著者 羽賀 由利子, 長瀬 貴志, 第 一東京弁護士会司法 研究委員会信託法研究部会
著者別表示 HAGA Yuriko, NAGASE Takashi, Trust Law Research committee DAI‑ICHI TOKYO BAR ASSOCIATION
雑誌名 金沢法学
巻 62
号 2
ページ 137‑187
発行年 2020‑03‑31
URL http://doi.org/10.24517/00058167
ࡣࡌࡵ
ࠉᮏ✏ࡣࠊ2018ᖺ12᭶15᪥ࠊ㔠ἑᏛἲᏛ㢮➨୍ᮾிᘚㆤኈྖἲ◊✲
ጤဨಙクἲ◊✲㒊ࡀඹྠ㛤ദࡋࡓࢩ࣏ࣥࢪ࣒࢘ࠕGDPRሗಙクࡢ
㘒ࠖࡢグ㘓࡛࠶ࡿࠋ
ࠉ᪥ࠊሗࡣࠕ21ୡ⣖ࡢ▼Ἔࠖࡋ࡚⤒῭ⓗ㔜せ࡞ᆅࢆ༨ࡵࠊࠕ➨ᅄḟ
⏘ᴗ㠉ࠖࡶࡤࢀࡿ♫ࡢኚ㠉ᮇࢆ㏄࠼࡚࠸ࡿࠋሗὶ㏻㛵ࡍࡿไᗘタ ィࡀᛴࡀࢀ࡚࠸ࡿ⌧௦࠾࠸࡚ࠊሗὶ㏻㛵㐃ࡍࡿἲⓗၥ㢟ࡢゎỴࡶႚ⥭ࡢ ㄢ㢟࡛࠶ࡿࠋ
ࠉᮏࢩ࣏ࣥࢪ࣒࢘ࡣࠊࡑࡢ୰࡛ࡶ≉ᅜቃࢆ㉸࠼ࡿࢹ࣮ࢱὶ㏻ࡘ࠸࡚ࡢἲⓗ
ၥ㢟↔Ⅼࢆᙜ࡚ࠊࡾࢃࡅEU࡛ᡂ❧ࡋࡓ୍⯡ࢹ࣮ࢱಖㆤつ๎㸦General Data Protection Regulation: GDPR㸧ࡢ㛵ಀ࡛ࡢ᳨ウྲྀࡾ⤌ࢇࡔࠋ
ࠉEU࡛ไᐃࡉࢀࠊ2018ᖺ5᭶⾜ࡉࢀࡓGDPRࡣࠊ➨୍⩏ⓗࡣಶே
ࢹ࣮ࢱಖㆤ㛵ࡍࡿEUἲ࡛࠶ࡿࡀࠊ๐㝖ᶒࡸࢹ࣮ࢱ࣏࣮ࢱࣅࣜࢸᶒ࠸ࡗ ࡓ᪂ࡓ࡞ᴫᛕࡀᥦၐࡉࢀࡓࡇ࡛ࠊḢᕞᇦእࡽࡶὀ┠ࢆ㞟ࡵ࡚࠸ࡿࠋGDPR ࡣࠊ୍ᐃࡢሙྜࡣᇦእࡶ㐺⏝ࡉࢀࡿྍ⬟ᛶࡀ࠶ࡾࠊࡉࡽࡣ㧗㢠ࡢไ㔠
ࡶᐃࡵࡽࢀ࡚࠸ࡿࡇࡶ࠶ࡾࠊᐇົ⏺ࡽࡢ㛵ᚰࡶ㧗࠸ࠋ
ࠉᮏࢩ࣏ࣥࢪ࣒࡛࢘ࡣࠊࡲࡎࠊᅜቃࢆ㉸࠼ࡿሗࡢྲྀᘬ㛵ᚰࢆ᭷ࡍࡿ➹⪅
ࡀࠊ㆟ㄽࡢᇶ┙ࡋ࡚ࠊGDPRࡢᴫせࡑࡢ⫼ᬒࡘ࠸࡚☜ㄆࡋࡓࠋࡑࡢୖ
࡛ࠊุᐁ௦⥲ົ┬ฟྥࡉࢀࠊಶேሗಖㆤἲࡢࡈᢸᙜࡋ࡚ࡶά㌍ࡉ
ࢀࡓᮏᏛἲົ◊✲⛉ࡢ㛗℩㈗ᚿඛ⏕ࡼࡾࠊಶேሗಖㆤἲGDPRࡢෆᐜ ࡢ␗ྠࡸ㐺⏝㛵ಀࡘ࠸࡚ࡢࡈㅮ₇ࢆ࠸ࡓࡔ࠸ࡓࠋࡑࡋ࡚ࠊ⌧௦ࡢሗὶ㏻
Ώϋεΐ;θȶ GDPR ͂ૂ༭ు͈॒ȷ
⩚㈡⏤Ꮚ࣭㛗℩㈗ᚿ࣭
➨୍ᮾிᘚㆤኈྖἲ◊✲ጤဨಙクἲ◊✲㒊
ࡿၥ㢟ⅬࡸࡑࡢゎỴࡘ࠸࡚ࠊ➨୍ᮾிᘚㆤኈྖἲ◊✲ጤဨಙクἲ◊
✲㒊ࡢᘚㆤኈࡢඛ⏕᪉ࡼࡾࠊᐇົᐙࡢどⅬࡽࡢࡈ㆟ㄽࢆ࠸ࡓࡔ࠸ࡓࠋྠ㒊
ࡣࠊಙクศ㔝ࡘ࠸࡚ᐇົࡢ▱ぢࢆάࡋࡓᵝࠎ࡞άືྲྀࡾ⤌ࢇ࡛࠾ࡾࠊ
㏆ࠎࡢᑟධࢆࡽࢇ࡛άⓎ㆟ㄽࡉࢀ࡚࠸ࡿࠕሗಙクࠖࡶ◊✲ࢸ࣮࣐ࡢ୍ࡘ
ࡋ࡚࠸ࡿࠋᮏࢩ࣏ࣥࢪ࣒࡛࢘ࡣࠊሗಙク㛵ࡍࡿᵝࠎ࡞ᐃࢆᣲࡆࡘ ࡘࠊሗ㖟⾜࠸࠺᪂ࡓ࡞ᴗົᙧែࡶゝཬࡍࡿᖜᗈ࠸㆟ㄽࡀᒎ㛤ࡉࢀࡓࠋ ࠉᮏ✏ࡣࠊࢩ࣏ࣥࢪ࣒࡛࢘⏝࠸ࡽࢀࡓཎ✏ࢆᇶ♏ࡋࡘࡘࠊㄽᩥ࠶ࡿ࠸ࡣㅮ₇ 㘓ࡢᙧ࡛ࠊຍ➹ಟṇࡋࡓࡶࡢ࡛࠶ࡿࠋグ㘓ࡢබ⾲࠶ࡓࡗ࡚ࡣࠊࡈⓏቭࡢඛ⏕
᪉ࡣ࠾ᛁࡋ࠸୰ཎ✏ࡈᑐᛂ࠸ࡓࡔ࠸ࡓࠋᚰࡼࡾឤㅰ⏦ࡋୖࡆࡿࠋᮏࢩ
࣏ࣥࢪ࣒࢘ࡣ2018ᖺࡢ㛤ദ࡛࠶ࡗࡓࡀࠊࡑࡢⅬ࡛ࡣ⏕ࡌ࡚࠾ࡽࡎࠊࡑࡢ ᚋఱࡽࡢኚࡀ࠶ࡗࡓ㡯ࡘ࠸࡚ࡶࠊཎ✏ࡢẁ㝵࡛⿵ࡋࡓࡇࢆࡇࡇ
グࡋ࡚࠾ࡁࡓ࠸ࠋ
ࠉ࡞࠾ࠊᮏࢩ࣏ࣥࢪ࣒࢘ࡢ㛤ദ࠶ࡓࡗ࡚ࡣࠊ㔠ἑᏛἲᏛ㢮ࠊẸἲ◊✲
ࡽ㈈ᨻ㠃ࢆྵࡵࠊᵝࠎ࡞ᨭࢆ㡬ᡝࡋࡓࠋࡇࡇグࡋ࡚ឤㅰ⏦ࡋୖࡆࡿࠋ
⩚㈡⏤Ꮚ
GDPR ͈״ڟ̷͈͂ඤယ
㔠ἑᏛἲᏛ㢮ࠉ
⩚ࠉ㈡ࠉ⏤Ꮚ
ࡑࡋ࡚ぢ࡚࠸ࡿࠊぢࡼࠊⓑ࠸㤿ࡀ⌧ࢀࠊࡗ࡚࠸ࡿ⪅ࡣࠊᘪࢆᣢࡗ࡚࠸
ࡓࠋᙼࡣෙࢆ࠼ࡽࢀࠊࡢୖ᭦ࢆᚓࡼ࠺ฟ࡚⾜ࡗࡓࠋ 㸦06:02㸧
㸦͐㸧
ࡍࡿࠊⅆࡢࡼ࠺㉥࠸ูࡢ㤿ࡀ⌧ࢀࡓࠋࡑࡢ㤿ࡗ࡚࠸ࡿ⪅ࡣࠊᆅ
ୖࡽᖹࢆዣ࠸ྲྀࡗ࡚ࠊẅࡋྜ࠸ࢆࡉࡏࡿຊࡀ࠼ࡽࢀࡓࠋࡲࡓࠊࡇࡢ
⪅ࡣࡁ࡞ࡀ࠼ࡽࢀࡓࠋ㸦06:04㸧
ᑠ⨺ࡀ➨୕ࡢᑒ༳ࢆ㛤࠸ࡓࡁࠊ➨୕ࡢ⏕ࡁ≀ࡀࠕฟ࡚᮶࠸ࠖゝ࠺ࡢ
ࢆࠊࢃࡓࡋࡣ⪺࠸ࡓࠋࡑࡋ࡚ぢ࡚࠸ࡿࠊぢࡼࠊ㯮࠸㤿ࡀ⌧ࢀࠊࡗ࡚࠸
ࡿ⪅ࡣࠊᡭ⛗ࢆᣢࡗ࡚࠸ࡓࠋ㸦06:05㸧 㸦͐㸧
ࡑࡋ࡚ぢ࡚࠸ࡿࠊぢࡼࠊ㟷ⓑ࠸㤿ࡀ⌧ࢀࠊࡗ࡚࠸ࡿ⪅ࡢྡࡣࠕṚࠖ
࠸࠸ࠊࡇࢀ㝜ᗓࡀᚑࡗ࡚࠸ࡓࠋᙼࡽࡣࠊᆅୖࡢᅄศࡢ୍ࢆᨭ㓄ࡋࠊ
㣚㤡Ṛࢆࡶࡗ࡚ࠊ᭦ᆅୖࡢ㔝⋇࡛ேࢆ⁛ࡰࡍᶒጾࡀ࠼ࡽࢀࡓࠋ 㸦06:08㸧
̿̿ࣚࣁࢿࡢ㯲♧㘓㸦᪥ᮏ⪷᭩༠ࠗ⪷᭩ ᪂ඹྠヂ࠘㸧
ࡣࡌࡵ
ࠉ࣓ࣜ࢝ᮏᣐࢆ⨨ࡃᕧITᴗ࡛࠶ࡿGoogleࠊAppleࠊFacebookࠊAmazon ࡢࡑࢀࡒࢀࡢ㢌ᩥᏐࢆྲྀࡾࠊGAFAࡧ࡞ࡽࢃࡍࡼ࠺࡞ࡗ࡚ஂࡋ࠸ࠋ ࠉ2018ᖺࠊࢽ࣮࣮ࣗࣚࢡᏛࢫࢱ࣮ࣥ⤒ႠᏛ㝔ᩍᤵ࡛࠶ࡿࢫࢥࢵࢺ࣭ࢠࣕ
࢙ࣟ࢘ࡀࡇࡢᅄᴗࢆࣚࣁࢿࡢ㯲♧㘓ࡢᅄ㥽ኈ࡞ࡒࡽ࠼ࡓ᭩⡠ࢆୖᱻࡋ1ࠊ 1ࠉ S. Galloway, The Four: The Hidden DNA of Amazon, Apple, Facebook, and Google (Portfolio,
ࡑࡢ㑥ヂࡶዲㄪࡾୖࡆࢆఙࡤࡋ࡚࠸ࡿ2ࠋ
ࠉࣚࣁࢿࡢ㯲♧㘓ゝ࠼ࡤࠊ࢟ࣜࢫࢺᩍ㯲♧ᩥᏛࡢ୰࡛᭱ࡶ㆟ㄽࢆࢇࡔᩥ᭩
ࡢ୍ࡘ࡛࠶ࡾ3ࠊ⨾⾡ࡸᩥᏛ࡞ࡢⱁ⾡ศ㔝ࡶࡁ࡞ᙳ㡪ࢆ࠼࡚࠸ࡿࡶࡢ࡛
࠶ࡿࠋࡑࡇⓏሙࡍࡿ㯲♧㘓ࡢᅄ㥽ኈ㸦Four Horsemen of the Apocalypse㸧ࡣࠊ
࢜ࢵࢡࢫࣇ࢛࣮ࢻⱥㄒ㎡ࡼࢀࡤࠊࡑࢀࡒࢀࠕᨭ㓄ࠖࠊࠕᡓதࠖࠊࠕ㣚㤡ࠖࠊࡑ ࡋ࡚ࠕṚࠖࢆ♧ࡋࠊࡋࡤࡋࡤᕪࡋ㏕ࡗࡓ␗ኚࡢ⾜Ⅽ⪅ࢆពࡍࡿࡉࢀࡿ4ࠋ ࡇࡢࡼ࠺࡞Ẽ࡞ᏑᅾGAFAࢆ‽࠼ࡓࡇࢁࡣࠊᕧࡍࡿITᕧே
ࡢ༴ᶵឤࡸ⬣ጾࡀ┳ྲྀࡉࢀࡿࠋ
ࠉ࣓࡛ࣜ࢝ྎ㢌ࡍࡿࡇࢀࡽࡢᕧேᑐᢠࡍࡿࡼ࠺ࠊḢᕞ࡛ࡣࠊಶேሗࡢ ಖㆤࢆ┠ⓗࡋࡓἲつ๎ࡀ᪂ࡓ⟇ᐃࡉࢀࡓࠋEU୍⯡ࢹ࣮ࢱಖㆤつ๎㸦General Data Protection Regulation; Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC㸧࡛࠶ࡿࠋ୍⯡GDPR␎⛠ࡉࢀࡿࡇࡢつ๎ࡣࠊ1995ᖺ ࡢࢹ࣮ࢱಖㆤᣦ௧㸦ṇᘧࡣࠊಶேࢹ࣮ࢱฎ⌮ಀࡿಶேࡢಖㆤཬࡧᙜヱࢹ࣮
ࢱࡢ⮬⏤࡞⛣ື㛵ࡍࡿḢᕞ㆟ཬࡧ⌮ᣦ௧ࠋDirective 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data㸧
ࢆࠊຍ┕ᅜ┤᥋㐺⏝ࡉࢀࡿつ๎㸦Regulation㸧᱁ୖࡆࡋࡓࡶࡢ࡛࠶ࡿࠋ ࠉGDPRࡣ2016ᖺ4᭶27᪥᥇ᢥࡉࢀࠊ2018ᖺ5᭶25᪥⾜ࡉࢀࡓࠋࡇ ࡢGDPRࡣࠊᚋ㏙ࡢ㏻ࡾࡑࡢ㐺⏝⠊ᅖࡀḢᕞᇦእࡶཬࡧᚓࡿࡇࡽࠊ᥇ ᢥ๓ࡽࡁ࡞㆟ㄽࢆࡧࠊ≉࣓ࣜ࢝ࡽࡣࠊᙉ࠸Ⓨࢆᣍ࠸࡚࠸
2018).
