或統計目的所為 處理之保護措施及例外規定
下载PDF

第 89 條 GDPR. 為實現公共利益、科學或歷史研究目的或統計目的所為 處理之保護措施及例外規定

Article 89 GDPR. Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

1. 為實現公共利益、科學或歷史研究目的或統計目的之處理,應受 本規則為資料主體之權利及自由所定適當保護措施之拘束。該等保護 措施應確保已備妥技術上及組織上之措施,特別是用以確保資料最少 蒐集原則之落實。只要上開目的得以實現,措施得包括假名化。當透 過進階處理得實現上開目的,且進階處理不允許或不再允許識別資料 180 主體者,上開目的應以該方式實現。

1. Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organisational measures are in place in particular in order to ensure respect for the principle of data minimisation. Those measures may include pseudonymisation provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner.

2. 為科學或歷史研究目的或統計目的處理個人資料者,歐盟法或會 員國法得就第 15 條、第 16 條、第 18 條及第 21 條所定之權利訂定例 外規定,但須符合本條第一項所定要件及保護措施,且該權利不可能 或不會嚴重損害特定目的之實現,且該等例外係為實現上開目的所必 要者。

2. Where personal data are processed for scientific or historical research purposes or statistical purposes, Union or Member State law may provide for derogations from the rights referred to in Articles 15, 16, 18 and 21 subject to the conditions and safeguards referred to in paragraph 1 of this Article in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.

相关文章

3. 為實現公共利益處理個人資料者,歐盟法或會員國法得就第 15條、 第 16 條、第 18 條、第 19 條、第 20 條及第 21 條所定之權利訂定例 外規定,但須符合本條第一項所定要件及保護措施,且該權利不可能 或不會嚴重損害特定目的之實現,且該等例外係為實現上開目的所必 要者。

3. Where personal data are processed for archiving purposes in the public interest, Union or Member State law may provide for derogations from the rights referred to in Articles 15, 16, 18, 19, 20 and 21 subject to the conditions and safeguards referred to in paragraph 1 of this Article in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.

相关文章

4. 第 2 項及第 3 項所定之處理同時適用於不同目的者,該例外規定 僅適用於該項規定所定目的之處理。

4. Where processing referred to in paragraphs 2 and 3 serves at the same time another purpose, the derogations shall apply only to processing for the purposes referred to in those paragraphs.

專家評論 献技 指南和案例法 发表评论
專家評論

(EN) Article 89 details the appropriate safeguards to process sensitive data for archiving, research, and statistics purposes under article 9 2) (j) and possible derogations to rights granted to individuals by the General Data Protection Regulation. There is indeed a legal exception allowing the processing of special categories of personal data. It must be provided for by a Union or Member State law and the law itself must meet certain conditions that I have already discussed in a previous commentary.

Appropriate safeguards under article 89 concern technical and organizational measures put in place by Member States and respecting the data minimization, proportionality, and necessity principles (recital 156). They may include the possibility of resorting to pseudonymization, where applicable, or further processing “which does not permit or no longer permits the identification of data subjects”. The measures involved must take into account the impact on individuals, like physical or psychological potential damages they might suffer.

Member States law may provide for derogations, in the case of scientific research, historical research or statistics, to the right of access (article 15), the right to rectification (article 16), the right to restriction of processing (article 18), and the right to object (article 21). It is possible to refuse to grant these rights to individuals only if respecting them would hinder or “seriously impair” the achievement of the desired goals, that is to say, conducting scientific or historical research or producing statistics.


访问全文

(EN) Author
Louis-Philippe Gratton
(EN) Louis-Philippe Gratton PhD, LLM
(EN) Privacy Expert
献技

(156) 為符合公共利益、達成科學或歷史研究目的或統計目的所為個 人資料之處理應受本規則為資料主體之權利或自由所定適當保護措 施之拘束。該等保護措施應確保已備妥技術上及組織上之措施,用以 確保,特別是資料最少蒐集原則之落實。為符合公共利益、達成科學 或歷史研究目的或統計目的,當控管者已評估實現該等目的之可行性, 且藉由不允許或不再允許識別資料主體為該處理,並有適當的保護措 施存在(例如,資料之假名化)時,個人資料將得進行進階處理。會 員國對於為達成公共利益目的之個人資料處理,應提供適當之保護措施。在進行符合公共利益、達成科學或歷史研究目的或統計目的之個 人資料處理時,會員國在符合特定條件且有提供資料主體適當保護措 施時,應有權具體化及除外化關於資訊之要求,以及關於更正、刪除、 被遺忘、限制處理、資料可攜性及拒絕之權利。若依照特定資料處理 所追求之目的為適當,且其技術上及組織上之措施係為落實適當性及 必要性原則而減少個人資料處理時,其條件及保護措施可能需要有特 定程序使資料主體得行使該等權利。為科學目的之個人資料處理亦應 遵守其他相關之法規,例如對於臨床試驗之規範。

