The EDPB adopted its opinion on the European Commission’s draft adequacy decision for the Republic of Korea. The EDPB focused on general GDPR aspects and access by public authorities to personal data transferred from the European Economic Area (EEA) to the Republic of Korea for the purposes of law enforcement and national security, including the legal remedies available to individuals in the European Economic Area (EEA). The EDPB also assessed whether the safeguards provided under the Korean legal framework are effective.
On the general data protection framework, the EDPB notes that there are key areas of alignment between the EU and South Korean data protection frameworks with regard to certain core provisions, such as:
– data protection concepts (e.g. personal information; processing; data subject);
– grounds for lawful processing for legitimate purposes;
– purpose limitation;
– data retention, security and confidentiality; and
Read more here.