2ࠉ ࢫࢥࢵࢺ࣭ࢠ࢙ࣕࣟ࢘=ΏᆂᏊ㸦ヂ㸧ࠗthe four GAFA㸸ᅄ㥽ኈࡀࡾኚ࠼ࡓୡ⏺࠘
㸦ᮾὒ⤒῭᪂ሗ♫ࠊ2018㸧ࠋ
3ࠉ బ➉᫂ࠗࣚࣁࢿࡢ㯲♧㘓㸦ୖ㸧ᗎㄝ࠘㸦᪂ᩍฟ∧♫ࠊ2007㸧9-24㡫ࡶཧ↷ࠋ
4ࠉ ࡞࠾ࠊ⚄Ꮫⓗࡣࠊࡉࡽᵝࠎ࡞ゎ㔘ࡀ࠶ࡿࡇࢁ࡛࠶ࡿࠋబ➉᫂ࠗࣚࣁࢿࡢ㯲♧㘓 㸦୰㸧1-11❶࠘㸦᪂ᩍฟ∧♫ࠊ2009㸧279-293㡫ࠋ
ࡓࠋࡑࡢ⫼ᬒࡣࠊḢᕞ࣓ࣜ࢝ࡢ㛫ࡢ⏘ᴗᨻ⟇ࡢ┦㐪ࡸࠊಶேࡿ
ሗᑐࡍࡿ౯್ほࡢ␗ྠࡀ࠶ࡿࠋ
ࠉࡑࡋ࡚ࠊࡇࡢGDPRࡘ࠸࡚ࡣࠊᡃࡀᅜࡶࡲࡓ↓㛵ᚰ࡛ࡣ࠸ࡽࢀ࡞࠸ࠋᡃ ࡀᅜࡢᴗࡀ㐺⏝ᑐ㇟࡞ࡿྍ⬟ᛶࡶ࠶ࡿࡋࠊḢᕞ࠸࠺୍ἲᇦ࡛⟇ᐃࡉࢀ
ࡓࡇࡢつ๎ࡣࠊᚋࡢಶேࢹ࣮ࢱಖㆤἲไࡢ୍ࡘࡢᇶ‽ࡶ࡞ࡿࡽ࡛࠶ࡿࠋ ࠉGDPRࡣࠊ1᮲࠾࠸࡚ࠊྠつ๎ࡢᑐ㇟┠ⓗࢆㅻ࠺ࠋ
㸦1㸧 ࡇࡢつ๎ࡣࠊಶேࢹ࣮ࢱࡢฎ⌮㛵ࡋ࡚ಶேࢆಖㆤࡍࡿࡓࡵࡢ࣮ࣝࣝ
ࠊಶேࢹ࣮ࢱࡢ⮬⏤࡞ὶ㏻ࡢࡓࡵࡢ࣮ࣝࣝࢆᐃࡵࡿࠋ
㸦2㸧ࡇࡢつ๎ࡣࠊ⮬↛ேࡢᇶᮏⓗᶒ⮬⏤ࠊ≉ࠊಶேࢹ࣮ࢱࡢಖㆤ
࠾ࡅࡿᙼࡽࡢᶒࢆಖㆤࡍࡿࠋ
㸦3㸧 ಶேࢹ࣮ࢱࡢฎ⌮࠾ࡅࡿಶேࡢಖㆤࢆ⌮⏤ࡋ࡚ࠊEUᇦෆࡢಶே
ࢹ࣮ࢱࡢ⮬⏤࡞ὶ㏻ࢆไ㝈ࡲࡓࡣ⚗Ṇࡋ࡚ࡣ࡞ࡽ࡞࠸ࠋ
ࠉᩥゝࡽࡶ᫂ࡽ࡞㏻ࡾࠊGDPRࡣሗὶ㏻ࢆ๓ᥦࡋࡘࡘࡶࠊ⮬↛ேࡢᇶ ᮏⓗᶒࡋ࡚ࠊ⮬ᕫࡢಶேࢹ࣮ࢱࢆࢥࣥࢺ࣮ࣟࣝࡍࡿᶒࢆಖ㞀ࡍࡿࡇࢆ
➨୍⩏ࡋ࡚࠸ࡿࠋࡇࡢⅬࡀࠊಶேࡿሗࢆ㞟ࡋࠊࡑࢀࢆά⏝ࡍࡿ
ሗ⏘ᴗࡢ┈⾪✺ࡍࡿ㒊ศ࡛ࡶ࠶ࡿࠋ
ࠉᮏ✏ࡣࠊᡃࡀᅜ࠾ࡅࡿࡇࢀࡽࡢሗἲไࡢᩚഛࠊሗ⏘ᴗࡢⓎᒎࡢࡓࡵ
ࡢ୍ࡘࡢཧ⪃㈨ᩱࡋ࡚ࠊࡇࡢGDPRࡢἢ㠉ࡑࡢෆᐜࢆᨵࡵ࡚☜ㄆࡍࡿࡶ
ࡢ࡛࠶ࡿࠋ⣬ᖜࡢ㛵ಀୖࠊ≉ᚩⓗ࡞Ⅼࡢᴫせࡢᥥࡲࡽࡊࡿࢆᚓ࡞࠸
ࡀࠊGDPRࡘ࠸࡚ࡣࠊ㑥ㄒ࡛ࡶࡍ࡛ከࡃࡢᩥ⊩ࡀබ⾲ࡉࢀ࡚࠸ࡿࡇࢁ࡛
࠶ࡾ5ࠊࡑࡕࡽࢆཧ↷ࡉࢀࡓ࠸ࠋ
5ࠉ ࡁࢃࡵ࡚ከࡃࡢᩥ⊩ࡀබ⾲ࡉࢀ࡚࠾ࡾࠊἲᏛศ㔝ࡢᴫㄝⓗ࡞ࡶࡢ㝈ࡿࡋ࡚ࡶࠊ᭩
⡠ࡋ࡚ࠊᐑୗ⣫ࠗEU୍⯡ࢹ࣮ࢱಖㆤつ๎࠘㸦ວⲡ᭩ᡣࠊ2018㸧ࢆ୰ᚰࠊ୰ᓮᑦ
ࠗQ&A࡛ᏛࡪGDPRࡢࣜࢫࢡᑐᛂ⟇࠘㸦ၟἲົࠊ2018㸧ࠊᑠྥኴ㑻࣭▼ኟ⏕
ࠗᴫㄝGDPR࠘㸦NTTฟ∧ࠊ2019㸧ࠊ➼ࠋㄽ✏ࡋ࡚ࠊ▼ኟ⏕ࠕEU୍⯡ࢹ࣮ࢱಖㆤ
つ๎ᥦࡢືྥ㸦1㸧㹼㸦3㸧ࠖNBL1025ྕ㸦2014㸧30㡫௨ୗࠊྠ1029ྕ㸦2014㸧30㡫௨
㸬GDPRࡢἢ㠉⫼ᬒ
ࠉࡲࡎࠊGDPRࡀ⟇ᐃࡉࢀࡿࡑࡢἢ㠉ࢆᴫほࡋ࡚࠾ࡇ࠺ࠋ๓㏙ࡢ㏻ࡾࠊGDPR ࡢ๓㌟࡞ࡿࡢࡣ1995ᖺࡢḢᕞࢹ࣮ࢱಖㆤᣦ௧࡛࠶ࡿࠋᣦ௧ࡣࠊEUἲ
ୖࠊEUຍ┕ྛᅜᅜෆἲไࡢᩚഛࢆせồࡍࡿࡶࡢ࡛࠶ࡿ6ࠋ
ࠉḢᕞࢹ࣮ࢱಖㆤᣦ௧ࡶࡲࡓࠊሗࡢὶ㏻㝿ࡋ࡚ࠊ⮬↛ேࡢᇶᮏⓗᶒ⮬
⏤ࠊࡾࢃࡅࣉࣛࣂࢩ࣮ࡢᶒࡢಖㆤࢆ┠ⓗࡋࡓࡶࡢ࡛࠶ࡗࡓ㸦ᣦ௧1 ᮲㸧ࠋࡇࢁࡀࠊලయⓗ࡞ἲไࡢෆᐜࡣྛᅜጤࡡࡽࢀࡓࡇࡽࠊEUຍ┕
ྛᅜࡢࢹ࣮ࢱಖㆤไᗘࡢ᩿∦ࢆᣍ᮶ࡍࡿࡇ࡞ࡗ࡚ࡋࡲࡗࡓࠋࡇࢀࡀ GDPR⟇ᐃࡢࡁ࡞ዎᶵ࡞ࡾ㸦๓ᩥ㸦recital㸧9ཧ↷㸧ࠊ2012ᖺ1᭶ࠊḢᕞ୍
⯡ࢹ࣮ࢱಖㆤつ๎ࡀᥦࡉࢀࡿࡇ࡞ࡗࡓࠋࡇࡢつ๎ࡀࠊᵝࠎ࡞㆟ㄽࡢ ᮎಟṇࡸኚ᭦ࡶຍ࠼ࡽࢀࡓࡶࡢࡢࠊ2016ᖺ᥇ᢥࠊ2018ᖺ⾜ࡘ࡞ࡀࡗ
࡚࠸ࡿࠋ
ࠉࡉ࡚ࠊGDPRࡢ㏻ዌప㡢࡞ࡿࡢࡣࠊḢᕞࡢᇶᮏⓗ౯್ࡋ࡚ࡢಶேࢹ࣮ࢱ ࡢಖㆤ࡛࠶ࡿࠋGDPRࡢ๓ᩥ1ࡣࠊࠕ⮬↛ேࡀಶேࢹ࣮ࢱฎ⌮㛵ࡋ࡚ಖㆤࢆ
ཷࡅࡿࡇࡣᇶᮏⓗேᶒ࡛࠶ࡿࠖ☜ㄆࡍࡿࠋࡇࡢぢゎࡣḢᕞ࠾ࡅࡿඹ㏻ㄆ
ୗࠊྠ1031ྕ㸦2014㸧18㡫௨ୗࠊ⏕㈅┤ேࠕEU୍⯡ࢹ࣮ࢱಖㆤつ๎ࡢྍỴᚋࡢ ㄽⅬࠖ⾜ᨻ&ሗࢩࢫࢸ࣒52ᕳ5ྕ㸦2016㸧43㡫௨ୗࠊ▼ኟ⏕ࠕୡ⏺ⓗ࡞₻ὶ
ࡽぢࡓホ౯➨୕ᅜࡢᙳ㡪 㸦EU୍⯡ࢹ࣮ࢱಖㆤつ๎㸧ࠖBusiness Law Journal 9ᕳ8
ྕ㸦2016㸧75㡫௨ୗࠊᐑୗ⣫ࠕつ๎ࡢ≉ᚩᑐᛂࠖࣅࢪࢿࢫἲົ17ᕳ8ྕ㸦2017㸧14 㡫௨ୗࠊᓥᮧᬛᏊࠕEU ୍⯡ࢹ࣮ࢱಖㆤつ๎㸦GDPR㸧ࡢ㐺⏝㛤ጞࠖእᅜࡢ❧ἲ276-1
ྕ㸦2018㸧2㡫௨ୗࠊᐑୗ⣫ࠕEU୍⯡ࢹ࣮ࢱಖㆤつ๎ࡢᴫせᐇົࡢἲⓗㄢ㢟ࠖLaw
& Technology 80ྕ㸦2018㸧44㡫௨ୗࠊ▼ኟ⏕ࠕEUࢹ࣮ࢱಖㆤᣦ௧EU୍⯡ࢹ࣮
ࢱಖㆤつ๎ࠖἲࡢᨭ㓄192-2ྕ㸦2019㸧2㡫௨ୗࠊ࢝ࣛࢫࢥࢫ࣭ࣥࢺࢽ࢜ࢫࠕ⌧௦
♫࠾ࡅࡿࢹ࣮ࢱࡢ」ྜⓗᛶ㉁㸸EU୍⯡ࢹ࣮ࢱಖㆤつ๎ཬࡧࡑࡢ࿘㎶㡿ᇦࡢᒎ㛤ࢆ
୰ᚰࠖἲᚊࡢࡦࢁࡤ72ᕳ5ྕ㸦2019㸧48㡫௨ୗࠊ୰ᓮᑦࠕGDPRᴫㄝ㸦≉㞟GDPR
⾜ᑐࡍࡿἲົᑐᛂ㸧ࠖ⮬⏤ṇ⩏70ᕳ6ྕ㸦2019㸧8㡫௨ୗࠊ⸨ཎ㟿㞝 ࠕGDPRࢆࡵࡄࡿἲⓗㄢ㢟㸸≉Ⰽ␃ពⅬࠖࢪࣗࣜࢫࢺ1534ྕ㸦2019㸧14㡫௨ୗࠊ
➼ࠋࡲࡓࠊࣅࢪࢿࢫἲົ17ᕳ8ྕ㸦2017㸧ࠊBusiness law journal 11ᕳ4ྕ㸦2018㸧ࠊ ࢪࣗࣜࢫࢺ1521ྕ㸦2018㸧ࠊBusiness law journal 11ᕳ10ྕ㸦2018㸧 ࠊࣅࢪࢿࢫἲົ18 ᕳ12ྕ㸦2018㸧ࠊ⮬⏤ṇ⩏70ᕳ6ྕ㸦2019㸧➼ࠊᵝࠎ࡞ᑓ㛛ㄅ࡛≉㞟ࡶ⤌ࡲࢀࠊὀ
┠ࡢ㧗ࡉࡀఛࢃࢀࡿࠋ
6ࠉ୰すඃ⨾ᏊࠗEUἲ࠘㸦᪂ୡ♫ࠊ2012㸧115-116㡫ࠋ
㆑࡛࠶ࡾࠊḢᕞ㐃ྜࡢㅖ᮲⣙ࡶ᫂ᩥࡢつᐃࡀᏑᅾࡍࡿࠋ
ࠉ࠼ࡤࠊᇶᮏᶒ᠇❶8᮲1㡯ࡣࠊࠕఱேࡶࠊ⮬ᕫ㛵ಀࡍࡿಶேࡢࢹ࣮ࢱ
㸦personal data㸧ࡢಖㆤᑐࡍࡿᶒࢆ᭷ࡍࡿࠖࡋࡓୖ࡛ࠊྠ᮲2㡯ࡣࠊࠕࡑ
ࡢࡼ࠺࡞ࢹ࣮ࢱࡣࠊᙜヱ⪅ࡢᢎㅙᇶ࡙࠸࡚ࠊࡲࡓࡣἲᚊ౫ࡗ࡚ᐃࡵࡽࢀࡓ ࡑࡢࡢྜἲⓗᇶ♏ᇶ࡙࠸࡚ࠊ᫂グࡉࢀࡓ┠ⓗࡢࡓࡵබ᫂ṇసᡂࡉࢀ
ࡡࡤ࡞ࡽ࡞࠸ࠋఱேࡶࠊ⮬ᕫ㛵ಀࡍࡿ㞟ࡉࢀࡓሗࡢࢡࢭࢫᑐࡍࡿᶒ
ཬࡧሗࡢㄗࡾࢆṇࡍᶒࢆ᭷ࡍࡿࠖᐃࡵ࡚࠸ࡿࠋࡑࡋ࡚ࠊࡑࡢ㑂Ᏺ
ࡣࠊ⊂❧ࡢᶵ㛵ࡼࡿ┘╩ࡀồࡵࡽࢀࡿ㸦ྠ᮲3㡯㸧ࠋ
ࠉḢᕞேᶒ᮲⣙➨8᮲ࡶࡲࡓࠊࠕࡍ࡚ࡢ⪅ࡣࠊࡑࡢ⚾ⓗཬࡧᐙᗞ⏕άࠊఫᒃ ཬࡧ㏻ಙࡢᶒࢆ᭷ࡍࡿࠖ㸦1㡯㸧᫂ゝࡍࡿࠋಶே㛵ࡍࡿሗࡣࠊࡇࡢ⚾
ⓗ⏕άࡢᶒྵࡲࢀࡿࡶࡢ࡛࠶ࡿࠋࡑࡢୖ࡛ࠊࠕࡇࡢᶒࡢ⾜ࡘ࠸࡚
ࡣࠊἲᚊࡢᇶ࡙ࡁࠊࡘᅜࡢᏳࠊබඹࡢᏳⱝࡋࡃࡣᅜࡢ⤒῭ⓗ⚟ࡢࡓ
ࡵࠊࡲࡓࠊ↓⛛ᗎⱝࡋࡃࡣ≢⨥㜵Ṇࡢࡓࡵࠊᗣⱝࡋࡃࡣ㐨ᚨࡢಖㆤࡢࡓࡵࠊ ཪࡣࡢ⪅ࡢᶒཬࡧ⮬⏤ࡢಖㆤࡢࡓࡵẸⓗ♫࠾࠸࡚ᚲせ࡞ࡶࡢ௨እࡢ
࠸࡞ࡿබࡢᶵ㛵ࡼࡿᖸ΅ࡶ࠶ࡗ࡚ࡣ࡞ࡽ࡞࠸ࠖ㸦ྠ᮲2㡯㸧ࡋ࡚ࠊಶே
ࡿሗࡢ⏝ࡣࠊ࠶ࡃࡲ࡛ࡶἲࡢ㉧ࡍ⠊ᅖ࠾࠸࡚ࠊ㝈ᐃⓗㄆࡵࡽࢀ
ࡿ࠸࠺ែᗘࢆ♧ࡍࠋḢᕞ㐠Ⴀ᮲⣙㸦TFEU㸧16᮲1㡯ࡶྠᵝࠊࠕఱேࡶࠊ
⮬㌟㛵ࡍࡿಶேࡢࢹ࣮ࢱ㸦personal data㸧ࡢಖㆤࡘ࠸࡚ࡢᶒࢆ᭷ࡍࡿࠖ
᫂ᩥ࡛ᐃࡵ࡚࠸ࡿࠋ
ࠉࡇࡢࡼ࠺ࠊḢᕞ࠾࠸࡚ࡣࠊಶேࡿሗࡢಖㆤࡀᇶᮏⓗேᶒࡋ࡚
ྲྀࡾᢅࢃࢀࠊㅖ᮲⣙࠾࠸࡚⧞ࡾ㏉ࡋ᫂ᩥ࡛ㅻࢃࢀ࡚࠸ࡿࠋࡇࡢ⫼ᬒࡣࠊୡ
⏺ᡓ୰ಶேࡢሗࡀᝏ⏝ࡉࢀࠊࢼࢳࢫࡼࡿࣘࢲࣖே㏕ᐖ࠸ࡗࡓᝒ
ࡘ࡞ࡀࡗࡓࡇࡢ┬ࡀ࠶ࡿ7ࠋሗࡢྲྀࡾᢅ࠸ࡢዴఱࡀேࡢ⏕ࡍࡽࡶᕥ
ྑࡍࡿࡢឤぬࡀࠊḢᕞ࡛ࡣඹ᭷ࡉࢀ࡚࠸ࡿࠋࡑࢀࡺ࠼ࠊㅖ᮲⣙ࡢᩥゝࡶ
࠶ࡿࡼ࠺ࠊಶேࡢሗ࣭ࢹ࣮ࢱࡢಖㆤࡣࠕᇶᮏⓗேᶒࠖࡢ୍⎔࡞ࡢ࡛࠶ࡿࠋ
7ࠉ F. Bignami, European Versus American Liberty: A Comparative Privacy Analysis of Antiterrorism Data Mining, 48 B.C. L. Rev. 609 (2007) pp. 609-610.
