(本2018年版公约的条文翻译工作是在2012年版公约译文的基础上进行的,2012年版译文翻译者为施佳倩、审校者为高富平。)
译者序
1981年,欧洲委员会通过《个人数据自动化处理中的个人保护公约》(the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data )(本文下称“公约”)。
该公约是首个关于个人数据权利保护的国际公约,为个人数据权利的保护提供了强有力的法律保障。公约旨在保护个人免受个人数据收集、处理过程中因数据滥用而造成的损害,同时强调对个人数据跨境流动的法律规范。在个人数据权利的保护方面,公约规定禁止处理涉及个人种族、政治、健康、宗教等“敏感”数据。公约还规定个人对其个人数据享有知情权,在必要时有权要求纠正其个人数据。只有在国家安全、国防安全等重大利益处于危险之中时,才能对个人数据保护权利予以限制。
随着互联网信息技术的发展及其应用的不断普及化,该公约也历经数次修订。其中,2012年通过的建议稿决定将公约名称中的“个人数据自动化处理”更改为“个人数据处理”,从而扩大了公约的适用范围。2018年5月,第128届部长委员会(Committee of Ministers)会议通过了对该公约的最新一次修订。此次修订特别强调了吸收更多的国家加入公约,从而以公约为基础形成全面的数据保护法律制度。
Preamble前言
The member States of the Council of Europe, and the other signatories hereto,
欧洲委员会成员国及其他签署国,
Considering that the aim of the Council of Europe is to achieve greater unity between its members, based in particular on respect for the rule of law, as well as human rights and fundamental freedoms
鉴于欧洲委员会的目标尤其在于更大程度的实现各缔约国法治一体化,同时还在于人权和基本自由的统一;
Considering that it is necessary to secure the human dignity and protection of the human rights and fundamental freedoms of every individual and, given the diversification, intensification and globalisation of data processing and personal data flows, personal autonomy based on a person’s right to control of his or her personal data and the processing of such data
鉴于在个人数据处理和交换多样化、集约化和全球化的背景下,有必要捍卫每个人的个人尊严和保护基本人权和基本自由,尤其是通过对自有数据及其处理的控制权来实现保护;
Recalling that the right to protection of personal data is to be considered in respect of its role in society and that it has to be reconciled with other human rights and fundamental freedoms, including freedom of expression
谨记个人数据保护的权利必须就其在社会中的作用来加以考虑,必须与其他人权和基本自由(包括表达自由)相协调;
Considering that this Convention permits account to be taken, in the implementation of the rules laid down therein, of the principle of the right of access to official documents
鉴于在实施本公约确定的规则中,公约允许缔约国考虑公众访问(获取)官方文件权原则;
Recognising that it is necessary to promote at the global level the fundamental values of respect for privacy and protection of personal data, thereby contributing to the free flow of information between people
承认有必要在全球范围提升尊重隐私和保护个人数据的基本价值,由此利于信息的自由流通;
Recognising the interest of a reinforcement of international co-operation between the Parties to the Convention,
承认强化公约缔约国之间的国际合作的利益,
Have agreed as follows:
我们签署以下文件(达成如下协议):
Chapter I – General provisions 第一章 一般规则
Article 1 – Object and purpose
第1条 目的
The purpose of this Convention is to protect every individual, whatever his or her nationality or residence, with regard to the processing of their personal data, thereby contributing to respect for his or her human rights and fundamental freedoms, and in particular the right to privacy.
本公约旨在确保每个缔约国在其管辖范围内保障每个人——不管其国籍或居住地——的个人数据在个人数据处理中得到保护,因而有助于尊重他们的权利和基本自由(尤其隐私权)。
Article 2 – Definitions
第2条 定义条款
For the purposes of this Convention:
在本公约中:
a. “personal data” means any information relating to an identified or identifiable individual (“data subject”)
(1)“个人数据”是指任何与特定个人或者可识别的个人(“数据主体”)相关的信息;
b. “data processing” means any operation or set of operations performed on personal data, such as the collection, storage, preservation, alteration, retrieval, disclosure, making available, erasure, or destruction of, or the carrying out of logical and/or arithmetical operations on such data
(2)“数据处理”指任何对个人数据的处理操作,例如数据的收集、存储、保留、改变、检索、公开、提供、清除或销毁,或者对数据进行逻辑的或算术的运算;
c. Where automated processing is not used, “data processing” means an operation or set of operations performed upon personal data within a structured set of such data which are accessible or retrievable according to specific criteria
(3)在非自动处理个人数据的情形下,数据处理指按照任何允许检索到个人数据的标准设立起的结构体系中所进行的操作;
d. “controller” means the natural or legal person, public authority, service, agency or any other body which, alone or jointly with others, has decision-making power with respect to data processing
(4)“数据控制者”指独立或与其他人共同作出数据处理决定的自然人或法人、公共机构、服务机构、代理机构或任何其他组织;
e. “recipient” means a natural or legal person, public authority, service, agency or any other body to whom data are disclosed or made available
(5)“数据接收者”指接受或获得数据的自然人或法人、公共机构、服务机构、代理机构或任何其他组织;
f. “processor” means a natural or legal person, public authority, service, agency or any other body which processes personal data on behalf of the controller.
