Republic of Korea: Announced data protection certification scheme

On 2 May 2022, the Republic of Korea's Personal Information Protection Commission (PIPC) issued a statement announcing that domestic and foreign companies can demonstrate their level of international data protection towards users through a certification system, without having to register or work with an institution. Certifications will be given from 3 May 2022 for the Asia Pacific region. The certification mechanism is the Global Cross-Border Privacy Rules (CBPR) Forum, announced on 21 April 2022 by the governments of Canada, Chinese Taipei, Japan, the Republic of Korea, Singapore, the Philippines, and the United States. It is an expansion of the Cross-Border Privacy Rules of the Asia-Pacific Economic Cooperation (APEC), which enables voluntary data protection certification for companies to transfer data between participating countries. The same countries, with the exception of Australia and Mexico, now declared the creation of the GCBPR as a parallel international certification mechanism for data transfers to non-APEC countries.