ࠉࡇࡢࡇࡣࠊࡶࡕࢁࢇࠊGDPRࡢ㉳ⲡ㝿ࡋ࡚ࡶព㆑ࡉࢀ࡚࠸ࡓࠋJean- Claude JunckerḢᕞጤဨጤဨ㛗ࡣࠊࠕTowards a better Europe; a Europe that protects, empowers and defendsࠖ㢟ࡋࡓ2016ᖺࡢ୍⯡₇ㄝ㸦State of the Union
Address㸧࠾࠸࡚ࠊ௨ୗࡢࡼ࠺㏙ࡓࠋ
“Being European means the right to have your personal data protected by strong, European laws. Because Europeans do not like drones overhead recording their every move, or companies stockpiling their every mouse click. This is why Parliament, Council and Commission agreed in May this year a common European Data Protection Regulation. This is a strong European law that applies to companies wherever they are based and whenever they are processing your data. Because in Europe, privacy matters. This is a question of human dignity.”㸦ୗ⥺ࡣ➹⪅ࡼࡿ㸧
ࠉࠕḢᕞ࠾࠸࡚ࡣࠊࣉࣛࣂࢩ࣮ࡣ㔜せၥ㢟࡛࠶ࡿࠋࡇࢀࡣࠊேࡢᑛཝࡢၥ 㢟࡛࠶ࡿࠖࠋࡇࢀࡀࠊGDPRࡢᇶᮏ᪉㔪ࡢ୍ࡘゝ࠼ࡿࠋGDPRࡢ⾜ඛ㥑 ࡅ࡚ฟࡉࢀࡓḢᕞጤဨࡽࡢḢᕞ㆟ࡢࢥ࣑ࣗࢽࢣ࣮ࢩࣙࣥ࠾࠸࡚ࡶࠊ ࠕࣉࣛࣂࢩ࣮ࡣྲྀᘬᑐ㇟࡛ࡣ࡞ࡃ㸦Privacy is not a commodity to be traded㸧ࠖࠊ ᇶᮏⓗಶேࢹ࣮ࢱಖㆤࡣࠕྲྀᘬ࡛ࡁ࡞࠸㸦non-negotiable㸧ࠖࡶࡢ⨨ࡅ ࡓୖ࡛ࠊሗࡢὶ㏻ࡀ࡞ࡉࢀࡿࡁࡇࡀᣦࡉࢀ࡚࠸ࡿ8ࠋ
ࠉGDPRࡣࠊಶேࡢሗ࣭ࢹ࣮ࢱ㛵ࡍࡿࠕᶒࠖ9ࢆࡑࡢಶேྲྀࡾᡠࡍࡇ
ࢆ┠ⓗࡋ࡚࠸ࡿࠋࡇࡢᛮࡣࠊⳘ࡞㔞ࡢሗࢆ㞟ࡋࠊࡑࡇࡽ┈ࢆᚓ
࡚ࡁࡓ࣓ࣜ࢝すᾏᓊࡢ㉸ᡭITᴗࢆᶆⓗࡍࡿࠋࡑࢀࡺ࠼ࠊGDPRࡣ Ḣᕞ࣓ࣜ࢝ࡢ㛫⥭ᙇࢆࡶࡓࡽࡋࡓࠋ
8ࠉ Exchanging and Protecting Personal Data in a Globalised World, Communication from the Commission to the European Parliament and the Council, Exchanging and Protecting Personal 'DWDLQD*OREDOLVHG:RUOG&20¿QDO
9ࠉ Ṋ㑚ග⿱ࠗࡉࡼ࡞ࡽࠊࣥࢱ࣮ࢿࢵࢺ࠘㸦ࢲࣖࣔࣥࢻ♫ࠊ2018㸧162㡫ࠋ
ࠉࡇࡇ࡛␃ពࡍࡁࡣࠊࡑࡶࡑࡶḢᕞ࣓ࣜ࢝ࡢ㛫ࡣࠊࣉࣛࣂࢩ࣮ᴫᛕ ࡢ㐪࠸ࡀᏑᅾࡍࡿ࠸࠺ࡇ࡛࠶ࡿ10ࠋࡇࡢⅬࡘ࠸࡚ࠊࡲࡎ☜ㄆࡋ࡚࠾ࡃᚲせ ࡀ࠶ࢁ࠺ࠋ
ࠉḢᕞࡣࠊࣉࣛࣂࢩ࣮ࢆே㛫ࡢᑛཝ㸦dignity㸧ࡽ࠼ࡿࠋ࠼ࡤࠊ1949 ᖺࡢࢻࢶ᠇ἲ1᮲ࡣࠊ➃ⓗࠊࠕேࡢᑛཝࡣྍ࡛࠶ࡿ㸦Die Würde des Menschen ist unantastbar.㸧ࠖᐃࡵࠊࡇࢀࢆᇶᮏⓗ౯್⨨ࡅࡿࠋࡑࡋ࡚ୖ
㏙ࡢ㏻ࡾࠊࡇࡢྍࡢᑛཝࡣࠊಶேࡿሗࡀྵࡲࢀࡿࡢ࡛࠶ࡿࠋ࡞
࠾ࠊྠᅜ࣊ࢵࢭࣥᕞࡢ1970ᖺಶேࢹ࣮ࢱಖㆤἲࡣࠊୡ⏺ึࡢಶேሗಖㆤἲ
࡛࠶ࡿ11ࠋ
ࠉࡇࢀᑐࡋ࡚ࠊ࣓ࣜ࢝ࡣࣉࣛࣂࢩ࣮ࢆ⮬⏤㸦liberty㸧᰿ᕪࡍࡶࡢゎ ࡍࡿࠋ࣓ࣜ࢝ࡢᶒ❶ࡣᅜᐙࡀࠕࡋ࡚ࡣ࡞ࡽ࡞࠸ࠖࡇࢆิᣲࡍࡿࡀࠊಟ ṇ4᮲ࡣࠕ㌟యࠊᐙᒇࠊ᭩㢮࠾ࡼࡧᡤ᭷≀ࡢᏳࢆಖ㞀ࡉࢀࡿࠖᶒࡀᣲࡆ
ࡽࢀ࡚࠸ࡿࠋࡇࢀࡣࢠࣜࢫࡢࢳࣕࢱ࣒࣒࣭࢘ࣜࣆࢵࢺཀࡢゝⴥࡢὶࢀ
ࢆỮࡴࡶࡢ࡛࠶ࡾ12ࠊࡘࡲࡾࠊ⮬ศ⮬㌟ࡢ㡿ᇦࡣᅜᐙࡽྍ࡛࠶ࡗ࡚ࠊᖸ΅
ࡉࢀ࡞࠸ࡇࢆ♧ࡋ࡚࠸ࡿࠋ
ࠉゝࡍࢀࡤࠊࣉࣛࣂࢩ࣮ࡣࠊ∦ࡸḢᕞ࡛ࡣࠊேࡢᑛཝࢆಖㆤࡍࡿࡓࡵ࠶
ࡿ⪅ࡽ⪅ᑐࡍࡿᐖࢆ⚗ࡌࡿࡶࡢ࡛࠶ࡿࡢᑐࡋ࡚ࠊ∦ࡸ࣓࡛ࣜ࢝
ࡣࠊᅜᐙࡽࡢಶேࡢ⏕άࡢᙜ࡞ධࢆ⚗ࡌࡿࡶࡢ࡞ࡢ࡛࠶ࡿࠋ
10ࠉ P. M. Schwartz & K. -N. Peifer, Transatlantic Data Privacy Law, 106 Geo. L. J. 115 (2017) pp.
117-118 (“The roots of this “war” are found in the differing legal approaches to information privacy in the two jurisdictions. The differences are institutional, substantive, and, at the same time, elusive. Both sides recognize information privacy as an important value yet struggle to identify the meaning of core differences and the critical baseline for future collaboration.”).
11ࠉ ᮧୖ⪽ࠕࣅࢵࢢࢹ࣮ࢱࡢά⏝ࣉࣛࣂࢩ࣮ಖㆤࡘ࠸࡚ࠖ㏻ಙࢯࢧ࢚ࢸ࣐࢞
ࢪࣥ29ྕ㸦2014㸧52㡫ࠋ
12ࠉ Sir William Pitt, Earl of Chatham, on the right of an Englishman to be secure in his home (1763):
“7KHSRRUHVWPDQPD\LQKLVFRWWDJHELGGH¿DQFHWRDOOWKHIRUFHVRIWKH&URZQ,WPD\EHIUDLO – its roof may shake – the wind may blow through it – the storm may enter – the rain may enter – but the King of England cannot enter; all his forces dare not cross the threshold of that ruined tenement”.
ࠉ᰿ᗏὶࢀࡿᛮࡢࡼ࠺࡞┦㐪ࡢࡺ࠼13ࠊࣉࣛࣂࢩ࣮࠶ࡿ࠸ࡣಶேࡢ
ሗ࣭ࢹ࣮ࢱ㛵ࡋ࡚ࡣࠊಶேࡢಖㆤࢆᚭᗏࡍࡋࡍࡿḢᕞࠊ⮬⏤ࡀࡺ࠼
ಶேࡿሗࢆ㞟ࡋࠊࡑࡇࡽ┈ࢆᚓࡿάືࡶチᐜࡉࢀࡿࡍࡿ࣓
ࣜ࢝ࡢ㛫࡛ࠊすὒࢆᣳࢇࡔᡓத㸦transatlantic war㸧ࡀ⏕ࡌ࡚࠸ࡿࡢ࡛࠶
ࡿ14ࠋ
ࠉGDPRࢆ⪃࠼ࡿୖ࡛ࡣࠊࡇࡢࡼ࠺࡞Ḣᕞ࣓ࣜ࢝ࡢ㛫ࡢ᰿ᮏⓗ࡞ㄆ㆑ࡢ㐪
࠸ࢆ㋃ࡲ࠼࡚࠾࡞ࡅࢀࡤ࡞ࡽ࡞࠸ࠋࡑࢀ࡞ࡋࡣࠊGAFAࢆࡣࡌࡵࡍࡿ
ሗศ㔝ࡢᴗάືᑐࡋ࡚Ḣᕞࡀᣢࡘ༴ᶵឤࡶࠊḢᕞࡢつไᑐࡍࡿ࣓ࣜ࢝
ࡢⓎࡶࠊ⌮ゎࡋ㞴࠸ࡶࡢ࡞ࡿࠋ
㸬GDPRࡢ≉ᚩ
ࠉࣉࣛࣂࢩ࣮࠶ࡿ࠸ࡣಶேሗᑐࡍࡿḢᕞࡢᇶᮏⓗ࡞⌮ᛕࢆ㋃ࡲ࠼ࡓୖ
࡛ࠊGDPRࡢ≉ᚩⓗ࡞㒊ศࢆ࠸ࡃࡘぢ࡚࠾ࡃࠋGDPRࡣᚋࠊಶேࡢሗ࣭
ࢹ࣮ࢱࡢಖㆤ㛵ࡍࡿୡ⏺ᇶ‽ࡶ࡞ࡿ㔜せ࡞Ꮡᅾ࡛ࡣ࠶ࡿࡀࠊ⣬ᖜࡢ㛵ಀ
ୖࠊ⥙⨶ⓗࡣ⤂࡛ࡁ࡞࠸ࡇࢆࡣࡌࡵ᩿ࡗ࡚࠾ࡃࠋ
ࠉୖ㏙ࡢ㏻ࡾࠊGDPRࡢ๓㌟ࡣ1995ᖺࡢḢᕞࢹ࣮ࢱಖㆤᣦ௧࡛࠶ࡿࠋࡇࡢᣦ ௧㸦Directive㸧ࢆつ๎㸦Regulation㸧᱁ୖࡆࡋࡓࡢࡀGDPR࡛࠶ࡾࠊࡇࢀ
ࡣࠊ㸦1㸧ಶேࢹ࣮ࢱಖㆤᑐࡍࡿᶒࡢᙉࠊ㸦2㸧EUᇦෆ࡛ࡢࢹ࣮ࢱಖㆤ
㛵ࡍࡿ࣮ࣝࣝࡢ୍ඖࠊ㸦3㸧ᅜ㝿ⓗ࡞㸦ᑐᇦእࢆྵࡴ㸧ࢹ࣮ࢱಖㆤࡢヲ⣽࡞
࣮ࣝࣝࡢ⟇ᐃࠊ࠸ࡗࡓ┠ⓗࡀ࠶ࡿࠋ
ࠉ௨ୗ࡛ࡣࠊ㸦1㸧ࢆ୰ᚰࠊࡑࢀࡒࢀࡢ┠ⓗࡢࡓࡵ࠸࡞ࡿ᪉⟇ࡀࡽࢀ࡚
࠸ࡿࢆᴫほࡋ࡚࠸ࡃࠋ
13ࠉ ࡼࡾヲ⣽ࡣࠊJ. Q. Whitman, “The Two Western Cultures of Privacy: Dignity versus Liberty”, 113 Yale L. J. (2004) pp. 1151ff; J. -L. Halpérin, “Protection de la vie privée et privacy : deux traditions juridiques différents ?”, Nouveaux cahiers du conseil constitutionnel no. 48 (2015), p. 59 et s.; ᐑୗ⤑ࠕࣉࣛࣂࢩ࣮ࢆࡵࡄࡿ࣓࣮ࣜ࢝ࣚࣟࢵࣃࡢ⾪✺
㸦1㸧ࠖẚ㍑ἲᩥ18ྕ㸦2010㸧131㡫௨ୗࢆཧ↷ࠋ
14ࠉ H. Farrell & A. Newman, The Transatlantic Data War: Europe Fights Back Against the NSA, 95(1) Foreign Affairs 124 (2016), pp. 124ff.
ࠉGDPR࡛ࡣࠊಶேࢹ࣮ࢱࡢయ࡞ࡿ⮬↛ேࢆࢹ࣮ࢱయ㸦data subject㸧
⛠ࡍࡿࡢ࡛ࠊࡇࡇ࡛ࡶࡑࡢㄒࢆ⏝࠸࡚࠸ࡃࡇࡍࡿࠋGDPRࡣࠊࡇࡢࠕ㆑ู
ࡉࢀࡓ⮬↛ேཪࡣ㆑ูྍ⬟࡞⮬↛ே㸦ࠕࢹ࣮ࢱయࠖ㸧㛵ࡍࡿሗࠖࢆಶே
ࢹ࣮ࢱࡋ࡚ᐃ⩏ࡍࡿ㸦4᮲1㡯㸧ࠋࡇࡇࡣࠊࢹ࣮ࢱయࡢẶྡࡸఫᡤࠊ
┿ࠊ㟁Ꮚ࣓࣮ࣝࢻࣞࢫࠊཱྀᗙሗࠊSNSࡢ᭩ࡁ㎸ࡳࠊ་⒪ሗࠊࢥࣥ
ࣆ࣮ࣗࢱࡢIPࢻࣞࢫ➼ࠊࡁࢃࡵ࡚ከᵝ࡞ሗࡀྵࡲࢀࡿࠋ
㸦1㸧ಶேࢹ࣮ࢱಖㆤᑐࡍࡿᶒࡢᙉ㸸ࠕ⮬ᕫሗࢥࣥࢺ࣮ࣟࣝᶒࠖࡢᙉ
ࠉ➨୍ࡢ┠ⓗࡣಶேࢹ࣮ࢱࡢಖㆤ࡛࠶ࡿࠋࡼࡾලయⓗࡣࠊࢹ࣮ࢱయࡢࠕ⮬
ᕫሗࢥࣥࢺ࣮ࣟࣝᶒࠖࡢᙉࡀពᅗࡉࢀ࡚࠸ࡿ15ࠋࠕ⮬ᕫሗࢥࣥࢺ࣮ࣟࣝ
ᶒࠖࡀࣉࣛࣂࢩ࣮ࡢᶒࢆᣦࡋ♧ࡍࡇࡣࡼࡃ▱ࡽࢀ࡚࠸ࡿࡇࢁ࡛࠶ࡿ16ࠋ ձࢹ࣮ࢱయࡢࠕྠពࠖ
ࠉࢹ࣮ࢱయࡀ⮬ศ⮬㌟ࡢሗᐇຠⓗࢥࣥࢺ࣮ࣟࣝࢆཬࡰࡍࡓࡵࡢ᪉⟇
ࡋ࡚ࠊࠕ⮬⏤ពᛮ࡛࠼ࡽࢀࠊ≉ᐃࡉࢀࠊሗࢆ࠼ࡽࢀࡓࠊ᫂░࡛࡞࠸
㸦IUHHO\JLYHQVSHFL¿FLQIRUPHGDQGXQDPELJXRXV㸧ྠពࠖࡢྲྀᚓࡀ⩏ົࡅࡽࢀ
ࡿ㸦4᮲㸦11㸧ࠊ7᮲ࠋ๓ᩥ32ࡶཧ↷㸧ࠋࡇࢀࡣࠊࢹ࣮ࢱయࡀ⮬ᕫࡢሗࡢ
⏝ࡘ࠸࡚⮬㌟ࡢุ᩿ࢆ᫂☜ୗࡏࡿࡼ࠺ಖ㞀ࡍࡿࡶࡢ࡛࠶ࡾࠊࢹ࣮ࢱయࡢ
▱ࡽࡠ㛫ࠊᡭ⮬ᕫࡢಶேࢹ࣮ࢱࡀฎ⌮ࡉࢀࡿࡇࡣチࡉࢀ࡞࠸ࡇ࡛࠶
ࡿࠊ࠸࠺GDPRࡢ❧ሙࢆ᫂☜♧ࡋ࡚࠸ࡿࠋ
ࠉࡲࡓࠊࢹ࣮ࢱయࡢྠពࢆᚓࡿࡓࡵࠊࢹ࣮ࢱ⟶⌮⪅ࡽࡣࠊ⡆₩࡛ࠊ㏱᫂
15ࠉ ๓ᩥ7࡛ࡣࠕ⮬↛ேࡣ⮬㌟ࡢࢹ࣮ࢱࡿࢥࣥࢺ࣮ࣟࣝࢆ᭷ࡍࡿ㸦Natural persons should have control of their own personal data.㸧ࠖ➃ⓗ㏙ࡽࢀ࡚࠸ࡿࠋ
16ࠉ 19ୡ⣖ᮎWarren & Brandeisࡢⴭྡ࡞ㄽᩥ࡛ࠕ࠺ࡗ࡚࠾࠸࡚ࡶࡽ࠺ᶒ㸦right to be let alone㸧ࠖࡋ࡚ᥦၐࡉࢀࡓࣉࣛࣂࢩ࣮ࡢᶒ࡛࠶ࡿࡀ㸦S. D. Warren & L. D.