(6)“数据处理者”指代表数据控制者处理个人数据的自然人或法人、公共机构、服务机构、代理机构或任何其他组织。
Article 3 Scope
第3条 适用范围
1. Each Party undertakes to apply this Convention to data processing subject to its jurisdiction in the public and private sectors, thereby securing every individual’s right to protection of his or her personal data.
1.各缔约国承诺将本公约适用于其管辖范围内的公共和私营部门的个人数据处理,从而保障每个人的个人数据保护权。
2. This Convention shall not apply to data processing carried out by an individual in the course of purely personal or household activities.
2.本公约不适用于个人纯粹从事私人或家庭活动而进行的数据处理行为。
Chapter II – Basic principles for the protection of personal data 第二章 数据保护基本原则
Article 4 – Duties of the Parties
第4条 缔约国义务
1. Each Party shall take the necessary measures in its law to give effect to the provisions of this Convention and secure their effective application.
1. 各缔约国应当在国内立法中采取必要的措施以有效地实施本公约的规定。
2. These measures shall be taken by each Party and shall have come into force by the time of ratification or of accession to this Convention.
2. 各缔约国应当在批准或加入本公约前采取这些措施。
3. Each Party undertakes:
3.各缔约国承诺
a. to allow the Convention Committee provided for in Chapter VI to evaluate the effectiveness of the measures it has taken in its law to give effect to the provisions of this Convention and
(1)允许第六章规定的公约委员会评估本条第1款所述措施的有效性;
b. to contribute actively to this evaluation process.
(2)积极配合评估。
Article 5 – Legitimacy of data processing and quality of data
第5条 数据处理合法性和数据质量
1. Data processing shall be proportionate in relation to the legitimate purpose pursued and reflect at all stages of the processing a fair balance between all interests concerned, whether public or private, and the rights and freedoms at stake.
1. 数据处理应当与其所追求的合法目的相对应,在处理过程的各个阶段均能确保有关的所有利益(无论是公共或私人利益)和面临危险的权利与自由相平衡。
2. Each Party shall provide that data processing can be carried out on the basis of the free, specific, informed and unambiguous consent of the data subject or of some other legitimate basis laid down by law.
2. 缔约国应当规定只有基于数据主体自由的、特定的、知晓的以及明确的、不含糊的同意或者法律规定的合法依据才能处理个人数据。
3. Personal data undergoing processing shall be processed lawfully.
3. 应当合法处理个人数据。
4. Personal data undergoing processing shall be:
4. 处理中的个人数据应当:
a. processed fairly and in a transparent manner
(1)以公平和透明的方式处理
b. collected for explicit, specified and legitimate purposes and not processed in a way incompatible with those purposes further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is, subject to appropriate safeguards, compatible with those purposes
(2)基于明确、特定和合法的目的而收集,不得以与上述目的相冲突的方式被处理;在适当的保障措施下,基于公共利益、科学研究、历史研究或统计目的对数据进一步处理时,不得与上述目的相冲突;
c. adequate, relevant and not excessive in relation to the purposes for which they are processed
(3)是充足、相关、不过量的,并且限于上述目的的最低必要限度;
d. accurate and, where necessary, kept up to date
(4)是正确的,且在必要时保持更新;
e. preserved in a form which permits identification of data subjects for no longer than is necessary for the purposes for which those data are processed.
(5)以可识别数据主体身份的形式保存,不得超过实现处理目的所必要的期限。
Article 6 – Special categories of data
第6条 敏感数据的处理
1. The processing of:
-genetic data
-personal data relating to offences, criminal proceedings and convictions, and related security measures
-biometric data uniquely identifying a person
-personal data for the information they reveal relating to racial or ethnic origin, political opinions, trade-union membership, religious or other beliefs, health or sexual life,
shall only be allowed where appropriate safeguards are enshrined in law, complementing those of this Convention.
1. 在现行公约列举的安全保护之外还有其他合适的法律提供其他适当安全保护的前提下,才可以处理以下数据:基因数据,涉及犯罪、刑事制裁和相关安全措施的数据,可以识别个人身份的生物特征数据,涉及个人的种族、政治观点、工会成员资格、宗教信仰或其他信仰、健康或性生活的数据。
2. Such safeguards shall guard against the risks that the processing of sensitive data may present for the interests, rights and fundamental freedoms of the data subject, notably a risk of discrimination.
2. 适当的安全保护措施可以预防在处理上述敏感数据过程中对数据主体的利益、权利与基本自由产生的风险,尤其是歧视的风险。
Article 7 – Data security
第7条 数据安全
1. Each Party shall provide that the controller, and, where applicable the processor, takes appropriate security measures against risks such as accidental or unauthorised access to, destruction, loss, use, modification or disclosure of personal data.
