著者別表示 HAGA Yuriko, NAGASE Takashi, Trust Law Research committee DAI‑ICHI TOKYO BAR ASSOCIATION

著者 羽賀 由利子, 長瀬 貴志, 第 一東京弁護士会司法 研究委員会信託法研究部会

著者別表示 HAGA Yuriko, NAGASE Takashi, Trust Law Research committee DAI‑ICHI TOKYO BAR ASSOCIATION

雑誌名 金沢法学

巻 62

号 2

ページ 137‑187

発行年 2020‑03‑31

URL http://doi.org/10.24517/00058167

ࡣࡌࡵ࡟

ࠉᮏ✏ࡣࠊ2018ᖺ12᭶15᪥ࠊ㔠ἑ኱ᏛἲᏛ㢮࡜➨୍ᮾிᘚㆤኈ఍ྖἲ◊✲

ጤဨ఍ಙクἲ◊✲㒊఍ࡀඹྠ㛤ദࡋࡓࢩ࣏ࣥࢪ࣒࢘ࠕGDPR࡜᝟ሗಙクࡢ஺

㘒ࠖࡢグ㘓࡛࠶ࡿࠋ

ࠉ௒᪥ࠊ᝟ሗࡣࠕ21ୡ⣖ࡢ▼Ἔࠖ࡜ࡋ࡚⤒῭ⓗ࡟㔜せ࡞ᆅ఩ࢆ༨ࡵࠊࠕ➨ᅄḟ

⏘ᴗ㠉࿨ࠖ࡜ࡶ࿧ࡤࢀࡿ♫఍ࡢኚ㠉ᮇࢆ㏄࠼࡚࠸ࡿࠋ᝟ሗὶ㏻࡟㛵ࡍࡿไᗘタ ィࡀᛴࡀࢀ࡚࠸ࡿ⌧௦࡟࠾࠸࡚ࠊ᝟ሗὶ㏻࡟㛵㐃ࡍࡿἲⓗၥ㢟ࡢゎỴࡶႚ⥭ࡢ ㄢ㢟࡛࠶ࡿࠋ

ࠉᮏࢩ࣏ࣥࢪ࣒࢘ࡣࠊࡑࡢ୰࡛ࡶ≉࡟ᅜቃࢆ㉸࠼ࡿࢹ࣮ࢱὶ㏻࡟ࡘ࠸࡚ࡢἲⓗ

ၥ㢟࡟↔Ⅼࢆᙜ࡚ࠊ࡜ࡾࢃࡅEU࡛ᡂ❧ࡋࡓ୍⯡ࢹ࣮ࢱಖㆤつ๎㸦General Data Protection Regulation: GDPR㸧࡜ࡢ㛵ಀ࡛ࡢ᳨ウ࡟ྲྀࡾ⤌ࢇࡔࠋ

ࠉEU࡛ไᐃࡉࢀࠊ2018ᖺ5᭶࡟᪋⾜ࡉࢀࡓGDPRࡣࠊ➨୍⩏ⓗ࡟ࡣಶே

ࢹ࣮ࢱಖㆤ࡟㛵ࡍࡿEUἲ࡛࠶ࡿࡀࠊ๐㝖ᶒࡸࢹ࣮ࢱ࣏࣮ࢱࣅࣜࢸ࢕ᶒ࡜࠸ࡗ ࡓ᪂ࡓ࡞ᴫᛕࡀᥦၐࡉࢀࡓࡇ࡜࡛ࠊḢᕞᇦእ࠿ࡽࡶὀ┠ࢆ㞟ࡵ࡚࠸ࡿࠋGDPR ࡣࠊ୍ᐃࡢሙྜ࡟ࡣᇦእ࡟ࡶ㐺⏝ࡉࢀࡿྍ⬟ᛶࡀ࠶ࡾࠊࡉࡽ࡟ࡣ㧗㢠ࡢไ⿢㔠

ࡶᐃࡵࡽࢀ࡚࠸ࡿࡇ࡜ࡶ࠶ࡾࠊᐇົ⏺࠿ࡽࡢ㛵ᚰࡶ㧗࠸ࠋ

ࠉᮏࢩ࣏ࣥࢪ࣒࡛࢘ࡣࠊࡲࡎࠊᅜቃࢆ㉸࠼ࡿ᝟ሗࡢྲྀᘬ࡟㛵ᚰࢆ᭷ࡍࡿ➹⪅

ࡀࠊ㆟ㄽࡢᇶ┙࡜ࡋ࡚ࠊGDPRࡢᴫせ࡜ࡑࡢ⫼ᬒ࡟ࡘ࠸࡚☜ㄆࡋࡓࠋࡑࡢୖ

࡛ࠊ⿢ุᐁ᫬௦࡟⥲ົ┬࡟ฟྥࡉࢀࠊಶே᝟ሗಖㆤἲࡢࡈᢸᙜ࡜ࡋ࡚ࡶά㌍ࡉ

ࢀࡓᮏᏛἲົ◊✲⛉ࡢ㛗℩㈗ᚿඛ⏕ࡼࡾࠊಶே᝟ሗಖㆤἲ࡜GDPR࡜ࡢෆᐜ ࡢ␗ྠࡸ㐺⏝㛵ಀ࡟ࡘ࠸࡚ࡢࡈㅮ₇ࢆ࠸ࡓࡔ࠸ࡓࠋࡑࡋ࡚ࠊ⌧௦ࡢ᝟ሗὶ㏻࡟

Ώϋεΐ;θȶ GDPR ͂ૂ༭૞ు͈࢐॒ȷ

⩚㈡⏤฼Ꮚ࣭㛗℩㈗ᚿ࣭

➨୍ᮾிᘚㆤኈ఍ྖἲ◊✲ጤဨ఍ಙクἲ◊✲㒊఍

࠿࠿ࡿၥ㢟ⅬࡸࡑࡢゎỴ࡟ࡘ࠸࡚ࠊ➨୍ᮾிᘚㆤኈ఍ྖἲ◊✲ጤဨ఍ಙクἲ◊

✲㒊఍ࡢᘚㆤኈࡢඛ⏕᪉ࡼࡾࠊᐇົᐙࡢどⅬ࠿ࡽࡢࡈ㆟ㄽࢆ࠸ࡓࡔ࠸ࡓࠋྠ㒊

఍ࡣࠊಙクศ㔝࡟ࡘ࠸࡚ᐇົࡢ▱ぢࢆά࠿ࡋࡓᵝࠎ࡞άື࡟ྲྀࡾ⤌ࢇ࡛࠾ࡾࠊ

㏆ࠎࡢᑟධࢆ࡟ࡽࢇ࡛άⓎ࡟㆟ㄽࡉࢀ࡚࠸ࡿࠕ᝟ሗಙクࠖࡶ◊✲ࢸ࣮࣐ࡢ୍ࡘ

࡜ࡋ࡚࠸ࡿࠋᮏࢩ࣏ࣥࢪ࣒࡛࢘ࡣࠊ᝟ሗಙク࡟㛵ࡍࡿᵝࠎ࡞᝿ᐃ஦౛ࢆᣲࡆࡘ ࡘࠊ᝟ሗ㖟⾜࡜࠸࠺᪂ࡓ࡞ᴗົᙧែ࡟ࡶゝཬࡍࡿᖜᗈ࠸㆟ㄽࡀᒎ㛤ࡉࢀࡓࠋ ࠉᮏ✏ࡣࠊࢩ࣏ࣥࢪ࣒࡛࢘⏝࠸ࡽࢀࡓཎ✏ࢆᇶ♏࡜ࡋࡘࡘࠊㄽᩥ࠶ࡿ࠸ࡣㅮ₇ 㘓ࡢᙧ࡛ࠊຍ➹ಟṇࡋࡓࡶࡢ࡛࠶ࡿࠋグ㘓ࡢබ⾲࡟࠶ࡓࡗ࡚ࡣࠊࡈⓏቭࡢඛ⏕

᪉࡟ࡣ࠾ᛁࡋ࠸୰࡟ཎ✏໬࡟ࡈᑐᛂ࠸ࡓࡔ࠸ࡓࠋᚰࡼࡾឤㅰ⏦ࡋୖࡆࡿࠋᮏࢩ

࣏ࣥࢪ࣒࢘ࡣ2018ᖺ෤ࡢ㛤ദ࡛࠶ࡗࡓࡀࠊࡑࡢ᫬Ⅼ࡛ࡣ⏕ࡌ࡚࠾ࡽࡎࠊࡑࡢ ᚋఱࡽ࠿ࡢኚ໬ࡀ࠶ࡗࡓ஦㡯࡟ࡘ࠸࡚ࡶࠊཎ✏໬ࡢẁ㝵࡛⿵᏶ࡋࡓࡇ࡜ࢆࡇࡇ

࡟グࡋ࡚࠾ࡁࡓ࠸ࠋ

ࠉ࡞࠾ࠊᮏࢩ࣏ࣥࢪ࣒࢘ࡢ㛤ദ࡟࠶ࡓࡗ࡚ࡣࠊ㔠ἑ኱ᏛἲᏛ㢮ࠊẸ஦ἲ◊✲఍

࠿ࡽ㈈ᨻ㠃ࢆྵࡵࠊᵝࠎ࡞ᨭ᥼ࢆ㡬ᡝࡋࡓࠋࡇࡇ࡟グࡋ࡚ឤㅰ⏦ࡋୖࡆࡿࠋ

⩚㈡⏤฼Ꮚ

GDPR ͈״ڟ̷͈͂ඤယ

㔠ἑ኱ᏛἲᏛ㢮ࠉ

⩚ࠉ㈡ࠉ⏤฼Ꮚ

ࡑࡋ࡚ぢ࡚࠸ࡿ࡜ࠊぢࡼࠊⓑ࠸㤿ࡀ⌧ࢀࠊ஌ࡗ࡚࠸ࡿ⪅ࡣࠊᘪࢆᣢࡗ࡚࠸

ࡓࠋᙼࡣෙࢆ୚࠼ࡽࢀࠊ຾฼ࡢୖ࡟᭦࡟຾฼ࢆᚓࡼ࠺࡜ฟ࡚⾜ࡗࡓࠋ 㸦06:02㸧

㸦͐㸧

ࡍࡿ࡜ࠊⅆࡢࡼ࠺࡟㉥࠸ูࡢ㤿ࡀ⌧ࢀࡓࠋࡑࡢ㤿࡟஌ࡗ࡚࠸ࡿ⪅࡟ࡣࠊᆅ

ୖ࠿ࡽᖹ࿴ࢆዣ࠸ྲྀࡗ࡚ࠊẅࡋྜ࠸ࢆࡉࡏࡿຊࡀ୚࠼ࡽࢀࡓࠋࡲࡓࠊࡇࡢ

⪅࡟ࡣ኱ࡁ࡞๢ࡀ୚࠼ࡽࢀࡓࠋ㸦06:04㸧

ᑠ⨺ࡀ➨୕ࡢᑒ༳ࢆ㛤࠸ࡓ࡜ࡁࠊ➨୕ࡢ⏕ࡁ≀ࡀࠕฟ࡚᮶࠸ࠖ࡜ゝ࠺ࡢ

ࢆࠊࢃࡓࡋࡣ⪺࠸ࡓࠋࡑࡋ࡚ぢ࡚࠸ࡿ࡜ࠊぢࡼࠊ㯮࠸㤿ࡀ⌧ࢀࠊ஌ࡗ࡚࠸

ࡿ⪅ࡣࠊᡭ࡟⛗ࢆᣢࡗ࡚࠸ࡓࠋ㸦06:05㸧 㸦͐㸧

ࡑࡋ࡚ぢ࡚࠸ࡿ࡜ࠊぢࡼࠊ㟷ⓑ࠸㤿ࡀ⌧ࢀࠊ஌ࡗ࡚࠸ࡿ⪅ࡢྡࡣࠕṚࠖ࡜

࠸࠸ࠊࡇࢀ࡟㝜ᗓࡀᚑࡗ࡚࠸ࡓࠋᙼࡽ࡟ࡣࠊᆅୖࡢᅄศࡢ୍ࢆᨭ㓄ࡋࠊ๢

࡜㣚㤡࡜Ṛࢆࡶࡗ࡚ࠊ᭦࡟ᆅୖࡢ㔝⋇࡛ேࢆ⁛ࡰࡍᶒጾࡀ୚࠼ࡽࢀࡓࠋ 㸦06:08㸧

̿̿ࣚࣁࢿࡢ㯲♧㘓㸦᪥ᮏ⪷᭩༠఍ࠗ⪷᭩ ᪂ඹྠヂ࠘㸧

ࡣࡌࡵ࡟

ࠉ࢔࣓ࣜ࢝࡟ᮏᣐࢆ⨨ࡃᕧ኱IT௻ᴗ࡛࠶ࡿGoogleࠊAppleࠊFacebookࠊAmazon ࡢࡑࢀࡒࢀࡢ㢌ᩥᏐࢆྲྀࡾࠊGAFA࡜࿧ࡧ࡞ࡽࢃࡍࡼ࠺࡟࡞ࡗ࡚ஂࡋ࠸ࠋ ࠉ2018ᖺࠊࢽ࣮࣮ࣗࣚࢡ኱Ꮫࢫࢱ࣮ࣥ⤒Ⴀ኱Ꮫ㝔ᩍᤵ࡛࠶ࡿࢫࢥࢵࢺ࣭ࢠࣕ

࢙ࣟ࢘࢖ࡀࡇࡢᅄ௻ᴗࢆࣚࣁࢿࡢ㯲♧㘓ࡢᅄ㥽ኈ࡟࡞ࡒࡽ࠼ࡓ᭩⡠ࢆୖᱻࡋ¹ࠊ 1ࠉ S. Galloway, The Four: The Hidden DNA of Amazon, Apple, Facebook, and Google (Portfolio,

ࡑࡢ㑥ヂࡶዲㄪ࡟኎ࡾୖࡆࢆఙࡤࡋ࡚࠸ࡿ²ࠋ

ࠉࣚࣁࢿࡢ㯲♧㘓࡜ゝ࠼ࡤࠊ࢟ࣜࢫࢺᩍ㯲♧ᩥᏛࡢ୰࡛᭱ࡶ㆟ㄽࢆ࿧ࢇࡔᩥ᭩

ࡢ୍ࡘ࡛࠶ࡾ³ࠊ⨾⾡ࡸᩥᏛ࡞࡝ࡢⱁ⾡ศ㔝࡟ࡶ኱ࡁ࡞ᙳ㡪ࢆ୚࠼࡚࠸ࡿࡶࡢ࡛

࠶ࡿࠋࡑࡇ࡟Ⓩሙࡍࡿ㯲♧㘓ࡢᅄ㥽ኈ㸦Four Horsemen of the Apocalypse㸧ࡣࠊ

࢜ࢵࢡࢫࣇ࢛࣮ࢻⱥㄒ㎡඾࡟ࡼࢀࡤࠊࡑࢀࡒࢀࠕᨭ㓄ࠖࠊࠕᡓதࠖࠊࠕ㣚㤡ࠖࠊࡑ ࡋ࡚ࠕṚࠖࢆ♧ࡋࠊࡋࡤࡋࡤᕪࡋ㏕ࡗࡓ኱␗ኚࡢ⾜Ⅽ⪅ࢆព࿡ࡍࡿ࡜ࡉࢀࡿ⁴ࠋ ࡇࡢࡼ࠺࡞୙Ẽ࿡࡞Ꮡᅾ࡟GAFAࢆ‽࠼ࡓ࡜ࡇࢁ࡟ࡣࠊᕧ኱໬ࡍࡿITᕧே࡬

ࡢ༴ᶵឤࡸ⬣ጾࡀ┳ྲྀࡉࢀࡿࠋ

ࠉ࢔࣓࡛ࣜ࢝ྎ㢌ࡍࡿࡇࢀࡽࡢᕧே࡟ᑐᢠࡍࡿࡼ࠺࡟ࠊḢᕞ࡛ࡣࠊಶே᝟ሗࡢ ಖㆤࢆ┠ⓗ࡜ࡋࡓἲつ๎ࡀ᪂ࡓ࡟⟇ᐃࡉࢀࡓࠋEU୍⯡ࢹ࣮ࢱಖㆤつ๎㸦General Data Protection Regulation; Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC㸧࡛࠶ࡿࠋ୍⯡࡟GDPR࡜␎⛠ࡉࢀࡿࡇࡢつ๎ࡣࠊ1995ᖺ ࡢࢹ࣮ࢱಖㆤᣦ௧㸦ṇᘧ࡟ࡣࠊಶேࢹ࣮ࢱฎ⌮࡟ಀࡿಶேࡢಖㆤཬࡧᙜヱࢹ࣮

ࢱࡢ⮬⏤࡞⛣ື࡟㛵ࡍࡿḢᕞ㆟఍ཬࡧ⌮஦఍ᣦ௧ࠋDirective 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data㸧

ࢆࠊຍ┕ᅜ࡬┤᥋㐺⏝ࡉࢀࡿつ๎㸦Regulation㸧࡬࡜᱁ୖࡆࡋࡓࡶࡢ࡛࠶ࡿࠋ ࠉGDPRࡣ2016ᖺ4᭶27᪥࡟᥇ᢥࡉࢀࠊ2018ᖺ5᭶25᪥࡟᪋⾜ࡉࢀࡓࠋࡇ ࡢGDPRࡣࠊᚋ㏙ࡢ㏻ࡾࡑࡢ㐺⏝⠊ᅖࡀḢᕞᇦእ࡟ࡶཬࡧᚓࡿࡇ࡜࠿ࡽࠊ᥇ ᢥ๓࠿ࡽ኱ࡁ࡞㆟ㄽࢆ࿧ࡧࠊ≉࡟࢔࣓ࣜ࢝࠿ࡽࡣࠊ᫬࡟ᙉ࠸཯Ⓨࢆᣍ࠸࡚࠸

2018).

