The European Union and South Korea have confirmed there is a high degree of convergence between their data protection regulations, paving the way for an adequacy decision which would allow the free flow of personal data between them.

The similarities have increased with the coming into force of South Korea’s reformed Personal Information Protection Act, the parties said.

Following the successful conclusion of adequacy talks between the two sides, the European Commission said it will start the decision-making procedure to adopt an adequacy decision on South Korea as soon as possible.

“By covering both commercial operators and the public sector, such an adequacy finding will not only support business operators transferring personal data as part of their commercial operations, but also facilitate regulatory cooperation, to the benefit of both sides,” said Didier Reynders, Commissioner for Justice at the EU, and Yoon Jong, Chairperson of the Personal Information Protection Commission of South Korea, in a joint statement.

South Korea last August reformed its Personal Information Protection Act to strengthen the investigatory and enforcement powers of the Personal Information Protection Commission. This paved the way for the finalisation of the adequacy talks.

“This reform, that entered into force in August 2020, confirmed the paramount importance of an independent data protection authority vested with effective powers as a central component of a modern data protection system as well as a key element of the growing international convergence in privacy standards,” a European Commission spokesperson said.

As part of the adequacy talks, the two sides agreed on several additional safeguards that will increase the protection of personal data processed in the South Korea.

These include stronger protections on transparency, sensitive data and onward transfers. These rules will be binding and enforceable by the PIPC and courts.

The adequacy process will also involve obtaining an opinion from the European Data Protection Board (EDPB) and approval from a committee representing member states.

Register to receive the latest data protection and privacy news and analysis straight to your inbox