On March 30, 2021, the European Commission (the “Commission”) announced the successful conclusion of the adequacy talks with the Republic of Korea.

The adequacy talks confirmed the convergence between European and South Korean data protection laws, particularly with the recent entry into force of South Korea’s Personal Information Protection Act (“PIPA”) and the strengthening of the powers of the Personal Information Protection Commission’s (“PIPC”), the Korean data protection authority..

An adequacy finding, which will cover both commercial operators and the public sector, will enable free and safe flows of data between the EU and the Republic of Korea. The adequacy decision also will complement the Free Trade Agreement between the EU and Korea.

So far, the EU has recognized Andorra, Argentina, and Canadian organizations subject to PIPEDA, the Faroe Islands, Guernsey, Israel, the Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay, as providing an adequate level of data protection.

Next steps

The Commission will now launch the decision-making procedure to adopt its adequacy finding in the coming months. This involves (1) obtaining an opinion from the European Data Protection Board and (2) obtaining the green light from a committee composed of representatives of EU Member States. After that, the Commission will adopt the adequacy decision on the Republic of Korea.

Read the joint statement by Commissioner Reynders and PIPC Chairperson Yoon Jong In.