2ࠉ ࢫࢥࢵࢺ࣭ࢠ࢙ࣕࣟ࢘࢖=Ώ఍ᆂᏊ㸦ヂ㸧ࠗthe four GAFA㸸ᅄ㥽ኈࡀ๰ࡾኚ࠼ࡓୡ⏺࠘

㸦ᮾὒ⤒῭᪂ሗ♫ࠊ2018㸧ࠋ

3ࠉ బ➉᫂ࠗࣚࣁࢿࡢ㯲♧㘓㸦ୖ㸧ᗎㄝ࠘㸦᪂ᩍฟ∧♫ࠊ2007㸧9-24㡫ࡶཧ↷ࠋ

4ࠉ ࡞࠾ࠊ⚄Ꮫⓗ࡟ࡣࠊࡉࡽ࡟ᵝࠎ࡞ゎ㔘ࡀ࠶ࡿ࡜ࡇࢁ࡛࠶ࡿࠋబ➉᫂ࠗࣚࣁࢿࡢ㯲♧㘓 㸦୰㸧1-11❶࠘㸦᪂ᩍฟ∧♫ࠊ2009㸧279-293㡫ࠋ

ࡓࠋࡑࡢ⫼ᬒ࡟ࡣࠊḢᕞ࡜࢔࣓ࣜ࢝࡜ࡢ㛫ࡢ⏘ᴗᨻ⟇ࡢ┦㐪ࡸࠊಶே࡟࠿࠿ࡿ

᝟ሗ࡟ᑐࡍࡿ౯್ほࡢ␗ྠࡀ࠶ࡿࠋ

ࠉࡑࡋ࡚ࠊࡇࡢGDPR࡟ࡘ࠸࡚ࡣࠊᡃࡀᅜࡶࡲࡓ↓㛵ᚰ࡛ࡣ࠸ࡽࢀ࡞࠸ࠋᡃ ࡀᅜࡢ௻ᴗࡀ㐺⏝ᑐ㇟࡜࡞ࡿྍ⬟ᛶࡶ࠶ࡿࡋࠊḢᕞ࡜࠸࠺୍኱ἲᇦ࡛⟇ᐃࡉࢀ

ࡓࡇࡢつ๎ࡣࠊ௒ᚋࡢಶேࢹ࣮ࢱಖㆤἲไࡢ୍ࡘࡢᇶ‽࡜ࡶ࡞ࡿ࠿ࡽ࡛࠶ࡿࠋ ࠉGDPRࡣࠊ1᮲࡟࠾࠸࡚ࠊྠつ๎ࡢᑐ㇟࡜┠ⓗࢆㅻ࠺ࠋ

㸦1㸧 ࡇࡢつ๎ࡣࠊಶேࢹ࣮ࢱࡢฎ⌮࡟㛵ࡋ࡚ಶேࢆಖㆤࡍࡿࡓࡵࡢ࣮ࣝࣝ

࡜ࠊಶேࢹ࣮ࢱࡢ⮬⏤࡞ὶ㏻ࡢࡓࡵࡢ࣮ࣝࣝࢆᐃࡵࡿࠋ

㸦2㸧ࡇࡢつ๎ࡣࠊ⮬↛ேࡢᇶᮏⓗᶒ฼࡜⮬⏤ࠊ≉࡟ࠊಶேࢹ࣮ࢱࡢಖㆤ࡟

࠾ࡅࡿᙼࡽࡢᶒ฼ࢆಖㆤࡍࡿࠋ

㸦3㸧 ಶேࢹ࣮ࢱࡢฎ⌮࡟࠾ࡅࡿಶேࡢಖㆤࢆ⌮⏤࡟ࡋ࡚ࠊEUᇦෆࡢಶே

ࢹ࣮ࢱࡢ⮬⏤࡞ὶ㏻ࢆไ㝈ࡲࡓࡣ⚗Ṇࡋ࡚ࡣ࡞ࡽ࡞࠸ࠋ

ࠉᩥゝ࠿ࡽࡶ᫂ࡽ࠿࡞㏻ࡾࠊGDPRࡣ᝟ሗὶ㏻ࢆ๓ᥦ࡜ࡋࡘࡘࡶࠊ⮬↛ேࡢᇶ ᮏⓗᶒ฼࡜ࡋ࡚ࠊ⮬ᕫࡢಶேࢹ࣮ࢱࢆࢥࣥࢺ࣮ࣟࣝࡍࡿᶒ฼ࢆಖ㞀ࡍࡿࡇ࡜ࢆ

➨୍⩏࡜ࡋ࡚࠸ࡿࠋࡇࡢⅬࡀࠊಶே࡟࠿࠿ࡿ᝟ሗࢆ཰㞟ࡋࠊࡑࢀࢆά⏝ࡍࡿ᝟

ሗ⏘ᴗࡢ฼┈࡜⾪✺ࡍࡿ㒊ศ࡛ࡶ࠶ࡿࠋ

ࠉᮏ✏ࡣࠊᡃࡀᅜ࡟࠾ࡅࡿࡇࢀ࠿ࡽࡢ᝟ሗἲไࡢᩚഛࠊ᝟ሗ⏘ᴗࡢⓎᒎࡢࡓࡵ

ࡢ୍ࡘࡢཧ⪃㈨ᩱ࡜ࡋ࡚ࠊࡇࡢGDPRࡢἢ㠉࡜ࡑࡢෆᐜࢆᨵࡵ࡚☜ㄆࡍࡿࡶ

ࡢ࡛࠶ࡿࠋ⣬ᖜࡢ㛵ಀୖࠊ≉ᚩⓗ࡞Ⅼࡢᴫせࡢᥥ෗࡟࡜࡝ࡲࡽࡊࡿࢆᚓ࡞࠸

ࡀࠊGDPR࡟ࡘ࠸࡚ࡣࠊ㑥ㄒ࡛ࡶࡍ࡛࡟ከࡃࡢᩥ⊩ࡀබ⾲ࡉࢀ࡚࠸ࡿ࡜ࡇࢁ࡛

࠶ࡾ⁵ࠊࡑࡕࡽࢆཧ↷ࡉࢀࡓ࠸ࠋ

5ࠉ ࡁࢃࡵ࡚ከࡃࡢᩥ⊩ࡀබ⾲ࡉࢀ࡚࠾ࡾࠊἲᏛศ㔝ࡢᴫㄝⓗ࡞ࡶࡢ࡟㝈ࡿ࡜ࡋ࡚ࡶࠊ᭩

⡠࡜ࡋ࡚ࠊᐑୗ⣫ࠗEU୍⯡ࢹ࣮ࢱಖㆤつ๎࠘㸦ວⲡ᭩ᡣࠊ2018㸧ࢆ୰ᚰ࡟ࠊ୰ᓮᑦ

ࠗQ&A࡛ᏛࡪGDPRࡢࣜࢫࢡ࡜ᑐᛂ⟇࠘㸦ၟ஦ἲົࠊ2018㸧ࠊᑠྥኴ㑻࣭▼஭ኟ⏕฼

ࠗᴫㄝGDPR࠘㸦NTTฟ∧ࠊ2019㸧ࠊ➼ࠋㄽ✏࡜ࡋ࡚ࠊ▼஭ኟ⏕฼ࠕEU୍⯡ࢹ࣮ࢱಖㆤ

つ๎ᥦ᱌ࡢືྥ㸦1㸧㹼㸦3㸧ࠖNBL1025ྕ㸦2014㸧30㡫௨ୗࠊྠ1029ྕ㸦2014㸧30㡫௨

㸬GDPRࡢἢ㠉࡜⫼ᬒ

ࠉࡲࡎࠊGDPRࡀ⟇ᐃࡉࢀࡿࡑࡢἢ㠉ࢆᴫほࡋ࡚࠾ࡇ࠺ࠋ๓㏙ࡢ㏻ࡾࠊGDPR ࡢ๓㌟࡜࡞ࡿࡢࡣ1995ᖺࡢḢᕞࢹ࣮ࢱಖㆤᣦ௧࡛࠶ࡿࠋᣦ௧࡜ࡣࠊEUἲ

ୖࠊEUຍ┕ྛᅜ࡟ᅜෆἲไࡢᩚഛࢆせồࡍࡿࡶࡢ࡛࠶ࡿ⁶ࠋ

ࠉḢᕞࢹ࣮ࢱಖㆤᣦ௧ࡶࡲࡓࠊ᝟ሗࡢὶ㏻࡟㝿ࡋ࡚ࠊ⮬↛ேࡢᇶᮏⓗᶒ฼࡜⮬

⏤ࠊ࡜ࡾࢃࡅࣉࣛ࢖ࣂࢩ࣮ࡢᶒ฼ࡢಖㆤࢆ┠ⓗ࡜ࡋࡓࡶࡢ࡛࠶ࡗࡓ㸦ᣦ௧1 ᮲㸧ࠋ࡜ࡇࢁࡀࠊලయⓗ࡞ἲไࡢෆᐜࡣྛᅜ࡟ጤࡡࡽࢀࡓࡇ࡜࠿ࡽࠊEUຍ┕

ྛᅜࡢࢹ࣮ࢱಖㆤไᗘࡢ᩿∦໬ࢆᣍ᮶ࡍࡿࡇ࡜࡜࡞ࡗ࡚ࡋࡲࡗࡓࠋࡇࢀࡀ GDPR⟇ᐃࡢ኱ࡁ࡞ዎᶵ࡜࡞ࡾ㸦๓ᩥ㸦recital㸧9ཧ↷㸧ࠊ2012ᖺ1᭶ࠊḢᕞ୍

⯡ࢹ࣮ࢱಖㆤつ๎᱌ࡀᥦ᱌ࡉࢀࡿࡇ࡜࡜࡞ࡗࡓࠋࡇࡢつ๎᱌ࡀࠊᵝࠎ࡞㆟ㄽࡢ ᮎ࡟ಟṇࡸኚ᭦ࡶຍ࠼ࡽࢀࡓࡶࡢࡢࠊ2016ᖺ᥇ᢥࠊ2018ᖺ᪋⾜࡬࡜ࡘ࡞ࡀࡗ

࡚࠸ࡿࠋ

ࠉࡉ࡚ࠊGDPRࡢ㏻ዌప㡢࡜࡞ࡿࡢࡣࠊḢᕞࡢᇶᮏⓗ౯್࡜ࡋ࡚ࡢಶேࢹ࣮ࢱ ࡢಖㆤ࡛࠶ࡿࠋGDPRࡢ๓ᩥ1ࡣࠊࠕ⮬↛ேࡀಶேࢹ࣮ࢱฎ⌮࡟㛵ࡋ࡚ಖㆤࢆ

ཷࡅࡿࡇ࡜ࡣᇶᮏⓗேᶒ࡛࠶ࡿࠖ࡜☜ㄆࡍࡿࠋࡇࡢぢゎࡣḢᕞ࡟࠾ࡅࡿඹ㏻ㄆ

ୗࠊྠ1031ྕ㸦2014㸧18㡫௨ୗࠊ⏕㈅┤ேࠕEU୍⯡ࢹ࣮ࢱಖㆤつ๎ࡢྍỴ࡜௒ᚋࡢ ㄽⅬࠖ⾜ᨻ&᝟ሗࢩࢫࢸ࣒52ᕳ5ྕ㸦2016㸧43㡫௨ୗࠊ▼஭ኟ⏕฼ࠕୡ⏺ⓗ࡞₻ὶ

࠿ࡽぢࡓホ౯࡜➨୕ᅜ࡬ࡢᙳ㡪 㸦EU୍⯡ࢹ࣮ࢱಖㆤつ๎㸧ࠖBusiness Law Journal 9ᕳ8

ྕ㸦2016㸧75㡫௨ୗࠊᐑୗ⣫ࠕつ๎ࡢ≉ᚩ࡜ᑐᛂࠖࣅࢪࢿࢫἲົ17ᕳ8ྕ㸦2017㸧14 㡫௨ୗࠊᓥᮧᬛᏊࠕEU ୍⯡ࢹ࣮ࢱಖㆤつ๎㸦GDPR㸧ࡢ㐺⏝㛤ጞࠖእᅜࡢ❧ἲ276-1

ྕ㸦2018㸧2㡫௨ୗࠊᐑୗ⣫ࠕEU୍⯡ࢹ࣮ࢱಖㆤつ๎ࡢᴫせ࡜ᐇົࡢἲⓗㄢ㢟ࠖLaw

& Technology 80ྕ㸦2018㸧44㡫௨ୗࠊ▼஭ኟ⏕฼ࠕEUࢹ࣮ࢱಖㆤᣦ௧࡜EU୍⯡ࢹ࣮

ࢱಖㆤつ๎ࠖἲࡢᨭ㓄192-2ྕ㸦2019㸧2㡫௨ୗࠊ࢝ࣛ࢖ࢫࢥࢫ࣭࢔ࣥࢺࢽ࢜ࢫࠕ⌧௦

♫఍࡟࠾ࡅࡿࢹ࣮ࢱࡢ」ྜⓗᛶ㉁㸸EU୍⯡ࢹ࣮ࢱಖㆤつ๎ཬࡧࡑࡢ࿘㎶㡿ᇦࡢᒎ㛤ࢆ

୰ᚰ࡟ࠖἲᚊࡢࡦࢁࡤ72ᕳ5ྕ㸦2019㸧48㡫௨ୗࠊ୰ᓮᑦࠕGDPRᴫㄝ㸦≉㞟GDPR

᏶඲᪋⾜࡟ᑐࡍࡿἲົᑐᛂ㸧ࠖ⮬⏤࡜ṇ⩏70ᕳ6ྕ㸦2019㸧8㡫௨ୗࠊ⸨ཎ㟿㞝 ࠕGDPRࢆࡵࡄࡿἲⓗㄢ㢟㸸≉Ⰽ࡜␃ពⅬࠖࢪࣗࣜࢫࢺ1534ྕ㸦2019㸧14㡫௨ୗࠊ

➼ࠋࡲࡓࠊࣅࢪࢿࢫἲົ17ᕳ8ྕ㸦2017㸧ࠊBusiness law journal 11ᕳ4ྕ㸦2018㸧ࠊ ࢪࣗࣜࢫࢺ1521ྕ㸦2018㸧ࠊBusiness law journal 11ᕳ10ྕ㸦2018㸧 ࠊࣅࢪࢿࢫἲົ18 ᕳ12ྕ㸦2018㸧ࠊ⮬⏤࡜ṇ⩏70ᕳ6ྕ㸦2019㸧➼ࠊᵝࠎ࡞ᑓ㛛ㄅ࡛≉㞟ࡶ⤌ࡲࢀࠊὀ

┠ࡢ㧗ࡉࡀఛࢃࢀࡿࠋ

6ࠉ୰すඃ⨾ᏊࠗEUἲ࠘㸦᪂ୡ♫ࠊ2012㸧115-116㡫ࠋ

㆑࡛࠶ࡾࠊḢᕞ㐃ྜࡢㅖ᮲⣙࡟ࡶ᫂ᩥࡢつᐃࡀᏑᅾࡍࡿࠋ

ࠉ౛࠼ࡤࠊᇶᮏᶒ᠇❶8᮲1㡯ࡣࠊࠕఱேࡶࠊ⮬ᕫ࡟㛵ಀࡍࡿಶேࡢࢹ࣮ࢱ

㸦personal data㸧ࡢಖㆤ࡟ᑐࡍࡿᶒ฼ࢆ᭷ࡍࡿࠖ࡜ࡋࡓୖ࡛ࠊྠ᮲2㡯ࡣࠊࠕࡑ

ࡢࡼ࠺࡞ࢹ࣮ࢱࡣࠊᙜヱ⪅ࡢᢎㅙ࡟ᇶ࡙࠸࡚ࠊࡲࡓࡣἲᚊ࡟౫ࡗ࡚ᐃࡵࡽࢀࡓ ࡑࡢ௚ࡢྜἲⓗᇶ♏࡟ᇶ࡙࠸࡚ࠊ᫂グࡉࢀࡓ┠ⓗࡢࡓࡵ࡟බ᫂ṇ኱࡟సᡂࡉࢀ

ࡡࡤ࡞ࡽ࡞࠸ࠋఱேࡶࠊ⮬ᕫ࡟㛵ಀࡍࡿ཰㞟ࡉࢀࡓ᝟ሗࡢ࢔ࢡࢭࢫ࡟ᑐࡍࡿᶒ

฼ཬࡧ᝟ሗࡢㄗࡾࢆṇࡍᶒ฼ࢆ᭷ࡍࡿࠖ࡜ᐃࡵ࡚࠸ࡿࠋࡑࡋ࡚ࠊࡑࡢ㑂Ᏺ࡟

ࡣࠊ⊂❧ࡢᶵ㛵࡟ࡼࡿ┘╩ࡀồࡵࡽࢀࡿ㸦ྠ᮲3㡯㸧ࠋ

ࠉḢᕞேᶒ᮲⣙➨8᮲ࡶࡲࡓࠊࠕࡍ࡭࡚ࡢ⪅ࡣࠊࡑࡢ⚾ⓗཬࡧᐙᗞ⏕άࠊఫᒃ ཬࡧ㏻ಙࡢᶒ฼ࢆ᭷ࡍࡿࠖ㸦1㡯㸧࡜᫂ゝࡍࡿࠋಶே࡟㛵ࡍࡿ᝟ሗࡣࠊࡇࡢ⚾

ⓗ⏕άࡢᶒ฼࡟ྵࡲࢀࡿࡶࡢ࡛࠶ࡿࠋࡑࡢୖ࡛ࠊࠕࡇࡢᶒ฼ࡢ⾜౑࡟ࡘ࠸࡚

ࡣࠊἲᚊࡢᇶ࡙ࡁࠊ࠿ࡘᅜࡢᏳ඲ࠊබඹࡢᏳ඲ⱝࡋࡃࡣᅜࡢ⤒῭ⓗ⚟฼ࡢࡓ

ࡵࠊࡲࡓࠊ↓⛛ᗎⱝࡋࡃࡣ≢⨥㜵Ṇࡢࡓࡵࠊ೺ᗣⱝࡋࡃࡣ㐨ᚨࡢಖㆤࡢࡓࡵࠊ ཪࡣ௚ࡢ⪅ࡢᶒ฼ཬࡧ⮬⏤ࡢಖㆤࡢࡓࡵẸ୺ⓗ♫఍࡟࠾࠸࡚ᚲせ࡞ࡶࡢ௨እࡢ

࠸࠿࡞ࡿබࡢᶵ㛵࡟ࡼࡿᖸ΅ࡶ࠶ࡗ࡚ࡣ࡞ࡽ࡞࠸ࠖ㸦ྠ᮲2㡯㸧࡜ࡋ࡚ࠊಶே

࡟࠿࠿ࡿ᝟ሗࡢ฼⏝ࡣࠊ࠶ࡃࡲ࡛ࡶἲࡢ㉧ࡍ⠊ᅖ࡟࠾࠸࡚ࠊ㝈ᐃⓗ࡟ㄆࡵࡽࢀ

ࡿ࡜࠸࠺ែᗘࢆ♧ࡍࠋḢᕞ㐠Ⴀ᮲⣙㸦TFEU㸧16᮲1㡯ࡶྠᵝ࡟ࠊࠕఱேࡶࠊ

⮬㌟࡟㛵ࡍࡿಶேࡢࢹ࣮ࢱ㸦personal data㸧ࡢಖㆤ࡟ࡘ࠸࡚ࡢᶒ฼ࢆ᭷ࡍࡿࠖ

࡜᫂ᩥ࡛ᐃࡵ࡚࠸ࡿࠋ

ࠉࡇࡢࡼ࠺࡟ࠊḢᕞ࡟࠾࠸࡚ࡣࠊಶே࡟࠿࠿ࡿ᝟ሗࡢಖㆤࡀᇶᮏⓗேᶒ࡜ࡋ࡚

ྲྀࡾᢅࢃࢀࠊㅖ᮲⣙࡟࠾࠸࡚⧞ࡾ㏉ࡋ᫂ᩥ࡛ㅻࢃࢀ࡚࠸ࡿࠋࡇࡢ⫼ᬒ࡟ࡣࠊୡ

⏺኱ᡓ୰࡟ಶேࡢ᝟ሗࡀᝏ⏝ࡉࢀࠊࢼࢳࢫ࡟ࡼࡿࣘࢲࣖே㏕ᐖ࡜࠸ࡗࡓᝒ๻࡬

࡜ࡘ࡞ࡀࡗࡓࡇ࡜࡬ࡢ཯┬ࡀ࠶ࡿ⁷ࠋ᝟ሗࡢྲྀࡾᢅ࠸ࡢዴఱࡀேࡢ⏕࿨ࡍࡽࡶᕥ

ྑࡍࡿ࡜ࡢឤぬࡀࠊḢᕞ࡛ࡣඹ᭷ࡉࢀ࡚࠸ࡿࠋࡑࢀࡺ࠼࡟ࠊㅖ᮲⣙ࡢᩥゝ࡟ࡶ

࠶ࡿࡼ࠺࡟ࠊಶேࡢ᝟ሗ࣭ࢹ࣮ࢱࡢಖㆤࡣࠕᇶᮏⓗேᶒࠖࡢ୍⎔࡞ࡢ࡛࠶ࡿࠋ

7ࠉ F. Bignami, European Versus American Liberty: A Comparative Privacy Analysis of Antiterrorism Data Mining, 48 B.C. L. Rev. 609 (2007) pp. 609-610.

