Cybersecurity News that Matters

Cybersecurity News that Matters

South Korea introduces new committee on cross-border data flow

by Kuksung Nam

Jan. 31, 2024
11:06 AM GMT+9

South Korea is seeking to advance its governance over data flow as the country’s privacy agency launches an expert committee dedicated to transmitting data across borders.

On January 30, the Personal Information Protection Commission (PIPC) held an inauguration ceremony and announced the formation of the Expert Committee for Cross-border Transfer. The committee is comprised of twelve delegates, including one of the commissioners of the PIPC, representing diverse fields such as academics, law, industry, and civic groups.

The PIPC explained that the committee would be tasked with evaluating whether a certification, a country, and an international organization meet the same level of privacy standards as stated in the country’s law. After the committee’s assessment, the group plans to deliberate with appropriate authorities to finalize their decision after conducting internal discussions. If a certification, a country, or an international organization is found to be qualified, companies could transmit personal information without receiving consent from the users by either obtaining the verification or sending the data to certified countries.

Companies and organizations in South Korea could transfer their client’s personal information beyond the country’s borders only if they first met specific requirements. Last year, the privacy agency adopted new rules that would allow companies to transmit data abroad if they first obtained PIPC designated certification. In addition, the revised law also stated that those who are in charge of managing the personal information could send the data to a country or an international organization that has been deemed by the PIPC to be equally trustworthy.

The changes come as the privacy agency aims to secure individuals’ personal information while lessening the burden put on companies to abide by South Korea’s privacy law. According to PIPC’s January 11 findings, among almost 3,600 applications originating in the country in 2023, more than 760 transferred their users’ data to foreign countries such as the United States, Japan, and Singapore. This is a 10.4% increase compared to the level in 2022, when the number of applications was 696. The PIPC stated that although more than half of the companies are sending their data across borders as a means to manage customer service, there has been an increase in the number of companies that are transmitting these for the purpose of market analysis.

“Currently, the law allows one certification, the Personal information & Information Security Management System (ISMS-P), to count as representing a qualification,” said an official of the International Cooperation Division. “The committee will look into the matter in the long run and make the decision after.” The Readable asked if there was a specific country that the PIPC had in mind, but the official said that they could disclose no further details.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Kuksung Nam
    : Author

    Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and...

    View all posts
Designer:
Stay Ahead with The Readable's Cybersecurity Insights