EU-REPUBLIC OF KOREA ADEQUACY DECISIONS FINALIZED
By Claude-Etienne Armingaud, Andrew L. Chung, Camille Scarparo and Eric Yoon
Following the conclusion of the adequacy talks in March 2021, the European Commission has adopted on 17 December 2021 an adequacy decision addressing the transfers of personal data to the Republic of Korea under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive.
Both texts prohibit the transfer of personal data to “third countries” unless (a) the destination country benefits from (i) an adequacy decision or (ii) appropriate safeguards, such as standard contractual clauses (see our alert here) or codes of conduct (see our alert here); or (b) one of the limited derogations under Article 49 GDPR applies.
With regards to the adequacy talks, the Republic of Korea agreed on the implementation of additional safeguards. Accordingly, the reform of Republic of Korea’s data protection framework (the Personal Information Protection Act) in August 2020, implemented several additional safeguards including transparency provisions and enforcement power strengthening of the Personal Information Protection Commission (§70).
The Republic of Korea adequacy decision complements the Free Trade Agreement (FTA) of July 2011 and allows a seamless flow of personal data between the Republic of Korea and the European Union.
Unlike the UK adequacy decision which contains a sunset clause (see our alert here), the Republic of Korea adequacy decision is not limited in time. However, pursuant to Article 45.3 GDPR, the European Commission carry out a first review of the decision after three years to evaluate any evolution in the Republic of Korea data protection framework, that would lead to divergence with the EU regulations (§220).
The Republic of Korea now belongs to the increasing group of third countries benefiting from an adequacy decision (including, since GDPR’s entry into force, Japan and the UK).
The firm’s global data protection team (including in each of our European offices) remains available to assist you in achieving the compliance of your data transfers at global levels.