Brandeis, “The Right to Privacy”, 4 Harvard Law Review 193 (1890) pp. 193ff㸧ࠊ1960ᖺࡢ Prosserࡢ4ศ㢮ࡼࡿ㆟ㄽࡢ⢭⦓ࢆ⤒࡚㸦W. L. Prosser, “Privacy”, 48 California Law Review 383 (1960), pp.383ff. ձ⚾ⓗ㡿ᇦࡢධࠊղ⚾ࡢබ㛤ࠊճୡேࡢㄗࡗࡓ༳
㇟ࡢࠊմẶྡ࣭⫝̸ീࡢႠ┠ⓗ࡛ࡢ↓᩿⏝ࠊศ㢮ࡉࢀࡿ㸧ࠊ⮬ᕫỴᐃᶒࡢ୍
⎔ࡋ࡚ࡢࠕ⮬㌟ࡿሗࢆࢥࣥࢺ࣮ࣟࣝࡍࡿᶒ㸦right to control one’s own information㸧ࠖ㸦A. F. WESTIN, PRIVACYAND FREEDOM, Ig Publishing (reprint), New York, 1967, p.5㸧⨨ࡅࡽࢀࡿ⮳ࡗ࡚࠸ࡿࠋ
ᛶࡀ࠶ࡾࠊࢃࡾࡸࡍࡃࠊᐜ᫆ࢡࢭࢫྍ⬟࡞㸦concise, transparent, intelligible and easily accessible㸧ᙧ࡛ࠊ᫂☜ࡘᖹ᫆࡞ゝⴥ㸦clear and plain
language㸧ࢆ⏝࠸࡚ࠊࢹ࣮ࢱฎ⌮ࡘ࠸࡚ࡢሗࡀᥦ౪ࡉࢀ࡞ࡅࢀࡤ࡞ࡽ࡞࠸
㸦12᮲㸧ࠋࢹ࣮ࢱࡢ⟶⌮⪅ࡣࠊࡇࢀᇶ࡙ࡁࠊࢃࡾࡸࡍ࠸ࣉࣛࣂࢩ࣮࣏ࣜ
ࢩ࣮➼ࡢᥦ౪ࡀồࡵࡽࢀࡿࡇ࡞ࡿࠋࡇࢀࡣࠊ5᮲2㡯ᐃࡵࡽࢀࡿࢹ࣮ࢱ
⟶⌮⪅ࡢㄝ᫂㈐௵㸦accountability㸧ࢆලయࡍࡿࡶࡢ࡛ࡶ࠶ࡿࠋ
ࠉࢹ࣮ࢱయࡢྠពࡣࠊࠕᐉゝࡲࡓࡣ᫂ࡽ࡞⫯ᐃⓗ⾜Ⅽࡼࡗ࡚㸦by a statement or by a clear affirmative action㸧ࠖࠊྲྀᚓࡉࢀ࡞ࡅࢀࡤ࡞ࡽ࡞࠸㸦4᮲ 㸦11㸧㸧ࠋࡍ࡞ࢃࡕࠊ୍⯡ⓗ࡞ዎ⣙⣙Ḱ࡛ໟᣓⓗྠពࡀ࡞ࡉࢀࡿࡔࡅ࡛ࡣ༑
ศ࡛࠶ࡾࠊ᭩㠃࡞࠸ࡋࠊグ㘓ࡉࢀࡓཱྀ㢌ࡼࡿྠពࠊ࠶ࡿ࠸ࡣ㟁Ꮚⓗᡭẁࡼ
ࡿᐉゝࠊࡲࡓࡣWebࢧࢺୖ࡛ࡢྠព࣎ࢵࢡࢫࡢࢳ࢙ࢵࢡࠊ㟁Ꮚⓗࣇ࢛࣮࣒
ࡢධຊࠊ㟁Ꮚ࣓࣮ࣝࡢ㏦ಙ࠸ࡗࡓ᫂☜࡞⾜Ⅽࡀᚲせࡉࢀࡿࠋ
ࠉ⌧௦࡛ࡣࠊᵝࠎ࡞ሗࢧ࣮ࣅࢫࡢ⏝⪅࡞ࡿࢹ࣮ࢱయࡣᵝࠎ࡞ᖺ㱋ᒙ
ཬࢇ࡛࠾ࡾࠊⱝᖺᒙࡶSNSࢆࡣࡌࡵࡍࡿࢧ࣮ࣅࢫࢆ⏝ࡋ࡚࠸ࡿࠋࡑࡇ࡛
GDPRࡣࠊᏊࡶᑐࡍࡿ≉ูࡢ㓄៖ࡶࡲࡓᐃࡵ࡚࠸ࡿ㸦8᮲㸧ࠋᮍࡔุ᩿⬟
ຊࡀᡂ⇍ࡋ࡚࠸࡞࠸Ꮚࡶࡢಶேࢹ࣮ࢱࡢྲྀࡾᢅ࠸ࡣࠊᡂேࡢࡑࢀẚࡋ࡚ࡼ
ࡾៅ㔜࡞ࡉࢀ࡞ࡅࢀࡤ࡞ࡽ࡞࠸ࠋࡑࡇ࡛ࠊࢹ࣮ࢱྲྀᚓ㝿ࡋ࡚ἲᐃ௦⌮ேࡢ
ྠពࡀせ௳ࡋ࡚ㄢࡉࢀ㸦8᮲㸧ࠊྠពྲྀᚓࡢ๓ᥦ࡞ࡿሗᥦ౪㝿ࡋ࡚
ࡶࠊ᱁ูࡢ㓄៖ࡀせồࡉࢀ࡚࠸ࡿ㸦12᮲㸦1㸧㸧ࠋ ղࠕ᪂ࡓ࡞ᶒࠖ
ࠉ⮬ᕫሗࡢࢥࣥࢺ࣮ࣟࣝ࠸࠺ほⅬࡽࠊGDPRࡢ୰࡛ࡶ≉ὀ┠ࢆ㞟ࡵ࡚
࠸ࡿ୍ࡘࡣࠊ17᮲ᐃࡵࡽࢀࡿࠕ๐㝖ᶒ㸦ࠕᛀࢀࡽࢀࡿᶒࠖ㸧࡛ࠖ࠶ࢁ࠺ࠋ๐ 㝖ᶒ࡞࠸ࡋᛀࢀࡽࢀࡿᶒࢆGDPRᑟධࡍࡿࡘ࠸࡚ࡣࠊ㉳ⲡẁ㝵࡛ࡶ
άⓎ࡞㆟ㄽࡀ⾜ࢃࢀࠊḢᕞ௨እࡽࡶ㧗࠸㛵ᚰࡀᐤࡏࡽࢀ࡚࠸ࡓࠋ
ࠉᛀࢀࡽࢀࡿᶒࡣࠊḢᕞྖἲุᡤࡢ2014ᖺ5᭶13᪥ඛỴᐃ㸦ECJ Judgment 13 May 2014 (C-131/12) Google Spain v. AEPD and Mario Costeja González㸧
࡛ゝཬࡉࢀࡓ17ࠋᡃࡀᅜ࡛ࡶࠊḢᕞ࡛ࡢ㆟ㄽࢆ⫼ᬒࡋ࡚ࠊᛀࢀࡽࢀࡿᶒゝ ཬࡍࡿุࡀฟࡉࢀ㸦ᮾிᆅᖹᡂ26ᖺ10᭶9᪥௬ฎศỴᐃ㸦ุ㞟➼ᮍ
Ⓩ㍕㸧ࠊࡉ࠸ࡓࡲᆅỴᖹᡂ27ᖺ12᭶22᪥㸦ุ2282ྕ78㡫㸧18㸧ࠊᏛ⏺࣭ᐇ
ົ⏺ࡽࡶከࡃࡢㄽ✏ࡀබ⾲ࡉࢀ࡚࠸ࡿ19ࠋ
ࠉ⥆࠸࡚ࠊ17᮲ᐃࡵࡽࢀࡿ๐㝖ᶒࡣࠊࢹ࣮ࢱయᑐࡋ࡚ࡣࠕᙜ࡞㐜
࡞ࡃ㸦without undue delay㸧ࠖ⮬ᕫ㛵ࡍࡿಶேࢹ࣮ࢱࡢᾘཤࢆᚓࡿᶒ࡛࠶
ࡿࠋࡑࡢ㏉ࡋࡋ࡚ࢹ࣮ࢱ⟶⌮⪅ᑐࡋ࡚ࡣࠕᙜ࡞㐜࡞ࡃࠖಶேࢹ࣮ࢱ
ࢆᾘཤࡍࡁ⩏ົࡀㄢࡉࢀࡿࠋ
ࠉࢹ࣮ࢱࡢᾘཤࢆồࡵᚓࡿሙྜࡋ࡚ࠊಶேࢹ࣮ࢱࡢ㞟࣭ฎ⌮ࡢ┠ⓗࡢ㛵 ಀ࡛ࡶࡣࡸᚲせ࡞࠸ሙྜࠊࢹ࣮ࢱయࡀྠពࢆ᧔ᅇࡋࠊࡘᙜヱࢹ࣮ࢱฎ⌮ࡢ
17ࠉ ࡇࡢECJඛỴᐃࡢ㑥ㄒホ㔘ࡋ࡚ࠊ୰すඃ⨾ᏊࠕGoogleEUࡢࠕᛀࢀࡽࢀࡿᶒ
㸦๐㝖ᶒ㸧ࠖࠖ⮬◊✲90ᕳ9ྕ㸦2014㸧96㡫௨ୗࠊ୰ᮧẸ㞝ࠕEUἲุ◊✲㸸ᛀࢀ
ࡽࢀࡿᶒ௳ࠖἲᚊሗ87ᕳ5ྕ㸦2015㸧132㡫௨ୗࠊ㔝⃝ṇࠕࠕᛀࢀࡽࢀࡿᶒ
ࠖ㸦droit à l’oubli㸧ࣉࣛࣂࢩ࣮ࡢಖㆤࠖL&T 70ྕ㸦2016㸧50㡫௨ୗࠊ㔝ࠎᮧ
႐ࠕẸᩆ῭ࡋ࡚ࡢࠑᛀࢀࡽࢀࡿᶒࠒࡘ࠸࡚ࠖྠᚿ♫ἲᏛ68ᕳ7ྕ㸦2017㸧
971㡫௨ୗࠋ
18ࠉ ࡞࠾ࠊ➨୍ᑂ࡛ࡣᛀࢀࡽࢀࡿᶒࡣ⫯ᐃࡉࢀࡓࡶࡢࡢࠊ᥍ッᑂ㸦ᮾி㧗Ỵᖹᡂ28ᖺ7
᭶12᪥㸧ࠊୖ࿌ᑂ㸦᭱୕Ỵᖹᡂ29ᖺ1᭶31᪥㸧࡛ࡣࠕᛀࢀࡽࢀࡿᶒࠖ࠸࠺ᴫᛕ ࡣྰᐃࡉࢀ࡚࠸ࡿࠋ
19ࠉ ఀ⸨ⱥ୍ࠕሗ♫ᛀ༷ᶒ㸸ᛀࢀࡿࡇࢆᛀࢀࡓࢿࢵࢺୖࡢᶒࠖἲᏛ◊✲84ᕳ6
ྕ㸦2011㸧165㡫௨ୗࠊᐑୗ⣫ࠕᛀࢀࡽࢀࡿᶒ㸸ࣉࣛࣂࢩ࣮ᶒࡢᮍ᮶ࠖࡢἲ௧ 1906ྕ㸦2012㸧43㡫௨ୗࠊᮡ㇂┾ࠕᛀࢀ࡚ࡶࡽ࠺ᶒ: ே㛫ࡢࠕហࡉࠖࡢୖ⠏ࡃ ᶒࠖLaw&Practice7ྕ㸦2013㸧153㡫௨ୗࠊୖᮘ⨾✑ࠕᛀࢀࡽࢀࡿᶒࣉࣛࣂ
ࢩ࣮ࠖᮐᖠἲᏛ 25ᕳ2ྕ㸦2014㸧59㡫௨ୗࠊᣋ✏ࠕࠕᛀࢀࡽࢀࡿᶒࠖ㸸ᛀࢀࡿࡇ
ࢆᛀࢀࡓୡ⏺ࡢ᪂ࡓ࡞ᶒࠖࢥࣆࣛࢺ655ྕ㸦2015㸧44㡫௨ୗࠊᐑୗ⣫ࠕࠕᛀࢀࡽ
ࢀࡿᶒࠖࢆࡵࡄࡿᨷ㜵ࠖẚ㍑ἲ㞧ㄅ47ᕳ4ྕ㸦2014㸧29㡫௨ୗࠊᐑୗ⣫ࠕࣅࢵࢢ ࢹ࣮ࢱ௦ࡢࠕᛀࢀࡽࢀࡿᶒࠖ㸸ࣉࣛࣂࢩ࣮ಖㆤ᪥ᮏ࡞ࡾࡢဴᏛࢆࠖJournalism 290ྕ㸦2014㸧94㡫௨ୗࠊᒸ┤Ꮚࠕࠕᛀࢀࡽࢀࡿᶒࠖࢆࡵࡄࡿືྥࠖㄪᰝሗ 854ྕ㸦2015㸧1㡫௨ୗࠊ▼ኟ⏕ࠕࠕᛀࢀࡽࢀࡿᶒࠖࢆࡵࡄࡿㄽ㆟ࡢព⩏ࠖሗ
⟶⌮58ᕳ4ྕ㸦2015㸧271㡫௨ୗࠊᐑୗ⣫ࠗࣉࣛࣂࢩ࣮ᶒࡢᶒ㸸⮬⏤ᑛཝࡢ⾪
✺࠘㸦୰ኸᏛฟ∧㒊ࠊ2015㸧219-263㡫ࠊᐑୗ⣫ࠕࠕᛀࢀࡽࢀࡿᶒࠖࡘ࠸࡚⪃࠼
ࡿࠖἲᏛࢭ࣑ࢼ࣮741ྕ㸦2016㸧1㡫௨ୗࠊ▼ኟ⏕ࠗಶேሗಖㆤἲࡢ⌧ᅾᮍ ᮶㸸ୡ⏺ⓗ₻ὶ᪥ᮏࡢᑗ᮶ീ㸦᪂∧㸧࠘㸦ວⲡ᭩ᡣࠊ2017㸧87-116㡫ࠊᰩ⏣ᫀ⿱ࠕࣉ
ࣛࣂࢩ࣮ࠕᛀࢀࡽࢀࡿᶒࠖࠖ㱟㇂ἲᏛ49ᕳ4ྕ㸦2017㸧305㡫௨ୗࠊ➼ࠋ
ἲⓗ᰿ᣐࡀᏑᅾࡋ࡞࠸ሙྜࠊࢹ࣮ࢱయࡀಶேࢹ࣮ࢱฎ⌮ᑐࡍࡿ␗㆟ࢆ
㏙ࠊࡘඃඛࡉࢀࡿࢹ࣮ࢱฎ⌮ࡢ᰿ᣐࡀ࡞࠸ሙྜࠊࢲࣞࢡࢺ࣭࣐࣮ࢣ ࢸࣥࢢࡢ␗㆟ࢆ㏙ࡓሙྜࠊಶேࢹ࣮ࢱࡀ㐪ἲྲྀࡾᢅࢃࢀࡓሙྜࠊḢᕞ ἲ࣭ຍ┕ᅜἲࡢ㑂Ᏺࡢࡓࡵࢹ࣮ࢱᾘཤࡀᚲせ࡞ሙྜࠊ16ṓᮍ‶㸦ຍ┕ᅜἲ
ࡼࡗ࡚ࡣ13ṓ௨ୗ㸧ࡢሗ♫ࢧ࣮ࣅࢫࡢᥦ౪㛵㐃ࡋ࡚ࢹ࣮ࢱ㞟ࡀ࡞
ࡉࢀࡓሙྜࠊࡀྠ᮲1㡯ྛྕิᣲࡉࢀ࡚࠸ࡿࠋ
ࠉࣥࢱ࣮ࢿࢵࢺୖὶᕸࡋࡓሗࡣ࡞ᾘཤࡀ㞴ࡋ࠸ࡇࡽࠊᾘࡍࡇ
ࡀ㞴ࡋ࠸ධቚࠊࠕࢹࢪࢱ࣭ࣝࢱࢺ࣮ࠖ⛠ࡉࢀࡿ20ࠋḢᕞ࡛ࡣࠊࡇࡢ≧ἣᑐ ࡍࡿ༴ᶵឤࡀ௨๓ࡽ♧ࡉࢀ࡚࠸ࡓࠋḢᕞጤဨࡢྖἲ࣭ᇶᮏᶒ࣭ᕷẸᶒᢸᙜ
㆟㛗࡛࠶ࡿViviane Redingࡣࠊࠕࡘ࡚ゝࢃࢀࡓࡼ࠺ࠕ⚄ࡣ㉧ࡋᛀࢀࡿࡢ
ࠊ࢙࢘ࣈࡣỴࡋ࡚ᛀࢀ࡞࠸ࠖࠋࡔࡽࡇࡑࠕᛀࢀࡽࢀࡿᶒࠖࡣ⚾ࡗ࡚
ࡃࡶ㔜せ࡞ࡢࡔ㸦As somebody once said: “God forgives and forgets but the Web never does!͇ This is why the “right to be forgotten” is so important for me.㸧ࠖ㏙
࡚࠸ࡿ21ࠋࡇࡢࡼ࠺࡞ᛮࢆ⫼ᬒࡋ࡚ࠊᾘཤᶒ࡞࠸ࡋᛀࢀࡽࢀࡿᶒࡣGDPR
ᑟධࡉࢀࡓࠋ
ࠉࡢඃࢀࡓඛ⾜◊✲࡛ࡶࡍ࡛ᣦࡉࢀ࡚࠸ࡿࡀࠊᾘཤᶒ࡞࠸ࡋᛀࢀࡽࢀࡿ
