å人æ å ±ã®ä¿è·ãããŒã¿ãã©ã€ãã·ãŒãžã®é¢å¿ãé«ãŸãäžãäŒæ¥ã«ãšã£ãŠé©åãªå¯Ÿå¿ãæ±ããããŠããã®ãGDPRïŒEUäžè¬ããŒã¿ä¿è·èŠåïŒã§ããGDPRã¯ãEUåå ã®å人ããŒã¿ä¿è·ã«é¢ããæ³èŠå¶ã§ãããã°ããŒãã«ã«äºæ¥ãå±éããäŒæ¥ã察象ãšãªããŸããGDPRã§ã¯ãå人ããŒã¿ã®åéã»å©çšã»ç®¡çã«ãããå³æ Œãªã«ãŒã«ãå®ããããŠãããéåããå Žåã¯é«é¡ãªå¶è£éãç§ããããå¯èœæ§ããããŸããäŒæ¥ã¯GDPRãèžãŸããå人ããŒã¿ã®é©åãªåãæ±ããšããŒã¿äž»äœã®æš©å©å°éã«åªããå¿ èŠããããŸããæ¬èšäºã§ã¯ãGDPRã®æŠèŠããäž»èŠãªèŠå®ãå ·äœçãªå¯Ÿå¿æ¹æ³ãŸã§ãåå¿è åãã«ãããããã解説ããŸãã
GDPRãšã¯äœã
GDPRã®å®çŸ©ãšæŠèŠ
GDPRã¯ã欧å·é£åïŒEUïŒã«ãããå人ããŒã¿ã®ä¿è·ãšåãæ±ãã«é¢ããèŠåã§ããæ£åŒå称ã¯ã”General Data Protection Regulation”ã§ãæ¥æ¬èªã§ã¯ãEUäžè¬ããŒã¿ä¿è·èŠåããšåŒã°ããŠããŸãããã®èŠåã¯ãEUã«å± äœããå人ã®æš©å©ãä¿è·ããå人ããŒã¿ã®åãæ±ãã«é¢ããèŠå¶ãçµ±äžããããšãç®çãšããŠããŸãã
GDPRã¯ãEUåå ã§äºæ¥ãè¡ãå šãŠã®äŒæ¥ãçµç¹ã«é©çšãããEUåå€ã®äŒæ¥ã§ãã£ãŠãEUåžæ°ã®å人ããŒã¿ãåãæ±ãå Žåã¯å¯Ÿè±¡ãšãªããŸããéåããå Žåãé«é¡ãªå¶è£éã課ããããªã©ãå³ããããã«ãã£ãèšããããŠããŸãã
GDPRãå¶å®ãããèæ¯ãšç®ç
GDPRãå¶å®ãããèæ¯ã«ã¯ãæ¥éãªããžã¿ã«åã®é²å±ã«äŒŽããå人ããŒã¿ã®åéã»å©çšãæ¡å€§ããããšãæããããŸããåŸæ¥ã®èŠå¶ã§ã¯ãå人ããŒã¿ã®ä¿è·ãäžååã§ãã£ãããããã匷åºãªä¿è·æªçœ®ãå¿ èŠãšãããŸããã
GDPRã®äž»ãªç®çã¯ä»¥äžã®éãã§ãã
- å人ããŒã¿ã®åãæ±ãã«é¢ããèŠå¶ãçµ±äžããEUåå ã§ã®æ³ç確å®æ§ãé«ããããš
- å人ã®ãã©ã€ãã·ãŒæš©ã匷åããããŒã¿äž»äœã®æš©å©ãä¿è·ããããš
- å人ããŒã¿ã®èªç±ãªç§»è»¢ãä¿é²ããEUåå ã®ããžã¿ã«åäžåžå Žã®çºå±ãæ¯æŽããããš
ãããã®ç®çãéæãããããGDPRã§ã¯å人ããŒã¿ã®åéã»å©çšã»ä¿ç®¡ã«é¢ããå³æ Œãªã«ãŒã«ãå®ããããŠããŸãã
GDPRã®é©çšç¯å²ãšå¯Ÿè±¡