ࠉࡇࡢࡇ࡜ࡣࠊࡶࡕࢁࢇࠊGDPRࡢ㉳ⲡ࡟㝿ࡋ࡚ࡶព㆑ࡉࢀ࡚࠸ࡓࠋJean- Claude JunckerḢᕞጤဨ఍ጤဨ㛗ࡣࠊࠕTowards a better Europe; a Europe that protects, empowers and defendsࠖ࡜㢟ࡋࡓ2016ᖺࡢ୍⯡₇ㄝ㸦State of the Union

Address㸧࡟࠾࠸࡚ࠊ௨ୗࡢࡼ࠺࡟㏙࡭ࡓࠋ

“Being European means the right to have your personal data protected by strong, European laws. Because Europeans do not like drones overhead recording their every move, or companies stockpiling their every mouse click. This is why Parliament, Council and Commission agreed in May this year a common European Data Protection Regulation. This is a strong European law that applies to companies wherever they are based and whenever they are processing your data. Because in Europe, privacy matters. This is a question of human dignity.”㸦ୗ⥺ࡣ➹⪅࡟ࡼࡿ㸧

ࠉࠕḢᕞ࡟࠾࠸࡚ࡣࠊࣉࣛ࢖ࣂࢩ࣮ࡣ㔜せၥ㢟࡛࠶ࡿࠋࡇࢀࡣࠊேࡢᑛཝࡢၥ 㢟࡛࠶ࡿࠖࠋࡇࢀࡀࠊGDPRࡢᇶᮏ᪉㔪ࡢ୍ࡘ࡜ゝ࠼ࡿࠋGDPRࡢ᪋⾜࡟ඛ㥑 ࡅ࡚ฟࡉࢀࡓḢᕞጤဨ఍࠿ࡽࡢḢᕞ㆟఍࡬ࡢࢥ࣑ࣗࢽࢣ࣮ࢩࣙࣥ࡟࠾࠸࡚ࡶࠊ ࠕࣉࣛ࢖ࣂࢩ࣮ࡣྲྀᘬᑐ㇟࡛ࡣ࡞ࡃ㸦Privacy is not a commodity to be traded㸧ࠖࠊ ᇶᮏⓗ࡟ಶேࢹ࣮ࢱಖㆤࡣࠕྲྀᘬ࡛ࡁ࡞࠸㸦non-negotiable㸧ࠖࡶࡢ࡜఩⨨௜ࡅ ࡓୖ࡛ࠊ᝟ሗࡢὶ㏻ࡀ࡞ࡉࢀࡿ࡭ࡁࡇ࡜ࡀᣦ᦬ࡉࢀ࡚࠸ࡿ⁸ࠋ

ࠉGDPRࡣࠊಶேࡢ᝟ሗ࣭ࢹ࣮ࢱ࡟㛵ࡍࡿࠕ୺ᶒࠖ⁹ࢆࡑࡢಶே࡟ྲྀࡾᡠࡍࡇ࡜

ࢆ┠ⓗ࡜ࡋ࡚࠸ࡿࠋࡇࡢᛮ᝿ࡣࠊⳘ኱࡞㔞ࡢ᝟ሗࢆ཰㞟ࡋࠊࡑࡇ࠿ࡽ཰┈ࢆᚓ

࡚ࡁࡓ࢔࣓ࣜ࢝すᾏᓊࡢ㉸኱ᡭIT௻ᴗࢆᶆⓗ࡜ࡍࡿࠋࡑࢀࡺ࠼࡟ࠊGDPRࡣ Ḣᕞ࡜࢔࣓ࣜ࢝࡜ࡢ㛫࡟⥭ᙇࢆࡶࡓࡽࡋࡓࠋ

8ࠉ Exchanging and Protecting Personal Data in a Globalised World, Communication from the Commission to the European Parliament and the Council, Exchanging and Protecting Personal 'DWDLQD*OREDOLVHG:RUOG&20¿QDO

9ࠉ Ṋ㑚ග⿱ࠗࡉࡼ࡞ࡽࠊ࢖ࣥࢱ࣮ࢿࢵࢺ࠘㸦ࢲ࢖ࣖࣔࣥࢻ♫ࠊ2018㸧162㡫ࠋ

ࠉࡇࡇ࡛␃ពࡍ࡭ࡁࡣࠊࡑࡶࡑࡶḢᕞ࡜࢔࣓ࣜ࢝ࡢ㛫࡟ࡣࠊࣉࣛ࢖ࣂࢩ࣮ᴫᛕ ࡢ㐪࠸ࡀᏑᅾࡍࡿ࡜࠸࠺ࡇ࡜࡛࠶ࡿ¹⁰ࠋࡇࡢⅬ࡟ࡘ࠸࡚ࠊࡲࡎ☜ㄆࡋ࡚࠾ࡃᚲせ ࡀ࠶ࢁ࠺ࠋ

ࠉḢᕞࡣࠊࣉࣛ࢖ࣂࢩ࣮ࢆே㛫ࡢᑛཝ㸦dignity㸧࡜࡜ࡽ࠼ࡿࠋ౛࠼ࡤࠊ1949 ᖺࡢࢻ࢖ࢶ᠇ἲ1᮲ࡣࠊ➃ⓗ࡟ࠊࠕேࡢᑛཝࡣ୙ྍ౵࡛࠶ࡿ㸦Die Würde des Menschen ist unantastbar.㸧ࠖ࡜ᐃࡵࠊࡇࢀࢆᇶᮏⓗ౯್࡜఩⨨௜ࡅࡿࠋࡑࡋ࡚ୖ

㏙ࡢ㏻ࡾࠊࡇࡢ୙ྍ౵ࡢᑛཝ࡟ࡣࠊಶே࡟࠿࠿ࡿ᝟ሗࡀྵࡲࢀࡿࡢ࡛࠶ࡿࠋ࡞

࠾ࠊྠᅜ࣊ࢵࢭࣥᕞࡢ1970ᖺಶேࢹ࣮ࢱಖㆤἲࡣࠊୡ⏺ึࡢಶே᝟ሗಖㆤἲ

࡛࠶ࡿ¹¹ࠋ

ࠉࡇࢀ࡟ᑐࡋ࡚ࠊ࢔࣓ࣜ࢝ࡣࣉࣛ࢖ࣂࢩ࣮ࢆ⮬⏤㸦liberty㸧࡟᰿ᕪࡍࡶࡢ࡜ゎ ࡍࡿࠋ࢔࣓ࣜ࢝ࡢᶒ฼❶඾ࡣᅜᐙࡀࠕࡋ࡚ࡣ࡞ࡽ࡞࠸ࠖࡇ࡜ࢆิᣲࡍࡿࡀࠊಟ ṇ4᮲࡟ࡣࠕ㌟యࠊᐙᒇࠊ᭩㢮࠾ࡼࡧᡤ᭷≀ࡢᏳ඲ࢆಖ㞀ࡉࢀࡿࠖᶒ฼ࡀᣲࡆ

ࡽࢀ࡚࠸ࡿࠋࡇࢀࡣ࢖ࢠࣜࢫࡢࢳࣕࢱ࣒఑࢘࢕ࣜ࢔࣒࣭ࣆࢵࢺཀࡢゝⴥࡢὶࢀ

ࢆỮࡴࡶࡢ࡛࠶ࡾ¹²ࠊࡘࡲࡾࠊ⮬ศ⮬㌟ࡢ㡿ᇦࡣᅜᐙ࠿ࡽ୙ྍ౵࡛࠶ࡗ࡚ࠊᖸ΅

ࡉࢀ࡞࠸ࡇ࡜ࢆ♧ࡋ࡚࠸ࡿࠋ

ࠉ᥮ゝࡍࢀࡤࠊࣉࣛ࢖ࣂࢩ࣮ࡣࠊ∦ࡸḢᕞ࡛ࡣࠊேࡢᑛཝࢆಖㆤࡍࡿࡓࡵ࡟࠶

ࡿ⪅࠿ࡽ௚⪅࡟ᑐࡍࡿ౵ᐖࢆ⚗ࡌࡿࡶࡢ࡛࠶ࡿࡢ࡟ᑐࡋ࡚ࠊ∦ࡸ࢔࣓࡛ࣜ࢝

ࡣࠊᅜᐙ࠿ࡽࡢಶேࡢ⏕ά࡬ࡢ୙ᙜ࡞௓ධࢆ⚗ࡌࡿࡶࡢ࡞ࡢ࡛࠶ࡿࠋ

10ࠉ P. M. Schwartz & K. -N. Peifer, Transatlantic Data Privacy Law, 106 Geo. L. J. 115 (2017) pp.

117-118 (“The roots of this “war” are found in the differing legal approaches to information privacy in the two jurisdictions. The differences are institutional, substantive, and, at the same time, elusive. Both sides recognize information privacy as an important value yet struggle to identify the meaning of core differences and the critical baseline for future collaboration.”).

11ࠉ ᮧୖ⪽ࠕࣅࢵࢢࢹ࣮ࢱࡢ฼ά⏝࡜ࣉࣛ࢖ࣂࢩ࣮ಖㆤ࡟ࡘ࠸࡚ࠖ㏻ಙࢯࢧ࢖࢚ࢸ࢕࣐࢞

ࢪࣥ29ྕ㸦2014㸧52㡫ࠋ

12ࠉ Sir William Pitt, Earl of Chatham, on the right of an Englishman to be secure in his home (1763):

“7KHSRRUHVWPDQPD\LQKLVFRWWDJHELGGH¿DQFHWRDOOWKHIRUFHVRIWKH&URZQ,WPD\EHIUDLO – its roof may shake – the wind may blow through it – the storm may enter – the rain may enter – but the King of England cannot enter; all his forces dare not cross the threshold of that ruined tenement”.

ࠉ᰿ᗏ࡟ὶࢀࡿᛮ᝿ࡢ࠿ࡼ࠺࡞┦㐪ࡢࡺ࠼࡟¹³ࠊࣉࣛ࢖ࣂࢩ࣮࠶ࡿ࠸ࡣಶேࡢ᝟

ሗ࣭ࢹ࣮ࢱ࡟㛵ࡋ࡚ࡣࠊಶேࡢಖㆤࢆᚭᗏࡍ࡭ࡋ࡜ࡍࡿḢᕞ࡜ࠊ⮬⏤ࡀࡺ࠼࡟

ಶே࡟࠿࠿ࡿ᝟ሗࢆ཰㞟ࡋࠊࡑࡇ࠿ࡽ฼┈ࢆᚓࡿάືࡶチᐜࡉࢀࡿ࡜ࡍࡿ࢔࣓

ࣜ࢝࡜ࡢ㛫࡛ࠊ኱すὒࢆᣳࢇࡔᡓத㸦transatlantic war㸧ࡀ⏕ࡌ࡚࠸ࡿࡢ࡛࠶

ࡿ¹⁴ࠋ

ࠉGDPRࢆ⪃࠼ࡿୖ࡛ࡣࠊࡇࡢࡼ࠺࡞Ḣᕞ࡜࢔࣓ࣜ࢝ࡢ㛫ࡢ᰿ᮏⓗ࡞ㄆ㆑ࡢ㐪

࠸ࢆ㋃ࡲ࠼࡚࠾࠿࡞ࡅࢀࡤ࡞ࡽ࡞࠸ࠋࡑࢀ࡞ࡋ࡟ࡣࠊGAFAࢆࡣࡌࡵ࡜ࡍࡿ᝟

ሗศ㔝ࡢ௻ᴗάື࡟ᑐࡋ࡚Ḣᕞࡀᣢࡘ༴ᶵឤࡶࠊḢᕞࡢつไ࡟ᑐࡍࡿ࢔࣓ࣜ࢝

ࡢ཯Ⓨࡶࠊ⌮ゎࡋ㞴࠸ࡶࡢ࡜࡞ࡿࠋ

㸬GDPRࡢ≉ᚩ

ࠉࣉࣛ࢖ࣂࢩ࣮࠶ࡿ࠸ࡣಶே᝟ሗ࡟ᑐࡍࡿḢᕞࡢᇶᮏⓗ࡞⌮ᛕࢆ㋃ࡲ࠼ࡓୖ

࡛ࠊGDPRࡢ≉ᚩⓗ࡞㒊ศࢆ࠸ࡃࡘ࠿ぢ࡚࠾ࡃࠋGDPRࡣ௒ᚋࠊಶேࡢ᝟ሗ࣭

ࢹ࣮ࢱࡢಖㆤ࡟㛵ࡍࡿୡ⏺ᇶ‽࡜ࡶ࡞ࡿ㔜せ࡞Ꮡᅾ࡛ࡣ࠶ࡿࡀࠊ⣬ᖜࡢ㛵ಀ

ୖࠊ⥙⨶ⓗ࡟ࡣ⤂௓࡛ࡁ࡞࠸ࡇ࡜ࢆࡣࡌࡵ࡟᩿ࡗ࡚࠾ࡃࠋ

ࠉୖ㏙ࡢ㏻ࡾࠊGDPRࡢ๓㌟ࡣ1995ᖺࡢḢᕞࢹ࣮ࢱಖㆤᣦ௧࡛࠶ࡿࠋࡇࡢᣦ ௧㸦Directive㸧ࢆつ๎㸦Regulation㸧࡬࡜᱁ୖࡆࡋࡓࡢࡀGDPR࡛࠶ࡾࠊࡇࢀ

࡟ࡣࠊ㸦1㸧ಶேࢹ࣮ࢱಖㆤ࡟ᑐࡍࡿᶒ฼ࡢᙉ໬ࠊ㸦2㸧EUᇦෆ࡛ࡢࢹ࣮ࢱಖㆤ

࡟㛵ࡍࡿ࣮ࣝࣝࡢ୍ඖ໬ࠊ㸦3㸧ᅜ㝿ⓗ࡞㸦ᑐᇦእࢆྵࡴ㸧ࢹ࣮ࢱಖㆤࡢヲ⣽࡞

࣮ࣝࣝࡢ⟇ᐃࠊ࡜࠸ࡗࡓ┠ⓗࡀ࠶ࡿࠋ

ࠉ௨ୗ࡛ࡣࠊ㸦1㸧ࢆ୰ᚰ࡟ࠊࡑࢀࡒࢀࡢ┠ⓗࡢࡓࡵ࡟࠸࠿࡞ࡿ᪉⟇ࡀ࡜ࡽࢀ࡚

࠸ࡿ࠿ࢆᴫほࡋ࡚࠸ࡃࠋ

13ࠉ ࡼࡾヲ⣽࡟ࡣࠊJ. Q. Whitman, “The Two Western Cultures of Privacy: Dignity versus Liberty”, 113 Yale L. J. (2004) pp. 1151ff; J. -L. Halpérin, “Protection de la vie privée et privacy : deux traditions juridiques différents ?”, Nouveaux cahiers du conseil constitutionnel no. 48 (2015), p. 59 et s.; ᐑୗ⤑ࠕࣉࣛ࢖ࣂࢩ࣮ࢆࡵࡄࡿ࢔࣓ࣜ࢝࡜࣮ࣚࣟࢵࣃࡢ⾪✺

㸦1㸧ࠖẚ㍑ἲᩥ໬18ྕ㸦2010㸧131㡫௨ୗࢆཧ↷ࠋ

14ࠉ H. Farrell & A. Newman, The Transatlantic Data War: Europe Fights Back Against the NSA, 95(1) Foreign Affairs 124 (2016), pp. 124ff.

ࠉGDPR࡛ࡣࠊಶேࢹ࣮ࢱࡢ୺య࡜࡞ࡿ⮬↛ேࢆࢹ࣮ࢱ୺య㸦data subject㸧࡜

⛠ࡍࡿࡢ࡛ࠊࡇࡇ࡛ࡶࡑࡢㄒࢆ⏝࠸࡚࠸ࡃࡇ࡜࡜ࡍࡿࠋGDPRࡣࠊࡇࡢࠕ㆑ู

ࡉࢀࡓ⮬↛ேཪࡣ㆑ูྍ⬟࡞⮬↛ே㸦ࠕࢹ࣮ࢱ୺యࠖ㸧࡟㛵ࡍࡿ᝟ሗࠖࢆಶே

ࢹ࣮ࢱ࡜ࡋ࡚ᐃ⩏ࡍࡿ㸦4᮲1㡯㸧ࠋࡇࡇ࡟ࡣࠊࢹ࣮ࢱ୺యࡢẶྡࡸఫᡤࠊ෗

┿ࠊ㟁Ꮚ࣓࣮ࣝ࢔ࢻࣞࢫࠊཱྀᗙ᝟ሗࠊSNS࡬ࡢ᭩ࡁ㎸ࡳࠊ་⒪᝟ሗࠊࢥࣥ

ࣆ࣮ࣗࢱࡢIP࢔ࢻࣞࢫ➼ࠊࡁࢃࡵ࡚ከᵝ࡞᝟ሗࡀྵࡲࢀࡿࠋ

㸦1㸧ಶேࢹ࣮ࢱಖㆤ࡟ᑐࡍࡿᶒ฼ࡢᙉ໬㸸ࠕ⮬ᕫ᝟ሗࢥࣥࢺ࣮ࣟࣝᶒࠖࡢᙉ໬

ࠉ➨୍ࡢ┠ⓗࡣಶேࢹ࣮ࢱࡢಖㆤ࡛࠶ࡿࠋࡼࡾලయⓗ࡟ࡣࠊࢹ࣮ࢱ୺యࡢࠕ⮬

ᕫ᝟ሗࢥࣥࢺ࣮ࣟࣝᶒࠖࡢᙉ໬ࡀពᅗࡉࢀ࡚࠸ࡿ¹⁵ࠋࠕ⮬ᕫ᝟ሗࢥࣥࢺ࣮ࣟࣝ

ᶒࠖࡀࣉࣛ࢖ࣂࢩ࣮ࡢᶒ฼ࢆᣦࡋ♧ࡍࡇ࡜ࡣࡼࡃ▱ࡽࢀ࡚࠸ࡿ࡜ࡇࢁ࡛࠶ࡿ¹⁶ࠋ ձࢹ࣮ࢱ୺యࡢࠕྠពࠖ

ࠉࢹ࣮ࢱ୺యࡀ⮬ศ⮬㌟ࡢ᝟ሗ࡟ᐇຠⓗ࡟ࢥࣥࢺ࣮ࣟࣝࢆཬࡰࡍࡓࡵࡢ᪉⟇࡜

ࡋ࡚ࠊࠕ⮬⏤ពᛮ࡛୚࠼ࡽࢀࠊ≉ᐃࡉࢀࠊ᝟ሗࢆ୚࠼ࡽࢀࡓࠊ୙᫂░࡛࡞࠸

㸦IUHHO\JLYHQVSHFL¿FLQIRUPHGDQGXQDPELJXRXV㸧ྠពࠖࡢྲྀᚓࡀ⩏ົ௜ࡅࡽࢀ

ࡿ㸦4᮲㸦11㸧ࠊ7᮲ࠋ๓ᩥ32ࡶཧ↷㸧ࠋࡇࢀࡣࠊࢹ࣮ࢱ୺యࡀ⮬ᕫࡢ᝟ሗࡢ฼

⏝࡟ࡘ࠸࡚⮬㌟ࡢุ᩿ࢆ᫂☜࡟ୗࡏࡿࡼ࠺ಖ㞀ࡍࡿࡶࡢ࡛࠶ࡾࠊࢹ࣮ࢱ୺యࡢ

▱ࡽࡠ㛫࡟ࠊ຾ᡭ࡟⮬ᕫࡢಶேࢹ࣮ࢱࡀฎ⌮ࡉࢀࡿࡇ࡜ࡣチࡉࢀ࡞࠸ࡇ࡜࡛࠶

ࡿࠊ࡜࠸࠺GDPRࡢ❧ሙࢆ᫂☜࡟♧ࡋ࡚࠸ࡿࠋ

ࠉࡲࡓࠊࢹ࣮ࢱ୺యࡢྠពࢆᚓࡿࡓࡵ࡟ࠊࢹ࣮ࢱ⟶⌮⪅࠿ࡽࡣࠊ⡆₩࡛ࠊ㏱᫂

15ࠉ ๓ᩥ7࡛ࡣࠕ⮬↛ேࡣ⮬㌟ࡢࢹ࣮ࢱ࡟࠿࠿ࡿࢥࣥࢺ࣮ࣟࣝࢆ᭷ࡍࡿ㸦Natural persons should have control of their own personal data.㸧ࠖ࡜➃ⓗ࡟㏙࡭ࡽࢀ࡚࠸ࡿࠋ

16ࠉ 19ୡ⣖ᮎ࡟Warren & Brandeisࡢⴭྡ࡞ㄽᩥ࡛ࠕ࡯࠺ࡗ࡚࠾࠸࡚ࡶࡽ࠺ᶒ฼㸦right to be let alone㸧ࠖ࡜ࡋ࡚ᥦၐࡉࢀࡓࣉࣛ࢖ࣂࢩ࣮ࡢᶒ฼࡛࠶ࡿࡀ㸦S. D. Warren & L. D.