1. 缔约国应当规定数据控制者,在适当的情形下包括数据处理者,采取适当的安全措施以防范个人数据遭受意外的或未经授权的访问、损毁、丢失、利用、修改或传播。
2. Each Party shall provide that the controller notifies, without delay, at least the competent supervisory authority within the meaning of Article 15 of this Convention, of those data breaches which may seriously interfere with the rights and fundamental freedoms of data subjects.
2. 缔约国应当规定数据控制者至少应当毫不迟延地通知本公约第15条规定的数据监管机构那些可能严重干扰数据主体权利和基本自由的数据损毁事件。
Article 8 – Transparency of processing
第8条 处理过程的透明
1. Each Party shall provide that the controller informs the data subjects of:
1. 缔约国应当要求数据控制者向数据主体告知以下内容:
a. his or her identity and habitual residence or establishment
(1)数据控制者的身份和惯常居住地或营业地;
b. the legal basis and the purposes of the intended processing
(2)处理数据的法律依据和目的;
c. the categories of personal data processed
(3)所处理的数据类别;
d. the recipients or categories of recipients of the personal data, if any and
(4)个人数据的接收者及其类型;
e. the means of exercising the rights set out in Article 9,
(5)行使第9条规定的权利的方式,
as well as any necessary additional information in order to ensure fair and transparent processing of the personal data.
以及任何必要的其他信息,以确保公平,透明地处理个人数据。
2. Paragraph 1 shall not apply where the data subject already has the relevant information.
2. 若数据主体已知相关信息,则不适用前款规定。
3. Where the personal data are not collected from the data subjects, the controller shall not be required to provide such information where the processing is expressly prescribed by law or this proves to be impossible or involves disproportionate efforts.
3. 如果数据控制者没有从数据主体处收集个人数据,且数据处理是依据法律规定进行的或者是存在告知不可能或特别困难的情形,则法律不要求数据控制者提供前款列举的信息。
Article 9 – Rights of the data subject
第9条 数据主体的权利
1. Every individual shall have a right:
1. 个人享有以下权利:
a. not to be subject to a decision significantly affecting him or her based solely on an automated processing of data without having his or her views taken into consideration
(1)不受仅基于数据自动处理而不考虑其主观意识而做出的对其产生深刻影响的决定的制约;
b. to obtain, on request, at reasonable intervals and without excessive delay or expense, confirmation of the processing of personal data relating to him or her, the communication in an intelligible form of the data processed, all available information on their origin, on the preservation period as well as any other information that the controller is required to provide in order to ensure the transparency of processing in accordance with Article 8, paragraph 1
(2)应其请求,每隔一段合理的时间且不过分迟延或过分花费地获得有关其个人数据处理的确认函;该确认函应当以该处理行为所采取的可理解的形式,所有提供的数据应当表明出处、保存期限以及任何本公约第8条第1款规定的为确保处理过程透明而要求数据控制者提供的其他信息;
c. to obtain, on request, knowledge of the reasoning underlying data processing where the results of such processing are applied to him or her
(3)数据处理的结果应用于该个人时,应其请求,有权获得数据处理所依据的基础知识;
d. to object at any time, on grounds relating to his or her situation, to the processing of personal data concerning him or her unless the controller demonstrates legitimate grounds for the processing which override his or her interests or rights and fundamental freedoms
(4)除非数据控制者有高于该个人利益、权利以及基本自由的正当理由处理与其有关的个人数据,否则,无论何时个人都有权拒绝与其有关的个人数据的处理。
e. to obtain, on request, free of charge and without excessive delay, rectification or erasure, as the case may be, of such data if these are being, or have been, processed contrary to the provisions of this Convention
(5)如果数据的处理正在或已违反本公约规定,则有权要求根据具体情况免费且不过分迟延地纠正或删除这些数据;
f. to have a remedy under Article 12 where his or her rights under this Convention have been violated
(6)在本公约赋予他或她的权利受侵犯的情况下,有权根据第12条获得救济;
g. to benefit, whatever his or her nationality or residence, from the assistance of a supervisory authority within the meaning of Article 15, in exercising his or her rights under this Convention.
7)无论其国籍或居住地,均有权获得第15条规定的数据监管机构的帮助,以行使本公约项下权利;
2. Paragraph 1.a shall not apply if the decision is authorised by a law to which the controller is subject and which also lays down suitable measures to safeguard the data subject s rights, freedoms and legitimate interests.
2. 如果该决定是由数据控制者所适用的法律授权的,并且该决定还规定了适当的措施来保障数据当事人的权利、自由和合法权益,则不适用第1款第(1)项。
Article 10 – Additional obligations
第10条 补充义务
1. Each Party shall provide that controllers and, where applicable, processors, take all appropriate measures to comply with the obligations of this Convention and be able to demonstrate, subject to the domestic legislation adopted in accordance with Article 11, paragraph 3, in particular to the competent supervisory authority provided for in Article 15, that the data processing under their control is in compliance with the provisions of this Convention.
