(51) 依其本質對基本權及自由特別敏感之個人資料，因其處理過程 中可能對於基本權及自由造成顯著風險，故值得受到特別保護。該等 個人資料應包括顯示出種族或人種之個人資料，但本規則使用「種族」 乙詞並不代表歐盟承認旨於區別個別種族存在之理論。照片之處理不 應被制式化地認為係特殊類型之個人資料處理，蓋僅有在透過特殊識 別方法之處理而得獨特識別或驗證出當事人時，始得將照片涵蓋於生 物特徵識別資料的定義之下。該等個人資料不得處理，但其處理係本 規則明定之特別情況所允許，且考量到會員國法為使其與本規則規定 之適用相符以遵守其法定義務或符合公共利益執行職務或委託控管 者行使公權力而對於資料保護定有具體規範者，不在此限。除就該等 處理所定之特別要件以外，本規則所定之一般原則及其他規定亦應予 適用，尤其是涉及處理之合法性要件。為特殊類型之個人資料處理所 設一般禁止規定之例外，應予明確規定，包括：資料主體明確同意或 涉及特殊需求之資料處理，尤其是基於實現基本自由之目的而為某些組織或基金會之正當活動所為之處理者。
(51) Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data should include personal data revealing racial or ethnic origin, whereby the use of the term ‘racial origin’ in this Regulation does not imply an acceptance by the Union of theories which attempt to determine the existence of separate human races. The processing of photographs should not systematically be considered to be processing of special categories of personal data as they are covered by the definition of biometric data only when processed through a specific technical means allowing the unique identification or authentication of a natural person. Such personal data should not be processed, unless processing is allowed in specific cases set out in this Regulation, taking into account that Member States law may lay down specific provisions on data protection in order to adapt the application of the rules of this Regulation for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In addition to the specific requirements for such processing, the general principles and other rules of this Regulation should apply, in particular as regards the conditions for lawful processing. Derogations from the general prohibition for processing such special categories of personal data should be explicitly provided, inter alia, where the data subject gives his or her explicit consent or in respect of specific needs in particular where the processing is carried out in the course of legitimate activities by certain associations or foundations the purpose of which is to permit the exercise of fundamental freedoms.
(52) 於歐盟法或會員國法已有明文且有適當保護措施以保護個人資 料及其他基本權之情況下，為基於公共利益之目的，特別是在勞動法、 包括退休金及安全衛生等社會法領域、監控及警示目的、傳染病及其 他對於健康造成重大威脅之疾病預防及控制所為之個人資料處理，特 殊類型個人資料處理之禁止規定亦應允許例外。基於健康目的，包括 公共衛生及醫療保健服務之管理，特別是為確保醫療保險制度中處理 福利及服務訴求之程序的品質與效益，或是符合公共利益之存檔目的、 科學或歷史研究或統計目的，該等例外規定得以為之。為建構、行使 或防禦法律上之請求而有必要者，不問係於訴訟程序或行政程序或於 法院以外之程序，該等個人資料處理之禁止規定亦應允許例外。
(52) Derogating from the prohibition on processing special categories of personal data should also be allowed when provided for in Union or Member State law and subject to suitable safeguards, so as to protect personal data and other fundamental rights, where it is in the public interest to do so, in particular processing personal data in the field of employment law, social protection law including pensions and for health security, monitoring and alert purposes, the prevention or control of communicable diseases and other serious threats to health. Such a derogation may be made for health purposes, including public health and the management of health-care services, especially in order to ensure the quality and cost-effectiveness of the procedures used for settling claims for benefits and services in the health insurance system, or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. A derogation should also allow the processing of such personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
(53) 值得受較高度保護之特殊類型個人資料，於下述情形始得處理 之，亦即：僅有基於與健康相關之目的，且基於全體人類及社會整體 之利益為達成該等目的所必要者，特別是在健康或社會照護服務及系 統之管理，包括為品質控制、管理資訊及一般國內及地方監管健康或 社會照護系統之目的管理及整合國內醫療院所之該等資料之處理，以 及為確保健康或社會照護及跨境醫療保健或健康安全之永續性、為監 控及警示目的或符合公共利益之存檔目的、科學或歷史研究或統計目 的、基於符合公共利益目的之歐盟法或會員國法以及符合公共利益在 公共衛生領域所為之研究。因此，本規則應就涉及健康之該等特殊類 型個人資料之處理，針對特殊需求，為一致性之規範，尤其是該等資 料之處理係為特定醫療相關目的，由因職業持有秘密而負法定保密義 務之人所為之者。歐盟法或會員國法應明文規定具體適當之措施，以 保障個人基本權及其個人資料。會員國應被允許維持或採用進一步規定，包括但不限於關於基因資料、生物特徵識別資訊或與健康相關資訊之個人資料處理。惟該等條款適用於該等個人資料之跨境處理時，不得妨礙個人資料於歐盟境內之自由流通。
