Republic of Korea: Implemented Personal Information Protection Commission Guidelines on Evaluation of Privacy Policies

On 19 February 2024, the guidelines on Evaluation of Privacy Policies issued by the Personal Information Protection Commission (PIPC) came into effect. The PIPC aims to assess the policies adopted and disclosed by personal information processors to ensure compliance with the Personal Information Protection Act and its amended Enforcement Decree. The guidelines delineate the criteria and procedures for selecting and evaluating targets related to personal information processing. Evaluation targets include entities with an annual turnover exceeding KRW 150 billion and those processing sensitive personal data of more than 50,000 data subjects per day. Other criteria involve distinguishing between data processed with or without data subject consent, utilizing automated processing systems (including Artificial Intelligence), instances of more than 2 data breaches in the last 3 years, and processing data of minors and adolescents. Additionally, the guidelines provide details on the evaluation procedure, formation of evaluation committees, document review, and the appeals process.