European Union and South Korea Complete Adequacy Talks
Time 2 Minute Read
Categories: European Union, Information Security, International

On March 30, 2021, the European Commission (the “Commission”) announced the successful conclusion of the adequacy talks with the Republic of Korea.

The adequacy talks confirmed the convergence between European and South Korean data protection laws, particularly with the recent entry into force of South Korea’s Personal Information Protection Act (“PIPA”) and the strengthening of the powers of the Personal Information Protection Commission’s (“PIPC”), the Korean data protection authority..

An adequacy finding, which will cover both commercial operators and the public sector, will enable free and safe flows of data between the EU and the Republic of Korea. The adequacy decision also will complement the Free Trade Agreement between the EU and Korea.

So far, the EU has recognized Andorra, Argentina, and Canadian organizations subject to PIPEDA, the Faroe Islands, Guernsey, Israel, the Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay, as providing an adequate level of data protection.

Next steps

The Commission will now launch the decision-making procedure to adopt its adequacy finding in the coming months. This involves (1) obtaining an opinion from the European Data Protection Board and (2) obtaining the green light from a committee composed of representatives of EU Member States. After that, the Commission will adopt the adequacy decision on the Republic of Korea.

Read the joint statement by Commissioner Reynders and PIPC Chairperson Yoon Jong In.

Tags: Adequacy, Cross-Border Data Flow, Data Protection Authority, Data Transfer, EU Member States, European Commission, European Data Protection Board, South Korea
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
European Commission Seeks Feedback on Draft Cyber Resilience Act Guidelines

On March 3, 2026, the European Commission published draft guidelines intended to clarify the application of the Cyber Resilience Act and opened a public consultation to gather feedback from stakeholders.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Data Protection Authorities Globally Highlight Privacy Issues in AI Image Generation

On February 23, 2026, a Joint Statement on AI-Generated Imagery was published by 61 data protection authorities. The Joint Statement addresses concerns regarding AI systems capable of generating realistic images and videos depicting identifiable individuals without their knowledge or consent.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
South Korea Amends Privacy Law to Authorize Fines of Up to 10% of Total Revenue

On February 12, 2026, South Korea’s National Assembly passed amendments to the Personal Information Protection Act authorizing administrative fines of up to 10% of a company’s total revenue in certain high-severity data breach cases.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
China CAC Issues Guidance on CBDT Security Management

On January 30, 2026, the Cybersecurity Administration of China released a Q&A document on policies and regulations for the security management of cross-border data transfers. 

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page