Brandeis, “The Right to Privacy”, 4 Harvard Law Review 193 (1890) pp. 193ff㸧ࠊ1960ᖺࡢ Prosserࡢ4ศ㢮࡟ࡼࡿ㆟ㄽࡢ⢭⦓໬ࢆ⤒࡚㸦W. L. Prosser, “Privacy”, 48 California Law Review 383 (1960), pp.383ff. ձ⚾ⓗ㡿ᇦ࡬ࡢ౵ධࠊղ⚾஦ࡢබ㛤ࠊճୡே࡬ࡢㄗࡗࡓ༳

㇟ࡢ௜୚ࠊմẶྡ࣭⫝̸ീࡢႠ฼┠ⓗ࡛ࡢ↓᩿౑⏝ࠊ࡟ศ㢮ࡉࢀࡿ㸧ࠊ⮬ᕫỴᐃᶒࡢ୍

⎔࡜ࡋ࡚ࡢࠕ⮬㌟࡟࠿࠿ࡿ᝟ሗࢆࢥࣥࢺ࣮ࣟࣝࡍࡿᶒ฼㸦right to control one’s own information㸧ࠖ㸦A. F. WESTIN, PRIVACYAND FREEDOM, Ig Publishing (reprint), New York, 1967, p.5㸧࡜఩⨨௜ࡅࡽࢀࡿ࡟⮳ࡗ࡚࠸ࡿࠋ

ᛶࡀ࠶ࡾࠊࢃ࠿ࡾࡸࡍࡃࠊᐜ᫆࡟࢔ࢡࢭࢫྍ⬟࡞㸦concise, transparent, intelligible and easily accessible㸧ᙧ࡛ࠊ᫂☜࠿ࡘᖹ᫆࡞ゝⴥ㸦clear and plain

language㸧ࢆ⏝࠸࡚ࠊࢹ࣮ࢱฎ⌮࡟ࡘ࠸࡚ࡢ᝟ሗࡀᥦ౪ࡉࢀ࡞ࡅࢀࡤ࡞ࡽ࡞࠸

㸦12᮲㸧ࠋࢹ࣮ࢱࡢ⟶⌮⪅ࡣࠊࡇࢀ࡟ᇶ࡙ࡁࠊࢃ࠿ࡾࡸࡍ࠸ࣉࣛ࢖ࣂࢩ࣮࣏ࣜ

ࢩ࣮➼ࡢᥦ౪ࡀồࡵࡽࢀࡿࡇ࡜࡟࡞ࡿࠋࡇࢀࡣࠊ5᮲2㡯࡟ᐃࡵࡽࢀࡿࢹ࣮ࢱ

⟶⌮⪅ࡢㄝ᫂㈐௵㸦accountability㸧ࢆලయ໬ࡍࡿࡶࡢ࡛ࡶ࠶ࡿࠋ

ࠉࢹ࣮ࢱ୺యࡢྠពࡣࠊࠕᐉゝࡲࡓࡣ᫂ࡽ࠿࡞⫯ᐃⓗ⾜Ⅽ࡟ࡼࡗ࡚㸦by a statement or by a clear affirmative action㸧ࠖࠊྲྀᚓࡉࢀ࡞ࡅࢀࡤ࡞ࡽ࡞࠸㸦4᮲ 㸦11㸧㸧ࠋࡍ࡞ࢃࡕࠊ୍⯡ⓗ࡞ዎ⣙⣙Ḱ࡛ໟᣓⓗ࡟ྠពࡀ࡞ࡉࢀࡿࡔࡅ࡛ࡣ୙༑

ศ࡛࠶ࡾࠊ᭩㠃࡞࠸ࡋࠊグ㘓ࡉࢀࡓཱྀ㢌࡟ࡼࡿྠពࠊ࠶ࡿ࠸ࡣ㟁Ꮚⓗᡭẁ࡟ࡼ

ࡿᐉゝࠊࡲࡓࡣWebࢧ࢖ࢺୖ࡛ࡢྠព࣎ࢵࢡࢫࡢࢳ࢙ࢵࢡࠊ㟁Ꮚⓗࣇ࢛࣮࣒

࡬ࡢධຊࠊ㟁Ꮚ࣓࣮ࣝࡢ㏦ಙ࡜࠸ࡗࡓ᫂☜࡞⾜Ⅽࡀᚲせ࡜ࡉࢀࡿࠋ

ࠉ⌧௦࡛ࡣࠊᵝࠎ࡞᝟ሗࢧ࣮ࣅࢫࡢ฼⏝⪅࡜࡞ࡿࢹ࣮ࢱ୺యࡣᵝࠎ࡞ᖺ㱋ᒙ࡟

ཬࢇ࡛࠾ࡾࠊⱝᖺᒙࡶSNSࢆࡣࡌࡵ࡜ࡍࡿࢧ࣮ࣅࢫࢆ฼⏝ࡋ࡚࠸ࡿࠋࡑࡇ࡛

GDPRࡣࠊᏊ࡝ࡶ࡟ᑐࡍࡿ≉ูࡢ㓄៖ࡶࡲࡓᐃࡵ࡚࠸ࡿ㸦8᮲㸧ࠋᮍࡔุ᩿⬟

ຊࡀᡂ⇍ࡋ࡚࠸࡞࠸Ꮚ࡝ࡶࡢಶேࢹ࣮ࢱࡢྲྀࡾᢅ࠸ࡣࠊᡂேࡢࡑࢀ࡟ẚࡋ࡚ࡼ

ࡾៅ㔜࡟࡞ࡉࢀ࡞ࡅࢀࡤ࡞ࡽ࡞࠸ࠋࡑࡇ࡛ࠊࢹ࣮ࢱྲྀᚓ࡟㝿ࡋ࡚ἲᐃ௦⌮ேࡢ

ྠពࡀせ௳࡜ࡋ࡚ㄢࡉࢀ㸦8᮲㸧ࠊྠពྲྀᚓࡢ๓ᥦ࡜࡞ࡿ᝟ሗᥦ౪࡟㝿ࡋ࡚

ࡶࠊ᱁ูࡢ㓄៖ࡀせồࡉࢀ࡚࠸ࡿ㸦12᮲㸦1㸧㸧ࠋ ղࠕ᪂ࡓ࡞ᶒ฼ࠖ

ࠉ⮬ᕫ᝟ሗࡢࢥࣥࢺ࣮ࣟࣝ࡜࠸࠺ほⅬ࠿ࡽࠊGDPRࡢ୰࡛ࡶ≉࡟ὀ┠ࢆ㞟ࡵ࡚

࠸ࡿ୍ࡘࡣࠊ17᮲࡟ᐃࡵࡽࢀࡿࠕ๐㝖ᶒ㸦ࠕᛀࢀࡽࢀࡿᶒ฼ࠖ㸧࡛ࠖ࠶ࢁ࠺ࠋ๐ 㝖ᶒ࡞࠸ࡋᛀࢀࡽࢀࡿᶒ฼ࢆGDPR࡟ᑟධࡍࡿ࠿࡟ࡘ࠸࡚ࡣࠊ㉳ⲡẁ㝵࡛ࡶ

άⓎ࡞㆟ㄽࡀ⾜ࢃࢀࠊḢᕞ௨እ࠿ࡽࡶ㧗࠸㛵ᚰࡀᐤࡏࡽࢀ࡚࠸ࡓࠋ

ࠉᛀࢀࡽࢀࡿᶒ฼ࡣࠊḢᕞྖἲ⿢ุᡤࡢ2014ᖺ5᭶13᪥ඛỴ⿢ᐃ㸦ECJ Judgment 13 May 2014 (C-131/12) Google Spain v. AEPD and Mario Costeja González㸧

࡛ゝཬࡉࢀࡓ¹⁷ࠋᡃࡀᅜ࡛ࡶࠊḢᕞ࡛ࡢ㆟ㄽࢆ⫼ᬒ࡜ࡋ࡚ࠊᛀࢀࡽࢀࡿᶒ฼࡟ゝ ཬࡍࡿ⿢ุ౛ࡀฟࡉࢀ㸦ᮾிᆅ⿢ᖹᡂ26ᖺ10᭶9᪥௬ฎศỴᐃ㸦ุ౛㞟➼ᮍ

Ⓩ㍕㸧ࠊࡉ࠸ࡓࡲᆅỴᖹᡂ27ᖺ12᭶22᪥㸦ุ᫬2282ྕ78㡫㸧¹⁸㸧ࠊᏛ⏺࣭ᐇ

ົ⏺࠿ࡽࡶከࡃࡢㄽ✏ࡀබ⾲ࡉࢀ࡚࠸ࡿ¹⁹ࠋ

ࠉ⥆࠸࡚ࠊ17᮲࡟ᐃࡵࡽࢀࡿ๐㝖ᶒࡣࠊࢹ࣮ࢱ୺య࡟ᑐࡋ࡚ࡣࠕ୙ᙜ࡞㐜

࡞ࡃ㸦without undue delay㸧ࠖ⮬ᕫ࡟㛵ࡍࡿಶேࢹ࣮ࢱࡢᾘཤࢆᚓࡿᶒ฼࡛࠶

ࡿࠋࡑࡢ⿬㏉ࡋ࡜ࡋ࡚ࢹ࣮ࢱ⟶⌮⪅࡟ᑐࡋ࡚ࡣࠕ୙ᙜ࡞㐜࡞ࡃࠖಶேࢹ࣮ࢱ

ࢆᾘཤࡍ࡭ࡁ⩏ົࡀㄢࡉࢀࡿࠋ

ࠉࢹ࣮ࢱࡢᾘཤࢆồࡵᚓࡿሙྜ࡜ࡋ࡚ࠊಶேࢹ࣮ࢱࡢ཰㞟࣭ฎ⌮ࡢ┠ⓗ࡜ࡢ㛵 ಀ࡛ࡶࡣࡸᚲせ࡞࠸ሙྜࠊࢹ࣮ࢱ୺యࡀྠពࢆ᧔ᅇࡋࠊ࠿ࡘᙜヱࢹ࣮ࢱฎ⌮ࡢ

17ࠉ ࡇࡢECJඛỴ⿢ᐃࡢ㑥ㄒホ㔘࡜ࡋ࡚ࠊ୰すඃ⨾ᏊࠕGoogle࡜EUࡢࠕᛀࢀࡽࢀࡿᶒ฼

㸦๐㝖ᶒ㸧ࠖࠖ⮬἞◊✲90ᕳ9ྕ㸦2014㸧96㡫௨ୗࠊ୰ᮧẸ㞝ࠕEUἲุ౛◊✲㸸ᛀࢀ

ࡽࢀࡿᶒ฼஦௳ࠖἲᚊ᫬ሗ87ᕳ5ྕ㸦2015㸧132㡫௨ୗࠊ㔝⃝ṇ඘ࠕࠕᛀࢀࡽࢀࡿᶒ

฼ࠖ㸦droit à l’oubli㸧࡜ࣉࣛ࢖ࣂࢩ࣮ࡢಖㆤࠖL&T 70ྕ㸦2016㸧50㡫௨ୗࠊ㔝ࠎᮧ࿴

႐ࠕẸ஦ᩆ῭࡜ࡋ࡚ࡢࠑᛀࢀࡽࢀࡿᶒ฼ࠒ࡟ࡘ࠸࡚ࠖྠᚿ♫ἲᏛ68ᕳ7ྕ㸦2017㸧

971㡫௨ୗࠋ

18ࠉ ࡞࠾ࠊ➨୍ᑂ࡛ࡣᛀࢀࡽࢀࡿᶒ฼ࡣ⫯ᐃࡉࢀࡓࡶࡢࡢࠊ᥍ッᑂ㸦ᮾி㧗Ỵᖹᡂ28ᖺ7

᭶12᪥㸧ࠊୖ࿌ᑂ㸦᭱୕Ỵᖹᡂ29ᖺ1᭶31᪥㸧࡛ࡣࠕᛀࢀࡽࢀࡿᶒ฼ࠖ࡜࠸࠺ᴫᛕ ࡣྰᐃࡉࢀ࡚࠸ࡿࠋ

19ࠉ ఀ⸨ⱥ୍ࠕ᝟ሗ♫఍࡜ᛀ༷ᶒ㸸ᛀࢀࡿࡇ࡜ࢆᛀࢀࡓࢿࢵࢺୖࡢᶒ฼ࠖἲᏛ◊✲84ᕳ6

ྕ㸦2011㸧165㡫௨ୗࠊᐑୗ⣫ࠕᛀࢀࡽࢀࡿᶒ฼㸸ࣉࣛ࢖ࣂࢩ࣮ᶒࡢᮍ᮶ࠖ᫬ࡢἲ௧ 1906ྕ㸦2012㸧43㡫௨ୗࠊᮡ㇂┾ࠕᛀࢀ࡚ࡶࡽ࠺ᶒ฼: ே㛫ࡢࠕហ࠿ࡉࠖࡢୖ࡟⠏ࡃ ᶒ฼ࠖLaw&Practice7ྕ㸦2013㸧153㡫௨ୗࠊୖᮘ⨾✑ࠕᛀࢀࡽࢀࡿᶒ฼࡜ࣉࣛ࢖ࣂ

ࢩ࣮ࠖᮐᖠἲᏛ 25ᕳ2ྕ㸦2014㸧59㡫௨ୗࠊᣋ✏ࠕࠕᛀࢀࡽࢀࡿᶒ฼ࠖ㸸ᛀࢀࡿࡇ࡜

ࢆᛀࢀࡓୡ⏺ࡢ᪂ࡓ࡞ᶒ฼ࠖࢥࣆࣛ࢖ࢺ655ྕ㸦2015㸧44㡫௨ୗࠊᐑୗ⣫ࠕࠕᛀࢀࡽ

ࢀࡿᶒ฼ࠖࢆࡵࡄࡿᨷ㜵ࠖẚ㍑ἲ㞧ㄅ47ᕳ4ྕ㸦2014㸧29㡫௨ୗࠊᐑୗ⣫ࠕࣅࢵࢢ ࢹ࣮ࢱ᫬௦ࡢࠕᛀࢀࡽࢀࡿᶒ฼ࠖ㸸ࣉࣛ࢖ࣂࢩ࣮ಖㆤ࡟᪥ᮏ࡞ࡾࡢဴᏛࢆࠖJournalism 290ྕ㸦2014㸧94㡫௨ୗࠊ௒ᒸ┤Ꮚࠕࠕᛀࢀࡽࢀࡿᶒ฼ࠖࢆࡵࡄࡿືྥࠖㄪᰝ࡜᝟ሗ 854ྕ㸦2015㸧1㡫௨ୗࠊ▼஭ኟ⏕฼ࠕࠕᛀࢀࡽࢀࡿᶒ฼ࠖࢆࡵࡄࡿㄽ㆟ࡢព⩏ࠖ᝟ሗ

⟶⌮58ᕳ4ྕ㸦2015㸧271㡫௨ୗࠊᐑୗ⣫ࠗࣉࣛ࢖ࣂࢩ࣮ᶒࡢ᚟ᶒ㸸⮬⏤࡜ᑛཝࡢ⾪

✺࠘㸦୰ኸ኱Ꮫฟ∧㒊ࠊ2015㸧219-263㡫ࠊᐑୗ⣫ࠕࠕᛀࢀࡽࢀࡿᶒ฼ࠖ࡟ࡘ࠸࡚⪃࠼

ࡿࠖἲᏛࢭ࣑ࢼ࣮741ྕ㸦2016㸧1㡫௨ୗࠊ▼஭ኟ⏕฼ࠗಶே᝟ሗಖㆤἲࡢ⌧ᅾ࡜ᮍ ᮶㸸ୡ⏺ⓗ₻ὶ࡜᪥ᮏࡢᑗ᮶ീ㸦᪂∧㸧࠘㸦ວⲡ᭩ᡣࠊ2017㸧87-116㡫ࠊᰩ⏣ᫀ⿱ࠕࣉ

ࣛ࢖ࣂࢩ࣮࡜ࠕᛀࢀࡽࢀࡿᶒ฼ࠖࠖ㱟㇂ἲᏛ49ᕳ4ྕ㸦2017㸧305㡫௨ୗࠊ➼ࠋ

ἲⓗ᰿ᣐࡀ௚࡟Ꮡᅾࡋ࡞࠸ሙྜࠊࢹ࣮ࢱ୺యࡀಶேࢹ࣮ࢱฎ⌮࡟ᑐࡍࡿ␗㆟ࢆ

㏙࡭ࠊ࠿ࡘඃඛࡉࢀࡿࢹ࣮ࢱฎ⌮ࡢ᰿ᣐࡀ࡞࠸ሙྜ࠿ࠊࢲ࢖ࣞࢡࢺ࣭࣐࣮ࢣ ࢸ࢕ࣥࢢ࡬ࡢ␗㆟ࢆ㏙࡭ࡓሙྜࠊಶேࢹ࣮ࢱࡀ㐪ἲ࡟ྲྀࡾᢅࢃࢀࡓሙྜࠊḢᕞ ἲ࣭ຍ┕ᅜἲࡢ㑂Ᏺࡢࡓࡵ࡟ࢹ࣮ࢱᾘཤࡀᚲせ࡞ሙྜࠊ16ṓᮍ‶㸦ຍ┕ᅜἲ

࡟ࡼࡗ࡚ࡣ13ṓ௨ୗ㸧ࡢ᝟ሗ♫఍ࢧ࣮ࣅࢫࡢᥦ౪࡟㛵㐃ࡋ࡚ࢹ࣮ࢱ཰㞟ࡀ࡞

ࡉࢀࡓሙྜࠊࡀྠ᮲1㡯ྛྕ࡟ิᣲࡉࢀ࡚࠸ࡿࠋ

ࠉ࢖ࣥࢱ࣮ࢿࢵࢺୖ࡟ὶᕸࡋࡓ᝟ሗࡣ᏶඲࡞ᾘཤࡀ㞴ࡋ࠸ࡇ࡜࠿ࡽࠊᾘࡍࡇ࡜

ࡀ㞴ࡋ࠸ධቚࠊࠕࢹࢪࢱ࣭ࣝࢱࢺ࣮ࢗࠖ࡜⛠ࡉࢀࡿ²⁰ࠋḢᕞ࡛ࡣࠊࡇࡢ≧ἣ࡟ᑐ ࡍࡿ༴ᶵឤࡀ௨๓࠿ࡽ♧ࡉࢀ࡚࠸ࡓࠋḢᕞጤဨ఍ࡢྖἲ࣭ᇶᮏᶒ࣭ᕷẸᶒᢸᙜ

๪㆟㛗࡛࠶ࡿViviane Redingࡣࠊࠕ࠿ࡘ࡚ゝࢃࢀࡓࡼ࠺࡟ࠕ⚄ࡣ㉧ࡋᛀࢀࡿࡢ

࡟ࠊ࢙࢘ࣈࡣỴࡋ࡚ᛀࢀ࡞࠸ࠖࠋࡔ࠿ࡽࡇࡑࠕᛀࢀࡽࢀࡿᶒ฼ࠖࡣ⚾࡟࡜ࡗ࡚

࠿ࡃࡶ㔜せ࡞ࡢࡔ㸦As somebody once said: ^“God forgives and forgets but the Web never does!͇ This is why the “right to be forgotten” is so important for me.㸧ࠖ࡜㏙࡭