(156) The processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes should be subject to appropriate safeguards for the rights and freedoms of the data subject pursuant to this Regulation. Those safeguards should ensure that technical and organisational measures are in place in order to ensure, in particular, the principle of data minimisation. The further processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is to be carried out when the controller has assessed the feasibility to fulfil those purposes by processing data which do not permit or no longer permit the identification of data subjects, provided that appropriate safeguards exist (such as, for instance, pseudonymisation of the data). Member States should provide for appropriate safeguards for the processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. Member States should be authorised to provide, under specific conditions and subject to appropriate safeguards for data subjects, specifications and derogations with regard to the information requirements and rights to rectification, to erasure, to be forgotten, to restriction of processing, to data portability, and to object when processing personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. The conditions and safeguards in question may entail specific procedures for data subjects to exercise those rights if this is appropriate in the light of the purposes sought by the specific processing along with technical and organisational measures aimed at minimising the processing of personal data in pursuance of the proportionality and necessity principles. The processing of personal data for scientific purposes should also comply with other relevant legislation such as on clinical trials.

(157) 藉由結合資料庫之資訊,研究者得取得普遍醫療條件下高價值 之新知識,例如心血管疾病、癌症及抑鬱症。當有更多的人口數時, 在資料庫之基礎上,研究結果可被提升。在社會科學中,以資料庫為 基礎之研究使研究者能取得關於取得數個社會條件之長期關連性基 礎知識,例如失業及教育與其他生存條件之相關性。透過資料庫得出 之研究結果提供堅實、高品質之知識,可作為依據知識形成政策之基 礎,並增進一定數量之人之生活品質,以及促進社會服務之效能。為 了促進科學研究,若依照歐盟法或會員國法所規定之適當條件及保護 措施,可為科學研究目的而處理個人資料。

(157) By coupling information from registries, researchers can obtain new knowledge of great value with regard to widespread medical conditions such as cardiovascular disease, cancer and depression. On the basis of registries, research results can be enhanced, as they draw on a larger population. Within social science, research on the basis of registries enables researchers to obtain essential knowledge about the long-term correlation of a number of social conditions such as unemployment and education with other life conditions. Research results obtained through registries provide solid, high-quality knowledge which can provide the basis for the formulation and implementation of knowledge-based policy, improve the quality of life for a number of people and improve the efficiency of social services. In order to facilitate scientific research, personal data can be processed for scientific research purposes, subject to appropriate conditions and safeguards set out in Union or Member State law.

(158) 當個人資料處理係為達成某些目的,本規則亦應適用於該處理, 惟須特別注意本規則不應適用於死者。依照歐盟法或會員國法,持有 公共利益紀錄之公務機關或公務機構或私人應有提供服務之法律義 務,亦即有義務取得、保存、評估、安排、描述、溝通、促進、宣傳 及提供對於一般公共利益有持久價值之記錄的存取。會員國亦應被授 權規範為達成某些目的所為個人資料之進階處理,例如規範在早期極 權主義國家政權、種族滅絕、納粹大屠殺等違反人類罪、或戰爭罪之 下的政治行為之相關特定資訊。

(158) Where personal data are processed for archiving purposes, this Regulation should also apply to that processing, bearing in mind that this Regulation should not apply to deceased persons. Public authorities or public or private bodies that hold records of public interest should be services which, pursuant to Union or Member State law, have a legal obligation to acquire, preserve, appraise, arrange, describe, communicate, promote, disseminate and provide access to records of enduring value for general public interest. Member States should also be authorised to provide for the further processing of personal data for archiving purposes, for example with a view to providing specific information related to the political behaviour under former totalitarian state regimes, genocide, crimes against humanity, in particular the Holocaust, or war crimes.