GDPRã¯ãEUåå ã§äºæ¥ãè¡ãå šãŠã®äŒæ¥ãçµç¹ã«é©çšãããŸããããã«ã¯ãEUåå ã«æ ç¹ãæã€äŒæ¥ã ãã§ãªããEUåžæ°ã®å人ããŒã¿ãåãæ±ã EUåå€ã®äŒæ¥ãå«ãŸããŸããã€ãŸããã°ããŒãã«ã«äºæ¥ãå±éããäŒæ¥ã¯ãããšãEUåå ã«æ ç¹ããªããŠããEUåžæ°ã®å人ããŒã¿ãåãæ±ãå Žåã¯GDPRã®å¯Ÿè±¡ãšãªããŸãã
GDPRã«ãããå人ããŒã¿ãšã¯ãèå¥ãããåã¯èå¥å¯èœãªèªç¶äººã«é¢ããæ å ±ãæããŸããå ·äœçã«ã¯ã以äžã®ãããªæ å ±ã該åœããŸãã
- æ°åãäœæãé»è©±çªå·ãã¡ãŒã«ã¢ãã¬ã¹ãªã©ã®é£çµ¡å æ å ±
- IPã¢ãã¬ã¹ãã¯ãããŒIDãäœçœ®æ å ±ãªã©ã®ãªã³ã©ã€ã³èå¥å
- å¥åº·æ å ±ãéºäŒæ å ±ãçäœæ å ±ãªã©ã®æ©åŸ®æ å ±
- éè¡å£åº§æ å ±ãã¯ã¬ãžããã«ãŒãæ å ±ãªã©ã®éèæ å ±
ãããã®æ å ±ãåãæ±ãéã¯ãGDPRã«å®ããããèŠåã«åŸãå¿ èŠããããŸããäŸãã°ãå人ããŒã¿ã®åéã«ã¯æ確ãªåæååŸãå¿ èŠã§ãããããŒã¿äž»äœã«ã¯èªèº«ã®ããŒã¿ã«ã¢ã¯ã»ã¹ããæš©å©ããäžæ£ç¢ºãªããŒã¿ã®èšæ£ãæ±ããæš©å©ãªã©ãèªããããŠããŸãã
ãŸããGDPRã§ã¯ãå人ããŒã¿ã®åãæ±ãã«é¢ãã説æ責任ãæ±ããããŠããŸããäŒæ¥ã¯ãå人ããŒã¿ã®åãæ±ãæ¹æ³ãç®çãæ確ã«ç€ºããããŒã¿äž»äœããã®åãåãããèŠæ±ã«å¯ŸããŠé©åã«å¯Ÿå¿ããå¿ èŠããããŸãã
GDPRãžã®å¯Ÿå¿ã¯ãäŒæ¥ã«ãšã£ãŠå€§ããªèª²é¡ãšãªã£ãŠããŸããããããå人ããŒã¿ã®é©åãªä¿è·ã¯ãäŒæ¥ã®ä¿¡é Œæ§ãé«ããããžãã¹ã®çºå±ã«ãå¯äžãããšèããããŸããGDPRãèžãŸããå人ããŒã¿ã®åãæ±ãã¯ãä»åŸãŸããŸãéèŠã«ãªãã§ãããã
GDPRã®äž»èŠãªèŠå®
å人ããŒã¿ã®åŠçã«é¢ããèŠå®
GDPRã§ã¯ãå人ããŒã¿ã®åŠçã«é¢ããèŠå®ã詳现ã«å®ããããŠããŸããäŒæ¥ã¯ãå人ããŒã¿ã®åéãå©çšãä¿ç®¡ãåé€ãªã©ã®åŠçãè¡ãéã«ãäžå®ã®æ¡ä»¶ãæºããå¿ èŠããããŸããäŸãã°ãããŒã¿äž»äœããæ瀺çãªåæãåŸãããšããããŒã¿åŠçã®ç®çãæ確ã«ããããšãªã©ãæ±ããããŸãã
ãŸããGDPRã§ã¯ãããŒã¿æå°åã®ååãéèŠãããŠããŸããããã¯ãç®çéæã«å¿ èŠãªç¯å²å ã§å人ããŒã¿ãåéã»å©çšããäžèŠã«ãªã£ãããŒã¿ã¯éããã«åé€ãããšããèãæ¹ã§ããäŒæ¥ã¯ãå人ããŒã¿ã®åãæ±ãã«ãããŠããã®ååãèžãŸããå¿ èŠããããŸãã