࡚࠸ࡿ²¹ࠋࡇࡢࡼ࠺࡞ᛮ᝿ࢆ⫼ᬒ࡜ࡋ࡚ࠊᾘཤᶒ࡞࠸ࡋᛀࢀࡽࢀࡿᶒ฼ࡣGDPR

࡟ᑟධࡉࢀࡓࠋ

ࠉ௚ࡢඃࢀࡓඛ⾜◊✲࡛ࡶࡍ࡛࡟ᣦ᦬ࡉࢀ࡚࠸ࡿࡀࠊᾘཤᶒ࡞࠸ࡋᛀࢀࡽࢀࡿ

ᶒ฼ࡣࠊࡑࡢᥦゝ᫬ࠊᙉ࠸཯Ⓨࢆཷࡅࡿࡇ࡜࡜࡞ࡗࡓࠋࡑࡢ⌮⏤ࡢ୍ࡘ࡟ࡣࠊ

࢙࢘ࣈ࠿ࡽࡢ᝟ሗࡢ๐㝖ࡣࠊㄡ࠿㸦᫬࡟ࡣᶒຊࢆ᭷ࡍࡿഃ㸧࡟࡜ࡗ࡚୙฼࡞᝟

ሗࢆ᜛ពⓗ࡟๐㝖ࡍࡿࡇ࡜ࢆチࡋ࡚ࡋࡲ࠸ࠊࡦ࠸࡚ࡣṔྐࡢಟṇ࡟ࡍࡽࡘ࡞

ࡀࡗ࡚ࡋࡲ࠺ࡢ࡛ࡣ࡞࠸࠿ࠊ࡜࠸࠺ᠱᛕࡀ࠶ࡿࠋࡇࢀ࡟ᑐࡋ࡚ࠊḢᕞጤဨ఍ࡣ

20ࠉ ࡇࡢ⾲⌧ࡢึฟࡣ᫂ࡽ࠿࡛ࡣ࡞࠸ࡀࠊ2013ᖺࡢTED࡟࠾ࡅࡿJuan Enriquez࡟ࡼࡿ

“Your online life, permanent as a tattoo”࡟ࡼࡾᗈࡲࡗࡓࡼ࠺࡛࠶ࡿࠋEnriquez ࡢࣉࣞࢮࣥ

ࢸ࣮ࢩࣙࣥࡣTEDࡢ࢙࢘ࣈࢧ࢖ࢺ࡛ど⫈࡛ࡁࡿ㸦https://www.ted.com/talks/juan_

enriquez_how_to_think_about_digital_tattoos㸦2019ᖺ11᭶5᪥᭱⤊☜ㄆ㸧㸧ࠋ

21ࠉ V. Reding, Privacy matters: Why the EU needs new personal data protection rules; Brussels, 30 November 2010, available at http://europa.eu/rapid/press-release_SPEECH-10-700_en.pdf [latest access: 2019/11/05]. ᛀ༷ࡀ㉧ࡋ࡟ࡘ࡞ࡀࡿ࡜࠸࠺ࡢࡣࠊ࢚࣑ࣞࣖ᭩31❶34⠇ࡢ ࠕ㸦͐㸧ࢃࡓࡋࡣᙼࡽࡢᝏࢆ㉧ࡋࠊ෌ࡧᙼࡽࡢ⨥࡟ᚰࢆ␃ࡵࡿࡇ࡜ࡣ࡞࠸ࠖ㸦᪥ᮏ⪷᭩

༠఍ࠗ⪷᭩ ᪂ඹྠヂ࠘㸧ࢆព㆑ࡋࡓࡶࡢ࡛࠶ࢁ࠺࠿ࠋ

ᛀࢀࡽࢀࡿᶒ฼ࡣࠕṔྐࡢ᏶඲࡞ᾘཤࡢᶒ฼࡛ࡣ࡞࠸ࠖ²²࡜ㄝ᫂ࡋ࡚࠸ࡿࠋ ࠉࡇࡢࡼ࠺࡞཯ᛂࡢཎᅉࡢ୍ࡘ࡟ࡣࠊࠕᛀࢀࡽࢀࡿᶒ฼ࠖ࡜࠸࠺⾲⌧ࡢ༳㇟ࡢ ᙉࡉࡀ࠶ࡿࠋࠕᛀࢀࡽࢀࡿᶒ฼ࠖࡣࣇࣛࣥࢫࡢࠕᛀ༷ᶒ㸦droit à l’oubli㸧ࠖ࡞࠸

ࡋ࢖ࢱࣜ࢔ࡢྠࡌࡃࠕᛀ༷ᶒ㸦diritto all’oblio㸧ࠖࢆ㉳※࡜ࡍࡿ࡜ゝࢃࢀࡿ²³ࠋࡇ ࡢࠕᛀ༷ࠖࡀࠊ᏶඲࡞㐣ཤࡢᾘཤ࡜࡜ࡽ࠼ࡽࢀࡓࡓࡵ࡟ᢈุࢆཷࡅ࡚࠸ࡿࡀ²⁴ࠊ GDPR࡟ᐃࡵࡽࢀࡿᾘཤᶒࡢ┠ⓗࡣ᝟ሗࡢᣑᩓࡢ㜵Ṇ^{0 0 0 0 0}࡛࠶ࡿࠋ࢖ࣥࢱ࣮ࢿࢵ

ࢺ࡛࠸ࡗࡓࢇබ㛤ࡉࢀࡓ᝟ሗࡢ᏶඲࡞๐㝖ࡣࠕ୍⯡ⓗ࡟୙ྍ⬟㸦generally

impossible㸧࡛ࠖ࠶ࡿ࡜࠸࠺ࡢࡀGDPRࡶ๓ᥦ࡜ࡍࡿ࡜ࡇࢁ࡛࠶ࡾࠊࡑࢀ࡛ࡶ࡞

࠾๐㝖ࡍ࡭ࡁ࡜࠸࠺ࢫࢱࣥࢫ࡛ࡶ࡞࠸ࠋ

ࠉ⌧௦࡛ࡣࠊ࠿ࡘ࡚࡜ẚ㍑ࡋ࡚᝟ሗ཰㞟ࡀࡁࢃࡵ࡚ᐜ࡛᫆࠶ࡾࠊ࢖ࣥࢱ࣮ࢿࢵ

ࢺࢆ฼⏝ࡍࡿ࡜ࠊᩘᅇࡢࢡࣜࢵࢡ࡛ከࡃࡢ᝟ሗࡀ཰㞟ࡉࢀࡿࠋࡑࢀࢆࡼࡾຍ㏿

ࡍࡿࡢࡀࠊ᳨⣴࢚ࣥࢪࣥࡢᏑᅾ࡛࠶ࡿࠋࡇࡢࡓࡵࠊࡇࢀࡲ࡛ࡣࠕᛀࢀࡽࢀ࡚ࡁ ࡓࠖ᝟ሗࡀࠊࡁࢃࡵ࡚⡆༢࡟Ⓨ᥀ࡉࢀ࡚ࡋࡲ࠺஦ែࡀ㉳ࡁࡿࡼ࠺࡟࡞ࡗࡓࠋࡑ ࡇ࡛ࠊࠕࡼࡾᐇົⓗ㸦more practical㸧ࠖ࡞ゎỴ⟇࡜ࡋ࡚ࠊ᳨⣴࢚ࣥࢪࣥࡢࠕࣜࢫ ࢺ࠿ࡽእࡍ㸦delisting㸧ࠖࡇ࡜ࢆ⪃៖ࡋࠊࡇࡢࠕᛀࢀࡽࢀࡿᶒ฼ࠖࡀタࡅࡽࢀࡓ ࡢ࡛࠶ࡿ²⁵ࠋ

ࠉࡲࡓࠊ20᮲࡟ᣲࡆࡽࢀࡿࢹ࣮ࢱ࣏࣮ࢱࣅࣜࢸ࢕ᶒࡶࠊ⮬ᕫ᝟ሗࢥࣥࢺ࣮ࣟ

ࣝᶒࡢᐇ⌧ࡢࡓࡵࡢ኱ࡁ࡞せ⣲࡛࠶ࡿࠋࢹ࣮ࢱ࣏࣮ࢱࣅࣜࢸ࢕ᶒ࡜ࡣࠊ⮬㌟ࡢ

22ࠉ95HGLQJ7KH(XURSHDQ'DWD3URWHFWLRQ)UDPHZRUNIRUWKH7ZHQW\¿UVW&HQWXU\,QW’l data privacy L. 1, 2012, p. 7.

23ࠉ F. U. Ahmed, Right to Be Forgotten: A Critique of the Post-Costeja Gonzalez Paradigm, 21(6) C.T.L.R. 175, 2015, p.176.

24ࠉ P. Hustinx, The Right to be Forgotten and Beyond: Data Protection and Freedom of Expression in the Age of Web 2.0, Oxford Privacy Information Law and Society Conference, June 12, 2012

ࢆཧ↷ࠋ࡞࠾ࠊࣇࣛࣥࢫࡢᛀ༷ᶒࡶࠊ⤯ᑐⓗ࡞ࡶࡢ࡛ࡣỴࡋ࡚࡞࠸ࠋᣋ✏ࠕࣇࣛࣥࢫ

࡟࠾ࡅࡿࣉࣛ࢖ࣂࢩ࣮࡜ᛀ༷㸸ࠕᛀࢀࡽࢀࡿᶒ฼ࠖࡢ⏤᮶ࢆࡓ࡝ࡗ࡚ࠖ㔠ἑἲᏛ60ᕳ 2ྕ㸦2018㸧123㡫௨ୗࠋ

25ࠉ European Network and Information Security Agency, The Right to be Forgotten: Between Expectations and Practice, 2012, p. 7, available at: https://www.enisa.europa.eu/publications/

the-right-to-be-forgotten [latest access: 2019/11/05].

ಶேࢹ࣮ࢱࢆࠊ⟶⌮⪅࠿ࡽ୍ᐃࡢࣇ࢛࣮࣐ࢵࢺ࡛ཷࡅྲྀࡾࠊ௚ࡢ⟶⌮⪅࡟⛣㌿

ࡍࡿᶒ฼࡛࠶ࡾࠊ⮬㌟ࡢಶேࢹ࣮ࢱࢆ␗࡞ࡿ⟶⌮⪅㛫࡛┤᥋⛣㌿ࡉࡏࡿᶒ฼࡛

࠶ࡿࠋ

ࠉ⌧௦♫఍࡛ࡣࠊಶே࡟㛵ࡍࡿᵝࠎ࡞ࢹ࣮ࢱࢆ฼ά⏝ࡋࠊ౛࠼ࡤಶู໬་⒪ࡢ

ࡼ࠺࡟ࠊࡑࡢಶேࡢࡓࡵ࡟࢝ࢫࢱ࣐࢖ࢬࡉࢀࡓࢧ࣮ࣅࢫࡢᥦ౪ࡀࠊᢏ⾡ⓗ࡟ࡣ

ྍ⬟࡜࡞ࡗ࡚࠸ࡿࠋࡋ࠿ࡋࠊࡇࡢ✀ࡢࢧ࣮ࣅࢫ࡟ᑐࡋ࡚ࡣᖖ࡟ࢹ࣮ࢱ୺య࡜࡞

ࡿಶேࡢࣉࣛ࢖ࣂࢩ࣮ࡢ౵ᐖ࡬ࡢᠱᛕ࡜⾲⿬୍యࡢ㛵ಀ࡟࠶ࡿࠋ

ࠉࢹ࣮ࢱ࣏࣮ࢱࣅࣜࢸ࢕ᶒࡣࠊࡇࡢࡼ࠺࡞≧ἣࢆ⫼ᬒ࡜ࡋࡘࡘࠊࢹ࣮ࢱ୺య࡟

ಶேࢹ࣮ࢱࢆ㑏ඖ^{0 0}ࡍࡿࡇ࡜ࢆಖ㞀ࡍࡿᶒ฼࡛࠶ࡿࠋࡇࡢᶒ฼ࢆ㏻ࡋ࡚ࠊࢹ࣮ࢱ

୺యࡣࠊࡇࢀࡲ࡛ࡣᵝࠎ࡞ࣉࣛࢵࢺࣇ࢛࣮࣒➼࡟ศᩓࡋ࡚࠸ࡓ⮬㌟ࡢࢹ࣮ࢱࢆ

㞟⣙࣭⤫ྜࡋࠊ⮬ศ⮬㌟࡛⟶⌮࡛ࡁࡿࠋࡑࡋ࡚ࠊࢹ࣮ࢱࡢ฼ά⏝࡟࠶ࡓࡗ࡚

ࡶࠊ⮬㌟ࡢࢽ࣮ࢬ࡟ᛂࡌ࡚⮬ศ⮬㌟࡛㑅ᢥࡋࡓ஦ᴗ⪅࡟ಶேࢹ࣮ࢱࢆጤࡡࡿࡇ

࡜ࡀ࡛ࡁࡿࠋ

ࠉࡇࡢࡼ࠺࡞᝟ሗࡀ⭾኱࡟࡞ࢀࡤࠊࡑࡢ⟶⌮ࡣ୍ಶே࡛ࡣᅔ㞴࡟࡞ࡿ࠿ࡶ▱ࢀ

࡞࠸ࠋࡑࡢ᫬࡟ࠊࢹ࣮ࢱ୺యᮏே࡟௦ࢃࡗ࡚ࢹ࣮ࢱࢆ⟶⌮࣭㞟⣙ࡋࠊࢹ࣮ࢱ୺

యࡢࢽ࣮ࢬ࡟ᚑࡗ࡚➨୕⪅࡬ࡢᥦ౪࡞࡝ࡢ฼ά⏝࡟ᦠࢃࡿࡢࡀࠊᚋࡢ❶࡛ゝཬ ࡉࢀࡿ᝟ሗ㖟⾜㸦᝟ሗಙクᴗົ㸧࡛࠶ࡿࠋ

ࠉࡇࡢࡼ࠺࡟ࠊࢹ࣮ࢱ࣏࣮ࢱࣅࣜࢸ࢕ᶒࡣࠊ௒᪥ࡢ♫఍࡟࠾࠸࡚᝟ሗࡀ⤒῭㈈

࡜ࡋ࡚㔜せ࡞఩⨨ࢆ༨ࡵࡿࡇ࡜ࢆព㆑ࡋ࡚࠸ࡿࡇ࡜ࡀࢃ࠿ࡿࠋࡑࡢୖ࡛ࡇࡢᶒ

฼ࡣࠊ௒᪥ࡢ♫఍ࡢ⌧≧࡜ࡋ࡚ࠊ᝟ሗᕷሙࡀ࢔࣓ࣜ࢝ࡢITᕧே࡟࡯ࡰ⊂༨ࡉ

ࢀ࡚࠸ࡿࡇ࡜࡟ᑐࡍࡿᑐᢠ⟇࡜ࡋ࡚఩⨨௜ࡅࡽࢀ࡚࠸ࡿࡇ࡜ࡶࠊࡁࢃࡵ࡚⯆࿡

῝࠸࡜ࡇࢁ࡛࠶ࡿ²⁶ࠋ

26ࠉ See, European Commission, Questions and Answers – General Data Protection Regulation, Brussels, 24 January 2018, available at https://ec.europa.eu/commission/presscorner/detail/en/

MEMO_18_387 [latest access: 2019/11/05] (“The new right to data portability will allow individuals to move their personal data from one service provider to another. Start-ups and smaller companies will be able to access data markets dominated by digital giants and attract more consumers with privacy-friendly solutions. This will make the European economy more competitive.”).

ճᢏ⾡ⓗᡭᙜ࡚

ࠉୖ㏙ࡢࡼ࠺࡟ࠊGDPRࡣಶே᝟ሗࡢಖㆤࠊࡑࡋ࡚⮬ᕫ᝟ሗࢥࣥࢺ࣮ࣟࣝࢆ㔜 どࡋࠊࡑࡢࡓࡵ࡟᪂ࡓ࡞ᶒ฼ࢆ᫂☜࡟♧ࡋ࡚࠸ࡿࠋࡑࡢୖ࡛ࠊᢏ⾡ⓗ࡟ࡶࡇࢀ

ࡽࡢ┠ⓗࡀ㐩ᡂࡉࢀࡿࡼ࠺ࠊᵝࠎ࡞ᐃࡵࢆ⨨ࡃࠋ

ࠉ౛࠼ࡤࠊ᝟ሗࡢὶ㏻࡟㝿ࡋ࡚㔜せ࡞ࢭ࢟ࣗࣜࢸ࢕ࡢᙉ໬ࡢࡓࡵ࡟ࠊᢏ⾡ⓗᏳ

඲ᛶࠊㄆドไᗘ➼ࡢᩚഛࢆせồࡍࡿࠋฎ⌮ࡢᏳ඲⟶⌮࡟ࡘ࠸࡚ᐃࡵࡿ32᮲

ࡸࠊࢹ࣮ࢱಖㆤࡢㄆド࡟㛵ࡍࡿ42᮲ཬࡧࡑࡢㄆドᶵ㛵࡟ࡘ࠸࡚43᮲ࡀࠊ௦⾲

ⓗ࡞౛࡜ࡋ࡚ᣲࡆࡽࢀࡿࠋ

ࠉࡑࡋ࡚ࠊ౵ᐖࡀ⏕ࡌ࡚ࡋࡲࡗࡓሙྜࡢᑐᛂ࡟ࡘ࠸࡚ࡶ᫂☜࡟ᐃࡵ࡚࠸ࡿࠋ GDPRࡣࠊ᝟ሗ₃ὤ➼ࡢ౵ᐖࡀ⏕ࡌ࡚ࡋࡲࡗࡓሙྜ࡟ࡣࠊ┘╩ᶵ㛵ཬࡧᮏே

࡬ࠊ㎿㏿࡟㏻▱࣭㐃⤡ࡍࡿ⩏ົࢆᐃࡵࡿ㸦33᮲ࠊ34᮲㸧ࠋࢹ࣮ࢱࡣ࠸ࡗࡓࢇὶ ฟࡍࡿ࡜ࠊブḭ⿕ᐖࡸྡ㄃ẋᦆࠊ㈈⏘ⓗᦆኻ࡞࡝ᵝࠎ࡞ᦆᐖࡀ⏕ࡌࡿ㸦๓ᩥ

85ࡶཧ↷㸧ࠋࡑࡋ࡚ࠊࡑࡢᑐᛂࡀ㐜ࢀࡿ࡯࡝࡟ࠊࡑࡢ⿕ᐖࡣ኱ࡁࡃ࡞ࡾࡀࡕ࡛

࠶ࡿࠋࡑࢀࡺ࠼ࠊGDPRࡣࠕ㎿㏿ࠖ࡞ᑐᛂࢆ⩏ົ࡜ࡋ࡚ㄢࡋ࡚࠸ࡿࠋ

ࠉࡑࡢ௚࡟ࡶࠊGDPR࡛ࡣ᝟ሗࡢ⟶⌮⪅ࡢ⩏ົࡢᙉ໬ࡶᐃࡵࡽࢀࡿࠋ25᮲ࡣࠊ by designࡢࢹ࣮ࢱಖㆤࠊby defaultࡢࢹ࣮ࢱಖㆤ࡟ࡘ࠸࡚ᐃࡵࡿࠋࡇࢀࡣ1990 ᖺ௦࡟࢝ࢼࢲ࡛ᥦၐࡉࢀࡓprivacy by design࡟╔᝿ࢆᚓࡓࡶࡢ࡛²⁷ࠊGDPR࡟࠾