ᶒࡣࠊࡑࡢᥦゝࠊᙉ࠸Ⓨࢆཷࡅࡿࡇ࡞ࡗࡓࠋࡑࡢ⌮⏤ࡢ୍ࡘࡣࠊ
࢙࢘ࣈࡽࡢሗࡢ๐㝖ࡣࠊㄡ㸦ࡣᶒຊࢆ᭷ࡍࡿഃ㸧ࡗ࡚࡞
ሗࢆពⓗ๐㝖ࡍࡿࡇࢆチࡋ࡚ࡋࡲ࠸ࠊࡦ࠸࡚ࡣṔྐࡢಟṇࡍࡽࡘ࡞
ࡀࡗ࡚ࡋࡲ࠺ࡢ࡛ࡣ࡞࠸ࠊ࠸࠺ᠱᛕࡀ࠶ࡿࠋࡇࢀᑐࡋ࡚ࠊḢᕞጤဨࡣ
20ࠉ ࡇࡢ⾲⌧ࡢึฟࡣ᫂ࡽ࡛ࡣ࡞࠸ࡀࠊ2013ᖺࡢTED࠾ࡅࡿJuan Enriquezࡼࡿ
“Your online life, permanent as a tattoo”ࡼࡾᗈࡲࡗࡓࡼ࠺࡛࠶ࡿࠋEnriquez ࡢࣉࣞࢮࣥ
ࢸ࣮ࢩࣙࣥࡣTEDࡢ࢙࢘ࣈࢧࢺ࡛ど⫈࡛ࡁࡿ㸦https://www.ted.com/talks/juan_
enriquez_how_to_think_about_digital_tattoos㸦2019ᖺ11᭶5᪥᭱⤊☜ㄆ㸧㸧ࠋ
21ࠉ V. Reding, Privacy matters: Why the EU needs new personal data protection rules; Brussels, 30 November 2010, available at http://europa.eu/rapid/press-release_SPEECH-10-700_en.pdf [latest access: 2019/11/05]. ᛀ༷ࡀ㉧ࡋࡘ࡞ࡀࡿ࠸࠺ࡢࡣࠊ࢚࣑ࣞࣖ᭩31❶34⠇ࡢ ࠕ㸦͐㸧ࢃࡓࡋࡣᙼࡽࡢᝏࢆ㉧ࡋࠊࡧᙼࡽࡢ⨥ᚰࢆ␃ࡵࡿࡇࡣ࡞࠸ࠖ㸦᪥ᮏ⪷᭩
༠ࠗ⪷᭩ ᪂ඹྠヂ࠘㸧ࢆព㆑ࡋࡓࡶࡢ࡛࠶ࢁ࠺ࠋ
ᛀࢀࡽࢀࡿᶒࡣࠕṔྐࡢ࡞ᾘཤࡢᶒ࡛ࡣ࡞࠸ࠖ22ㄝ᫂ࡋ࡚࠸ࡿࠋ ࠉࡇࡢࡼ࠺࡞ᛂࡢཎᅉࡢ୍ࡘࡣࠊࠕᛀࢀࡽࢀࡿᶒࠖ࠸࠺⾲⌧ࡢ༳㇟ࡢ ᙉࡉࡀ࠶ࡿࠋࠕᛀࢀࡽࢀࡿᶒࠖࡣࣇࣛࣥࢫࡢࠕᛀ༷ᶒ㸦droit à l’oubli㸧ࠖ࡞࠸
ࡋࢱࣜࡢྠࡌࡃࠕᛀ༷ᶒ㸦diritto all’oblio㸧ࠖࢆ㉳※ࡍࡿゝࢃࢀࡿ23ࠋࡇ ࡢࠕᛀ༷ࠖࡀࠊ࡞㐣ཤࡢᾘཤࡽ࠼ࡽࢀࡓࡓࡵᢈุࢆཷࡅ࡚࠸ࡿࡀ24ࠊ GDPRᐃࡵࡽࢀࡿᾘཤᶒࡢ┠ⓗࡣሗࡢᣑᩓࡢ㜵Ṇ0 0 0 0 0࡛࠶ࡿࠋࣥࢱ࣮ࢿࢵ
ࢺ࡛࠸ࡗࡓࢇබ㛤ࡉࢀࡓሗࡢ࡞๐㝖ࡣࠕ୍⯡ⓗྍ⬟㸦generally
impossible㸧࡛ࠖ࠶ࡿ࠸࠺ࡢࡀGDPRࡶ๓ᥦࡍࡿࡇࢁ࡛࠶ࡾࠊࡑࢀ࡛ࡶ࡞
࠾๐㝖ࡍࡁ࠸࠺ࢫࢱࣥࢫ࡛ࡶ࡞࠸ࠋ
ࠉ⌧௦࡛ࡣࠊࡘ࡚ẚ㍑ࡋ࡚ሗ㞟ࡀࡁࢃࡵ࡚ᐜ࡛᫆࠶ࡾࠊࣥࢱ࣮ࢿࢵ
ࢺࢆ⏝ࡍࡿࠊᩘᅇࡢࢡࣜࢵࢡ࡛ከࡃࡢሗࡀ㞟ࡉࢀࡿࠋࡑࢀࢆࡼࡾຍ㏿
ࡍࡿࡢࡀࠊ᳨⣴࢚ࣥࢪࣥࡢᏑᅾ࡛࠶ࡿࠋࡇࡢࡓࡵࠊࡇࢀࡲ࡛ࡣࠕᛀࢀࡽࢀ࡚ࡁ ࡓࠖሗࡀࠊࡁࢃࡵ࡚⡆༢Ⓨ᥀ࡉࢀ࡚ࡋࡲ࠺ែࡀ㉳ࡁࡿࡼ࠺࡞ࡗࡓࠋࡑ ࡇ࡛ࠊࠕࡼࡾᐇົⓗ㸦more practical㸧ࠖ࡞ゎỴ⟇ࡋ࡚ࠊ᳨⣴࢚ࣥࢪࣥࡢࠕࣜࢫ ࢺࡽእࡍ㸦delisting㸧ࠖࡇࢆ⪃៖ࡋࠊࡇࡢࠕᛀࢀࡽࢀࡿᶒࠖࡀタࡅࡽࢀࡓ ࡢ࡛࠶ࡿ25ࠋ
ࠉࡲࡓࠊ20᮲ᣲࡆࡽࢀࡿࢹ࣮ࢱ࣏࣮ࢱࣅࣜࢸᶒࡶࠊ⮬ᕫሗࢥࣥࢺ࣮ࣟ
ࣝᶒࡢᐇ⌧ࡢࡓࡵࡢࡁ࡞せ⣲࡛࠶ࡿࠋࢹ࣮ࢱ࣏࣮ࢱࣅࣜࢸᶒࡣࠊ⮬㌟ࡢ
22ࠉ95HGLQJ7KH(XURSHDQ'DWD3URWHFWLRQ)UDPHZRUNIRUWKH7ZHQW\¿UVW&HQWXU\,QW’l data privacy L. 1, 2012, p. 7.
23ࠉ F. U. Ahmed, Right to Be Forgotten: A Critique of the Post-Costeja Gonzalez Paradigm, 21(6) C.T.L.R. 175, 2015, p.176.
24ࠉ P. Hustinx, The Right to be Forgotten and Beyond: Data Protection and Freedom of Expression in the Age of Web 2.0, Oxford Privacy Information Law and Society Conference, June 12, 2012
ࢆཧ↷ࠋ࡞࠾ࠊࣇࣛࣥࢫࡢᛀ༷ᶒࡶࠊ⤯ᑐⓗ࡞ࡶࡢ࡛ࡣỴࡋ࡚࡞࠸ࠋᣋ✏ࠕࣇࣛࣥࢫ
࠾ࡅࡿࣉࣛࣂࢩ࣮ᛀ༷㸸ࠕᛀࢀࡽࢀࡿᶒࠖࡢ⏤᮶ࢆࡓࡗ࡚ࠖ㔠ἑἲᏛ60ᕳ 2ྕ㸦2018㸧123㡫௨ୗࠋ
25ࠉ European Network and Information Security Agency, The Right to be Forgotten: Between Expectations and Practice, 2012, p. 7, available at: https://www.enisa.europa.eu/publications/
the-right-to-be-forgotten [latest access: 2019/11/05].
ಶேࢹ࣮ࢱࢆࠊ⟶⌮⪅ࡽ୍ᐃࡢࣇ࢛࣮࣐ࢵࢺ࡛ཷࡅྲྀࡾࠊࡢ⟶⌮⪅⛣㌿
ࡍࡿᶒ࡛࠶ࡾࠊ⮬㌟ࡢಶேࢹ࣮ࢱࢆ␗࡞ࡿ⟶⌮⪅㛫࡛┤᥋⛣㌿ࡉࡏࡿᶒ࡛
࠶ࡿࠋ
ࠉ⌧௦♫࡛ࡣࠊಶே㛵ࡍࡿᵝࠎ࡞ࢹ࣮ࢱࢆά⏝ࡋࠊ࠼ࡤಶู་⒪ࡢ
ࡼ࠺ࠊࡑࡢಶேࡢࡓࡵ࢝ࢫࢱ࣐ࢬࡉࢀࡓࢧ࣮ࣅࢫࡢᥦ౪ࡀࠊᢏ⾡ⓗࡣ
ྍ⬟࡞ࡗ࡚࠸ࡿࠋࡋࡋࠊࡇࡢ✀ࡢࢧ࣮ࣅࢫᑐࡋ࡚ࡣᖖࢹ࣮ࢱయ࡞
ࡿಶேࡢࣉࣛࣂࢩ࣮ࡢᐖࡢᠱᛕ⾲୍యࡢ㛵ಀ࠶ࡿࠋ
ࠉࢹ࣮ࢱ࣏࣮ࢱࣅࣜࢸᶒࡣࠊࡇࡢࡼ࠺࡞≧ἣࢆ⫼ᬒࡋࡘࡘࠊࢹ࣮ࢱయ
ಶேࢹ࣮ࢱࢆ㑏ඖ0 0ࡍࡿࡇࢆಖ㞀ࡍࡿᶒ࡛࠶ࡿࠋࡇࡢᶒࢆ㏻ࡋ࡚ࠊࢹ࣮ࢱ
యࡣࠊࡇࢀࡲ࡛ࡣᵝࠎ࡞ࣉࣛࢵࢺࣇ࢛࣮࣒➼ศᩓࡋ࡚࠸ࡓ⮬㌟ࡢࢹ࣮ࢱࢆ
㞟⣙࣭⤫ྜࡋࠊ⮬ศ⮬㌟࡛⟶⌮࡛ࡁࡿࠋࡑࡋ࡚ࠊࢹ࣮ࢱࡢά⏝࠶ࡓࡗ࡚
ࡶࠊ⮬㌟ࡢࢽ࣮ࢬᛂࡌ࡚⮬ศ⮬㌟࡛㑅ᢥࡋࡓᴗ⪅ಶேࢹ࣮ࢱࢆጤࡡࡿࡇ
ࡀ࡛ࡁࡿࠋ
ࠉࡇࡢࡼ࠺࡞ሗࡀ⭾࡞ࢀࡤࠊࡑࡢ⟶⌮ࡣ୍ಶே࡛ࡣᅔ㞴࡞ࡿࡶ▱ࢀ
࡞࠸ࠋࡑࡢࠊࢹ࣮ࢱయᮏே௦ࢃࡗ࡚ࢹ࣮ࢱࢆ⟶⌮࣭㞟⣙ࡋࠊࢹ࣮ࢱ
యࡢࢽ࣮ࢬᚑࡗ࡚➨୕⪅ࡢᥦ౪࡞ࡢά⏝ᦠࢃࡿࡢࡀࠊᚋࡢ❶࡛ゝཬ ࡉࢀࡿሗ㖟⾜㸦ሗಙクᴗົ㸧࡛࠶ࡿࠋ
ࠉࡇࡢࡼ࠺ࠊࢹ࣮ࢱ࣏࣮ࢱࣅࣜࢸᶒࡣࠊ᪥ࡢ♫࠾࠸࡚ሗࡀ⤒῭㈈
ࡋ࡚㔜せ࡞⨨ࢆ༨ࡵࡿࡇࢆព㆑ࡋ࡚࠸ࡿࡇࡀࢃࡿࠋࡑࡢୖ࡛ࡇࡢᶒ
ࡣࠊ᪥ࡢ♫ࡢ⌧≧ࡋ࡚ࠊሗᕷሙࡀ࣓ࣜ࢝ࡢITᕧேࡰ⊂༨ࡉ
ࢀ࡚࠸ࡿࡇᑐࡍࡿᑐᢠ⟇ࡋ࡚⨨ࡅࡽࢀ࡚࠸ࡿࡇࡶࠊࡁࢃࡵ࡚⯆
῝࠸ࡇࢁ࡛࠶ࡿ26ࠋ
26ࠉ See, European Commission, Questions and Answers – General Data Protection Regulation, Brussels, 24 January 2018, available at https://ec.europa.eu/commission/presscorner/detail/en/
MEMO_18_387 [latest access: 2019/11/05] (“The new right to data portability will allow individuals to move their personal data from one service provider to another. Start-ups and smaller companies will be able to access data markets dominated by digital giants and attract more consumers with privacy-friendly solutions. This will make the European economy more competitive.”).
