The European Commission launched the formal process towards the adoption of its draft implementing decision (“draft decision”) on the adequate protection of personal data in the Republic of Korea under the Personal Information Protection Act pursuant to the GDPR on 16 June 2021.
On the same date, the European Commission asked for the opinion of the European Data Protection Board (“EDPB”). The EDPB’s assessment of the adequacy of the level of protection afforded in the Republic of Korea has been made on the basis of the examination of the draft decision itself as well as on the basis of an analysis of the documentation made available by the European Commission.
The EDPB focused on the assessment of both, the general GDPR aspects of the draft decision and the access by public authorities to personal data transferred from the EEA for the purposes of law enforcement and national security, including the legal remedies available to individuals in the EEA.
The EDPB also assessed whether the safeguards provided under the Korean legal framework are in place and effective. The EDPB has used as main reference for this work its WP254 GDPR Adequacy Referential (“GDPR Adequacy Referential”) adopted in February 2018 and the EDPB Recommendations 02/2020 on the European Essential Guarantees for surveillance measures.