個人資料保護官（DPO）法制之比較研究與我國推動建議

A Comparative Study on the Mechanism of Data Protection Officer

強化個人資料保護已是主要國家共同重視的議題，國際潮流也由早期產業自律及立法規範分庭抗禮之情形，開始側重制定個人資料保護專法。為確保資料控管者與資料處理者落實個人資料保護立法之法律遵循，主要國家開始採納「個人資料保護官」（DPO）此一重要機制。觀察當前可見立法例，個人資料保護官之定位可概分為「側重監督模式」與「側重執行模式」，本文比較關聯國際個人資料保護立法有關個人資料保護官機制之設計，包括應任命個人資料保護官之情形、其所承擔之職責事項與資格／職能要求，以及個人資料保護官之相應法律責任等重要議題。並在前揭比較研究之基礎上，進一步檢視我國現行關聯規範，若我國後續如擬推動個人資料保護官機制，針對機制推動所應慮及之重要事項逐一提出具體建議，以期助益完善我國整體個人資料保護法制。

Strengthening personal data protection has become the consensus of major countries and the international trend has shifted from industry self-regulation to the enactment of necessary personal data protection legislation. In order to ensure that data controllers or processors comply with the requirements of personal data protection laws, some legislation begins to require them to appoint a“Data Protection Officer (DPO)”. The primary role of the DPO is to ensure that data controllers or processors process the personal data of its staff, customers, providers or any other individuals in compliance with the applicable data protection rules. Observing international personal data protection legislation that including the provision of DPO, the positioning of DPO can be divided into“focusing on supervision”and“focusing on enforcement”models. This paper analyses the design of data protection officers in the legislation of various countries. On the basis of comparative analysis, the author aims at the important issues of promoting DPO mechanism in Taiwan, including the scope of designation, positioning, responsibilities and qualifications of DPO, proposes legal promotion suggestions.