The EU Commission ruled that the Republic of Korea provides an adequate level of data protection corresponding to EU standards, following the European Data Protection Board opinion on the issue. As a result, data transfers from the EU to Korean data controllers and processors can take place without needing any additional authorisation. The EU Commission scrutinized the Korean data protection regime composed of the Personal Information Protection Act (PIPA), the Act on the Use and Protection of Credit Information, the Communications Privacy Protection Act and certain sector regulations. Further, the Korean Government provides additional safeguards on transparency and data transfer requirements and the enforceability of rights by the Korean Courts and Personal Information Protection Commission (PIPC). Following this review, the Commission concluded that the oversight mechanisms and the redress instruments provided by the Republic of Korea allow to identify and punish data protection infringements and thus Korea ensures an adequate level of protection. The Commission will evaluate the Korean data protection framework three years after the decision and subsequently at least every four years. On these occasions, the Commission may decide to suspend or repeal the decision of adequacy.
Original source