On 27 September 2021, the European Data Protection Board (EDPB) announced it had adopted its opinion regarding the European Commission’s draft decision on the adequate protection of personal data in the Republic of Korea.
The EDPB’s assessment covered the general GDPR aspects, including the access by public authorities to personal data transferred from the EEA for law enforcement and national security purposes, as well as the effectiveness of the safeguards put in place by the Korean legal framework.
In a nutshell, the EDPB concluded that the main aspects of the Korean data protection framework are “essentially equivalent to those of the European Union”, at the same time asking the European Commission for further clarification on the binding nature, the enforceability, and validity of Notification No. 2021-1 adopted by the Korean supervisory authority on supplementary rules, and also advised on its careful monitoring in practice.
Additionally, the EDPB called on the European Commission to clarify some aspects concerning the effective remedies and rights of redress, such as the burden of proof in the context of filing a complaint with the Korean supervisory authority or any action before a court, and whether EU individuals would be able to meet such a precondition.