On 24 September 2021, the European Data Protection Board (EDPB) issued its opinion on the European Commission’s (EC) draft adequacy decision in respect of South Korea. On 16 June 2021, the EC launched the procedure for the adoption of an adequacy decision for South Korea under the General Data Protection Regulation (GDPR), which would allow free transfers of … Continue Reading
On 30 March 2021, the European Commission announced, in a joint statement with South Korea’s data protection authority, the Personal Information Protection Commission (PIPC), the “successful conclusion” of the adequacy talks between the EU and South Korea. Such adequacy decision will enable the free flow of personal data from the EU to South Korea, covering … Continue Reading
The Act on the Promotion of Information Communication Network Utilization and Information Protection (“PICNUIA”) has been amended to include potential punitive damages for South Korean businesses that provide services over the internet. From 23 September this year, any serious data breach experienced by such businesses will lead to financial liability of up to three times … Continue Reading
Ever since January 2014, when South Korea’s credit card industry lost huge amounts of customer data during a data breach, the South Korean government has been gradually announcing stricter penalties for those who run afoul of data protection rules. The latest amendment to the Personal Information Protection Act (PIPA), Bill No. 15737 (‘Amendment’), published 7 … Continue Reading
South Korea’s Ministry of Government Administration and Home Affairs issued an amended version of the Standards of Personal Information Security Measures (the ‘Standards’). These Standards seek to close loopholes and inadequacies in the South Korean data protection law, and to counter the growing number of data breaches, especially those arising from use of mobile devices. … Continue Reading
In December 2014, the Korea Communications Commission (KCC) released the“Big Data Guidelines for Data Protection” (Guidelines). Aimed at Information and Communications Service Providers (ICSPs), they are designed to prevent the misuse of “publicly available information” to create and exploit new information. The Guidelines expressly permit ICSPs to collect and use “publicly available information”, within certain … Continue Reading
On 27 October 2013, South Korea’s Ministry of Security and Public Administration (MOSPA) announced that beginning 28 November 2013, the government is set to issue certifications to companies that can demonstrate compliance with their duties under the Personal Information Protection Act (PIPA). Companies will be able to file applications for certification to the National Information … Continue Reading
