摘要
解读欧盟数据控制者的立法模式,旨在阐释数据控制者的概念要义和义务类型,并从中提炼欧盟在个人数据保护方面拟制法律主体的可鉴经验。从对象、行为、主体类型和意思联络四个要素理解数据控制者的概念要义,可知该概念的语词构造表征了以"个人数据"为保护对象以及"控制与被控制"的法律关系,而其概括加列举的定义方式体现出判断某行为是否构成数据控制者的各要素。将数据控制者的义务类型化为采取适当的技术和组织措施、指定特定的主体、如实记录和保存数据处理泄露情况、及时报告和告知数据泄露情况、进行数据保护影响评估和向监管机构事先咨询,可知实现数据控制者内部监督和侧重数据安全的事前保障,能够有效地实现个人数据的法律保护效果。
By interpreting the legislative model of the EU General Data Protection Regulation(GDPR),this article aims to explain the concept and obligations of the data controller,and to highlight the experience of personal data protection in EU.The data controller concept can be understood from four aspects:object,behavior,subject type and meaning;and the term is designed for easily identifying the object to be protected,i.e.personal data,and legal relationship between controlling and being controlled of personal data.Moreover,the definitions in the general provisions and explanation given in each chapter are useful for judging if a data controller is required.The duties of data controller include adopting suitable techniques and organizational measures,documenting breaches of personal data policy,reporting and notifying such breaches,making data protection impact assessments and seeking cooperation with the supervisory authority.These specific duties are useful for internal monitoring of the data controller and setting up data security policies for achieving the necessary legal protection of personal data.
出处
《图书馆论坛》
CSSCI
北大核心
2019年第3期147-153,共7页
Library Tribune
基金
湖南省研究生科研创新项目"总体国家安全观下的数据主权研究"(项目编号:CX2016B228)研究成果