ճᢏ⾡ⓗᡭᙜ࡚
ࠉୖ㏙ࡢࡼ࠺ࠊGDPRࡣಶேሗࡢಖㆤࠊࡑࡋ࡚⮬ᕫሗࢥࣥࢺ࣮ࣟࣝࢆ㔜 どࡋࠊࡑࡢࡓࡵ᪂ࡓ࡞ᶒࢆ᫂☜♧ࡋ࡚࠸ࡿࠋࡑࡢୖ࡛ࠊᢏ⾡ⓗࡶࡇࢀ
ࡽࡢ┠ⓗࡀ㐩ᡂࡉࢀࡿࡼ࠺ࠊᵝࠎ࡞ᐃࡵࢆ⨨ࡃࠋ
ࠉ࠼ࡤࠊሗࡢὶ㏻㝿ࡋ࡚㔜せ࡞ࢭ࢟ࣗࣜࢸࡢᙉࡢࡓࡵࠊᢏ⾡ⓗᏳ
ᛶࠊㄆドไᗘ➼ࡢᩚഛࢆせồࡍࡿࠋฎ⌮ࡢᏳ⟶⌮ࡘ࠸࡚ᐃࡵࡿ32᮲
ࡸࠊࢹ࣮ࢱಖㆤࡢㄆド㛵ࡍࡿ42᮲ཬࡧࡑࡢㄆドᶵ㛵ࡘ࠸࡚43᮲ࡀࠊ௦⾲
ⓗ࡞ࡋ࡚ᣲࡆࡽࢀࡿࠋ
ࠉࡑࡋ࡚ࠊᐖࡀ⏕ࡌ࡚ࡋࡲࡗࡓሙྜࡢᑐᛂࡘ࠸࡚ࡶ᫂☜ᐃࡵ࡚࠸ࡿࠋ GDPRࡣࠊሗ₃ὤ➼ࡢᐖࡀ⏕ࡌ࡚ࡋࡲࡗࡓሙྜࡣࠊ┘╩ᶵ㛵ཬࡧᮏே
ࠊ㎿㏿㏻▱࣭㐃⤡ࡍࡿ⩏ົࢆᐃࡵࡿ㸦33᮲ࠊ34᮲㸧ࠋࢹ࣮ࢱࡣ࠸ࡗࡓࢇὶ ฟࡍࡿࠊブḭ⿕ᐖࡸྡẋᦆࠊ㈈⏘ⓗᦆኻ࡞ᵝࠎ࡞ᦆᐖࡀ⏕ࡌࡿ㸦๓ᩥ
85ࡶཧ↷㸧ࠋࡑࡋ࡚ࠊࡑࡢᑐᛂࡀ㐜ࢀࡿࠊࡑࡢ⿕ᐖࡣࡁࡃ࡞ࡾࡀࡕ࡛
࠶ࡿࠋࡑࢀࡺ࠼ࠊGDPRࡣࠕ㎿㏿ࠖ࡞ᑐᛂࢆ⩏ົࡋ࡚ㄢࡋ࡚࠸ࡿࠋ
ࠉࡑࡢࡶࠊGDPR࡛ࡣሗࡢ⟶⌮⪅ࡢ⩏ົࡢᙉࡶᐃࡵࡽࢀࡿࠋ25᮲ࡣࠊ by designࡢࢹ࣮ࢱಖㆤࠊby defaultࡢࢹ࣮ࢱಖㆤࡘ࠸࡚ᐃࡵࡿࠋࡇࢀࡣ1990 ᖺ௦࢝ࢼࢲ࡛ᥦၐࡉࢀࡓprivacy by design╔ࢆᚓࡓࡶࡢ࡛27ࠊGDPR࠾
࠸࡚ࡣࠊሗࡢ⟶⌮⪅ࡣࠊby designࡢࢹ࣮ࢱಖㆤࠊby defaultࡢࢹ࣮ࢱಖㆤࡢཎ
๎ࢆ᥇⏝ࡋࡓᴗᨻ⟇ࡢ⟇ᐃᥐ⨨ࡢᐇࡀせồࡉࢀࡿࠋࡇࡇࡣࠊ࠼ࡤಶ
ேࢹ࣮ࢱฎ⌮ࡢ᭱ᑠ㝈㸦minimising the processing of personal data㸧ࠊಶேࢹ࣮
ࢱࡢ༶௬ྡ㸦pseudonymising personal data as soon as possible㸧ࠊಶேࢹ࣮ࢱ ฎ⌮ࡢ㏱᫂㸦transparency with regard to the functions and processing of personal
27ࠉ See, A. Cavoukian, Privacy by Design: The 7 Foundational Principles, available at: https://
www.ipc.on.ca/wp-content/uploads/resources/7foundationalprinciples.pdf (latest access:
2019/11/05). ࡇࡇ࡛ࡣࠊձᚋⓗ࡛ࡣ࡞ࡃ๓ࠊղᑐ⒪ἲ࡛ࡣ࡞ࡃண㜵ⓗࠊճࢩ ࢫࢸ࣒ࡢࢹࢨࣥ⤌ࡳ㎸ࡲࢀࡓࣉࣛࣂࢩ࣮ࠊմࢮࣟࢧ࣒࡛ࡣ࡞ࡃ୧❧ࡍࡿ㛵ಀࡢ Positive-Sumࠊյࣛࣇࢧࢡࣝࡍ࡚ࢆ㏻ࡋࡓሗࢭ࢟ࣗࣜࢸࠊնྍどᛶ㏱᫂
ᛶࠊշ࣮ࣘࢨ࣮୰ᚰࡢࣉࣛࣂࢩ࣮ࡢᑛ㔜ࠊࡀᥖࡆࡽࢀ࡚࠸ࡿࠋ
data,㸧ࠊࢹ࣮ࢱయࡢࢹ࣮ࢱฎ⌮┘ど㸦enabling the data subject to monitor the data processing㸧ࠊሗ⟶⌮⪅ࡢࢭ࢟ࣗࣜࢸᵓ⠏ཬࡧᨵၿ㸦enabling the controller to create and improve security features㸧➼ࡀᣲࡆࡽࢀ࡚࠸ࡿ㸦๓ᩥ78㸧ࠋ
ࠉࡼࡾලయⓗࡣࠊ⟶⌮⪅ࡣሗฎ⌮ࡢ㝿㐺ษ࡞ᢏ⾡ⓗ࣭⤌⧊ⓗᥐ⨨ࢆㅮࡌ
࡞ࡅࢀࡤ࡞ࡽࡎࠊࢹࣇ࢛ࣝࢺࡋ࡚ࡑࢀࡒࢀ≉ᐃࡉࢀࡓ┠ⓗࡢᚲせ࡞⠊ᅖ࡛ࡢ
ࡳࢹ࣮ࢱฎ⌮ࢆ⾜࠺ࡇࢆ☜ᐇࡍࡿᥐ⨨ࢆㅮࡌ࡞ࡅࢀࡤ࡞ࡽ࡞࠸ࠋ
ࠉࡑࡋ࡚ࠊࡇࢀࡽࡢせㄳࡢᐇ⌧ࢆᢸಖࡍࡿࡓࡵࠊࢹ࣮ࢱಖㆤᙳ㡪ホ౯㸦Data Protection Impact Assessment: DPIA㸧ࡢᐇࡸ㸦35᮲㸧28ࠊࢹ࣮ࢱಖㆤ㈐௵⪅
㸦'DWD3URWHFWLRQ2I¿FHU'32㸧ࡢタ⨨㸦37᮲㸧࠸ࡗࡓ⤌ࡳࡶ‽ഛࡉࢀ࡚࠸
ࡿࠋ
ࠉࡉࡽࠊಶேࢹ࣮ࢱࡢ₃ὤ࡞ఱࡽࡢែࡀ⏕ࡌࡓࡢᩆ῭ᡭẁࡋ࡚ࠊ
⊂❧ࡋࡓ┘╩ᶵ㛵ࡢタ⨨ࡀせồࡉࢀ㸦51᮲㸧ࠊࡑࡢ௵ົࡸᶒ㝈ࠊάື
ࡘ࠸࡚ࡶヲ⣽࡞つᐃࡀ⨨ࢀ࡚࠸ࡿ㸦52㹼59᮲㸧ࠋຍ࠼࡚ࠊᩆ῭ࠊἲⓗ㈐௵ཬ ࡧไᥐ⨨ࠊᦆᐖ㈺ൾࡢᶒࡘ࠸࡚ࡶ᫂ᩥࡢつᐃࡀ⨨ࢀ࡚࠸ࡿ㸦77㹼79 ᮲ࠊ82᮲㸧ࠋࡉࡽࠊ᭱ࡶ⪥┠ࢆ㞟ࡵࡓ୍ࡘ࡛࠶ࡿไ㔠ࡘ࠸࡚ࡶཝࡋ࠸つ ᐃࡀタࡅࡽࢀ㸦83᮲㸧ࠊࢹ࣮ࢱ⟶⌮⪅➼ࡢ⩏ົ㐪ࡘ࠸࡚ࡣࠊ㐪⪅ࡢୡ
⏺ࡢᖺ㛫ୖ㧗ࡢ2%1000࣮ࣘࣟࡢ࠸ࡎࢀ㧗࠸᪉ࠊGDPRࡢᇶᮏཎ๎
㐪ࡘ࠸࡚ࡣ㐪⪅ࡢୡ⏺ࡢᖺ㛫ୖ㧗ࡢ4%2000࣮ࣘࣟࡢ࠸ࡎࢀ
㧗࠸᪉ࡀࠊไ㔠ࡋ࡚ㄢࡉࢀࡿࡇ࡞ࡗ࡚࠸ࡿࠋ᪥ᮏ࡛ࡣࠊ࠼ࡤ࣐
ࢼࣥࣂ࣮ไᗘ࠾࠸࡚ࠊಶே␒ྕ⏝ົ࣭ಶே␒ྕ㛵ಀົ➼ᚑࡍࡿ⪅
ࡀࠊṇᙜ࡞⌮⏤࡞ࡃࠊᴗົ࡛ྲྀࡾᢅ࠺ಶேࡢ⛎ᐦࡀグ㘓ࡉࢀࡓ≉ᐃಶேሗ
ࣇࣝࢆᥦ౪ࡋࡓሙྜ4ᖺ௨ୗࡢᠬᙺࡶࡋࡃࡣ200௨ୗࡢ⨩㔠㸦࠶ࡿ
28ࠉ ࡇࢀࡘ࠸࡚ࠊ29᮲సᴗ㒊ࡀ࢞ࢻࣛࣥࢆ♧ࡋ࡚࠸ࡿࠋSee, Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 (Adopted on 4 April 2017, Revised and Adopted on 4 October 2017), available at: https://ec.europa.eu/newsroom/article29/item-detail.
cfm?item_id=611236 (latest access: 2019/11/05). 㑥ヂࡋ࡚ࠊ᪥ᮏ㈠᫆⯆ᶵᵓ㸦ࢪ࢙ࢺ
ࣟ㸧ᾏእㄪᰝ㒊ḢᕞࣟࢩCISㄢࡀࠊ௬ヂࢆබ㛤ࡋ࡚࠸ࡿࠋhttps://www.jetro.go.jp/ext_
images/world/europe/eu/gdpr/pdf/dpia.pdf㸦2019ᖺ11᭶5᪥᭱⤊☜ㄆ㸧ࢆཧ↷ࠋ
࠸ࡣࡑࡢే⛉㸧࡞ࡗ࡚࠸ࡿ㸦࣐ࢼࣥࣂ࣮ἲ48᮲㸧ࠋࡇࢀẚ㍑ࡋ࡚ࡶ
GDPRࡢไ㔠ࡢ㢠ࡣࡁࢃࡵ࡚ࡁࡃࠊሗࢆᢅ࠺ᴗࡗ࡚ࡣ㔜࡞㛵ᚰ
㡯࡞ࡿࡇࡣᐜ᫆ീ࡛ࡁࡿࠋ
㸦2㸧EUᇦෆ࡛ࡢࢹ࣮ࢱಖㆤ㛵ࡍࡿ࣮ࣝࣝࡢ୍ඖ
ࠉGDPRࡣḢᕞ࠾ࡅࡿಶேࢹ࣮ࢱࡢಖㆤὶ㏻ࡢࣂࣛࣥࢫࢆᅗࡿࡓࡵࡢつ๎
࡛࠶ࡿࠋࡍ࡛㏙ࡓ㏻ࡾࠊࡇࡢ๓㌟ࡋ࡚1995ᖺࡢࢹ࣮ࢱಖㆤᣦ௧ࡀᏑᅾ ࡋࡓࠋࡇࡢᣦ௧ࢆつ๎ࠕ᱁ୖࡆࠖࡍࡿࡇࡼࡾࠊຍ┕ᅜෆ࠾࠸࡚ࡣ༢୍
࣮ࣝࣝࡢ┤᥋ⓗ㐺⏝ࡀྍ⬟࡞ࡗࡓࠋ
ࠉࡇࢀࡼࡾࠊࡘ࡚ၥ㢟どࡉࢀ࡚࠸ࡓḢᕞᇦෆ࠾ࡅࡿಶேሗ࣭ಶேࢹ࣮
ࢱࡢಖㆤࣞ࣋ࣝࡢᕪ␗ࡢゎᾘࡀࡣࡽࢀࡿࡇ࡞ࡗࡓࠋࡉࡽࠊ┘╩ᶵ㛵ࡢ ᶒ㝈ࢆ᫂☜ࡋ㸦56᮲㸧ࠊࡑࡢ┘╩ᶵ㛵ྠኈࡢ༠ຊࠊ୍㈏ᛶ࣓࢝ࢽࢬ࣒㸦One-
stop-shop㸧ࢆᑟධࡍࡿࡇ࡛㸦60㹼62᮲ࠊ63᮲㸧ࠊࡼࡾᐇຠⓗ࡞ࢩࢫࢸ࣒ࡀᵓ
⠏ࡉࢀࡓࠋ
ࠉᣦ௧௦ࡽࠊຍ┕ᅜࡢ┘╩ᶵ㛵Ḣᕞࢹ࣮ࢱಖㆤ┘╩ᐁࡽ࡞ࡿ29᮲స ᴗ㒊ࡀᏑᅾࡋࡓࡀࠊࡇࢀࡣἲⓗᣊ᮰ຊࢆ᭷ࡍࡿពぢࡸ່࿌ࢆ♧ࡍ⤌⧊࡛ࡣ࡞
ࡗࡓࠋࡑࡇ࡛ࠊGDPR࡛ࡣࠊᣊ᮰ຊࡢ࠶ࡿỴᐃࢆୗࡍᶒ㝈ࢆ᭷ࡍࡿḢᕞࢹ࣮
ࢱಖㆤ㆟㸦European Data Protection Board; EDPB㸧ࡀタ⨨ࡉࢀ࡚࠸ࡿ㸦68 ᮲㸧ࠋ
㸦3㸧ᅜ㝿ⓗ࡞㸦ᑐᇦእࢆྵࡴ㸧ࢹ࣮ࢱಖㆤࡢヲ⣽࡞࣮ࣝࣝࡢ⟇ᐃ
ࠉ᭱ᚋࠊGDPRࡀὀ┠ࡉࢀࡿࡶ࠺୍ࡘࡢ⌮⏤ࡋ࡚ࠊ➨୕ᅜࡢ⟶⌮⪅㐺⏝
ࡉࢀࡿ⠊ᅖ㸦ᇦእ㐺⏝㸧ࡀᐃࡵࡽࢀ࡚࠸ࡿⅬࡀᣲࡆࡽࢀࡿࠋ
ࠉGDPRࡣࠊḢᕞᇦෆ⟶⌮⪅ࡸฎ⌮⪅ࡀᅾ࡛࠶ࡿሙྜ࡛࠶ࡗ࡚ࡶࠊ୍ᐃࡢ ሙྜᇦእ㐺⏝ࢆㄆࡵ࡚࠸ࡿ㸦3᮲2㡯㸧ࠋձ᭷ൾ࣭↓ൾࢆၥࢃࡎEUᇦෆ
࠸ࡿಶேၟရࡸࢧ࣮ࣅࢫࢆᥦ౪ࡋ࡚࠸ࡿሙྜࠊղEUᇦෆ࡛ࡢಶேࡢ⾜ືࢆ
