法律翻译|欧盟数据保护委员会 (EDPB) 发布最终版《数据主体权利指南——访问权》
译者 | 孙书朋 西南政法大学硕士
一审 | 何兰子夜 宾夕法尼亚大学
二审 | Cindy Wong University of Leeds LL.B.
三审|Lance
编辑 | NYZ 武汉大学本科
于杰 上海对外经贸大学本科
责编 | 王有蓉 中国政法大学硕士
EDPB adopts final version of Guidelines on data subject rights - right of access
欧盟数据保护委员会 (EDPB) 发布最终版《数据主体权利指南——访问权》
Following public consultation, the EDPB has adopted a final version of the Guidelines on data subject rights - Right of access. The Guidelines analyse the various aspects of the right of access and provide more precise guidance on how the right of access has to be implemented in different situations. Among others, the Guidelines provide clarifications on the scope of the right of access, the information the controller has to provide to the data subject, the format of the access request, the main modalities for providing access, and the notion of manifestly unfounded or excessive requests. Following public consultation, the guidelines were updated and further clarifications were added on different aspects that were brought up in the consultation. Furthermore, some minor editorial adjustments were made to ensure consistency of different concepts.
在公开征求意见后,欧盟数据保护委员会(EDPB)发布了最终版的《数据主体权利指南——访问权》。该《指南》从各个方面分析了访问权,并就不同情形下访问权的实施方式给出了更准确的指导。除此之外,《指南》说明了访问权的范围、数据控制者应向数据主体提供的信息、访问请求的格式、提供访问的主要方式以及明显不合理或过度的访问请求的概念。根据公众意见,《指南》进行了更新,并对公开征求意见过程中提出的不同方面问题作出了进一步说明。此外,欧盟数据保护委员会还对《指南》略作编辑调整以确保不同概念的前后一致性。
In addition, the EDPB also adopted final versions of the targeted updates of Guidelines for identifying a controller or processor’s lead supervisory authority and the Guidelines on data breach notification. Both guidelines concern an update of the Art. 29 Working Party Guidelines on the same subjects. The public consultation only concerned the paragraphs of the guidelines that were updated.
另外,欧盟数据保护委员会还发布了最终版的《数据控制者或处理者主要监管机构认定指南》和《数据泄露通知指南》针对性更新。这两部指南均为对《第29条工作组指南》就同一问题进行的更新。公众意见征求仅涉及更新的指南条款。
(图片源自网络)
Following public consultation, some feedback was included in the updated Guidelines on data breach notification. Most notably, the new version clarifies that the notification shall be the responsibility of the controller. In addition, some stakeholders raised concerns about operational issues when a personal data breach needs to be notified to multiple data protection authorities (DPAs). The EDPB recalls that the targeted update simply aligns the text of the Guidelines with the text of the GDPR, which does not provide for one-stop-shop for controllers not established within EEA. The EDPB however considered the stakeholders’ feedback, and decided to publish a contact list for data breach notification with relevant links and accepted languages for all EEA DPAs on its website in the near future. This will make it easier for controllers to identify the contact points and requirements per DPA.
在公开征求意见后,更新版的《数据泄露通知指南》纳入了一些反馈意见。最值得注意的是,新版指南明确了通知是数据控制者的责任。除此之外,一些利益相关方对需要向多个数据保护机构 (DPAs) 通报个人数据泄露事件的操作问题表示关切。为此,欧盟数据保护委员会强调针对性更新只是为了让《指南》和《一般数据保护条例》(GDPR, General Data Protection Regulation) 的文本保持一致,这并不是为设立在欧洲经济区以外的数据控制者提供一站式服务。但是,欧盟数据保护委员会也考虑了利益相关方的反馈意见,决定近期在其官网上为欧洲经济区内所有数据保护机构公布数据泄露事件通报联系名单的相关链接和通用语言版本。这种方式使得数据控制者更加容易查询每个数据保护机构的联络人员和要求。
原文链接:https://edpb.europa.eu/news/news/2023/edpb-adopts-final-version-guidelines-data-subject-rights-right-access_en
微信扫码关注该文公众号作者