࠸࡚ࡣࠊ᝟ሗࡢ⟶⌮⪅ࡣࠊby designࡢࢹ࣮ࢱಖㆤࠊby defaultࡢࢹ࣮ࢱಖㆤࡢཎ

๎ࢆ᥇⏝ࡋࡓ௻ᴗᨻ⟇ࡢ⟇ᐃ࡜ᥐ⨨ࡢᐇ᪋ࡀせồࡉࢀࡿࠋࡇࡇ࡟ࡣࠊ౛࠼ࡤಶ

ேࢹ࣮ࢱฎ⌮ࡢ᭱ᑠ㝈໬㸦minimising the processing of personal data㸧ࠊಶேࢹ࣮

ࢱࡢ༶᫬௬ྡ໬㸦pseudonymising personal data as soon as possible㸧ࠊಶேࢹ࣮ࢱ ฎ⌮ࡢ㏱᫂໬㸦transparency with regard to the functions and processing of personal

27ࠉ See, A. Cavoukian, Privacy by Design: The 7 Foundational Principles, available at: https://

www.ipc.on.ca/wp-content/uploads/resources/7foundationalprinciples.pdf (latest access:

2019/11/05). ࡇࡇ࡛ࡣࠊձ஦ᚋⓗ࡟࡛ࡣ࡞ࡃ஦๓࡟ࠊղᑐ⑕⒪ἲ࡛ࡣ࡞ࡃண㜵ⓗࠊճࢩ ࢫࢸ࣒ࡢࢹࢨ࢖ࣥ࡟⤌ࡳ㎸ࡲࢀࡓࣉࣛ࢖ࣂࢩ࣮ࠊմࢮࣟࢧ࣒࡛ࡣ࡞ࡃ୧❧ࡍࡿ㛵ಀࡢ Positive-Sumࠊյࣛ࢖ࣇࢧ࢖ࢡࣝࡍ࡭࡚ࢆ㏻ࡋࡓ᝟ሗࢭ࢟ࣗࣜࢸ࢕ࠊնྍどᛶ࡜㏱᫂

ᛶࠊշ࣮ࣘࢨ࣮୰ᚰࡢࣉࣛ࢖ࣂࢩ࣮ࡢᑛ㔜ࠊࡀᥖࡆࡽࢀ࡚࠸ࡿࠋ

data,㸧ࠊࢹ࣮ࢱ୺యࡢࢹ࣮ࢱฎ⌮┘ど㸦enabling the data subject to monitor the data processing㸧ࠊ᝟ሗ⟶⌮⪅ࡢࢭ࢟ࣗࣜࢸ࢕ᵓ⠏ཬࡧᨵၿ㸦enabling the controller to create and improve security features㸧➼ࡀᣲࡆࡽࢀ࡚࠸ࡿ㸦๓ᩥ78㸧ࠋ

ࠉࡼࡾලయⓗ࡟ࡣࠊ⟶⌮⪅ࡣ᝟ሗฎ⌮ࡢ㝿࡟㐺ษ࡞ᢏ⾡ⓗ࣭⤌⧊ⓗᥐ⨨ࢆㅮࡌ

࡞ࡅࢀࡤ࡞ࡽࡎࠊࢹࣇ࢛ࣝࢺ࡜ࡋ࡚ࡑࢀࡒࢀ≉ᐃࡉࢀࡓ┠ⓗࡢᚲせ࡞⠊ᅖ࡛ࡢ

ࡳࢹ࣮ࢱฎ⌮ࢆ⾜࠺ࡇ࡜ࢆ☜ᐇ࡟ࡍࡿᥐ⨨ࢆㅮࡌ࡞ࡅࢀࡤ࡞ࡽ࡞࠸ࠋ

ࠉࡑࡋ࡚ࠊࡇࢀࡽࡢせㄳࡢᐇ⌧ࢆᢸಖࡍࡿࡓࡵࠊࢹ࣮ࢱಖㆤᙳ㡪ホ౯㸦Data Protection Impact Assessment: DPIA㸧ࡢᐇ᪋ࡸ㸦35᮲㸧²⁸ࠊࢹ࣮ࢱಖㆤ㈐௵⪅

㸦'DWD3URWHFWLRQ2I¿FHU'32㸧ࡢタ⨨㸦37᮲㸧࡜࠸ࡗࡓ௙⤌ࡳࡶ‽ഛࡉࢀ࡚࠸

ࡿࠋ

ࠉࡉࡽ࡟ࠊಶேࢹ࣮ࢱࡢ₃ὤ࡞࡝ఱࡽ࠿ࡢ஦ែࡀ⏕ࡌࡓ᫬ࡢᩆ῭ᡭẁ࡜ࡋ࡚ࠊ

᏶඲࡟⊂❧ࡋࡓ┘╩ᶵ㛵ࡢタ⨨ࡀせồࡉࢀ㸦51᮲㸧ࠊࡑࡢ௵ົࡸᶒ㝈ࠊάື࡟

ࡘ࠸࡚ࡶヲ⣽࡞つᐃࡀ⨨࠿ࢀ࡚࠸ࡿ㸦52㹼59᮲㸧ࠋຍ࠼࡚ࠊᩆ῭ࠊἲⓗ㈐௵ཬ ࡧไ⿢ᥐ⨨ࠊᦆᐖ㈺ൾࡢᶒ฼࡟ࡘ࠸࡚ࡶ᫂ᩥࡢつᐃࡀ⨨࠿ࢀ࡚࠸ࡿ㸦77㹼79 ᮲ࠊ82᮲㸧ࠋࡉࡽ࡟ࠊ᭱ࡶ⪥┠ࢆ㞟ࡵࡓ୍ࡘ࡛࠶ࡿไ⿢㔠࡟ࡘ࠸࡚ࡶཝࡋ࠸つ ᐃࡀタࡅࡽࢀ㸦83᮲㸧ࠊࢹ࣮ࢱ⟶⌮⪅➼ࡢ⩏ົ㐪཯࡟ࡘ࠸࡚ࡣࠊ㐪཯⪅ࡢ඲ୡ

⏺ࡢᖺ㛫኎ୖ㧗ࡢ2%࠿1000୓࣮ࣘࣟࡢ࠸ࡎࢀ࠿㧗࠸᪉ࠊGDPRࡢᇶᮏཎ๎

㐪཯࡟ࡘ࠸࡚ࡣ㐪཯⪅ࡢ඲ୡ⏺ࡢᖺ㛫኎ୖ㧗ࡢ4%࠿2000୓࣮ࣘࣟࡢ࠸ࡎࢀ

࠿㧗࠸᪉ࡀࠊไ⿢㔠࡜ࡋ࡚ㄢࡉࢀࡿࡇ࡜࡟࡞ࡗ࡚࠸ࡿࠋ᪥ᮏ࡛ࡣࠊ౛࠼ࡤ࣐࢖

ࢼࣥࣂ࣮ไᗘ࡟࠾࠸࡚ࠊಶே␒ྕ฼⏝஦ົ࣭ಶே␒ྕ㛵ಀ஦ົ➼࡟ᚑ஦ࡍࡿ⪅

ࡀࠊṇᙜ࡞⌮⏤࡞ࡃࠊᴗົ࡛ྲྀࡾᢅ࠺ಶேࡢ⛎ᐦࡀグ㘓ࡉࢀࡓ≉ᐃಶே᝟ሗ

ࣇ࢓࢖ࣝࢆᥦ౪ࡋࡓሙྜ࡟4ᖺ௨ୗࡢᠬᙺࡶࡋࡃࡣ200୓෇௨ୗࡢ⨩㔠㸦࠶ࡿ

28ࠉ ࡇࢀ࡟ࡘ࠸࡚ࠊ29᮲సᴗ㒊఍ࡀ࢞࢖ࢻࣛ࢖ࣥࢆ♧ࡋ࡚࠸ࡿࠋSee, Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 (Adopted on 4 April 2017, Revised and Adopted on 4 October 2017), available at: https://ec.europa.eu/newsroom/article29/item-detail.

cfm?item_id=611236 (latest access: 2019/11/05). 㑥ヂ࡜ࡋ࡚ࠊ᪥ᮏ㈠᫆᣺⯆ᶵᵓ㸦ࢪ࢙ࢺ

ࣟ㸧ᾏእㄪᰝ㒊Ḣᕞࣟࢩ࢔CISㄢࡀࠊ௬ヂࢆබ㛤ࡋ࡚࠸ࡿࠋhttps://www.jetro.go.jp/ext_

images/world/europe/eu/gdpr/pdf/dpia.pdf㸦2019ᖺ11᭶5᪥᭱⤊☜ㄆ㸧ࢆཧ↷ࠋ

࠸ࡣࡑࡢే⛉㸧࡜࡞ࡗ࡚࠸ࡿ㸦࣐࢖ࢼࣥࣂ࣮ἲ48᮲㸧ࠋࡇࢀ࡜ẚ㍑ࡋ࡚ࡶ

GDPRࡢไ⿢㔠ࡢ㢠ࡣࡁࢃࡵ࡚኱ࡁࡃࠊ᝟ሗࢆᢅ࠺௻ᴗ࡟࡜ࡗ࡚ࡣ㔜኱࡞㛵ᚰ

஦㡯࡜࡞ࡿࡇ࡜ࡣᐜ᫆࡟᝿ീ࡛ࡁࡿࠋ

㸦2㸧EUᇦෆ࡛ࡢࢹ࣮ࢱಖㆤ࡟㛵ࡍࡿ࣮ࣝࣝࡢ୍ඖ໬

ࠉGDPRࡣḢᕞ࡟࠾ࡅࡿಶேࢹ࣮ࢱࡢಖㆤ࡜ὶ㏻ࡢࣂࣛࣥࢫࢆᅗࡿࡓࡵࡢつ๎

࡛࠶ࡿࠋࡍ࡛࡟㏙࡭ࡓ㏻ࡾࠊࡇࡢ๓㌟࡜ࡋ࡚1995ᖺࡢࢹ࣮ࢱಖㆤᣦ௧ࡀᏑᅾ ࡋࡓࠋࡇࡢᣦ௧ࢆつ๎࡬ࠕ᱁ୖࡆࠖࡍࡿࡇ࡜࡟ࡼࡾࠊຍ┕ᅜෆ࡟࠾࠸࡚ࡣ༢୍

࣮ࣝࣝࡢ┤᥋ⓗ㐺⏝ࡀྍ⬟࡜࡞ࡗࡓࠋ

ࠉࡇࢀ࡟ࡼࡾࠊ࠿ࡘ࡚ၥ㢟どࡉࢀ࡚࠸ࡓḢᕞᇦෆ࡟࠾ࡅࡿಶே᝟ሗ࣭ಶேࢹ࣮

ࢱࡢಖㆤࣞ࣋ࣝࡢᕪ␗ࡢゎᾘࡀࡣ࠿ࡽࢀࡿࡇ࡜࡜࡞ࡗࡓࠋࡉࡽ࡟ࠊ┘╩ᶵ㛵ࡢ ᶒ㝈ࢆ᫂☜໬ࡋ㸦56᮲㸧ࠊࡑࡢ┘╩ᶵ㛵ྠኈࡢ༠ຊࠊ୍㈏ᛶ࣓࢝ࢽࢬ࣒㸦One-

stop-shop㸧ࢆᑟධࡍࡿࡇ࡜࡛㸦60㹼62᮲ࠊ63᮲㸧ࠊࡼࡾᐇຠⓗ࡞ࢩࢫࢸ࣒ࡀᵓ

⠏ࡉࢀࡓࠋ

ࠉᣦ௧᫬௦࠿ࡽࠊຍ┕ᅜࡢ┘╩ᶵ㛵࡜Ḣᕞࢹ࣮ࢱಖㆤ┘╩ᐁ࠿ࡽ࡞ࡿ29᮲స ᴗ㒊఍ࡀᏑᅾࡋࡓࡀࠊࡇࢀࡣἲⓗᣊ᮰ຊࢆ᭷ࡍࡿពぢࡸ່࿌ࢆ♧ࡍ⤌⧊࡛ࡣ࡞

࠿ࡗࡓࠋࡑࡇ࡛ࠊGDPR࡛ࡣࠊᣊ᮰ຊࡢ࠶ࡿỴᐃࢆୗࡍᶒ㝈ࢆ᭷ࡍࡿḢᕞࢹ࣮

ࢱಖㆤ఍㆟㸦European Data Protection Board; EDPB㸧ࡀタ⨨ࡉࢀ࡚࠸ࡿ㸦68 ᮲㸧ࠋ

㸦3㸧ᅜ㝿ⓗ࡞㸦ᑐᇦእࢆྵࡴ㸧ࢹ࣮ࢱಖㆤࡢヲ⣽࡞࣮ࣝࣝࡢ⟇ᐃ

ࠉ᭱ᚋ࡟ࠊGDPRࡀὀ┠ࡉࢀࡿࡶ࠺୍ࡘࡢ⌮⏤࡜ࡋ࡚ࠊ➨୕ᅜࡢ⟶⌮⪅࡟㐺⏝

ࡉࢀࡿ⠊ᅖ㸦ᇦእ㐺⏝㸧ࡀᐃࡵࡽࢀ࡚࠸ࡿⅬࡀᣲࡆࡽࢀࡿࠋ

ࠉGDPRࡣࠊḢᕞᇦෆ࡟⟶⌮⪅ࡸฎ⌮⪅ࡀ୙ᅾ࡛࠶ࡿሙྜ࡛࠶ࡗ࡚ࡶࠊ୍ᐃࡢ ሙྜ࡟ᇦእ㐺⏝ࢆㄆࡵ࡚࠸ࡿ㸦3᮲2㡯㸧ࠋձ᭷ൾ࣭↓ൾࢆၥࢃࡎEUᇦෆ࡟

࠸ࡿಶே࡟ၟရࡸࢧ࣮ࣅࢫࢆᥦ౪ࡋ࡚࠸ࡿሙྜࠊղEUᇦෆ࡛ࡢಶேࡢ⾜ືࢆ

┘ど㸦ࣔࢽࢱࣜࣥࢢ㸧ࡋ࡚࠸ࡿሙྜࠊ࡛࠶ࡿࠋࡇࡢ⠊ᅖࡣࠊ๓㌟࡛࠶ࡿࢹ࣮ࢱ ಖㆤᣦ௧ࡀᐃࡵ࡚࠸ࡓࠊ⟶⌮⪅ࡀEUᇦෆ࡟஦ᴗᡤࢆᣢࡘ࠿ࠊEUᇦෆࡢタഛ

࡛ࢹ࣮ࢱฎ⌮ࢆ⾜࠺ሙྜࡼࡾࡶᣑ኱ࡋ࡚࠸ࡿࠋ

ࠉࡇࡢつᐃ࡟ࡼࡾࠊᡃࡀᅜࡢ஦ᴗ⪅࡛࠶ࡗ࡚ࡶࠊୖ㏙ࡢ≧ἣ࡟ヱᙜࡍࡿሙྜ࡟

ࡣࠊGDPRࡀ㐺⏝ࡉࢀࡿྍ⬟ᛶࡀ⏕ࡌࡿࠋࡍ࡛࡟ᣦ᦬ࡋࡓ㏻ࡾࠊGDPRࡣ㐪཯

ࡢሙྜࡢไ⿢㔠ࡢ㢠ࡀࡁࢃࡵ࡚኱ࡁ࠸ࡇ࡜ࡶ࠶ࡾࠊ஦ᴗ⪅࡟࡜ࡗ࡚ࡣ㔜኱࡞㛵 ᚰ஦࡜࡞ࡗ࡚࠸ࡿ²⁹ࠋ

ࠉࡉࡽ࡟GDPRࡣࠊຍ┕ᅜ࡛ࡣ࡞࠸➨୕ᅜ࡬ಶேࢹ࣮ࢱࡀ⛣㌿ࡍࡿ㝿࡟ࠊḢ ᕞጤဨ఍ࡀㄆᐃࡋࡓ༑ศ࡞ࢹ࣮ࢱಖㆤࡢỈ‽ࢆ☜ಖࡋ࡚࠸ࡿࡇ࡜ࢆồࡵࡿ

㸦ࠕ༑ศᛶㄆᐃࠖ㸧ࠋࡑࡢᇶ‽ࡣ45᮲࡟ิᣲࡉࢀ࡚࠾ࡾࠊࡇࡢ༑ศᛶㄆᐃࡀ࡞࠸

➨୕ᅜ࡬ࢹ࣮ࢱ⛣㌿ࢆࡍࡿሙྜ࡟ࡣࠊ46᮲࡟ᐃࡵࡽࢀࡿ㐺ษ࡞ᥐ⨨ࡀㅮࡌࡽ

ࢀ࡞ࡅࢀࡤ࡞ࡽ࡞࠸ࠋ2018ᖺ12᭶⌧ᅾ࡛ࡣࠊ᪥ᮏࡣ༑ศᛶㄆᐃࢆᚅࡘẁ㝵࡛

࠶ࡿ³⁰ࠋ

ࠉከᅜ⡠௻ᴗ࡟࠾࠸࡚ࡣࠊḢᕞᇦෆࡢࢢ࣮ࣝࣉ௻ᴗ࠿ࡽࠊᇦእࡢࢢ࣮ࣝࣉ௻ᴗ

࡬࡜᝟ሗࢆ⛣㌿ࡋࡓ࠸࡜࠸࠺せㄳࡶ࠶ࡾᚓࡿࠋࡇࡢࡼ࠺࡞௻ᴗࢢ࣮ࣝࣉෆ࡛ࡢ ಶேࢹ࣮ࢱ⛣㌿࡟㛵ࡋ࡚ࡣࠊᣊ᮰ⓗ௻ᴗ‽๎㸦Binding Corporate Rules㸧ࢆタ ࡅࠊྛᅜࡢಖㆤᙜᒁ㸦Data Protection Authority; DPA㸧ࡢᢎㄆࢆཷࡅࢀࡤࠊಶே

ࢹ࣮ࢱࡢ⛣㌿ࡀྍ⬟࡜࡞ࡿࡇ࡜ࡀᐃࡵࡽࢀࡓ㸦47᮲㸧ࠋ

ࠉࡇࡢࡼ࠺࡞༑ศᛶㄆᐃ࠶ࡿ࠸ࡣᣊ᮰ⓗ௻ᴗ‽๎࡟ᚑ࠺ಶேࢹ࣮ࢱࡢ⛣㌿௨እ ࡣࠊGDPRࡣࠊ➨୕ᅜࡢ⾜ᨻᶵ㛵࠿ࡽࡢࢹ࣮ࢱ㛤♧せồ࡟ᑐࡋ࡚ࡶཝࡋ࠸ጼໃ

ࢆ♧ࡋ࡚࠸ࡿ㸦48᮲㸧ࠋࡇࢀࡣࠊ౛࠼ࡤFacebook➼ࡢIT௻ᴗࡀ࢔࣓ࣜ࢝ᅜᐙ Ᏻ඲ಖ㞀ᒁ㸦NSA㸧➼ࡢᅜᐙᶵ㛵࡟ḢᕞᕷẸࡢ᝟ሗࢆᥦ౪ࡋ࡚࠸ࡓࡼ࠺࡟ࠊḢ ᕞᕷẸࡢࣉࣛ࢖ࣂࢩ࣮࡜࠸࠺ᇶᮏᶒࡀಖㆤࡉࢀ࡞࠸ࡼ࠺࡞⾜Ⅽ࡬ࡢᑐᢠᥐ⨨࡛

ࡶ࠶ࡿ³¹ࠋࡇࡇ࡟ࡶࠊୖ࡟ᣦ᦬ࡋࡓࠊ኱すὒࢆᣳࢇࡔᡓத㸦transatlantic war㸧ࡢ 29ࠉ ᮏ㑥࡛ಶே᝟ሗࡢಖㆤ࡟㛵ࡍࡿ✀ࠎࡢᴗົࢆᢸᙜࡍࡿಶே᝟ሗಖㆤጤဨ఍ࡶࠊࡇࢀ࡟