1. 缔约国应当规定数据控制者,在适当的情形下包括数据处理者,采取一切适当的措施以遵守本公约项下的义务并且能够向特别是第15条规定的数据监管机证明其遵守根据第11条第3款通过的国内立法,且其负责的数据处理符合本公约的规定。
2. Each Party shall provide that controllers and, where applicable, processors, examine the likely impact of intended data processing on the rights and fundamental freedoms of data subjects prior to the commencement of such processing, and shall design the data processing in such a manner as to prevent or minimise the risk of interference with those rights and fundamental freedoms.
2. 缔约国应当规定数据控制者,在适当的情形下包括数据处理者,应当评估其计划实施的对数据主体的各项权利和基本自由可能产生影响的数据处理行为的风险,并以上述方式设计数据处理操作以防止或尽可能减少侵害个人权利或基本自由的风险发生。
3. Each Party shall provide that controllers, and, where applicable, processors, implement technical and organisational measures which take into account the implications of the right to the protection of personal data at all stages of the data processing.
3. 缔约国应当规定数据控制者,在适当的情形下包括数据处理者,在数据处理的各个阶段采取考虑到个人数据保护权利的技术和组织措施;
4. Each Party may, having regard to the risks arising for the interests, rights and fundamental freedoms of the data subjects, adapt the application of the provisions of paragraphs 1, 2 and 3 in the law giving effect to the provisions of this Convention, according to the nature and volume of the data, the nature, scope and purpose of the processing and, where appropriate, the size of the controller or processor.
4. 考虑到对数据主体的利益、权利和基本自由产生的风险,缔约国可以根据下列因素采取必要的措施以调整对前款规定的适用,包括被处理数据的数量和性质、数据处理的性质、范围和目的,在适当情形下还包括数据控制者或处理者的规模。
Article 11 – Exceptions and restrictions
第11条 例外和限制
1. No exception to the provisions set out in this Chapter shall be allowed except to the provisions of Article 5 paragraph 4, Article 7 paragraph 2, Article 8 paragraph 1 and Article 9, when such an exception is provided for by law, respects the essence of the fundamental rights and freedoms and constitutes a necessary and proportionate measure in a democratic society for:
1. 本章规定的原则不得设置例外情形,但第5条第4款、第7条第2款、第8条第1款和第9条可以设置例外情形,如果该例外情形是法律特别规定,尊重基本权利和自由并且属于民主社会为实现以下目的所必需:
a. the protection of national security, defense, public safety, important economic and financial interests of the State, the impartiality and independence of the judiciary or the prevention, investigation and prosecution of criminal offences and the execution of criminal penalties, and other essential objectives of general public interest
(1)保护国家安全、国防、公共安全、重要的国家经济和金融利益、司法公正和独立,预防、调查、起诉刑事犯罪和执行刑事处罚,以及其他符合公共利益的目标;
b. the protection of the data subject or the rights and fundamental freedoms of others, notably freedom of expression.
(2)保护数据主体或他人的权利和基本自由,尤其保护言论自由。
2. Restrictions on the exercise of the provisions specified in Articles 8 and 9 may be provided for by law with respect to data processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes when there is no recognisable risk of infringement of the rights and fundamental freedoms of data subjects.
2. 当数据主体的权利和基本自由没有受到明显的侵害风险时,可以根据法律关于为公共利益、科学研究、历史研究或统计目的的数据处理的规定来限制第8条和第9条规定的适用。
3. In addition to the exceptions allowed for in paragraph 1 of this article, with reference to processing activities for national security and defense purposes, each Party may provide, by law and only to the extent that it constitutes a necessary and proportionate measure in a democratic society to fulfill such aim, exceptions to Article 4 paragraph 3, Article 14 paragraphs 5 and 6 and Article 15, paragraph 2, litterae a, b, c and d.
3. 除了本条第一款允许的例外规定外,对基于国家安全和国防目的的数据处理,缔约国应当仅在属于民主社会为实现上述目标所必需的情况下通过法律实现上述目标,而不适用第4条第3款、第14条第5、6款、第15条第2款的规定。
This is without prejudice to the requirement that processing activities for national security and defense purposes are subject to independent and effective review and supervision under the domestic legislation of the respective Party.
这并不妨碍出于国家安全和国防目的进行的活动必须根据个缔约国的国内立法接受独立有效的审查和监督的要求。
Article 12 – Sanctions and remedies
第12条 制裁和救济
Each Party undertakes to establish appropriate judicial and non-judicial sanctions and remedies for violations of the provisions of this Convention.
针对违反本公约规定的行为,缔约国承诺实施适当的司法和非司法制裁和救济 。
Article 13 – Extended protection
第13条 延伸保护
None of the provisions of this chapter shall be interpreted as limiting or otherwise affecting the possibility for a Party to grant data subjects a wider measure of protection than that stipulated in this Convention.
