On 24 September 2021, the European Data Protection Board (EDPB) gave its opinion (32/2021) on the draft decision of the European Commission (EC) on the adequate protection of personal data in the Republic of Korea. The EDPB opinion focused on the assessment of both the general GDPR aspects of the draft decision and the access by public authorities to personal data transferred from the EEA for the purposes of law enforcement and national security, including the legal remedies available to individuals in the EEA. The EDPB also assessed whether the safeguards provided under the Korean legal framework are in place and effective.
The Republic of Korea should join the small number of states recognised by the EC as offering an adequate level of protection, such as Japan, the United Kingdom, Argentina or Israel (see the full list here). This recognition is important in particular for Korean companies with a worldwide (and thus an EU) presence, such as Kia, Samsung or Hyundai.
By Edouard Cruysmans and Erik Valgaeren