On 30 March 2021, the European Commission announced, in a joint statement with South Korea’s data protection authority, the Personal Information Protection Commission (PIPC), the “successful conclusion” of the adequacy talks between the EU and South Korea. Such adequacy decision will enable the free flow of personal data from the EU to South Korea, covering both private and public data controllers, and ultimately benefiting commercial data transfers and facilitating regulatory cooperation.
The adequacy talks began over four years ago, in January 2017 and this announcement brings them closer to receiving this adequacy decision. South Korea has been preparing for this adequacy decision by amending its data protection laws (which it did last year), to, for example, enact the new Personal Information Protection Act, which confirmed the independence and powers of the PIPC. This was referred to in the announcement as confirming the “high degree of convergence” between the EU and South Korea for data protection and was a major step in the adequacy talks.
The announcement also complements the EU-Republic of Korea Free Trade Agreement, and both sides agree that this will aid in their commitment to shared values concerning privacy and cooperation. The framework for the future adequacy decision relies on the strong supervision of the PIPC.
The European Commission will now begin launching the decision-making procedure to get the adequacy decision adopted in the upcoming months.
The European Data Protection Board will publish an opinion before formal approval by a committee comprised of representatives of the EU member states. Once it is approved, the Commission can adopt the adequacy decision, thereby introducing the free flow of personal data between the EU and South Korea.