May 25, 2022

Volume XII, Number 145

Advertisement
Advertisement

May 24, 2022

Subscribe to Latest Legal News and Analysis

May 23, 2022

Subscribe to Latest Legal News and Analysis

European Commission Adopts Korean Adequacy Decision

The European Commission recently adopted an adequacy decision regarding the Republic of Korea’s data protection laws. As a result of this decision, personal data can freely flow between the EEA and South Korea without the need for additional transfer mechanisms.

Without such a finding of adequacy, EU law prohibits the transfer of data out of the EU without certain measures being in place. These include, for example, the transferring entity and the recipient entering into Standard Contractual Clauses, or the recipient having Binding Corporate Rules in place. South Korea now joins 13 other countries that are able to freely transfer data from the EEA. This list includes Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, United Kingdom, and Uruguay.

This decision follows the EDPB’s September opinion on the Commission’s draft Korea adequacy decision. The decision covers transfers of data to both commercial operators and public authorities. A list of common Q&As can be found here. Whether the UK will grant South Korea this same adequacy status remains to be seen. Unlike the recent UK adequacy decision, which contains a sunset provision, the conclusion about the adequacy of South Korea’s data privacy laws is not time-limited. Instead, the decision will be subject to a regular review every three to four years. The decision will continue so long as the level of data protection remains.

Putting it Into Practice: Companies who regularly engage in cross-border data transfers will not need additional measures -like SCCs- if the data transfers are from the EU to Korea.

Dhara Shah also contributed to this article.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XII, Number 6
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335

Julia Kadish is an attorney in the Intellectual Property Practice Group in the firm's Chicago office.

Areas of Practice

Julia's practice focuses on data breach response and preparedness, reviewing clients' products and services for privacy implications, drafting online terms and conditions and privacy policies, and advising clients on cross-border data transfers and compliance with US and international privacy regulations and standards. She also workes on drafting and negotiating software licenses, data security exhibits, big data licenses, professional...

312.499.6334
Advertisement
Advertisement
Advertisement