ããã«ãGDPRã§ã¯ããã©ã€ãã·ãŒã»ãã€ã»ãã¶ã€ã³ãšãã©ã€ãã·ãŒã»ãã€ã»ããã©ã«ãã®æŠå¿µãå°å ¥ãããŠããŸãããã©ã€ãã·ãŒã»ãã€ã»ãã¶ã€ã³ãšã¯ãã·ã¹ãã ããµãŒãã¹ã®èšèšæ®µéãããã©ã€ãã·ãŒä¿è·ãçµã¿èŸŒãããšãæããŸãããã©ã€ãã·ãŒã»ãã€ã»ããã©ã«ããšã¯ãåæèšå®ã§ãã©ã€ãã·ãŒä¿è·ãæ倧éã«å³ãããç¶æ ã«ããããšãæå³ããŸããäŒæ¥ã¯ããããã®æŠå¿µãèžãŸããå人ããŒã¿ä¿è·ã«é æ ®ããã·ã¹ãã èšèšãåæèšå®ãè¡ãå¿ èŠããããŸãã
ããŒã¿äž»äœã®æš©å©ã«é¢ããèŠå®
GDPRã§ã¯ãããŒã¿äž»äœïŒå人ããŒã¿ã®å¯Ÿè±¡ãšãªãå人ïŒã®æš©å©ã匷åãããŠããŸããäž»ãªããŒã¿äž»äœã®æš©å©ãšããŠã以äžã®ãããªãã®ããããŸãã
- æ å ±ãåŸãæš©å©ïŒèªå·±ã®å人ããŒã¿ãã©ã®ããã«åãæ±ãããŠãããã«ã€ããŠãäŒæ¥ããæ å ±æäŸãåããæš©å©
- ã¢ã¯ã»ã¹æš©ïŒèªå·±ã®å人ããŒã¿ã«ã¢ã¯ã»ã¹ãããã®å©çšç®çãååŸå ãªã©ã®æ å ±ãåŸãæš©å©
- èšæ£æš©ïŒäžæ£ç¢ºãªå人ããŒã¿ã®èšæ£ãæ±ããæš©å©
- åé€æš©ïŒå¿ããããæš©å©ïŒïŒç¹å®ã®æ¡ä»¶äžã§ãèªå·±ã®å人ããŒã¿ã®åé€ãæ±ããæš©å©
- ããŒã¿ããŒã¿ããªãã£ã®æš©å©ïŒèªå·±ã®å人ããŒã¿ãæ©æ¢°å¯èªãªåœ¢åŒã§åãåããä»ã®äºæ¥è ã«ç§»è¡ããæš©å©
- ç°è°ãå±ããæš©å©ïŒå人ããŒã¿ã®åãæ±ãã«ç°è°ãå±ããåŠçã®åæ¢ãæ±ããæš©å©
äŒæ¥ã¯ããããã®ããŒã¿äž»äœã®æš©å©ã«é©åã«å¯Ÿå¿ããå¿ èŠããããŸããããŒã¿äž»äœããæš©å©è¡äœ¿ã®èŠæ±ããã£ãå ŽåãååãšããŠ1ã¶æ以å ã«å¿ããªããã°ãªããŸããããŸããèŠæ±ãžã®å¯Ÿå¿ã«éããŠã¯ãæ¬äººç¢ºèªãé©åã«è¡ãããšãæ±ããããŸãã
äŒæ¥ã®çŸ©åãšè²¬ä»»ã«é¢ããèŠå®
GDPRã§ã¯ãå人ããŒã¿ãåãæ±ãäŒæ¥ã«å¯ŸããŠãæ§ã ãªçŸ©åãšè²¬ä»»ã課ãããŠããŸããäž»ãªçŸ©åãšè²¬ä»»ã¯ä»¥äžã®éãã§ãã
- ããŒã¿ä¿è·è²¬ä»»è ïŒDPOïŒã®ä»»åœïŒäžå®ã®æ¡ä»¶ã«è©²åœããäŒæ¥ã¯ãããŒã¿ä¿è·è²¬ä»»è ãä»»åœãã矩åããããŸãã
