South Korea is making changes to its data protection regulatory frame work in order to clear the way for a long-awaited adequacy decision from the European Union, whose process initiated back in 2015.
The EU and South Korea already have a long-standing relationship based on free trade and political cooperation, however the free flow of personal data piece of the puzzle is still missing.
Under European privacy rules, international data transfers to non-EU countries can occur where recipients' data protection regimes are certified "adequate" by the EU Commission.
This has already happened with many countries around the world, as the EU pursues its goal to spread GDPR-centric standards globally.
In fact, also Japan is set to join the club soon as its draft adequacy decision is currently under the scrutiny of the newly established European Data Protection Board (EDPB).
So, will these changes actually clear the way for an adequacy decision? Only time will tell, as the EDPB's role in adequacy evaluation is set to become more and more important over time.
South Korea has quite strong data protection rules, and it initiated the process of getting an EU adequacy decision back in 2015. However, there are problems with the independence of its enforcement bodies, and that's what the new legislation is designed to fix.