Last week the European Commission and the Personal Information Protection Commission of South Korea concluded the last round of talks about the possibility of the European Union granting an adequacy decision to South Korea and the outcome was positive. The Commission noted the positive convergence of South Korea, which had recently adopted a new data protection law (Personal Information Protection Act), and thus decided to allow an adequacy decision. Such legal tool allows the transfer of data from the European Economic Area to a specific jurisdiction in a facilitated manner, as is already in place for Switzerland, Japan, New Zealand, Canada and Israel.
Now the only two remaining steps are: (i) an opinion to be issued by the European Data Protection Board; and (ii) the formal approval of the representative of the EU Member States.
But what does an adequacy decision entail exactly? Soon it will be possible for EU-based businesses to transfer data to and from South Korea without any further hurdle, which will be facilitating the offering of services reciprocally. It will be easier to engage a processor in South Korea and it would require less effort to plan a business expansion in Europe or South Korea respectively. So eoseo osipsio (welcome) South Korea!