┘ど㸦ࣔࢽࢱࣜࣥࢢ㸧ࡋ࡚࠸ࡿሙྜࠊ࡛࠶ࡿࠋࡇࡢ⠊ᅖࡣࠊ๓㌟࡛࠶ࡿࢹ࣮ࢱ ಖㆤᣦ௧ࡀᐃࡵ࡚࠸ࡓࠊ⟶⌮⪅ࡀEUᇦෆᴗᡤࢆᣢࡘࠊEUᇦෆࡢタഛ
࡛ࢹ࣮ࢱฎ⌮ࢆ⾜࠺ሙྜࡼࡾࡶᣑࡋ࡚࠸ࡿࠋ
ࠉࡇࡢつᐃࡼࡾࠊᡃࡀᅜࡢᴗ⪅࡛࠶ࡗ࡚ࡶࠊୖ㏙ࡢ≧ἣヱᙜࡍࡿሙྜ
ࡣࠊGDPRࡀ㐺⏝ࡉࢀࡿྍ⬟ᛶࡀ⏕ࡌࡿࠋࡍ࡛ᣦࡋࡓ㏻ࡾࠊGDPRࡣ㐪
ࡢሙྜࡢไ㔠ࡢ㢠ࡀࡁࢃࡵ࡚ࡁ࠸ࡇࡶ࠶ࡾࠊᴗ⪅ࡗ࡚ࡣ㔜࡞㛵 ᚰ࡞ࡗ࡚࠸ࡿ29ࠋ
ࠉࡉࡽGDPRࡣࠊຍ┕ᅜ࡛ࡣ࡞࠸➨୕ᅜಶேࢹ࣮ࢱࡀ⛣㌿ࡍࡿ㝿ࠊḢ ᕞጤဨࡀㄆᐃࡋࡓ༑ศ࡞ࢹ࣮ࢱಖㆤࡢỈ‽ࢆ☜ಖࡋ࡚࠸ࡿࡇࢆồࡵࡿ
㸦ࠕ༑ศᛶㄆᐃࠖ㸧ࠋࡑࡢᇶ‽ࡣ45᮲ิᣲࡉࢀ࡚࠾ࡾࠊࡇࡢ༑ศᛶㄆᐃࡀ࡞࠸
➨୕ᅜࢹ࣮ࢱ⛣㌿ࢆࡍࡿሙྜࡣࠊ46᮲ᐃࡵࡽࢀࡿ㐺ษ࡞ᥐ⨨ࡀㅮࡌࡽ
ࢀ࡞ࡅࢀࡤ࡞ࡽ࡞࠸ࠋ2018ᖺ12᭶⌧ᅾ࡛ࡣࠊ᪥ᮏࡣ༑ศᛶㄆᐃࢆᚅࡘẁ㝵࡛
࠶ࡿ30ࠋ
ࠉከᅜ⡠ᴗ࠾࠸࡚ࡣࠊḢᕞᇦෆࡢࢢ࣮ࣝࣉᴗࡽࠊᇦእࡢࢢ࣮ࣝࣉᴗ
ሗࢆ⛣㌿ࡋࡓ࠸࠸࠺せㄳࡶ࠶ࡾᚓࡿࠋࡇࡢࡼ࠺࡞ᴗࢢ࣮ࣝࣉෆ࡛ࡢ ಶேࢹ࣮ࢱ⛣㌿㛵ࡋ࡚ࡣࠊᣊ᮰ⓗᴗ‽๎㸦Binding Corporate Rules㸧ࢆタ ࡅࠊྛᅜࡢಖㆤᙜᒁ㸦Data Protection Authority; DPA㸧ࡢᢎㄆࢆཷࡅࢀࡤࠊಶே
ࢹ࣮ࢱࡢ⛣㌿ࡀྍ⬟࡞ࡿࡇࡀᐃࡵࡽࢀࡓ㸦47᮲㸧ࠋ
ࠉࡇࡢࡼ࠺࡞༑ศᛶㄆᐃ࠶ࡿ࠸ࡣᣊ᮰ⓗᴗ‽๎ᚑ࠺ಶேࢹ࣮ࢱࡢ⛣㌿௨እ ࡣࠊGDPRࡣࠊ➨୕ᅜࡢ⾜ᨻᶵ㛵ࡽࡢࢹ࣮ࢱ㛤♧せồᑐࡋ࡚ࡶཝࡋ࠸ጼໃ
ࢆ♧ࡋ࡚࠸ࡿ㸦48᮲㸧ࠋࡇࢀࡣࠊ࠼ࡤFacebook➼ࡢITᴗࡀ࣓ࣜ࢝ᅜᐙ Ᏻಖ㞀ᒁ㸦NSA㸧➼ࡢᅜᐙᶵ㛵ḢᕞᕷẸࡢሗࢆᥦ౪ࡋ࡚࠸ࡓࡼ࠺ࠊḢ ᕞᕷẸࡢࣉࣛࣂࢩ࣮࠸࠺ᇶᮏᶒࡀಖㆤࡉࢀ࡞࠸ࡼ࠺࡞⾜Ⅽࡢᑐᢠᥐ⨨࡛
ࡶ࠶ࡿ31ࠋࡇࡇࡶࠊୖᣦࡋࡓࠊすὒࢆᣳࢇࡔᡓத㸦transatlantic war㸧ࡢ 29ࠉ ᮏ㑥࡛ಶேሗࡢಖㆤ㛵ࡍࡿ✀ࠎࡢᴗົࢆᢸᙜࡍࡿಶேሗಖㆤጤဨࡶࠊࡇࢀ
㛵ᚰࢆᐤࡏࠊࠕྛ⤌⧊࣭ᴗ➼ࡢᴗົࡢᙳ㡪ࡘ࠸࡚ࠊ࠶ࡽࡌࡵഛ࠼࡚࠾ࡃᚲせ ࡀ࠶ࠖࡿࡋ࡚ࠊ࢙࢘ࣈࢧࢺ࡛GDPR㛵㐃ࡍࡿ㈨ᩱࡢ௬ヂࡢබ㛤࡞ࢆ⾜ࡗ࡚࠸
ࡿࠋhttps://www.ppc.go.jp/enforcement/infoprovision/laws/GDPR/㸦2019ᖺ11᭶5᪥᭱⤊
☜ㄆ㸧ࢆཧ↷ࠋ
30ࠉ ࡑࡢᚋࠊ2019ᖺ1᭶23᪥ࠊ᪥ᮏࡣ༑ศᛶㄆᐃࢆᚓ࡚࠸ࡿࠋ
31ࠉ See, Panel for the Future of Science and Technology, How the General Data Protection 5HJXODWLRQFKDQJHVWKHUXOHVIRUVFLHQWL¿FUHVHDUFK-XO\SSDYDLODEOHDWKWWS
୍➃ࢆ┳ྲྀࡍࡿࡇࡀ࡛ࡁࡿࠋ
⤖ࡧ௦࠼࡚
ࠉGDPRࡣࠊḢᕞ࠸࠺୍⤒῭ᅪࡢἲつ๎࠸࠺ࡇࡶ࠶ࡾࠊᚋࡢࢹ࣮ࢱ ᕷሙ࠾࠸࡚↓どࡍࡿࡇࡣ࡛ࡁ࡞࠸ࡁ࡞⨨ࢆ༨ࡵࡿࡶࡢ࡛࠶ࡿࠋ ࠉ⣬ᖜࡢไ⣙ࡽࡁࢃࡵ࡚㞧㥍࡞ゎㄝ⤊ጞࡏࡊࡿࢆᚓ࡞ࡗࡓࡀࠊGDPRࡀ Ḣᕞࡢ౯್ほ῝ࡃ᰿ᕪࡋࡓࡶࡢ࡛࠶ࡾࠊಶேࢹ࣮ࢱࡢಖㆤ࠸࠺ഃ㠃ࡽࠊ ᇶᮏⓗ౯್࡛࠶ࡿಶேࡢᑛཝࡢಖㆤࢆព㆑ࡋ࡚࠸ࡿࡇࢆᥥࡅ࡚࠸ࢀࡤᖾ࠸࡛
࠶ࡿࠋ
ࠉࢹ࣮ࢱࡢά⏝࠸࠺ほⅬࡽぢࢀࡤࠊGAFA௦⾲ࡉࢀࡿሗᴗࢆ᧦ࡍ
ࡿ࣓ࣜ࢝ࡢ❧ሙࡽࡣࠊᙜ↛ࢹ࣮ࢱࡢྲྀᚓࡸὶ㏻ࡣಁ㐍ࡉࢀࡿࡁࡢὶࢀ
࡞ࢁ࠺ࠋࡋࡋࠊࡑࢀᑐࡍࡿⓎࡶᙜ↛࠶ࡾᚓࡿࡇࢁ࡛࠶ࡿࠋࡾࢃࡅ Ḣᕞࡀ࣓ࣜ࢝ࡇࡢⅬ࡛ᑐ❧ࡍࡿࡢࡣࠊᮏ✏࡛㏙ࡓ㏻ࡾࠊ᰿ᮏⓗ࡞౯್ほ
࡛␗࡞ࡿどⅬࢆ᭷ࡍࡿࡽ࡛࠶ࡿࠋࡇࡢⅬࢆ↓どࡋ࡚ࡣࠊ┦⌮ゎࡣ㐍ࡲࡎࠊ
⁁ࡣ῝ࡲࡿࡤࡾ࡞ࢁ࠺ࠋ
ࠉ⩻ࡗ࡚ᡃࡀᅜ࡛ࡶࠊࢹ࣮ࢱά⏝ࡼࡿ⤒῭ⓗࣥࣃࢡࢺࢆ㔜どࡋࠊྈ⟶ࡑ ࡢಁ㐍ࢆྉࡪࡼ࠺࡞ࠊ࠸ࡉࡉᭀࡶឤࡌࡽࢀࡿㄽㄪࡶࠊࡣぢࡽࢀࡿࠋ
࠼ࡤ2013ᖺࡢJRᮾ᪥ᮏࡼࡿSuica㝆ᒚṔࢹ࣮ࢱࡢ㈍ᑐࡋ࡚ࠊᾘ㈝
⪅ࡽࠕẼᣢࡕᝏ࠸ࠖⓎࡀฟࡓࡀ32ࠊࡇࢀࡣ࡞ࡐ࡞ࡢࠋឤⓗᛂࡶᛮ
ࢃࢀࡿࡀࠊ࡛ࡣࠊࡑࡢឤࡣࡇ᰿ᕪࡍࡶࡢࠋ᪂ࡓ࡞ไᗘタィ㝿ࡋ࡚
ࡣࠊࡑࡇࡲ࡛ᑀ᥀ࡾୗࡆࡿࡇࡀᚲせ࡞ࢁ࠺ࡋࠊࡑࢀࡣ࢝ࢹ࣑ࢬ࣒ࡢ
㈐ົࡢ୍ࡘ࡛࠶ࢁ࠺ࠋ
ࠉࢫࢥࢵࢺ࣭ࢠ࢙ࣕࣟ࢘ࡣGAFAࢆ㯲♧㘓ࡢᅄ㥽ኈ㆜࠼ࡓࡀࠊ㯲♧㘓ࡣ
www.europarl.europa.eu/RegData/etudes/STUD/2019/634447/EPRS_STU(2019)634447_
EN.pdf (latest access: 2019/11/05). Ḣᕞྖἲุᡤࡢ2013ᖺࡢSchrems௳㸦C- 362/14㸧ࡶཧ↷ࠋ
32ࠉ ࠕࠕSuica㝆ᒚṔ㈍ࠖኻ⟇ࡢᩍカ㸸ࣃ࣮ࢯࢼࣝࢹ࣮ࢱά⏝6ࡘࡢ຺ᡤࠖ᪥ᮏ⤒῭᪂
⪺㸦2013ᖺ12᭶19᪥㸧ࠋ
⤊ᮎࠊࡑࡋ࡚᪂ࡓ࡞ኳᆅ㐀ࢆᥥࡃࡶࡢ࡛࠶ࡿࠋሗࢹ࣮ࢱࡢୡ⏺ࡣࠊ ࡍ࡛ᅄ㥽ኈࡀ⌧ࢀࡓࠋᚋࠊ࠸࡞ࡿ᪂ࡓ࡞ኳᆅ࡞ࡿࡢ࡛࠶ࢁ࠺ࠋ
ࢃࡓࡋࡣࡲࡓࠊ᪂ࡋ࠸ኳ᪂ࡋ࠸ᆅࢆぢࡓࠋ᭱ึࡢኳ᭱ึࡢᆅࡣཤࡗ࡚
⾜ࡁࠊࡶࡣࡸᾏࡶ࡞ࡃ࡞ࡗࡓࠋ᭦ࢃࡓࡋࡣࠊ⪷࡞ࡿ㒔ࠊ᪂ࡋ࠸࢚ࣝࢧࣞ
࣒ࡀࠊኵࡢࡓࡵ╔㣭ࡗࡓⰼ᎑ࡢࡼ࠺⏝ពࢆᩚ࠼࡚ࠊ⚄ࡢࡶࢆ㞳ࢀࠊ ኳࡽୗࡗ࡚᮶ࡿࡢࢆぢࡓࠋ㸦21:01-02㸧
㸦͐㸧
ᙼࡽࡢ┠ࡢᾦࢆࡇࡈࡃࡠࡄ࠸ྲྀࡗ࡚ࡃࡔࡉࡿࠋࡶࡣࡸṚࡣ࡞ࡃࠊࡶ
ࡣࡸᝒࡋࡳࡶჃࡁࡶປⱞࡶ࡞࠸ࠋ᭱ึࡢࡶࡢࡣ㐣ࡂཤࡗࡓࡽ࡛࠶ࡿࠋ 㸦21:04㸧
̿̿ࣚࣁࢿࡢ㯲♧㘓㸦᪥ᮏ⪷᭩༠ࠗ⪷᭩ ᪂ඹྠヂ࠘㸧
ᮏ✏ࡣࠊಙク༠ಙク◊✲ዡບ㔠ࡢᡂᯝࡢ୍㒊࡛࠶ࡿࠋ
ࡢ૽ૂ༭༗ࢌ༹͂ GDPR ̞̾̀ͅ
㔠ἑᏛᏛ㝔ἲົ◊✲⛉ࠉ
㛗ࠉ℩ࠉ㈗ࠉᚿ
ࡣࡌࡵ
ࠉࡇࡢᗘ㸪㔠ἑᏛἲᏛ㢮➨୍ᮾிᘚㆤኈྖἲ◊✲ጤဨಙクἲ◊✲㒊
ࡀඹദࡍࡿᮏࢩ࣏ࣥࢪ࣒࢘࠾ᣍࡁ࠸ࡓࡔࡁឤㅰࡍࡿࡶ㸪ࡇࢀࡼࡾ㸪ᡃ ࡀᅜࡢಶேሗಖㆤἲGDPRࡘ࠸࡚㸪ᡃࡀᅜࡢಶேሗಖㆤἲࢆ࣮࣋ࢫ
㸪GDPRࡢ␗ྠࢆㄝ᫂ࡍࡿࠋ
㸯㸬ಶேሗಖㆤἲGDPRࡢ㛵ಀ
ࠉࡲࡎࡣಶேሗಖㆤἲࢆㄝ᫂ࡍࡿࡀ㸪ྠἲࡢ┠ⓗࡘ࠸࡚ࡣ㸪ྠἲࡢ➨㸯᮲
グ㍕ࡉࢀ࡚࠾ࡾ㸪ࠕ㧗ᗘሗ㏻ಙ♫ࡢ㐍ᒎక࠸ಶேሗࡢ⏝ࡀⴭࡋࡃ ᣑࡋ࡚࠸ࡿࡇ㚷ࡳࠊಶேሗࡢ㐺ṇ࡞ྲྀᢅ࠸㛵ࡋࠊᇶᮏ⌮ᛕཬࡧᨻᗓ
ࡼࡿᇶᮏ᪉㔪ࡢసᡂࡑࡢࡢಶேሗࡢಖㆤ㛵ࡍࡿ⟇ࡢᇶᮏ࡞ࡿ㡯
ࢆᐃࡵࠊᅜཬࡧᆅ᪉බඹᅋయࡢ㈐ົ➼ࢆ᫂ࡽࡍࡿࡶࠊಶேሗࢆྲྀ
ࡾᢅ࠺ᴗ⪅ࡢ㑂Ᏺࡍࡁ⩏ົ➼ࢆᐃࡵࡿࡇࡼࡾࠊಶேሗࡢ㐺ṇࡘຠ
ᯝⓗ࡞ά⏝ࡀ᪂ࡓ࡞⏘ᴗࡢฟ୪ࡧάຊ࠶ࡿ⤒῭♫ཬࡧ㇏࡞ᅜẸ⏕άࡢ ᐇ⌧㈨ࡍࡿࡶࡢ࡛࠶ࡿࡇࡑࡢࡢಶேሗࡢ᭷⏝ᛶ㓄៖ࡋࡘࡘࠊಶேࡢ ᶒ┈ࢆಖㆤࡍࡿࡇࢆ┠ⓗࡍࡿࠖ㠀ᖖ㛗࠸ෆᐜ࡞ࡗ࡚࠸ࡿࠋࡇࢀ
ࡣせࡍࡿ㸪ಶேሗ㛵ࡍࡿಶேࡢᶒ࣭┈ࡢಖㆤࠊಶேሗࡢ᭷⏝ᛶ
ࡢࣂࣛࣥࢫࢆᅗࡿࡇࢆ┠ⓗࡋࡓἲᚊ㸪࠸࠺ෆᐜ࡛࠶ࡿࠋ
ࠉࡇࢀᑐࡋ㸪GDPRࡣ㸪ࠕಶேࢹ࣮ࢱࡢฎ⌮㛵ࡍࡿ⮬↛ேࡢಖㆤ㛵ࡍࡿ
つ๎࠾ࡼࡧಶேࢹ࣮ࢱࡢ⮬⏤࡞ὶ㏻㛵ࡍࡿつ๎ࠖࡉࢀ࡚࠸ࡿࠋ
ࠉࡇࡢࡼ࠺୧⪅ࡢෆᐜࢆẚ㍑ࡋ࡚ࡳࡿ㸪࠸ࡎࢀࡶࡑࡢ┠ⓗࡣࡰྠࡌ࠸
࠺ࡇࡀ࡛ࡁࡿࠋ
ࠉࡇࡢࡼ࠺㸪┠ⓗࢆྠࡌࡃࡍࡿつᐃ࡞ࡗ࡚࠸ࡿࡢࡣ㸪࠸ࡎࢀࡶ࠸ࢃࡺࡿ
OECD㸶ཎ๎ᇶ࡙ࡁ㸪ไᐃࡉࢀ࡚࠸ࡿࡽ࡛࠶ࡿࠋOECD㸶ཎ๎ࡣ㸪
࣭㞟ไ㝈ࡢཎ๎㸦Collection Limitation Principle㸧
࣭ࢹ࣮ࢱෆᐜࡢཎ๎㸦Data Quality Principle㸧
