Republic of Korea: Adopted Bill amending Personal Information Protection Act including cross-border data transfer requirements

Description

Adopted Bill amending Personal Information Protection Act including cross-border data transfer requirements

On 27 February 2023, Bill No. 2120089, amending the Personal Information Protection Act (PIPA), was adopted National Assembly of the Republic of Korea. The Bill outlines conditions for data transfers. In particular, the Bill would allow data transfers if a country or international organisation has similar levels of data protection as the ROK, if a country has an international agreement in data transfer with the ROK, if the overseas recipient organisation has obtained data protection certification from the ROK Personal Information Protection Committee (PIPC), and if the data transfer is made to fulfil a contract with the data subject where storage details are fully disclosed.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2022-12-05
under deliberation

On 5 December 2022, Bill No. 2120089, amending the Personal Information Protection Act (PIPA) of th…

2023-02-27
adopted

On 27 February 2023, Bill No. 2120089, amending the Personal Information Protection Act (PIPA), was…

2023-03-14
adopted

On 14 March 2023, Bill No. 2120089, amending the Personal Information Protection Act (PIPA), was si…

2023-09-15
in force

On 15 September 2023, Law No. 19234, amending the Personal Information Protection Act (PIPA), was i…