本章的任何规定不得被解释为是对缔约国给予数据主体超越本公约规定的保护措施的限制或影响。
Chapter III – Transborder flows of personal data 第三章 个人数据跨境流通
Article 14 – Transborder flows of personal data
第14条 个人数据跨境流通
1. A Party shall not, for the sole purpose of the protection of personal data, prohibit or subject to special authorisation the transfer of such data to a recipient who is subject to the jurisdiction of another Party to the Convention. Such a Party may, however, do so if there is a real and serious risk that the transfer to another Party, or from that other Party to a non-Party, would lead to circumventing the provisions of the Convention. A Party may also do so, if bound by harmonised rules of protection shared by States belonging to a regional international organisation.
1. 任何缔约国不得仅为保护个人数据之目的禁止向属于本公约另一缔约国管辖的数据接收者传输数据,或者对此设置特别授权条件。但如果存在向另一缔约国或从其他缔约国向非缔约国传输数据的现实重大风险,将导致规避本公约的规定时,则该缔约国可以这样做。如果区域国际组织成员国共同实施的统一保护规则的约束,缔约方也可以这样做。
2. When the recipient is subject to the jurisdiction of a State or international organisation which is not Party to this Convention, the transfer of personal data may only take place where an appropriate level of protection based on the provisions of this Convention is secured.
2. 当数据接收者归属某个非本公约缔约国的国家或国际组织的管辖时,只有在根据本公约的规定适当的个人数据保护水平得到保障的情形下才能向其传输数据。
3. An appropriate level of protection can be secured by:
3. 可以通过以下方式保障保护的适当水平:
a. the law of that State or international organisation, including the applicable international treaties or agreements or
(1)国家或国际组织的法律,包括可适用的国际条约或协议;
b. ad hoc or approved standardised safeguards provided by legally-binding and enforceable instruments adopted and implemented by the persons involved in the transfer and further processing.
(2)特殊的或经批准的标准化安全保障措施,该保障措施须由具有法律约束力和执行力的法律文件所规定,且由数据流通与深加工过程中的当事人适用与实施。
4. Notwithstanding the provisions of the previous paragraphs, each Party may provide that the transfer of personal data may take place if:
4. 尽管上述条款有所规定,缔约国还可以允许传输数据,如果:
a. the data subject has given explicit, specific and free consent, after being informed of risks arising in the absence of appropriate safeguards or
(1)数据主体在知晓可能因为缺乏适当安全保护措施而发生风险的前提下,已经作出了具体、明确且自由的同意;
b. the specific interests of the data subject require it in the particular case or
(2)在特定情形下这样做符合数据主体的特定利益;
c. prevailing legitimate interests, in particular important public interests, are provided for by law and such transfer constitutes a necessary and proportionate measure in a democratic society or
(3)这样做可以实现法律规定的合法利益,尤其是重要的公共利益,并且构成了民主社会所必要的措施。
d. it constitutes a necessary and proportionate measure in a democratic society for freedom of expression.
(4)它是民主社会中实现言论自由的必要和适当措施。
5. Each Party shall provide that the competent supervisory authority within the meaning of Article 15 of this Convention is provided with all relevant information concerning the transfers of data referred to in paragraph 3.b and, upon request, paragraphs 4.b and 4.c.
5. 各缔约国应规定向本公约第15条所指的有权监管机构提供与第3款第(2)项以及应要求提供的第4款第(2)、(3)项所述的数据传输有关的所有相关信息。
6. Each Party shall also provide that the supervisory authority is entitled to request that the person who transfers data demonstrates the effectiveness of the safeguards or the existence of prevailing legitimate interests and that the supervisory authority may, in order to protect the rights and fundamental freedoms of data subjects, prohibit such transfers, suspend them or subject them to condition.
6. 各缔约国还应当规定,数据监管机构有权要求数据传输者证明保障措施的有效性或存在普遍合法利益。为保护数据主体的权利和基本自由,数据监管机构有权禁止、中止或限制上述数据传输行为。
Chapter IV – Supervisory authorities 第四章 监管机构
Article 15 – Supervisory authorities
第15条 监管机构
1. Each Party shall provide for one or more authorities to be responsible for ensuring compliance with the provisions of this Convention.
1. 缔约国应当规定一个或多个监管机构负责确保遵守本公约的规定。
2. To this end, such authorities:
2. 为此,该监管机构应当:
a. shall have powers of investigation and intervention
(1)有权进行调查和干预;
b. shall perform the functions relating to transfers of data provided for under Article 14, notably the approval of standardised safeguards
(2)履行与第14条规定的数据传输有关的职责,尤其是批准标准化安全保障措施;
c. shall have powers to issue decisions with respect to violations of the provisions of this Convention and may, in particular, impose administrative sanctions
(3)有权就违反本公约规定的行为作出决定,并可特别施加行政制裁
d. shall have the power to engage in legal proceedings or to bring to the attention of the competent judicial authorities violations of the provisions of this Convention
(4)有权参与法律诉讼或提请有管辖权的司法机构对违反本公约的行为予以关注;
e. shall promote:
(5)应促进:
i. public awareness of their functions and powers as well as their activities
i. 公众对其职权和活动的认识
ii. public awareness of the rights of data subjects and the exercise of such rights
ii. 公众对数据主体的权利及其行使的认识;
iii. awareness of controllers and processors of their responsibilities under this Convention
iii. 数据控制者和处理者对其在本公约项下职责的认识;
specific attention shall be given to the data protection rights of children and other vulnerable individuals.
