Republic of Korea: Introduced Bill amending Personal Information Protection Act including cross-border data transfer requirements

On 5 December 2022, Bill No. 2120089, amending the Personal Information Protection Act (PIPA) of the Republic of Korea (ROK), was introduced in the Political Affairs Committee of the ROK National Assembly. The proposed Bill outlines conditions for data transfers. In particular, the Bill would allow data transfers if a country or international organisation has similar levels of data protection as the ROK, if a country has an international agreement in data transfer with the ROK, if the overseas recipient organisation has obtained data protection certification from the ROK Personal Information Protection Committee (PIPC), and if the data transfer is made to fulfil a contract with the data subject where storage details are fully disclosed.