Recital 49
Recital 49
(49) 為確保網路與資訊安全而嚴格遵循必要性及合比例性之個人資 料處理(亦即,具有指定機密級別之網路或資訊系統,以防止突發事 件或違法或惡意行為危害已儲存或已傳輸之個人資料之可用性、真實 性、完整性及機密性,及危害藉由該等網路或系統、公務機關、資安 危機應變小組(CERTs)、資安事件處理小組(CSIRTs)、電子通 訊網路及服務供應商及安全技術服務供應商所提供相關服務之安全 性),構成相關資料控管者之正當利益。舉例言之,此可能包括防止 非經授權之電子通訊網路之存取及阻擋惡意程式碼之散播及阻止「阻 斷服務」攻擊及電腦及電子通訊系統之損害。
(49) The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.
e.
the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems, by public authorities, by computer emergency response teams (CERTs), computer security incident response teams (CSIRTs), by providers of electronic communications networks and services and by providers of security technologies and services, constitutes a legitimate interest of the data controller concerned.
This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.
Source: https://www.ndc.gov.tw/Content_List.aspx?n=F98A8C27A0F54C30
The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.