Republic of Korea: Personal Information Protection Commission closes consultation on amendments to the Enforcement Decree of the Personal Information Protection Act

On 4 August 2025, South Korea’s Personal Information Protection Commission (PIPC) closes a consultation on the amendment to the Enforcement Decree of the Personal Information Protection Act to expand the right to data portability across all sectors. The amendment applies to large-scale data controllers, including organisations with annual revenues over KRW 150 billion, universities with more than 20'000 students, and public system operators. It broadens the scope of transferable personal data and introduces secure transfer methods such as encrypted file downloads and Application Programming Interfaces integration. It also regulates third-party requests by permitting automated data access only through certified specialised agencies.