ITをめぐる法律問題について考える このページをアンテナに追加 RSSフィード

2017-08-24

個人情報のプロファイリングリスクに関するメモ(EUのGDPR)

※随時更新予定。

大量の個人情報が今やネット上に存在し、またスマホICカードPOS端末、センサー、カメラなどからも続々と大量の個人情報を収集できる時代において、こうやって収集された個人情報によって、人が「プロファイリングされるリスク」というのが指摘されています。

各国における議論をメモ化していきたいなと思っていますが、まずはEUのGDPRから

Article 4 Definitions

(4)‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Article 22 Automated individual decision-making, including profiling

1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

2. Paragraph 1 shall not apply if the decision:

(a)

is necessary for entering into, or performance of, a contract between the data subject and a data controller;

(b)

is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or

(c)

is based on the data subject's explicit consent.

3. In the cases referred to in points (a) and (c) of paragraph 2, the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

4. Decisions referred to in paragraph 2 shall not be based on special categories of personal data referred to in Article 9(1), unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.

仮訳↓

プロファイリング」とは、特定人の個人的側面(特に、人の仕事の能力(パフォーマンス)、経済状況、健康、趣味嗜好、興味、信頼性、行動、位置、動作に関する分析又は予測)を評価する個人データの利用による自動処理を意味する。

この定義は、当初の提案よりも狭くなっているとのこと。Trackingとの違いが、以下のサイトで次のように記述されていました。


Top 10 operational impacts of the GDPR: Part 5 - Profiling


This definition implicitly excludes data processing that is not “automated.”

Further elaboration of this definition may be found in the Recitals, where the GDPR establishes its jurisdiction over non-EU controllers provided they are “monitoring the behaviour of [EU] data subjects as far as their behaviour takes places within the European Union.” Processing activity involves data subject “monitoring” when “individuals are tracked on the Internet including potential subsequent use of data processing techniques which consist of profiling an individual, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes.” This definition suggests that profiling is not equivalent to tracking, but instead is something more, involving the intention to take decisions regarding a data subject or predict the subject’s behaviors and preferences.

商標の電子出願のやり方

商標を電子出願することにしました。やり方の備忘録です。

1.商標名を決める(電子出願か否かに関係せず必要)

2.公的個人認証の準備(電子出願のために必要)


3.インターネット出願ソフトの準備(電子出願のために必要)

4.申請書類の作成(電子出願か否かに関係せず必要)

5.電子出願(電子出願のために必要)

  • 出願ソフトで出願 →参考
  • 変換後の書類(送信ファイルフォルダ内の書類)を確認。エラーが出てたら直す。わからなければ、特許庁に問い合わせられる。
  • オンライン出願して受領証を表示。

参考サイト

☆自分向けメモ

  • 一件しか出願していないので、様子を見てもう一件出願する
  • 審査通知まで数か月程度要