- å人ããŒã¿äŸµå®³æã®éç¥ïŒå人ããŒã¿ã®æŒæŽ©ãçŽå€±ãªã©ã®äºæ ãçºçããå Žåãç£ç£æ©é¢ãžã®éç¥ãšããŒã¿äž»äœãžã®é£çµ¡ã矩åä»ããããŠããŸãã
- ããŒã¿ä¿è·åœ±é¿è©äŸ¡ïŒDPIAïŒã®å®æœïŒé«ãªã¹ã¯ãªå人ããŒã¿ã®åãæ±ããè¡ãå Žåãäºåã«ããŒã¿ä¿è·åœ±é¿è©äŸ¡ãå®æœããå¿ èŠããããŸãã
- åŠç掻åã®èšé²ïŒå人ããŒã¿ã®åŠç掻åã«é¢ããèšé²ãäœæããä¿ç®¡ããããšãæ±ããããŸãã
- é©åãªå®å šç®¡çæªçœ®ã®å®è£ ïŒå人ããŒã¿ãä¿è·ãããããé©åãªæè¡çã»çµç¹çå®å šç®¡çæªçœ®ãè¬ããå¿ èŠããããŸãã
ãŸããGDPRã§ã¯ãå人ããŒã¿ã®åãæ±ãã«ããã説æ責任ãéèŠãããŠããŸããäŒæ¥ã¯ãå人ããŒã¿ã®ååŸæã«ãããŒã¿äž»äœã«å¯ŸããŠãããŒã¿åŠçã®ç®çãæ³çæ ¹æ ãããŒã¿äž»äœã®æš©å©ãªã©ã«ã€ããŠãæ確ãã€å¹³æã«èª¬æããå¿ èŠããããŸãã
GDPRã®éåã«å¯ŸããŠã¯ãå³ããå¶è£æªçœ®ãèšããããŠããŸããéåã®å 容ãçšåºŠã«å¿ããŠãæ倧ã§å šäžç幎é売äžé«ã®4ïŒ ãŸãã¯2,000äžãŠãŒãïŒçŽ24ååïŒã®ããããé«ãæ¹ãå¶è£éãšããŠèª²ãããŸããäŒæ¥ã¯ãGDPRãéµå®ããé©åãªå人ããŒã¿ä¿è·äœå¶ãæ§ç¯ããããšãæ±ããããŸãã
以äžãGDPRã®äž»èŠãªèŠå®ã®æŠèŠã§ããGDPRã¯ãå人ããŒã¿ä¿è·ã«ãããäžççãªæšæºãšãªãã€ã€ãããååœã®æ³å¶åºŠã«ã圱é¿ãäžããŠããŸããäŒæ¥ã¯ãGDPRãèžãŸããå人ããŒã¿ã®é©åãªåãæ±ããšããŒã¿äž»äœã®æš©å©å°éã«åªããå¿ èŠãããã§ãããã
GDPRãžã®å¯Ÿå¿æ¹æ³
GDPRã«å¯Ÿå¿ããããã®åºæ¬çãªã¹ããã
GDPRãžã®å¯Ÿå¿ã¯ãäŒæ¥ã«ãšã£ãŠéèŠãªèª²é¡ã§ããGDPRã«å¯Ÿå¿ããããã®åºæ¬çãªã¹ããããšããŠã以äžã®ãããªåãçµã¿ãæããããŸãã
- å人ããŒã¿ã®æ£åžãïŒèªç€Ÿãä¿æããå人ããŒã¿ã®çš®é¡ãéãä¿ç®¡å Žæãªã©ãææ¡ããããŒã¿ããããäœæããŸãã
- ããŒã¿åŠçã®æ³çæ ¹æ ã®ç¢ºèªïŒå人ããŒã¿ã®ååŸã»å©çšã»æäŸãªã©ã®åŠçã«ã€ããŠãGDPRã«å®ããããæ³çæ ¹æ ã«åºã¥ããŠè¡ãããŠããããšã確èªããŸãã
- å人ããŒã¿ã®åãæ±ãããã»ã¹ã®èŠçŽãïŒå人ããŒã¿ã®åãæ±ãã«é¢ãã瀟å ã«ãŒã«ãæç¶ãããGDPRã®èŠæ±äºé ã«æ²¿ã£ãŠèŠçŽããå¿ èŠãªæ¹åãè¡ããŸãã