(53) Special categories of personal data which merit higher protection should be processed for health-related purposes only where necessary to achieve those purposes for the benefit of natural persons and society as a whole, in particular in the context of the management of health or social care services and systems, including processing by the management and central national health authorities of such data for the purpose of quality control, management information and the general national and local supervision of the health or social care system, and ensuring continuity of health or social care and cross-border healthcare or health security, monitoring and alert purposes, or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, based on Union or Member State law which has to meet an objective of public interest, as well as for studies conducted in the public interest in the area of public health. Therefore, this Regulation should provide for harmonised conditions for the processing of special categories of personal data concerning health, in respect of specific needs, in particular where the processing of such data is carried out for certain health-related purposes by persons subject to a legal obligation of professional secrecy. Union or Member State law should provide for specific and suitable measures so as to protect the fundamental rights and the personal data of natural persons. Member States should be allowed to maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health. However, this should not hamper the free flow of personal data within the Union when those conditions apply to cross-border processing of such data.
(54) 未取得資料主體同意之特殊類型個人資料處理，於公共衛生領 域基於公共利益之理由可能是有必要的。該等處理應受適當具體措施 之拘束以維護當事人之權利及自由。就此，「公共衛生」應以歐洲議 會及歐盟理事會第 1338/2008 號歐盟規則所作定義而為解釋，亦即 與健康有關之全部要素（即健康狀況），包括疾病與殘疾、對於健康 狀態產生影響之決定性因素、醫療保健之需求、醫療保健之資源分配、 醫療保健之提供及普及性以及醫療保健之開支及財務規劃及致死率 之起因。以公共利益為由所為涉及健康資料之該等處理，不得因其他 目的而由諸如雇主或保險公司及銀行等第三人為處理。
(54) The processing of special categories of personal data may be necessary for reasons of public interest in the areas of public health without consent of the data subject. Such processing should be subject to suitable and specific measures so as to protect the rights and freedoms of natural persons. In that context, ‘public health’ should be interpreted as defined in Regulation (EC) No 1338/2008 of the European Parliament and of the Council , namely all elements related to health, namely health status, including morbidity and disability, the determinants having an effect on that health status, health care needs, resources allocated to health care, the provision of, and universal access to, health care as well as health care expenditure and financing, and the causes of mortality. Such processing of data concerning health for reasons of public interest should not result in personal data being processed for other purposes by third parties such as employers or insurance and banking companies.
(55) 再者，機關所為個人資料處理係為實現官方所認可之宗教組織 所定符合憲法或國際公法之目標者，應屬具備公共利益之基礎。
(55) Moreover, the processing of personal data by official authorities for the purpose of achieving the aims, laid down by constitutional law or by international public law, of officially recognised religious associations, is carried out on grounds of public interest.
(56) 凡於選舉活動過程中，會員國內民主制度之運作要求政黨編纂 關於人民政治觀點之個人資料，於建構適當保護措施之情況下，基於 公共利益之理由，該等資料處理得予准許。
(56) Where in the course of electoral activities, the operation of the democratic system in a Member State requires that political parties compile personal data on people's political opinions, the processing of such data may be permitted for reasons of public interest, provided that appropriate safeguards are established.