㛵ᚰࢆᐤࡏࠊࠕྛ⤌⧊࣭௻ᴗ➼ࡢᴗົ࡬ࡢᙳ㡪࡟ࡘ࠸࡚ࠊ࠶ࡽ࠿ࡌࡵഛ࠼࡚࠾ࡃᚲせ ࡀ࠶ࠖࡿ࡜ࡋ࡚ࠊ࢙࢘ࣈࢧ࢖ࢺ࡛GDPR࡟㛵㐃ࡍࡿ㈨ᩱࡢ௬ヂࡢබ㛤࡞࡝ࢆ⾜ࡗ࡚࠸

ࡿࠋhttps://www.ppc.go.jp/enforcement/infoprovision/laws/GDPR/㸦2019ᖺ11᭶5᪥᭱⤊

☜ㄆ㸧ࢆཧ↷ࠋ

30ࠉ ࡑࡢᚋࠊ2019ᖺ1᭶23᪥ࠊ᪥ᮏࡣ༑ศᛶㄆᐃࢆᚓ࡚࠸ࡿࠋ

31ࠉ See, Panel for the Future of Science and Technology, How the General Data Protection 5HJXODWLRQFKDQJHVWKHUXOHVIRUVFLHQWL¿FUHVHDUFK-XO\SSDYDLODEOHDWKWWS

୍➃ࢆ┳ྲྀࡍࡿࡇ࡜ࡀ࡛ࡁࡿࠋ

⤖ࡧ࡟௦࠼࡚

ࠉGDPRࡣࠊḢᕞ࡜࠸࠺୍኱⤒῭ᅪࡢἲつ๎࡜࠸࠺ࡇ࡜ࡶ࠶ࡾࠊ௒ᚋࡢࢹ࣮ࢱ ᕷሙ࡟࠾࠸࡚↓どࡍࡿࡇ࡜ࡣ࡛ࡁ࡞࠸኱ࡁ࡞఩⨨ࢆ༨ࡵࡿࡶࡢ࡛࠶ࡿࠋ ࠉ⣬ᖜࡢไ⣙࠿ࡽࡁࢃࡵ࡚㞧㥍࡞ゎㄝ࡟⤊ጞࡏࡊࡿࢆᚓ࡞࠿ࡗࡓࡀࠊGDPRࡀ Ḣᕞࡢ౯್ほ࡟῝ࡃ᰿ᕪࡋࡓࡶࡢ࡛࠶ࡾࠊಶேࢹ࣮ࢱࡢಖㆤ࡜࠸࠺ഃ㠃࠿ࡽࠊ ᇶᮏⓗ౯್࡛࠶ࡿಶேࡢᑛཝࡢಖㆤࢆព㆑ࡋ࡚࠸ࡿࡇ࡜ࢆᥥࡅ࡚࠸ࢀࡤᖾ࠸࡛

࠶ࡿࠋ

ࠉࢹ࣮ࢱࡢ฼ά⏝࡜࠸࠺ほⅬ࠿ࡽぢࢀࡤࠊGAFA࡟௦⾲ࡉࢀࡿ᝟ሗ௻ᴗࢆ᧦ࡍ

ࡿ࢔࣓ࣜ࢝ࡢ❧ሙ࠿ࡽࡣࠊᙜ↛ࢹ࣮ࢱࡢྲྀᚓࡸὶ㏻ࡣಁ㐍ࡉࢀࡿ࡭ࡁ࡜ࡢὶࢀ

࡟࡞ࢁ࠺ࠋࡋ࠿ࡋࠊࡑࢀ࡟ᑐࡍࡿ཯Ⓨࡶᙜ↛࠶ࡾᚓࡿ࡜ࡇࢁ࡛࠶ࡿࠋ࡜ࡾࢃࡅ Ḣᕞࡀ࢔࣓ࣜ࢝࡜ࡇࡢⅬ࡛ᑐ❧ࡍࡿࡢࡣࠊᮏ✏࡛㏙࡭ࡓ㏻ࡾࠊ᰿ᮏⓗ࡞౯್ほ

࡛␗࡞ࡿどⅬࢆ᭷ࡍࡿ࠿ࡽ࡛࠶ࡿࠋࡇࡢⅬࢆ↓どࡋ࡚ࡣࠊ┦஫⌮ゎࡣ㐍ࡲࡎࠊ

⁁ࡣ῝ࡲࡿࡤ࠿ࡾ࡜࡞ࢁ࠺ࠋ

ࠉ⩻ࡗ࡚ᡃࡀᅜ࡛ࡶࠊࢹ࣮ࢱ฼ά⏝࡟ࡼࡿ⤒῭ⓗ࢖ࣥࣃࢡࢺࢆ㔜どࡋࠊྈ⟶ࡑ ࡢಁ㐍ࢆྉࡪࡼ࠺࡞ࠊ࠸ࡉࡉ࠿஘ᭀ࡟ࡶឤࡌࡽࢀࡿㄽㄪࡶࠊ᫬࡟ࡣぢࡽࢀࡿࠋ

౛࠼ࡤ2013ᖺࡢJRᮾ᪥ᮏ࡟ࡼࡿSuica஌㝆ᒚṔࢹ࣮ࢱࡢ㈍኎࡟ᑐࡋ࡚ࠊᾘ㈝

⪅࠿ࡽࠕẼᣢࡕᝏ࠸ࠖ࡜཯Ⓨࡀฟࡓࡀ³²ࠊࡇࢀࡣ࡞ࡐ࡞ࡢ࠿ࠋឤ᝟ⓗ཯ᛂ࡟ࡶᛮ

ࢃࢀࡿࡀࠊ࡛ࡣࠊࡑࡢឤ᝟ࡣ࡝ࡇ࡟᰿ᕪࡍࡶࡢ࠿ࠋ᪂ࡓ࡞ไᗘタィ࡟㝿ࡋ࡚

ࡣࠊࡑࡇࡲ࡛୎ᑀ࡟᥀ࡾୗࡆࡿࡇ࡜ࡀᚲせ࡟࡞ࢁ࠺ࡋࠊࡑࢀࡣ࢔࢝ࢹ࣑ࢬ࣒ࡢ

㈐ົࡢ୍ࡘ࡛࠶ࢁ࠺ࠋ

ࠉࢫࢥࢵࢺ࣭ࢠ࢙ࣕࣟ࢘࢖ࡣGAFAࢆ㯲♧㘓ࡢᅄ㥽ኈ࡟㆜࠼ࡓࡀࠊ㯲♧㘓ࡣ

www.europarl.europa.eu/RegData/etudes/STUD/2019/634447/EPRS_STU(2019)634447_

EN.pdf (latest access: 2019/11/05). Ḣᕞྖἲ⿢ุᡤࡢ2013ᖺࡢSchrems஦௳㸦C- 362/14㸧ࡶཧ↷ࠋ

32ࠉ ࠕࠕSuica஌㝆ᒚṔ㈍኎ࠖኻ⟇ࡢᩍカ㸸ࣃ࣮ࢯࢼࣝࢹ࣮ࢱά⏝6ࡘࡢ຺ᡤࠖ᪥ᮏ⤒῭᪂

⪺㸦2013ᖺ12᭶19᪥௜㸧ࠋ

⤊ᮎ࡜ࠊࡑࡋ࡚᪂ࡓ࡞ኳᆅ๰㐀ࢆᥥࡃࡶࡢ࡛࠶ࡿࠋ᝟ሗ࡜ࢹ࣮ࢱࡢୡ⏺࡟ࡣࠊ ࡍ࡛࡟ᅄ㥽ኈࡀ⌧ࢀࡓࠋ௒ᚋࠊ࠸࠿࡞ࡿ᪂ࡓ࡞ኳᆅ࡜࡞ࡿࡢ࡛࠶ࢁ࠺࠿ࠋ

ࢃࡓࡋࡣࡲࡓࠊ᪂ࡋ࠸ኳ࡜᪂ࡋ࠸ᆅࢆぢࡓࠋ᭱ึࡢኳ࡜᭱ึࡢᆅࡣཤࡗ࡚

⾜ࡁࠊࡶࡣࡸᾏࡶ࡞ࡃ࡞ࡗࡓࠋ᭦࡟ࢃࡓࡋࡣࠊ⪷࡞ࡿ㒔ࠊ᪂ࡋ࠸࢚ࣝࢧࣞ

࣒ࡀࠊኵࡢࡓࡵ࡟╔㣭ࡗࡓⰼ᎑ࡢࡼ࠺࡟⏝ពࢆᩚ࠼࡚ࠊ⚄ࡢࡶ࡜ࢆ㞳ࢀࠊ ኳ࠿ࡽୗࡗ࡚᮶ࡿࡢࢆぢࡓࠋ㸦21:01-02㸧

㸦͐㸧

ᙼࡽࡢ┠ࡢᾦࢆࡇ࡜ࡈ࡜ࡃࡠࡄ࠸ྲྀࡗ࡚ࡃࡔࡉࡿࠋࡶࡣࡸṚࡣ࡞ࡃࠊࡶ

ࡣࡸᝒࡋࡳࡶჃࡁࡶປⱞࡶ࡞࠸ࠋ᭱ึࡢࡶࡢࡣ㐣ࡂཤࡗࡓ࠿ࡽ࡛࠶ࡿࠋ 㸦21:04㸧

̿̿ࣚࣁࢿࡢ㯲♧㘓㸦᪥ᮏ⪷᭩༠఍ࠗ⪷᭩ ᪂ඹྠヂ࠘㸧

ᮏ✏ࡣࠊಙク༠఍ಙク◊✲ዡບ㔠ࡢᡂᯝࡢ୍㒊࡛࠶ࡿࠋ

ࡢ૽ૂ༭༗ࢌ༹͂ GDPR ̞̾̀ͅ

㔠ἑ኱Ꮫ኱Ꮫ㝔ἲົ◊✲⛉ࠉ

㛗ࠉ℩ࠉ㈗ࠉᚿ

ࡣࡌࡵ࡟

ࠉࡇࡢᗘ㸪㔠ἑ኱ᏛἲᏛ㢮࡜➨୍ᮾிᘚㆤኈ఍ྖἲ◊✲ጤဨ఍ಙクἲ◊✲㒊఍

ࡀඹദࡍࡿᮏࢩ࣏ࣥࢪ࣒࢘࡟࠾ᣍࡁ࠸ࡓࡔࡁឤㅰࡍࡿ࡜࡜ࡶ࡟㸪ࡇࢀࡼࡾ㸪ᡃ ࡀᅜࡢಶே᝟ሗಖㆤἲ࡜GDPR࡟ࡘ࠸࡚㸪ᡃࡀᅜࡢಶே᝟ሗಖㆤἲࢆ࣮࣋ࢫ

࡟㸪GDPR࡜ࡢ␗ྠࢆㄝ᫂ࡍࡿࠋ

㸯㸬ಶே᝟ሗಖㆤἲ࡜GDPRࡢ㛵ಀ

ࠉࡲࡎࡣಶே᝟ሗಖㆤἲࢆㄝ᫂ࡍࡿࡀ㸪ྠἲࡢ┠ⓗ࡟ࡘ࠸࡚ࡣ㸪ྠἲࡢ➨㸯᮲

࡟グ㍕ࡉࢀ࡚࠾ࡾ㸪ࠕ㧗ᗘ᝟ሗ㏻ಙ♫఍ࡢ㐍ᒎ࡟క࠸ಶே᝟ሗࡢ฼⏝ࡀⴭࡋࡃ ᣑ኱ࡋ࡚࠸ࡿࡇ࡜࡟㚷ࡳࠊಶே᝟ሗࡢ㐺ṇ࡞ྲྀᢅ࠸࡟㛵ࡋࠊᇶᮏ⌮ᛕཬࡧᨻᗓ

࡟ࡼࡿᇶᮏ᪉㔪ࡢసᡂࡑࡢ௚ࡢಶே᝟ሗࡢಖㆤ࡟㛵ࡍࡿ᪋⟇ࡢᇶᮏ࡜࡞ࡿ஦㡯

ࢆᐃࡵࠊᅜཬࡧᆅ᪉බඹᅋయࡢ㈐ົ➼ࢆ᫂ࡽ࠿࡟ࡍࡿ࡜࡜ࡶ࡟ࠊಶே᝟ሗࢆྲྀ

ࡾᢅ࠺஦ᴗ⪅ࡢ㑂Ᏺࡍ࡭ࡁ⩏ົ➼ࢆᐃࡵࡿࡇ࡜࡟ࡼࡾࠊಶே᝟ሗࡢ㐺ṇ࠿ࡘຠ

ᯝⓗ࡞ά⏝ࡀ᪂ࡓ࡞⏘ᴗࡢ๰ฟ୪ࡧ࡟άຊ࠶ࡿ⤒῭♫఍ཬࡧ㇏࠿࡞ᅜẸ⏕άࡢ ᐇ⌧࡟㈨ࡍࡿࡶࡢ࡛࠶ࡿࡇ࡜ࡑࡢ௚ࡢಶே᝟ሗࡢ᭷⏝ᛶ࡟㓄៖ࡋࡘࡘࠊಶேࡢ ᶒ฼฼┈ࢆಖㆤࡍࡿࡇ࡜ࢆ┠ⓗ࡜ࡍࡿࠖ࡜㠀ᖖ࡟㛗࠸ෆᐜ࡟࡞ࡗ࡚࠸ࡿࠋࡇࢀ

ࡣせࡍࡿ࡟㸪ಶே᝟ሗ࡟㛵ࡍࡿಶேࡢᶒ฼࣭฼┈ࡢಖㆤ࡜ࠊಶே᝟ሗࡢ᭷⏝ᛶ

࡜ࡢࣂࣛࣥࢫࢆᅗࡿࡇ࡜ࢆ┠ⓗ࡜ࡋࡓἲᚊ㸪࡜࠸࠺ෆᐜ࡛࠶ࡿࠋ

ࠉࡇࢀ࡟ᑐࡋ㸪GDPRࡣ㸪ࠕಶேࢹ࣮ࢱࡢฎ⌮࡟㛵ࡍࡿ⮬↛ேࡢಖㆤ࡟㛵ࡍࡿ

つ๎࠾ࡼࡧಶேࢹ࣮ࢱࡢ⮬⏤࡞ὶ㏻࡟㛵ࡍࡿつ๎ࠖ࡜ࡉࢀ࡚࠸ࡿࠋ

ࠉࡇࡢࡼ࠺࡟୧⪅ࡢෆᐜࢆẚ㍑ࡋ࡚ࡳࡿ࡜㸪࠸ࡎࢀࡶࡑࡢ┠ⓗࡣ࡯ࡰྠࡌ࡜࠸

࠺ࡇ࡜ࡀ࡛ࡁࡿࠋ

ࠉࡇࡢࡼ࠺࡟㸪┠ⓗࢆྠࡌࡃࡍࡿつᐃ࡜࡞ࡗ࡚࠸ࡿࡢࡣ㸪࠸ࡎࢀࡶ࠸ࢃࡺࡿ

OECD㸶ཎ๎࡟ᇶ࡙ࡁ㸪ไᐃࡉࢀ࡚࠸ࡿ࠿ࡽ࡛࠶ࡿࠋOECD㸶ཎ๎࡜ࡣ㸪

࣭཰㞟ไ㝈ࡢཎ๎㸦Collection Limitation Principle㸧

࣭ࢹ࣮ࢱෆᐜࡢཎ๎㸦Data Quality Principle㸧

࣭┠ⓗ᫂☜໬ࡢཎ๎㸦3XUSRVH6SHFL¿FDWLRQ3ULQFLSOH㸧

࣭฼⏝ไ㝈ࡢཎ๎㸦Use Limitation Principle㸧

࣭Ᏻ඲ಖㆤࡢཎ๎㸦Security Safeguards Principle㸧

࣭බ㛤ࡢཎ๎㸦Openness Principle㸧

࣭ಶேཧຍࡢཎ๎㸦Individual Participation Principle㸧

࣭㈐௵ࡢཎ๎㸦Accountability Principle㸧

࡜࠸ࡗࡓࡇ࡜ࢆෆᐜ࡜ࡋ࡚࠸ࡿࡀ㸪ࡇࢀࡽࡢཎ๎࡟ᇶ࡙ࡁ㸪ྛᅜࡸྛᆅᇦࡀ㸪 ಶே᝟ሗࡢྲྀᢅ࠸࡟㛵ࡍࡿἲ௧ࢆไᐃࡋ࡚࠸ࡿࡇ࡜㸪ࡑࡋ࡚ಶே᝟ሗࡢྲྀᢅ࠸

࡟ࡘࡁ㸪ྛᅜࡸྛᆅᇦ࡟࠾࠸࡚㸪ᡓ␎ⓗ࡟฼⏝ࡋ࡚࠸ࡁࡓ࠸࡜࠸࠺ࢽ࣮ࢬࡀ࠶

ࡿࡇ࡜㸪ࡇࡢࡼ࠺࡞ඹ㏻ࡍࡿ⫼ᬒ࠿ࡽ㸪ᡃࡀᅜࡢሙྜ࡟ࡣಶே᝟ሗಖㆤἲࡀไ ᐃࡉࢀ㸪EU࡟࠾࠸࡚ࡣGDPRࡀไᐃࡉࢀࡓࡶࡢ࡛࠶ࡾ㸪࠸ࢃࡤ㸪OECD㸶ཎ

๎ࢆぶ࡜ࡋࡓ඗ᘵࡢࡼ࠺࡞㛵ಀ࡜࠸࠼ࡿࠋ

ࠉࡓࡔ㸪Ḣᕞ࡟࠾࠸࡚ࡣ㸪ᡃࡀᅜࡼࡾࡶಶே᝟ሗࡢྲྀᢅ࠸࡟㛵ࡋ࡚ࡣඛࢇࡌ࡚

࠾ࡾ㸪࠸ࢃࡤ඗࡟࡞ࡾ㸪ᡃࡀᅜࡣᘵࡢࡼ࠺࡞㛵ಀ࡜࡞ࡿࠋᡃࡀᅜ࡟ಶே᝟ሗಖ ㆤἲࡀไᐃࡉࢀࡓ2003ᖺ㸦ᖹᡂ15ᖺ㸧࡟࠾࠸࡚㸪⾗㆟㝔ࡢグ㘓ࢆぢ࡚ࡶ㸪 ࠕ1995ᖺ࡟Ḣᕞ㐃ྜ࡛᥇ᢥࡉࢀࡓࠗ㹃㹓ࢹ࣮ࢱಖㆤᣦ௧㸦Directive 95/46/