- ã»ãã¥ãªãã£å¯Ÿçã®åŒ·åïŒå人ããŒã¿ãé©åã«ä¿è·ãããããæè¡çã»çµç¹çãªã»ãã¥ãªãã£å¯Ÿçã匷åããŸããæå·åãã¢ã¯ã»ã¹å¶åŸ¡ãç£æ»ãã°ã®ååŸãªã©ãå«ãŸããŸãã
- ãã©ã€ãã·ãŒããªã·ãŒã®æŽæ°ïŒGDPRã®èŠæ±äºé ã«æ²¿ã£ãŠããã©ã€ãã·ãŒããªã·ãŒãæŽæ°ããŸããããŒã¿äž»äœã®æš©å©ãããŒã¿åŠçã®ç®çãæ³çæ ¹æ ãªã©ãæ瀺ããŸãã
- åŸæ¥å¡æè²ã®å®æœïŒå人ããŒã¿ãåãæ±ãåŸæ¥å¡ã«å¯ŸããŠãGDPRã®èŠæ±äºé ã瀟å ã«ãŒã«ã«ã€ããŠã®æè²ãè¡ããæèåäžãå³ããŸãã
ãããã®ã¹ããããçå®ã«é²ããããšã§ãGDPRãžã®å¯Ÿå¿ãé²ããããšãã§ããŸãããã ããGDPRãžã®å¯Ÿå¿ã¯äžæçãªãããžã§ã¯ãã§ã¯ãªããç¶ç¶çãªåãçµã¿ãå¿ èŠã§ããå®æçãªç£æ»ãèŠçŽããè¡ããåžžã«é©åãªå人ããŒã¿ä¿è·ã®äœå¶ãç¶æããããšãæ±ããããŸãã
å人ããŒã¿ã®é©åãªåãæ±ããšç®¡ç
GDPRãžã®å¯Ÿå¿ã«ãããŠãå人ããŒã¿ã®é©åãªåãæ±ããšç®¡çã¯æ¥µããŠéèŠã§ããäŒæ¥ã¯ã以äžã®ãããªç¹ã«çæããå¿ èŠããããŸãã
- ããŒã¿æå°åã®ååã«åºã¥ããç®çéæã«å¿ èŠãªç¯å²å ã§å人ããŒã¿ãåéã»å©çšããããš
- å人ããŒã¿ã®æ£ç¢ºæ§ã確ä¿ããå®æçã«æŽæ°ããããš
- å人ããŒã¿ã®ä¿åæéãæ確ã«ããäžèŠã«ãªã£ãããŒã¿ã¯éããã«åé€ããããš
- å人ããŒã¿ãžã®ã¢ã¯ã»ã¹ããæ¥åäžå¿ èŠãªè ã«éå®ããã¢ã¯ã»ã¹æš©éãé©åã«ç®¡çããããš
- å人ããŒã¿ã®åãæ±ãã«é¢ããèšé²ãäœæããä¿ç®¡ããããš
- å人ããŒã¿ã第äžè ã«æäŸããå Žåãé©åãªæ³çæ ¹æ ã確ä¿ããããŒã¿äž»äœãžã®éç¥ãåæååŸãè¡ãããš
ãŸããGDPRã§ã¯ããã©ã€ãã·ãŒã»ãã€ã»ãã¶ã€ã³ãšãã©ã€ãã·ãŒã»ãã€ã»ããã©ã«ãã®æŠå¿µãå°å ¥ãããŠããŸããäŒæ¥ã¯ãã·ã¹ãã ããµãŒãã¹ã®èšèšæ®µéãããã©ã€ãã·ãŒä¿è·ãçµã¿èŸŒã¿ãåæèšå®ã§ãã©ã€ãã·ãŒä¿è·ãæ倧éã«å³ãããç¶æ ã«ããããšãæ±ããããŸãã
å人ããŒã¿ã®é©åãªåãæ±ããšç®¡çã¯ãäŒæ¥ã®ä¿¡é Œæ§åäžã«ãã€ãªãããŸãã顧客ãåŸæ¥å¡ã®å人ããŒã¿ãé©åã«ä¿è·ãããã®åãçµã¿ãç©æ¥µçã«é瀺ããããšã§ãã¹ããŒã¯ãã«ããŒããã®ä¿¡é Œãç²åŸããããšãã§ããã§ãããã
ããŒã¿ä¿è·è²¬ä»»è ã®èšçœ®ãšåœ¹å²
