

通訊監察與民主監督
83
守」。
100
其次,與里斯本條約一同制定,在
2009
年生效的歐盟運
作條約
(
Treaty on the Functioning of the EU; TFEU
)
第
16
條,則是
強調每個人均有其個人資料受到保護之權利,並且賦予歐洲議會等
歐盟立法權機關權限,令其就歐盟組織、機關及成員國對個人資料
之處理,以及個人資料之流通建立規則。
101
歐盟在
1995
年開始就個人資料的近用進行規範,並發布了
1995
年第
46
號指令
(即一般所稱的「資料保護指令」
[Data Pro-
tection Directive; DPD]
),
102
該指令規定成員國在處理個人資料
時,有義務保障國民的基本權利,尤其是隱私權。而個人資料的處
理,則必須建立在「質的原則」(
qualitative principle
)
上,包括個人
資料的取得就其所欲追求的目的必須符合比例,且原則上必須取得
當事人同意。
103
同時,此一指令也禁止成員國處理種族、宗教、
政治傾向等敏感資料。另外,此一指令也規定當事人必須知悉其個
人資料的蒐集,而且當事人擁有近用、要求修改甚至封鎖資料的權
利。
2001
年歐盟成立歐洲資料保護監察官
(
European Data Protec-
100
Charter of Fundamental Rights of the European Union [2000/C 364/01], Art. 8:
1
)
Everyone has the right to the protection of personal data concerning him or her.
2
)
Such data must be processed fairly for specified purposes and on the basis of the
consent of the person concerned or some other legitimate basis laid down by law.
Everyone has the right of access to data which has been collected concerning him
or her, and the right to have it rectified.
3
)
Compliance with these rules shall be subject to control by an independent au-
thority.
101
Consolidated Version of the Treaty on the Functioning of the European Union,
May 9, 2008, 2008 O.J. [C 115] 47, Art. 16.
102
Directive 95/46/EC of the European Parliament and of the Council of 24 October
1995 on the Protection of Individuals with Regard to the Processing of Personal
Data and on the Free Movement of Such Data, 1995 O.J. [L 281] 31.
103
DPD, Art. 6[1].