EC㸧࠘࡟ᑐࡋ࡚㸪᪥ᮏ࡜ࡋ࡚ࡶఱࡽ࠿ࡢᑐᛂࡀᚲせ࡛࠶ࡿࠖ࡜ࡢㄆ㆑ࡢୗ࡟㸪 ಶே᝟ሗಖㆤἲࡀᡃࡀᅜ࡛ไᐃࡉࢀ࡚࠸ࡿࠋࡓࡔ㸪ࡑࡢ᫬Ⅼ࡛㸪ಶே᝟ሗ₃࠼

࠸࡟㛵ࡍࡿ஦௳ࡶ㢖Ⓨࡋ࡚࠾ࡾ㸪ࡑ࠺࠸ࡗࡓ஦௳ࡶἲᚊไᐃࡢ㏆ᅉ࡜࡞ࡗࡓ࡜

ࡶゝࢃࢀ࡚࠸ࡿࠋ

ࠉࡕ࡞ࡳ࡟࢔࣓ࣜ࢝࡟࠾࠸࡚ࡣ㸪ಶே᝟ሗ࡜ࡣ␗࡞ࡿࣉࣛ࢖ࣂࢩ࣮࡜࠸࠺ᴫᛕ

࡛ಶே࡟㛵ࡍࡿ᝟ሗࢆᢅࡗ࡚࠾ࡾ㸪ྲྀᢅ࠸ࡀ␗࡞ࡿࡇ࡜࡟ὀពࡀᚲせ࡜࡞ࡿ

ࡀ㸪௒ᅇࡣࡇࡢⅬ࡟㛵ࡋ࡚ࡢ῝ධࡾࡣࡋ࡞࠸ࠋ

㸰㸬ಶே᝟ሗಖㆤἲ࡜GDPRࡢ┦㐪Ⅼ㸦⥲ㄽ㸧

ࠉࡇࡢࡼ࠺࡞඗ᘵ㛵ಀ࡟࠶ࡿಶே᝟ሗಖㆤἲ࡜GDPRࡔࡀ㸪኱ࡁࡃ7ࡘࡢ㐪

࠸ࡀ࠶ࡿࠋ

ࠉࡲࡎࡣಖㆤࡢ⠊ᅖ࡛࠶ࡿࠋಶே᝟ሗಖㆤἲ࡟࠾࠸࡚ࡣ㸪ࠕ⏕Ꮡࡍࡿಶே࡛≉

ᐃࡢಶேࢆ㆑ู࡛ࡁࡿࡶࡢࠖࡀ࣓࢖ࣥ࡜࡞ࡗ࡚࠸ࡿࡢ࡟ᑐࡋ㸪GDPR࡛ࡣ㸪 ࠕ㆑ูࡉࢀࡓ㸪ࡲࡓࡣ㆑ู࡛ࡁࡿ⮬↛ே࡟㛵ࡍࡿ᝟ሗࠖ࡜࡞ࡗ࡚࠾ࡾ㸪࢜ࣥࣛ

࢖ࣥ㆑ูᏊ㸪ࡓ࡜࠼ࡤ㸪ࢡࣞࢪࢵࢺ␒ྕࡸ࢙࢘ࣈࢧ࣮ࣅࢫࢆ฼⏝ࡍࡿ࡜ࡁ࡟స ᡂࡋࡓ࣮ࣘࢨྡࡶྵࡴෆᐜ࡜࡞ࡗ࡚࠸ࡿࠋࡇࡢⅬࡣಶே᝟ሗಖㆤἲࡢᨵṇࡢ᳨

ウ࡟࠾࠸࡚ࡶ༠㆟ࡉࢀࡓᶍᵝࡔࡀ㸪ᡃࡀᅜ࡛ࡣ᥇⏝ࡉࢀ࡞࠿ࡗࡓࠋ

ࠉḟ࡟㸪ྠពࡢ᭷ຠせ௳࡛࠶ࡿࠋಶே᝟ሗಖㆤἲ࡟ࡣ㸪≉࡟᫂グࡉࢀ࡚࠸࡞࠸

ࡀ㸪GDPR࡟࠾࠸࡚ࡣ㸪ྠពࡢ௵ពᛶ㸪≉ᐃᛶ㸪᫂ⓑᛶ࡞࡝㸪ྠពࡀ᭷ຠ࡜࡞

ࡿࡓࡵࡢせ௳ࡀ࠿࡞ࡾ⣽࠿ࡃグ㍕ࡉࢀ࡚࠸ࡿࠋࡇࡢⅬ࡟ࡘ࠸࡚ࡣᚋ࡯࡝ヲ⣽࡟

ㄝ᫂ࡍࡿࡀ㸪࠿࡞ࡾཝࡋ࠸ෆᐜ࡜࡞ࡗ࡚࠸ࡿࡇ࡜࡟ὀពࡀᚲせ࡛࠶ࡿࠋ ࠉࡑࡋ࡚㸪ࢹ࣮ࢱ୺యࡀᥦ౪ࡍ࡭ࡁ᝟ሗࡢⅬ࡛࠶ࡿࠋಶே᝟ሗಖㆤἲ࡟ࡣఱࡽ

᫂グࡉࢀ࡚࠸࡞࠸ࡀ㸪GDPR࡟࠾࠸࡚ࡣ㸪⟶⌮⪅ࡢྡ⛠࡞࡝㸪≉ᐃࡢ᝟ሗࡢᥦ ౪⩏ົࡀつᐃࡉࢀ࡚࠸ࡿࠋ

ࠉࡲࡓ㸪㉺ቃ⛣㌿つไ࡛ࡶⱝᖸࡢ㐪࠸ࡀ࠶ࡿࠋ࠸ࡎࢀ࡟࠾࠸࡚ࡶ㸪ཎ๎࡜ࡋ࡚

㉺ቃ⛣㌿ࢆㄆࡵࡎ㸪ࡓࡔ㸪୍ᐃࡢせ௳ࢆㄢࡋࡓୖ࡛㸪㉺ቃ⛣㌿ࢆㄆࡵ࡚࠸ࡿ

ࡀ㸪ಶே᝟ሗಖㆤἲ࡟࠾࠸࡚ࡣ㸪ᡃࡀᅜ࡜ྠ➼ࡢಖㆤỈ‽ࡀ࠶ࡿ࡜ಶே᝟ሗಖ ㆤጤဨ఍つ๎࡛ᐃࡵࡓሙྜࡸྠព࡞࡝ࢆせồࡋ࡚࠸ࡿࡢ࡟ᑐࡋ㸪GDPR࡟࠾࠸

࡚ࡣ㸪༑ศᛶㄆᐃࡸྠព࡞࡝ࢆせồࡋ࡚࠸ࡿࠋ

ࠉࡑࡋ࡚㸪ᇦእ㐺⏝࡟ࡘ࠸࡚ࡶ኱ࡁࡃ␗࡞ࡗ࡚࠸ࡿࠋಶே᝟ሗಖㆤἲࡶGDPR

ࡶ㸪୍ᐃࡢ⠊ᅖ࡛ᇦእ㐺⏝ࢆつᐃࡋ࡚࠸ࡿࡀ㸪ಶே᝟ሗಖㆤἲࡣ⌧ᆅࡢ┘╩ᙜ ᒁࡀ࣮ࣝࣝࢆ㐺⏝ࡍࡿࡇ࡜ࢆ᝿ᐃࡋ࡚࠸ࡿࡢ࡟ᑐࡋ㸪GDPR࡟࠾࠸࡚ࡣ㸪EU ࡀ┤᥋GDPRࢆ㐺⏝ࡍࡿࡇ࡜ࢆ᝿ᐃࡋ࡚࠸ࡿࠋࡇࡢⅬ࡟㸪Ḣᕞࡢಶே᝟ሗಖ ㆤ࡟ᑐࡍࡿᙉ࠸᝿࠸ࢆឤࡌࡿࡇ࡜ࡀ࡛ࡁࡿࠋ

ࠉࡉࡽ࡟㸪ࢭࣥࢩࢸ࢕ࣈ࣭ࢹ࣮ࢱ࡟ࡘ࠸࡚㸪ಶே᝟ሗಖㆤἲࡣ㸪ே✀ࡸಙ᮲ࢆ

ᑐ㇟࡜ࡋ࡚࠸ࡿࡢ࡟ᑐࡋ㸪GDPR࡛ࡣ㸪ே✀㸪ᨻ἞ⓗぢゎ㸪᐀ᩍⓗಙᛕ㸪㑇ఏ Ꮚࢹ࣮ࢱ࡞࡝㸪ಶே᝟ሗಖㆤἲ࡜㔜࡞ࡿ㒊ศ࡜ࡑࢀ௨ୖࡢ㒊ศࡀ࠶ࡿࠋ ࠉࡑࡋ࡚㸪ᩆ῭࣭ไ⿢㔠࡛࠶ࡿࠋࡇࡢⅬࡀᴟࡵ࡚኱ࡁ࡞ᙳ㡪ຊࢆࡶࡗ࡚࠾ࡾ㸪 ಶே᝟ሗಖㆤἲ࡟࠾࠸࡚ࡣ⨩㔠ࢆ⛉ࡍࡇ࡜ࡶ᝿ᐃࡋ࡚࠸ࡿࡀ㸪࠶ࡃࡲ࡛⌧ᆅࡢ

࣮ࣝࣝࡢ㐺⏝ࢆ᝿ᐃࡋ࡚࠸ࡿࡢ࡟ᑐࡋ㸪GDPR࡟࠾࠸࡚ࡣ㸪EU⊂⮬ࡢᕧ㢠ࡢ ไ⿢㔠ࢆ᝿ᐃࡋ࡚࠸ࡿࠋලయⓗ࡟ࡣ㸪᭱኱࡛2000୓࣮ࣘࣟ㸦⣙25൨෇㸧ཪࡣ ᙜヱ఍ィᖺᗘࡢ඲ୡ⏺ᖺ㛫኎ୖ㧗ࡢ4㸣ࡢ㸪࡝ࡕࡽ࠿㧗࠸᪉ࢆไ⿢㔠࡜ࡋ࡚⛉

ࡍࡇ࡜ࡀつᐃࡉࢀ࡚࠸ࡿࠋ

ࠉ᭱ᚋ࡟㸪GDPR࡟࠾࠸࡚ࡣ㸪୍ᐃࡢ⠊ᅖ࡛ࡣ࠶ࡿࡀ㸪ᮍᡂᖺ⪅ࡢᖺ㱋ࡢྲྀᢅ

࠸ࡸ㸪࣊ࣝࢫࢣ࢔ࢹ࣮ࢱࡢྲྀᢅ࠸࡞࡝㸪≉ᐃࡢ஦㡯࡟ࡘ࠸࡚ࡣ㸪ຍ┕ᅜࡢ⿢㔞

࡟ࡼࡾ␗࡞ࡿෆᐜ࡜࡞ࡿⅬ࡟ὀពࡀᚲせ࡛࠶ࡿࠋ≉࡟ࢻ࢖ࢶࡣGDPRࡼࡾࡶ

ཝࡋ࠸つไࢆタࡅ࡚࠸ࡿࡇ࡜ࡶ࠶ࡾ㸪ὀពࡀᚲせ࡛࠶ࡿࠋ ࠉ௨ୖࡀ㸪ಶே᝟ሗಖㆤἲ࡜GDPRࡢ㸪኱ࡁ࡞┦㐪Ⅼ࡛࠶ࡿࠋ

㸱 㸬ಶே᝟ሗಖㆤἲ࡜GDPRࡢ┦㐪Ⅼ㸦ྛㄽ㸧ࠉ㸫ಶே᝟ሗಖㆤἲ࡟࠾ࡅࡿಶ

ே᝟ሗࡢྲྀᢅ࠸ࢆ࣮࣋ࢫ࡟㸫 㸦㸯㸧␗ྠࢆ᳨ウࡍࡿどⅬ

ࠉ࡛ࡣḟ࡟㸪ಶே᝟ሗಖㆤἲ࡜GDPRࡢ┦㐪Ⅼ࡟ࡘ࠸࡚㸪⣽࠿ࡃㄝ᫂ࡍࡿࠋ ࡇࢀ࠿ࡽඛࡣ㸪ಶே᝟ሗಖㆤἲ࡟࠾ࡅࡿಶே᝟ሗࡢྲྀᢅ࠸㸪ࡍ࡞ࢃࡕ㸪ಶே᝟

ሗಖㆤἲࡢᑐ㇟࡜࡞ࡿಶே᝟ሗ➼ࡢᑐ㇟ࡀఱ࠿㸪ࡑࡢྲྀᢅ୺యࡣㄡ࠿㸪ಶே᝟

ሗ➼ࡢྲྀᚓࡣ࡝ࡢࡼ࠺࡟⾜࠺࠿㸪⟶⌮ࡣ࡝ࡢࡼ࠺࡟⾜࠺࠿㸪ࡑࡢ฼⏝ࡸᥦ౪㸪 㛤♧ࡣ࡝ࡢࡼ࠺࡟⾜࠺࠿㸪ࡑࡋ࡚₃࠼࠸ࡀ⏕ࡌࡓ࡜ࡁ࡟࡝࠺ࡍ࡭ࡁ࠿㸪࡜࠸ࡗ ࡓほⅬ࠿ࡽㄝ᫂ࡍࡿࠋ

㸦㸰㸧ಶே᝟ሗ➼ࡢᑐ㇟

ࠉࡲࡎ㸪ಶே᝟ሗ➼ࡢᑐ㇟࡛࠶ࡿࡀ㸪ࡇࡢⅬ㸪ಶே᝟ሗಖㆤἲ࡟࠾࠸࡚ࡣ㸪 ࠕ⏕Ꮡࡍࡿಶே࡟㛵ࡍࡿ᝟ሗ࡛࠶ࡾ㸪࠿ࡘ㸪Ặྡ࡞࡝࡟ࡼࡾ≉ᐃࡢಶேࢆ㆑ู

࡛ࡁࡿࡶࡢ㸪ࡲࡓࡣ㸪ಶே㆑ู➢ྕࡀྵࡲࢀࡿࡶࡢࠖࡀᑐ㇟࡜ࡉࢀ࡚࠸ࡿࠋࡇ

ࡢࡼ࠺࡟㸪୍⯡⏝ㄒ࡜ࡋ࡚ࡢಶே᝟ሗ඲⯡࡛ࡣ࡞ࡃ㸪࠶ࡃࡲ࡛㸪⏕Ꮡࡋ࡚࠸ࡿ

⮬↛ே࡟㛵ࡍࡿࡶࡢ࡛࠶ࡾ㸪࠿ࡘ㸪ಶே㆑ูᛶࢆ᭷ࡍࡿࡶࡢࡀᑐ㇟࡜࡞ࡗ࡚࠸

ࡿࠋලయⓗ࡟ࡣ㸪ᮏேࡢẶྡࡸ⏕ᖺ᭶᪥㸪ఫᡤࡣࡶࡕࢁࢇ㸪㜵≢࣓࢝ࣛ࡟グ㘓 ࡉࢀࡓ᝟ሗ࡞࡝࡛ᮏேࡀ㆑ู࡛ࡁࡿᫎീ᝟ሗ㸪≉ᐃಶேࢆ㆑ู࡛ࡁࡿ࣓࣮ࣝ࢔

ࢻࣞࢫࡀ≉ᐃࡢಶேࢆ㆑ู࡛ࡁࡿࡶࡢࡢ௦⾲౛࡛࠶ࡾ㸪ࡲࡓ㸪ಶே㆑ู➢ྕࡢ

౛࡜ࡋ࡚ࡣ㸪࣐࢖ࢼࣥࣂ࣮ࡸ㐠㌿චチド␒ྕ㸪DNAሷᇶ㓄ิ㸪ᣦ⣠㸪㟼⬦ࡢ ᙧ≧࡞࡝࡜࠸ࡗࡓࡶࡢࡀᣲࡆࡽࢀࡿࠋ

ࠉࡑࡋ࡚㸪ࡇࡢࡼ࠺࡞ಶே᝟ሗ࡟ຍ࠼㸪せ㓄៖ಶே᝟ሗ࡜࠸࠺ࡶࡢࡀつᐃࡉࢀ

࡚࠸ࡿࠋࡇࢀࡣ㸪ࠕᮏே࡟ᑐࡍࡿ୙฼┈ࡀ⏕ࡌ࡞࠸ࡼ࠺࡟ࡑࡢྲྀᢅ࠸࡟≉࡟㓄

៖ࢆせࡍࡿࡶࡢ࡛㸪ᨻ௧࡛ᐃࡵࡽࢀ࡚࠸ࡿࡶࡢ࡛ࠖ㸪ලయⓗ࡟ࡣ㸪ே✀㸪ಙ ᮲㸪♫఍ⓗ㌟ศ࡜࠸ࡗࡓ᠇ἲ࡟ࡶつᐃࡉࢀ࡚࠸ࡿࡼ࠺࡞ࡶࡢࡢእ࡟㸪㌟యࡢ㞀 ᐖࡸ▱ⓗ㞀ᐖ㸪೺ᗣデ᩿⤖ᯝ㸪㐊ᤕṔࡸಖㆤฎศṔ࡞࡝࡜࠸ࡗࡓࡶࡢࡀᑐ㇟࡜

࡞ࡿࠋ

ࠉࡇࡢࡼ࠺࡟㸪ಶே᝟ሗಖㆤἲ࡟࠾࠸࡚ࡣ㸪ಶே᝟ሗࡑࡢࡶࡢࡢእ࡟㸪せ㓄៖

ಶே᝟ሗࢆຍ࠼㸪ࠕಶே᝟ሗ➼ࠖ࡜ࡋ࡚㸪ࡑࡢಖㆤࡢᑐ㇟࡜ࡋ࡚࠸ࡿࠋ ࠉࡇࡢࡼ࠺࡞ಶே᝟ሗಖㆤἲ࡜ẚ㍑ࡋ㸪GDPR࡟࠾࠸࡚ࡣ㸪ඛ࡟㏙࡭ࡓ࡜࠾

ࡾ㸪ࠕ࢜ࣥࣛ࢖ࣥ㆑ูᏊࠖ࡜࠸ࡗࡓࡶࡢࡶࡑࡢಖㆤࡢᑐ㇟࡜࡞ࡗ࡚࠸ࡿࠋࡲ

ࡓ㸪ಶே᝟ሗಖㆤἲ࡟࠸࠺ࠕせ㓄៖ಶே᝟ሗࠖ࡟┦ᙜࡍࡿࡶࡢ࡜ࡋ࡚㸪ࠕࢭࣥ

ࢩࢸ࢕ࣈ࣭ࢹ࣮ࢱࠖ࡜࠸࠺ࡶࡢࡀ࠶ࡿࡀ㸪せ㓄៖ಶே᝟ሗࡼࡾࡶᴫᛕࡀᗈࡃ㸪

౛࠼ࡤ㸪೺ᗣ࡟㛵ࡍࡿࢹ࣮ࢱ࡟ࡘ࠸࡚ࡣ㸪ಶே᝟ሗಖㆤἲ࡛ࡣࠕᶵ⬟ࡢ㞀ᐖࠖ

࡜࠸࠺㝈ᐃࡢ⠊ᅖෆ࡛࠶ࡿࡶࡢࡢ㸪GDPR࡛ࡣࡑࡢࡼ࠺࡞㝈ᐃࡣ࡞ࡃ㸪ࢹ࣮ࢱ

୺యࡢ೺ᗣ≧ែ࡟㛵ࡍࡿࡍ࡭࡚ࡀࡑࡢಖㆤࡢᑐ㇟࡜࡞ࡗ࡚࠸ࡿࠋࡲࡓ㸪ᛶ⏕ά

ࡸᛶⓗႴዲ࡟㛵ࡍࡿࢹ࣮ࢱࡶ㸪ಶே᝟ሗಖㆤἲ࡟ࡣྵࡲࢀ࡚࠸࡞࠸ࡶࡢࡢ㸪 GDPR࡟ࡣྵࡲࢀ࡚࠸ࡿࠋࡋࡓࡀࡗ࡚㸪ࡘ࠸ඛ᪥㸪ࢿࢵࢺୖ࡛ࡕࡻࡗ࡜ࡋࡓ㦁 ࡂ࡟࡞ࡗࡓ㸪TSUTAYAࡢᗑဨࡀ㸪⮬ศࡢዲࡁ࡞࢔࣮ࢸ࢕ࢫࢺࢆᢈุࡉࢀ࡚❧

⭡ࡋ㸪ࡑࡢᢈุࡋࡓᐈࡢࠕྡ๓࠿ࡽᛶⒷࡲ࡛ᭀ㟢ྍ⬟ࠖ࡜᭩ࡁ㎸ࢇࡔ௳࡟㛵 ࡋ㸪௬࡟ᛶⒷࢆ࢔ࢵࣉ࣮ࣟࢻࡋ࡚࠸ࡓࡽ㸪GDPR࡛ࡣไ⿢ࡢᑐ㇟࡜࡞ࡿࡇ࡜࡟