儿童和其他弱势个体的数据保护权利应受到特别关注。
3.The competent supervisory authorities shall be consulted on proposals for any legislative or administrative measures which provide for the processing of personal data.
3. 任何有关处理个人数据的立法或行政措施的建议,都应征询监管机构的意见。
4. Each competent supervisory authority shall deal with requests and complaints lodged by data subjects concerning their data protection rights and shall keep data subjects informed of progress.
4. 监管机构应处理数据主体就其数据保护权利提出的要求和投诉,并随时通知数据主体处理进展。
5. The supervisory authorities shall act with complete independence and impartiality in performing their duties and exercising their powers and in doing so shall neither seek nor accept instructions.
5. 数据监管机构应当完全独立地履行职责、行使权力。在履行职责和行使权力过程中监管机构既不能寻求也不能接受来自任何主体的指示。
6. Each Party shall ensure that the supervisory authorities are provided with the resources necessary for the effective performance of their functions and exercise of their powers.
6. 各缔约国应确保向监管机构提供有效履行其职能和行使其权力所需的资源。
7. Each supervisory authority shall prepare and publish a periodical report outlining its activities.
7. 各监督机构应就其活动编制并出版一份定期报告。
8. Members and staff of the supervisory authorities shall be bound by obligations of confidentiality with regard to confidential information to which they have access, or have had access to, in the performance of their duties and exercise of their powers.
8. 监管机构的成员与员工对其在履行职务或行使权力过程中获取的机密信息负有保密义务。
9. Decisions of the supervisory authorities may be subject to appeal through the courts.
9. 如果不满数据监管机构作出的决定,可以向法院提起诉讼。
10. The supervisory authorities shall not be competent with respect to processing carried out by bodies when acting in their judicial capacity.
10. 监管机构在行使其司法职责时不得与司法机构进行的程序相冲突。
Chapter V – Co-operation and mutual assistance 第五章 相互协助
Article 16 – Designation of supervisory authorities
第16条 监管机构的指定
1. The Parties agree to co-operate and render each other mutual assistance in order to implement this Convention.
1. 缔约国承诺为实施本公约而互相协助。
2. For that purpose:
2. 为实现以下目的:
a. each Party shall designate one or more supervisory authorities within the meaning of Article 15 of this Convention, the name and address of each of which it shall communicate to the Secretary General of the Council of Europe
(1)各缔约国应指定一个或多个本公约第15条意义上监管机关,并将主管机关的名称和地址通报欧洲委员会秘书长;
b.each Party which has designated more than one supervisory authority shall specify the competence of each authority in its communication referred to in the previous littera.
(2)指定了多个监管机构的成员国应在进行前项通知行为的同时明确各主管机关的具体权限。
Article 17 – Forms of co-operation
第17条 合作方式
1. The supervisory authorities shall co-operate with one another to the extent necessary for the performance of their duties and exercise of their powers, in particular by:
1. 监管机构应在履行职责和行使权力的必要范围内相互合作,特别是通过以下方式:
a. providing mutual assistance by exchanging relevant and useful information and co-operating with each other under the condition that, as regards the protection of personal data, all the rules and safeguards of this Convention are complied with
(1)在保护个人数据方面,遵守本公约所有规则和保障措施,通过交换相关有用的信息和互相合作,实现相互协助;
b.co-ordinating their investigations or interventions, or conducting joint actions
(2)合作进行调查或干预,或开展联合活动;
c. providing information and documentation on their law and administrative practice relating to data protection.
(3)提供有关数据保护的法律和行政惯例的信息和文件。
2. The information referred to in paragraph 1 shall not include personal data undergoing processing unless such data are essential for co-operation, or where the data subject concerned has given explicit, specific, free and informed consent to its provision.
2. 前款所述信息不应包括正在处理的个人数据,除非为合作所必需,或得到数据主体明确、具体、且知情的同意。
3.In order to organise their co-operation and to perform the duties set out in the preceding paragraphs, the supervisory authorities of the Parties shall form a network.
3. 为了组织合作,履行前款规定的职责,缔约国的监管机构应当形成网络。
Article 18 – Assistance to data subjects
第18条 协助数据主体
1.Each Party shall assist any data subject, whatever his or her nationality or residence, to exercise his or her rights under Article 9 of this Convention.
1. 各缔约国应协助任何数据主体,无论其国籍或居住地,行使其根据本公约第9条享有的权利。
2. Where a data subject resides on the territory of another Party, he or she shall be given the option of submitting the request through the intermediary of the supervisory authority designated by that Party.
