The General Data Protection Regulation is a major step in digital privacy and is the result of a long process settled in European values. The 99 legal articles in the Regulation aim at strengthening laws on data protection, thereby giving EU citizens control over their personal data, while emphasizing the ideas of freedom, security and equality within the European Union. The Regulation came into force from the 25th of May 2018. 《通用数据保护条例》是个人数字隐私方面的一项重要举措,是欧洲价值观念漫长的过程中得以解决的结果。该条例中的99条旨在加强关于个人数据保护,进而赋予欧盟公民对其个人数据的控制权,同时强调欧盟内部自由、安全和平等的理念。 该条例于2018年5月25日正式生效。 Discussions began in 2010 about a new reform. A proposed legislation was made by the European Commission in 2012, and was heightened in 2013 by the Edward Snowden case, which increased the need of such action. After four years of debate, the most lobbied law in the history of the EU was published on the 4th May 2016 in the EU Official Journal. The GDPR follows the need to reform the current Data Protection Directive. This was adopted within the European Union in 1995, during the early years of the internet. The GDPR considers the recent technological developments, as well as the implementations on personal data and online security. 关于一项新的变革的讨论始于2010年。2012年,欧盟委员会(European Commission)提出了一项拟议立法,2013年爱德华·斯诺登(Edward Snowden)案加强了该项立法,这增加了此次立法的必要性。经过四年的激烈探讨,欧盟历史上最具游说性的法律于2016年5月4日发表在了《欧盟公报》上。 《通用数据保护条例》紧跟改革现行数据保护指令的需要,该指令是由欧洲联盟于1995年互联网发展早期通过的。这部条例考虑到了最近的技术发展,以及个人数据信息和在线安全的实现。 You, as a data subject, now own your data. Some of your personal data consists of socially oriented categories that contain things such as race, ethnicity, gender, bio-data, sexual orientation, and political and religious opinions, which cannot be handled without your consent. As a user, you have certain rights that are set to safeguard your freedom and help you control your personal data. It is the controller’s responsibility to ensure that your rights are respected according to the Regulation. Your personal data can only be stored for the time frame necessary to the purposes of the collection. From now on, the user is king! 你现在是拥有你个人数据信息的权利主体。你的一些由面向社会分类的个人资料,包括民族、族裔、性别、履历信息、性取向、政治和宗教观点,未经你的同意他方无权进行处理。作为用户,你拥有保护你的自由和帮助你控制个人数据信息的特定权利。根据该条例,确保你的权利得到尊重是数据控制者的责任。您的个人数据只能基于搜集所需存储在特定时间范围内。从现在起,作为用户的你就是王者! These rights ensure that you have freedom to control your personal data and make sure it is not processed if you have not given consent, unless there are necessary reasons in the legislation or for public interest. It is the controller and processor’s responsibility to follow the Regulation. Your personal rights could be bypassed by the Member State for scientific, historical or statistical purposes or for archiving. Also, your personal data cannot be deleted if it relates to criminal convictions or if there are strong legal grounds for keeping it. When these rights are not applied there must be proper safeguards, which respect the Regulation, and the principle of minimization. This principle demands that only the data necessary for the specific purpose should be processed. 条例项下的权利确保你控制个人数据信息的自由,并确保在未经你的同意的情况下不被处理,除非法律所规定的必要的理由或是为了公众利益。遵守本条例是数据控制者及处理者的责任。你的个人权利可能被会员国出于科学、历史或统计目的或为了存档而不能施以保护。此外,如果你的个人资料涉及刑事定罪或有充分的法律理由而须以保留,则不能删除。如果这些权利不能得以适用,就必须有适当的保障措施予以捍卫本条例和最低限度原则,该原则只适用于基于特定目的的所需数据才能被进行相关处理。 作者:魏婕,FCPA部 注:本文不属于法律意见,如需咨询请与本所联系。