(159) 當個人資料係為科學研究目的而為處理,本規則亦應適用於該 等資料之處理。為本規則之目的,對於為科學研究目的所為個人資料 之處理應採較寬鬆之解釋,包括如科技發展及成果、基礎研究、應用 研究及私人贊助之研究。此外,應考量歐盟在歐洲聯盟運作條約第 179 條第 1 項達成歐洲研究區域之目的。科學研究目的亦應包括為符 合公共利益在公共衛生領域所進行之研究。為滿足處理個人資料用於 科學研究目的之特殊性,尤其是關於出版或以其他方式在科學研究目 的下揭露個人資料時,應適用特定之條件。若科學研究結果(尤其是 在公共衛生領域者)為符合資料主體利益提供了進一步措施之理由, 本規則之一般規定應適用該等措施。

(159) Where personal data are processed for scientific research purposes, this Regulation should also apply to that processing. For the purposes of this Regulation, the processing of personal data for scientific research purposes should be interpreted in a broad manner including for example technological development and demonstration, fundamental research, applied research and privately funded research. In addition, it should take into account the Union's objective under Article 179(1) TFEU of achieving a European Research Area. Scientific research purposes should also include studies conducted in the public interest in the area of public health. To meet the specificities of processing personal data for scientific research purposes, specific conditions should apply in particular as regards the publication or otherwise disclosure of personal data in the context of scientific research purposes. If the result of scientific research in particular in the health context gives reason for further measures in the interest of the data subject, the general rules of this Regulation should apply in view of those measures.

(160) 為歷史研究目的進行個人資料處理時,本規則亦應適用於該資 料處理。此亦應包括歷史研究及家族史研究,尤應注意本規則不應適 用於死者。

(160) Where personal data are processed for historical research purposes, this Regulation should also apply to that processing. This should also include historical research and research for genealogical purposes, bearing in mind that this Regulation should not apply to deceased persons.

(161) 為同意參與臨床試驗科學研究活動之目的,歐洲議會及歐盟理 事會之歐盟規則第 536/2014 號[15]應適用之。

(161) For the purpose of consenting to the participation in scientific research activities in clinical trials, the relevant provisions of Regulation (EU) No 536/2014 of the European Parliament and of the Council [15] should apply.

[15] Regulation (EU) No 536/2014 of the European Parliament and of the Council of 16 April 2014 on clinical trials on medicinal products for human use, and repealing Directive 2001/20/EC (OJ L 158, 27.5.2014, p. 1). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2014:158:TOC

[15] Regulation (EU) No 536/2014 of the European Parliament and of the Council of 16 April 2014 on clinical trials on medicinal products for human use, and repealing Directive 2001/20/EC (OJ L 158, 27.5.2014, p. 1). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2014:158:TOC

(162) 當為統計目的進行個人資料處理時,本規則應適用於該等資料 處理。在本規則之限制範圍內,歐盟法或會員國法應決定統計內容、 存取控制、對為統計目的之個人資料處理的詳述、以及保護資料主體 權利與自由之適當措施,並確保統計機密性。統計目的係指任何蒐集 活動以及統計調查或產生統計結果所必須之個人資料處理。此等統計 結果可能進一步被用於不同的目的,包括科學研究目的。統計目的意 味著為統計目的之資料處理結果不是個人資料,而係總體資料,且該 結果或該個人資料並非用於支持關於任何特定當事人之措施或決 定。

(162) Where personal data are processed for statistical purposes, this Regulation should apply to that processing. Union or Member State law should, within the limits of this Regulation, determine statistical content, control of access, specifications for the processing of personal data for statistical purposes and appropriate measures to safeguard the rights and freedoms of the data subject and for ensuring statistical confidentiality. Statistical purposes mean any operation of collection and the processing of personal data necessary for statistical surveys or for the production of statistical results. Those statistical results may further be used for different purposes, including a scientific research purpose. The statistical purpose implies that the result of processing for statistical purposes is not personal data, but aggregate data, and that this result or the personal data are not used in support of measures or decisions regarding any particular natural person.

(163) 歐盟及國家統計機關為產生歐洲官方及各國官方統計資料而 蒐集之機密資訊應被保護。歐洲統計資料應依歐洲聯盟運作條約第338 條第 2 項所定之統計原則為研製、製作及宣傳,但國家統計資料 亦應遵守會員國法律。歐洲議會及歐盟理事會之歐盟規則第 223/2009 號[16]規定關於歐洲統計資料統計機密性之進一步細節。

(163) The confidential information which the Union and national statistical authorities collect for the production of official European and official national statistics should be protected. European statistics should be developed, produced and disseminated in accordance with the statistical principles as set out in Article 338(2) TFEU, while national statistics should also comply with Member State law. Regulation (EC) No 223/2009 of the European Parliament and of the Council [16] provides further specifications on statistical confidentiality for European statistics.

[16] Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European Communities (OJ L 87, 31.3.2009, p. 164). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2009:087:TOC

[16] Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European Communities (OJ L 87, 31.3.2009, p. 164). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2009:087:TOC

指南和案例法 发表评论
[js-disqus]