2. 若数据主体居住在另一缔约国的领土内,他或她有权通过该国指定的监管机构的中间人提出要求。
3. The request for assistance shall contain all the necessary particulars, relating inter alia to:
3. 协助请求应包括所有必要的细节,尤其涉及:
a. the name, address and any other relevant particulars identifying the data subject making the request
(1)提出该项请求的数据主体的姓名、住址以及其他能识别出该主体的相关细节;
b. the processing to which the request pertains, or its controller
(2)该请求涉及的数据处理行为或数据控制者;
c. the purpose of the request.
(3)请求的目的
Article 19 – Safeguards
第19条 保障措施
1.A supervisory authority which has received information from another supervisory authority, either accompanying a request or in reply to its own request, shall not use that information for purposes other than those specified in the request.
1. 受托监管机构收到来自另一受托监管机构的信息,无论是发出协助请求中附带的还是答复协助请求中附带的,都只能用于协助请求中说明的目的而不能用于其他目的。
2. In no case may a supervisory authority be allowed to make a request on behalf of a data subject of its own accord and without the express approval of the data subject concerned.
2. 在未经相关当事人明确表示接受的情形下,受托监管机构在任何情况下都不得主动地代表数据主体提出协助请求。
Article 20 – Refusal of requests
第20条 协助请求的拒绝
A supervisory authority to which a request is addressed under Article 17 of this Convention may not refuse to comply with it unless:
受托监管机构不得拒绝他人根据本公约第17条的规定提出的协助请求,除非:
a. the request is not compatible with its powers
(1)该请求与监管机构的职权相冲突;
b. the request does not comply with the provisions of this Convention
(2)该请求不符合本公约的规定;
c. compliance with the request would be incompatible with the sovereignty, national security or public order of the Party by which it was designated, or with the rights and fundamental freedoms of individuals under the jurisdiction of that Party.
(3)接受该请求将与其所属缔约国的国家主权、国家安全或公共秩序相冲突,或与其国民的个人权利和基本自由相冲突。
Article 21 – Costs and procedures
第21条 协助的费用和程序
1.Co-operation and mutual assistance which the Parties render each other under Article 17 and assistance they render to data subjects under Articles 9 and 18 shall not give rise to the payment of any costs or fees other than those incurred for experts and interpreters. The latter costs or fees shall be borne by the Party making the request.
1. 缔约国根据第17条相互提供协助以及向第9条和第18条中的数据主体提供协助都无需支付任何费用,除了其中的专家或翻译所产生的费用。由此产生的费用由提出请求的监管机构所属缔约国负担。
2.The data subject may not be charged costs or fees in connection with the steps taken on his or her behalf in the territory of another Party other than those lawfully payable by residents of that Party.
2. 数据主体在另一国为保护其利益采取措施所支付的费用不得超过该国居民依法应支付的费用。
3.Other details concerning the co-operation and assistance, relating in particular to the forms and procedures and the languages to be used, shall be established directly between the Parties concerned.
3. 有关协助的其他细节,尤其是有关形式、程序和使用的语言,由有关缔约国之间直接制定。
Chapter VI – Convention Committee 第六章 公约委员会
Article 22 – Composition of the committee
第22条 委员会的组成
1. A Convention Committee shall be set up after the entry into force of this Convention.
1.本公约生效后应设立公约委员会
2. Each Party shall appoint a representative to the committee and a deputy representative. Any member State of the Council of Europe which is not a Party to the Convention shall have the right to be represented on the committee by an observer.
2. 各缔约国应向委员会指派一名代表和一名副代表。任何非公约缔约国的欧洲委员会成员国有权指派一名观察员作为其在委员会的代表。
3. The Convention Committee may, by a decision taken by a majority of two-thirds of the representatives of the Parties, invite an observer to be represented at its meetings.
3. 经有投票权的缔约国代表的三分之二多数表决通过,公约委员会可以邀请某个观察员作为与会代表。
4. Any Party which is not a member of the Council of Europe shall contribute to the funding of the activities of the Convention Committee according to the modalities established by the Committee of Ministers in agreement with that Party.
4. 任何非欧洲委员会成员国的缔约国应当根据部长委员会与该缔约国协议确定的资助模式向公约委员会提供资助,以支持其开展活动。
Article 23 – Functions of the committee
第23条 委员会的职能
The Convention Committee:
公约委员会:
a. may make recommendations with a view to facilitating or improving the application of the Convention
(1)可以提出建议,以促进和完善公约的适用;
b.may make proposals for amendment of this Convention in accordance with Article 25
(2)可以根据第25条提出公约修正案;
c. shall formulate its opinion on any proposal for amendment of this Convention which is referred to it in accordance with Article 25, paragraph 3
(3)可以对根据第25条第3款提出的公约修正案发表自己的意见;
d. may express an opinion on any question concerning the interpretation or application of this Convention
(4)可以对任何有关公约的解释和适用的问题发表意见;
e. shall prepare, before any new accession to the Convention, an opinion for the Committee of Ministers relating to the level of personal data protection of the candidate for accession and, where necessary, recommend measures to take to reach compliance with the provisions of this Convention
(5)在任何新成员国加入公约之前,应当向部长委员会发表其对该国家数据保护水平的意见,必要时,可建议其采取措施以符合本公约的要求;
f. may, at the request of a State or an international organisation, evaluate whether the level of personal data protection the former provides is in compliance with the provisions of this Convention and, where necessary, recommend measures to be taken to reach such compliance
(6)可以应某一国家或国际组织的请求评价其数据保护水平是否符合本公约的规定,必要时,建议其采取措施以符合本公约的要求;
g. may develop or approve models of standardised safeguards referred to in Article 14
(7)可以制定或认可第14条规定的标准化安全保障措施的范本;
h. shall review the implementation of this Convention by the Parties and recommend measures to be taken in the case where a Party is not in compliance with this Convention
(8)应审查缔约国对本公约的遵守情况,并就缔约国不遵守本公约的情况下应采取的措施提出建议;
i. shall facilitate, where necessary, the friendly settlement of all difficulties related to the application of this Convention.
