Korea and the European Union (EU) to remove data exchange barriers

Personal Information Protection Commission (PIPC) Chairman Koh Hak-soo met with European Commission Director General for Justice Didier Reynders* at the 46th Global Privacy Assembly (GPA) on Thursday, October 31.

Global Privacy Assembly (GPA): The world’s largest international consultative body in the field of personal information, with 140 organizations from 92 countries including Korea, the United States, the European Union (EU), the United Kingdom, and Japan, holding general meetings every year, and the regular meeting in 2025 is scheduled to be held in “Seoul.”
** The European Union’s executive branch, the Commission, oversees work such as judicial and privacy protection

On this day, Chairman Koh Hak-soo explained to Minister Reinders the progress of the operation of the equivalence recognition system* introduced through the revision of the Personal Information Protection Act last year, and the two organizations agreed to continue to further strengthen their cooperative relationship.

Equivalence Recognition System: A system that allows the transfer of personal information by evaluating the level of personal information protection of the country and international organization to which personal information is transferred pursuant to Article 28-8, Paragraph 1, Item 5 of the Personal Information Protection Act, which is similar to the EU’s ‘adequacy decision’ system. The Personal Information Protection Commission has
selected the EU as the first target country for the equivalence recognition system and has been conducting a review in order to further strengthen the cooperative relationship with the EU, with which it has established a strategic partnership based on long-standing trust, and to meet the high demand from all sectors for safe cross-border information transfer.

The European Union already recognized Korea’s level of personal information protection as equivalent to that of the European Union through an adequacy decision on Korea in December 2021, and allowed the transfer of personal information from EU member states to Korea (inter-regional transfer). However, at the time, Korea did not have a corresponding system, so a mutual adequacy decision could not be pursued, and a unilateral adequacy decision was made that only allowed the transfer of personal information from the EU to Korea.

Adequacy Decision: A system to confirm and recognize whether countries outside the European Union have personal information protection measures equivalent to the European Union’s General Data Protection Regulation (GDPR)
Commissioner Koh Hak-soo evaluated that “Once the recognition of equivalence for the European Union is completed, safe and free data transfer between Korea and the European Union will be possible, and we can expect economic effects as the burden on companies is reduced.” He also said, “We will continue to cooperate with the European Union and various countries so that a safe and free overseas transfer system can be established to meet the continuously increasing demand for cross-border transfer of personal information.”

Editor. Hong Se-yeong