࣭┠ⓗ᫂☜ࡢཎ๎㸦3XUSRVH6SHFL¿FDWLRQ3ULQFLSOH㸧
࣭⏝ไ㝈ࡢཎ๎㸦Use Limitation Principle㸧
࣭Ᏻಖㆤࡢཎ๎㸦Security Safeguards Principle㸧
࣭බ㛤ࡢཎ๎㸦Openness Principle㸧
࣭ಶேཧຍࡢཎ๎㸦Individual Participation Principle㸧
࣭㈐௵ࡢཎ๎㸦Accountability Principle㸧
࠸ࡗࡓࡇࢆෆᐜࡋ࡚࠸ࡿࡀ㸪ࡇࢀࡽࡢཎ๎ᇶ࡙ࡁ㸪ྛᅜࡸྛᆅᇦࡀ㸪 ಶேሗࡢྲྀᢅ࠸㛵ࡍࡿἲ௧ࢆไᐃࡋ࡚࠸ࡿࡇ㸪ࡑࡋ࡚ಶேሗࡢྲྀᢅ࠸
ࡘࡁ㸪ྛᅜࡸྛᆅᇦ࠾࠸࡚㸪ᡓ␎ⓗ⏝ࡋ࡚࠸ࡁࡓ࠸࠸࠺ࢽ࣮ࢬࡀ࠶
ࡿࡇ㸪ࡇࡢࡼ࠺࡞ඹ㏻ࡍࡿ⫼ᬒࡽ㸪ᡃࡀᅜࡢሙྜࡣಶேሗಖㆤἲࡀไ ᐃࡉࢀ㸪EU࠾࠸࡚ࡣGDPRࡀไᐃࡉࢀࡓࡶࡢ࡛࠶ࡾ㸪࠸ࢃࡤ㸪OECD㸶ཎ
๎ࢆぶࡋࡓᘵࡢࡼ࠺࡞㛵ಀ࠸࠼ࡿࠋ
ࠉࡓࡔ㸪Ḣᕞ࠾࠸࡚ࡣ㸪ᡃࡀᅜࡼࡾࡶಶேሗࡢྲྀᢅ࠸㛵ࡋ࡚ࡣඛࢇࡌ࡚
࠾ࡾ㸪࠸ࢃࡤ࡞ࡾ㸪ᡃࡀᅜࡣᘵࡢࡼ࠺࡞㛵ಀ࡞ࡿࠋᡃࡀᅜಶேሗಖ ㆤἲࡀไᐃࡉࢀࡓ2003ᖺ㸦ᖹᡂ15ᖺ㸧࠾࠸࡚㸪⾗㆟㝔ࡢグ㘓ࢆぢ࡚ࡶ㸪 ࠕ1995ᖺḢᕞ㐃ྜ࡛᥇ᢥࡉࢀࡓࠗ㹃㹓ࢹ࣮ࢱಖㆤᣦ௧㸦Directive 95/46/
EC㸧࠘ᑐࡋ࡚㸪᪥ᮏࡋ࡚ࡶఱࡽࡢᑐᛂࡀᚲせ࡛࠶ࡿࠖࡢㄆ㆑ࡢୗ㸪 ಶேሗಖㆤἲࡀᡃࡀᅜ࡛ไᐃࡉࢀ࡚࠸ࡿࠋࡓࡔ㸪ࡑࡢⅬ࡛㸪ಶேሗ₃࠼
࠸㛵ࡍࡿ௳ࡶ㢖Ⓨࡋ࡚࠾ࡾ㸪ࡑ࠺࠸ࡗࡓ௳ࡶἲᚊไᐃࡢ㏆ᅉ࡞ࡗࡓ
ࡶゝࢃࢀ࡚࠸ࡿࠋ
ࠉࡕ࡞ࡳ࣓ࣜ࢝࠾࠸࡚ࡣ㸪ಶேሗࡣ␗࡞ࡿࣉࣛࣂࢩ࣮࠸࠺ᴫᛕ
࡛ಶே㛵ࡍࡿሗࢆᢅࡗ࡚࠾ࡾ㸪ྲྀᢅ࠸ࡀ␗࡞ࡿࡇὀពࡀᚲせ࡞ࡿ
ࡀ㸪ᅇࡣࡇࡢⅬ㛵ࡋ࡚ࡢ῝ධࡾࡣࡋ࡞࠸ࠋ
㸰㸬ಶேሗಖㆤἲGDPRࡢ┦㐪Ⅼ㸦⥲ㄽ㸧
ࠉࡇࡢࡼ࠺࡞ᘵ㛵ಀ࠶ࡿಶேሗಖㆤἲGDPRࡔࡀ㸪ࡁࡃ7ࡘࡢ㐪
࠸ࡀ࠶ࡿࠋ
ࠉࡲࡎࡣಖㆤࡢ⠊ᅖ࡛࠶ࡿࠋಶேሗಖㆤἲ࠾࠸࡚ࡣ㸪ࠕ⏕Ꮡࡍࡿಶே࡛≉
ᐃࡢಶேࢆ㆑ู࡛ࡁࡿࡶࡢࠖࡀ࣓ࣥ࡞ࡗ࡚࠸ࡿࡢᑐࡋ㸪GDPR࡛ࡣ㸪 ࠕ㆑ูࡉࢀࡓ㸪ࡲࡓࡣ㆑ู࡛ࡁࡿ⮬↛ே㛵ࡍࡿሗࠖ࡞ࡗ࡚࠾ࡾ㸪࢜ࣥࣛ
ࣥ㆑ูᏊ㸪ࡓ࠼ࡤ㸪ࢡࣞࢪࢵࢺ␒ྕࡸ࢙࢘ࣈࢧ࣮ࣅࢫࢆ⏝ࡍࡿࡁస ᡂࡋࡓ࣮ࣘࢨྡࡶྵࡴෆᐜ࡞ࡗ࡚࠸ࡿࠋࡇࡢⅬࡣಶேሗಖㆤἲࡢᨵṇࡢ᳨
ウ࠾࠸࡚ࡶ༠㆟ࡉࢀࡓᶍᵝࡔࡀ㸪ᡃࡀᅜ࡛ࡣ᥇⏝ࡉࢀ࡞ࡗࡓࠋ
ࠉḟ㸪ྠពࡢ᭷ຠせ௳࡛࠶ࡿࠋಶேሗಖㆤἲࡣ㸪≉᫂グࡉࢀ࡚࠸࡞࠸
ࡀ㸪GDPR࠾࠸࡚ࡣ㸪ྠពࡢ௵ពᛶ㸪≉ᐃᛶ㸪᫂ⓑᛶ࡞㸪ྠពࡀ᭷ຠ࡞
ࡿࡓࡵࡢせ௳ࡀ࡞ࡾ⣽ࡃグ㍕ࡉࢀ࡚࠸ࡿࠋࡇࡢⅬࡘ࠸࡚ࡣᚋヲ⣽
ㄝ᫂ࡍࡿࡀ㸪࡞ࡾཝࡋ࠸ෆᐜ࡞ࡗ࡚࠸ࡿࡇὀពࡀᚲせ࡛࠶ࡿࠋ ࠉࡑࡋ࡚㸪ࢹ࣮ࢱయࡀᥦ౪ࡍࡁሗࡢⅬ࡛࠶ࡿࠋಶேሗಖㆤἲࡣఱࡽ
᫂グࡉࢀ࡚࠸࡞࠸ࡀ㸪GDPR࠾࠸࡚ࡣ㸪⟶⌮⪅ࡢྡ⛠࡞㸪≉ᐃࡢሗࡢᥦ ౪⩏ົࡀつᐃࡉࢀ࡚࠸ࡿࠋ
ࠉࡲࡓ㸪㉺ቃ⛣㌿つไ࡛ࡶⱝᖸࡢ㐪࠸ࡀ࠶ࡿࠋ࠸ࡎࢀ࠾࠸࡚ࡶ㸪ཎ๎ࡋ࡚
㉺ቃ⛣㌿ࢆㄆࡵࡎ㸪ࡓࡔ㸪୍ᐃࡢせ௳ࢆㄢࡋࡓୖ࡛㸪㉺ቃ⛣㌿ࢆㄆࡵ࡚࠸ࡿ
ࡀ㸪ಶேሗಖㆤἲ࠾࠸࡚ࡣ㸪ᡃࡀᅜྠ➼ࡢಖㆤỈ‽ࡀ࠶ࡿಶேሗಖ ㆤጤဨつ๎࡛ᐃࡵࡓሙྜࡸྠព࡞ࢆせồࡋ࡚࠸ࡿࡢᑐࡋ㸪GDPR࠾࠸
࡚ࡣ㸪༑ศᛶㄆᐃࡸྠព࡞ࢆせồࡋ࡚࠸ࡿࠋ
ࠉࡑࡋ࡚㸪ᇦእ㐺⏝ࡘ࠸࡚ࡶࡁࡃ␗࡞ࡗ࡚࠸ࡿࠋಶேሗಖㆤἲࡶGDPR
ࡶ㸪୍ᐃࡢ⠊ᅖ࡛ᇦእ㐺⏝ࢆつᐃࡋ࡚࠸ࡿࡀ㸪ಶேሗಖㆤἲࡣ⌧ᆅࡢ┘╩ᙜ ᒁࡀ࣮ࣝࣝࢆ㐺⏝ࡍࡿࡇࢆᐃࡋ࡚࠸ࡿࡢᑐࡋ㸪GDPR࠾࠸࡚ࡣ㸪EU ࡀ┤᥋GDPRࢆ㐺⏝ࡍࡿࡇࢆᐃࡋ࡚࠸ࡿࠋࡇࡢⅬ㸪Ḣᕞࡢಶேሗಖ ㆤᑐࡍࡿᙉ࠸࠸ࢆឤࡌࡿࡇࡀ࡛ࡁࡿࠋ
ࠉࡉࡽ㸪ࢭࣥࢩࢸࣈ࣭ࢹ࣮ࢱࡘ࠸࡚㸪ಶேሗಖㆤἲࡣ㸪ே✀ࡸಙ᮲ࢆ
ᑐ㇟ࡋ࡚࠸ࡿࡢᑐࡋ㸪GDPR࡛ࡣ㸪ே✀㸪ᨻⓗぢゎ㸪᐀ᩍⓗಙᛕ㸪㑇ఏ Ꮚࢹ࣮ࢱ࡞㸪ಶேሗಖㆤἲ㔜࡞ࡿ㒊ศࡑࢀ௨ୖࡢ㒊ศࡀ࠶ࡿࠋ ࠉࡑࡋ࡚㸪ᩆ῭࣭ไ㔠࡛࠶ࡿࠋࡇࡢⅬࡀᴟࡵ࡚ࡁ࡞ᙳ㡪ຊࢆࡶࡗ࡚࠾ࡾ㸪 ಶேሗಖㆤἲ࠾࠸࡚ࡣ⨩㔠ࢆ⛉ࡍࡇࡶᐃࡋ࡚࠸ࡿࡀ㸪࠶ࡃࡲ࡛⌧ᆅࡢ
࣮ࣝࣝࡢ㐺⏝ࢆᐃࡋ࡚࠸ࡿࡢᑐࡋ㸪GDPR࠾࠸࡚ࡣ㸪EU⊂⮬ࡢᕧ㢠ࡢ ไ㔠ࢆᐃࡋ࡚࠸ࡿࠋලయⓗࡣ㸪࡛᭱2000࣮ࣘࣟ㸦⣙25൨㸧ཪࡣ ᙜヱィᖺᗘࡢୡ⏺ᖺ㛫ୖ㧗ࡢ4㸣ࡢ㸪ࡕࡽ㧗࠸᪉ࢆไ㔠ࡋ࡚⛉
ࡍࡇࡀつᐃࡉࢀ࡚࠸ࡿࠋ
ࠉ᭱ᚋ㸪GDPR࠾࠸࡚ࡣ㸪୍ᐃࡢ⠊ᅖ࡛ࡣ࠶ࡿࡀ㸪ᮍᡂᖺ⪅ࡢᖺ㱋ࡢྲྀᢅ
࠸ࡸ㸪࣊ࣝࢫࢣࢹ࣮ࢱࡢྲྀᢅ࠸࡞㸪≉ᐃࡢ㡯ࡘ࠸࡚ࡣ㸪ຍ┕ᅜࡢ㔞
ࡼࡾ␗࡞ࡿෆᐜ࡞ࡿⅬὀពࡀᚲせ࡛࠶ࡿࠋ≉ࢻࢶࡣGDPRࡼࡾࡶ
ཝࡋ࠸つไࢆタࡅ࡚࠸ࡿࡇࡶ࠶ࡾ㸪ὀពࡀᚲせ࡛࠶ࡿࠋ ࠉ௨ୖࡀ㸪ಶேሗಖㆤἲGDPRࡢ㸪ࡁ࡞┦㐪Ⅼ࡛࠶ࡿࠋ
㸱 㸬ಶேሗಖㆤἲGDPRࡢ┦㐪Ⅼ㸦ྛㄽ㸧ࠉ㸫ಶேሗಖㆤἲ࠾ࡅࡿಶ
ேሗࡢྲྀᢅ࠸ࢆ࣮࣋ࢫ㸫 㸦㸯㸧␗ྠࢆ᳨ウࡍࡿどⅬ
ࠉ࡛ࡣḟ㸪ಶேሗಖㆤἲGDPRࡢ┦㐪Ⅼࡘ࠸࡚㸪⣽ࡃㄝ᫂ࡍࡿࠋ ࡇࢀࡽඛࡣ㸪ಶேሗಖㆤἲ࠾ࡅࡿಶேሗࡢྲྀᢅ࠸㸪ࡍ࡞ࢃࡕ㸪ಶே
ሗಖㆤἲࡢᑐ㇟࡞ࡿಶேሗ➼ࡢᑐ㇟ࡀఱ㸪ࡑࡢྲྀᢅయࡣㄡ㸪ಶே
ሗ➼ࡢྲྀᚓࡣࡢࡼ࠺⾜࠺㸪⟶⌮ࡣࡢࡼ࠺⾜࠺㸪ࡑࡢ⏝ࡸᥦ౪㸪 㛤♧ࡣࡢࡼ࠺⾜࠺㸪ࡑࡋ࡚₃࠼࠸ࡀ⏕ࡌࡓࡁ࠺ࡍࡁ㸪࠸ࡗ ࡓほⅬࡽㄝ᫂ࡍࡿࠋ
㸦㸰㸧ಶேሗ➼ࡢᑐ㇟
ࠉࡲࡎ㸪ಶேሗ➼ࡢᑐ㇟࡛࠶ࡿࡀ㸪ࡇࡢⅬ㸪ಶேሗಖㆤἲ࠾࠸࡚ࡣ㸪 ࠕ⏕Ꮡࡍࡿಶே㛵ࡍࡿሗ࡛࠶ࡾ㸪ࡘ㸪Ặྡ࡞ࡼࡾ≉ᐃࡢಶேࢆ㆑ู
࡛ࡁࡿࡶࡢ㸪ࡲࡓࡣ㸪ಶே㆑ู➢ྕࡀྵࡲࢀࡿࡶࡢࠖࡀᑐ㇟ࡉࢀ࡚࠸ࡿࠋࡇ
ࡢࡼ࠺㸪୍⯡⏝ㄒࡋ࡚ࡢಶேሗ⯡࡛ࡣ࡞ࡃ㸪࠶ࡃࡲ࡛㸪⏕Ꮡࡋ࡚࠸ࡿ
⮬↛ே㛵ࡍࡿࡶࡢ࡛࠶ࡾ㸪ࡘ㸪ಶே㆑ูᛶࢆ᭷ࡍࡿࡶࡢࡀᑐ㇟࡞ࡗ࡚࠸
ࡿࠋලయⓗࡣ㸪ᮏேࡢẶྡࡸ⏕ᖺ᭶᪥㸪ఫᡤࡣࡶࡕࢁࢇ㸪㜵≢࣓࢝ࣛグ㘓 ࡉࢀࡓሗ࡞࡛ᮏேࡀ㆑ู࡛ࡁࡿᫎീሗ㸪≉ᐃಶேࢆ㆑ู࡛ࡁࡿ࣓࣮ࣝ
ࢻࣞࢫࡀ≉ᐃࡢಶேࢆ㆑ู࡛ࡁࡿࡶࡢࡢ௦⾲࡛࠶ࡾ㸪ࡲࡓ㸪ಶே㆑ู➢ྕࡢ
ࡋ࡚ࡣ㸪࣐ࢼࣥࣂ࣮ࡸ㐠㌿චチド␒ྕ㸪DNAሷᇶ㓄ิ㸪ᣦ⣠㸪㟼⬦ࡢ ᙧ≧࡞࠸ࡗࡓࡶࡢࡀᣲࡆࡽࢀࡿࠋ
ࠉࡑࡋ࡚㸪ࡇࡢࡼ࠺࡞ಶேሗຍ࠼㸪せ㓄៖ಶேሗ࠸࠺ࡶࡢࡀつᐃࡉࢀ
࡚࠸ࡿࠋࡇࢀࡣ㸪ࠕᮏேᑐࡍࡿ┈ࡀ⏕ࡌ࡞࠸ࡼ࠺ࡑࡢྲྀᢅ࠸≉㓄
៖ࢆせࡍࡿࡶࡢ࡛㸪ᨻ௧࡛ᐃࡵࡽࢀ࡚࠸ࡿࡶࡢ࡛ࠖ㸪ලయⓗࡣ㸪ே✀㸪ಙ ᮲㸪♫ⓗ㌟ศ࠸ࡗࡓ᠇ἲࡶつᐃࡉࢀ࡚࠸ࡿࡼ࠺࡞ࡶࡢࡢእ㸪㌟యࡢ㞀 ᐖࡸ▱ⓗ㞀ᐖ㸪ᗣデ᩿⤖ᯝ㸪㐊ᤕṔࡸಖㆤฎศṔ࡞࠸ࡗࡓࡶࡢࡀᑐ㇟
࡞ࡿࠋ
ࠉࡇࡢࡼ࠺㸪ಶேሗಖㆤἲ࠾࠸࡚ࡣ㸪ಶேሗࡑࡢࡶࡢࡢእ㸪せ㓄៖
ಶேሗࢆຍ࠼㸪ࠕಶேሗ➼ࠖࡋ࡚㸪ࡑࡢಖㆤࡢᑐ㇟ࡋ࡚࠸ࡿࠋ ࠉࡇࡢࡼ࠺࡞ಶேሗಖㆤἲẚ㍑ࡋ㸪GDPR࠾࠸࡚ࡣ㸪ඛ㏙ࡓ࠾
ࡾ㸪ࠕ࢜ࣥࣛࣥ㆑ูᏊࠖ࠸ࡗࡓࡶࡢࡶࡑࡢಖㆤࡢᑐ㇟࡞ࡗ࡚࠸ࡿࠋࡲ
ࡓ㸪ಶேሗಖㆤἲ࠸࠺ࠕせ㓄៖ಶேሗࠖ┦ᙜࡍࡿࡶࡢࡋ࡚㸪ࠕࢭࣥ
ࢩࢸࣈ࣭ࢹ࣮ࢱࠖ࠸࠺ࡶࡢࡀ࠶ࡿࡀ㸪せ㓄៖ಶேሗࡼࡾࡶᴫᛕࡀᗈࡃ㸪
࠼ࡤ㸪ᗣ㛵ࡍࡿࢹ࣮ࢱࡘ࠸࡚ࡣ㸪ಶேሗಖㆤἲ࡛ࡣࠕᶵ⬟ࡢ㞀ᐖࠖ
࠸࠺㝈ᐃࡢ⠊ᅖෆ࡛࠶ࡿࡶࡢࡢ㸪GDPR࡛ࡣࡑࡢࡼ࠺࡞㝈ᐃࡣ࡞ࡃ㸪ࢹ࣮ࢱ
యࡢᗣ≧ែ㛵ࡍࡿࡍ࡚ࡀࡑࡢಖㆤࡢᑐ㇟࡞ࡗ࡚࠸ࡿࠋࡲࡓ㸪ᛶ⏕ά
ࡸᛶⓗႴዲ㛵ࡍࡿࢹ࣮ࢱࡶ㸪ಶேሗಖㆤἲࡣྵࡲࢀ࡚࠸࡞࠸ࡶࡢࡢ㸪 GDPRࡣྵࡲࢀ࡚࠸ࡿࠋࡋࡓࡀࡗ࡚㸪ࡘ࠸ඛ᪥㸪ࢿࢵࢺୖ࡛ࡕࡻࡗࡋࡓ㦁 ࡂ࡞ࡗࡓ㸪TSUTAYAࡢᗑဨࡀ㸪⮬ศࡢዲࡁ࡞࣮ࢸࢫࢺࢆᢈุࡉࢀ࡚❧
⭡ࡋ㸪ࡑࡢᢈุࡋࡓᐈࡢࠕྡ๓ࡽᛶⒷࡲ࡛ᭀ㟢ྍ⬟ࠖ᭩ࡁ㎸ࢇࡔ௳㛵 ࡋ㸪௬ᛶⒷࢆࢵࣉ࣮ࣟࢻࡋ࡚࠸ࡓࡽ㸪GDPR࡛ࡣไࡢᑐ㇟࡞ࡿࡇ