(9)在必要时应促进所有关于公约实施问题的友好解决。
Article 24 – Procedure
第24条 程序
1. The Convention Committee shall be convened by the Secretary General of the Council of Europe. Its first meeting shall be held within twelve months of the entry into force of this Convention. It shall subsequently meet at least once a year, and in any case when one-third of the representatives of the Parties request its convocation.
1. 公约委员会会议由欧洲委员会秘书长召集。首次会议应于公约生效后12个月内召开。常规会议至少每年召开一次,三分之一缔约国的代表提出请求时随时可召开会议。
2. After each of its meetings, the Convention Committee shall submit to the Committee of Ministers of the Council of Europe a report on its work and on the functioning of this Convention.
2. 各次会议后,公约委员会应向欧洲委员会部长委员会提交有关其工作和公约实施情况的报告。
3. The voting arrangements in the Convention Committee are laid down in the elements for the Rules of Procedure appended to Protocol CETS No. [223].
3. 公约委员会的表决安排载于CETS第223号协议附录的议事规则要点。
4.The Convention Committee shall draw up the other elements of its Rules of Procedure and establish, in particular, the procedures for evaluation and review referred to in Article 4, paragraph 3, and Article 23, litterae e, f and h on the basis of objective criteria.
4. 公约委员会应当基于客观标准,制定委员会运行的程序规则的其他要点,尤其是制定第4条第3款规定和第23条第(5)、(6)、(8)项所规定的评估和审查程序。
Chapter VII – Amendments 第七章 公约修正案
Article 25 – Amendments
第25条 公约修正案
1. Amendments to this Convention may be proposed by a Party, the Committee of Ministers of the Council of Europe or the Convention Committee.
1. 公约修正案可以由各缔约国、欧洲委员会部长委员会或公约委员会提出。
2. Any proposal for amendment shall be communicated by the Secretary General of the Council of Europe to the Parties to this Convention, to the other member States of the Council of Europe, to the European Union and to every non-member State or international organisation which has been invited to accede to this Convention in accordance with the provisions of Article 27.
2. 公约修正案应由欧洲委员会秘书长通报给公约缔约国、欧洲委员会成员国、欧盟和已根据第27条被邀请加入公约的非成员国或国际组织。
3. Moreover, any amendment proposed by a Party or the Committee of Ministers shall be communicated to the Convention Committee, which shall submit to the Committee of Ministers its opinion on that proposed amendment.
3. 由缔约国或欧洲委员会部长委员会提出的修正案应通报给公约委员会,公约委员会应向部长委员会提交关于该修正案的意见。
4. The Committee of Ministers shall consider the proposed amendment and any opinion submitted by the Convention Committee and may approve the amendment.
4. 部长委员会应审议修正案和公约委员会提交的有关意见,并可以批准修正案。
5. The text of any amendment approved by the Committee of Ministers in accordance with paragraph 4 of this article shall be forwarded to the Parties for acceptance.
5. 部长委员会根据本条第4款批准的修正案应送交各缔约国以争取其接受。
6. Any amendment approved in accordance with paragraph 4 of this article shall come into force onthe thirtieth day after all Parties have informed the Secretary General of their acceptance thereof.
6. 根据本条第4款批准的修正案于所有缔约国将接受修正案的表示通知欧洲委员会秘书长后第30天生效。
7. Moreover, the Committee of Ministers may, after consulting the Convention Committee, decide unanimously that a particular amendment shall enter into force at the expiration of a period of three years from the date on which it has been opened to acceptance, unless a Party notifies the Secretary General of the Council of Europe of an objection to its entry into force. If such an objection is notified, the amendment shall enter into force on the first day of the month following the date on which the Party to this Convention which has notified the objection has deposited its instrument of acceptance with the Secretary General of the Council of Europe.
7. 在咨询公约委员会之后,部长委员会可以决定某修正案自其开放接受之日起3年期满后生效,除非某缔约国通知欧洲委员会秘书长对生效提出异议。如果向秘书长发出该异议,该修正案于发出异议的公约缔约国将其批准文件提交给欧洲委员会秘书长之日起满一个月时生效。
责任编辑:郑通