GDPRã§ã¯ãäžå®ã®æ¡ä»¶ã«è©²åœããäŒæ¥ã«å¯ŸããŠãããŒã¿ä¿è·è²¬ä»»è ïŒDPOïŒData Protection OfficerïŒã®ä»»åœã矩åä»ããããŠããŸããDPOã¯ãå人ããŒã¿ä¿è·ã«é¢ãã瀟å ã®åãçµã¿ãç£ç£ããGDPRã®éµå®ãæšé²ããéèŠãªåœ¹å²ãæ ããŸãã
DPOã®äž»ãªè²¬åã¯ä»¥äžã®éãã§ãã
- å人ããŒã¿ä¿è·ã«é¢ãã瀟å ããªã·ãŒãæç¶ãã®çå®ãšå®æœãæ¯æŽããããš
- å人ããŒã¿ã®åãæ±ãã«é¢ããç£æ»ãè¡ããGDPRã®éµå®ç¶æ³ã確èªããããš
- å人ããŒã¿ä¿è·ã«é¢ããåŸæ¥å¡æè²ãäŒç»ã»å®æœããããš
- å人ããŒã¿ã®æŒæŽ©ãªã©ã®äºæ ãçºçããå Žåãç£ç£æ©é¢ãžã®éç¥ãšããŒã¿äž»äœãžã®é£çµ¡ãè¡ãããš
- ããŒã¿äž»äœããã®åãåãããæš©å©è¡äœ¿ã®èŠæ±ã«å¯Ÿå¿ããããš
- å人ããŒã¿ä¿è·ã«é¢ããææ°ååãææ¡ãã瀟å ãžã®æ å ±æäŸãè¡ãããš
DPOã«ã¯ãå人ããŒã¿ä¿è·ã«é¢ããå°éç¥èãšçµéšãæ±ããããŸãããŸããDPOã¯ãæ¥åéè¡ã«ãããŠç¬ç«æ§ãä¿éãããªããã°ãªããŸãããäŒæ¥ã¯ãDPOãæ¥åãé©åã«éè¡ã§ãããããå¿ èŠãªæš©éãè³æºãäžããå¿ èŠããããŸãã
DPOã®èšçœ®ã¯ãGDPRãžã®å¯Ÿå¿ã«ãããŠéèŠãªèŠçŽ ã®äžã€ã§ããDPOãäžå¿ãšããå人ããŒã¿ä¿è·ã®äœå¶ãæ§ç¯ããããšã§ãGDPRã®èŠæ±äºé ãçå®ã«æºããããšãã§ããã§ãããããŸããDPOã®ååšã¯ãå人ããŒã¿ä¿è·ã«å¯ŸããäŒæ¥ã®å§¿å¢ãå å€ã«ç€ºãããšã«ãã€ãªãããŸããç©æ¥µçãªDPOã®æŽ»çšã«ãããäŒæ¥ã®å人ããŒã¿ä¿è·ã®åãçµã¿ã匷åããŠããããšãæåŸ ãããŸãã
ãŸãšã
GDPRã¯ãEUåå ã®å人ããŒã¿ä¿è·ã«é¢ããæ³èŠå¶ã§ãããã°ããŒãã«ã«äºæ¥ãå±éããäŒæ¥ã察象ãšãªããŸããé©åãªå人ããŒã¿ã®åãæ±ããšããŒã¿äž»äœã®æš©å©å°éãæ±ããããéåããå Žåã¯é«é¡ãªå¶è£éãç§ããããå¯èœæ§ããããŸããäŒæ¥ã¯GDPRãžã®å¯Ÿå¿ãšããŠãå人ããŒã¿ã®æ£åžããã»ãã¥ãªãã£å¯Ÿçã®åŒ·åããã©ã€ãã·ãŒããªã·ãŒã®æŽæ°ãªã©ãé²ããå¿ èŠããããŸãããŸããããŒã¿ä¿è·è²¬ä»»è ã®èšçœ®ãåŸæ¥å¡æè²ãéèŠã§ããGDPRãèžãŸããå人ããŒã¿ä¿è·ã®åãçµã¿ã¯ãäŒæ¥ã®ä¿¡é Œæ§åäžã«ãã€ãªããã§ãããã