E.U. A Step Closer to Recognizing UK and South Korea as Adequate for Cross-Border Data Transfers

Following Britain’s Brexit from the European Union, the European Data Protection Board (EDPB) recently published its opinion about the EU Commission’s forthcoming plan to recognize the United Kingdom as an adequate jurisdiction for data transfers from the EU. Classifying the UK as GDPR Adequate State may authorize data transferring from other EU states to the UK.

The EDPB’s opinion is generally supportive of the forthcoming recognition of the UK as an adequate jurisdiction, yet it indicates several issues which the EU commission should examine more closely. Among others, the EDPB recommends that the EU commission examine the British intelligence and investigative authorities’ activity regarding bulk collection and storage of personal data and monitor ongoing developments in Britain’s data protection regime and its alignment with the GDPR principles.

The Republic of Korea (South Korea) is also seeking EU adequacy recognition. Recent talks between the European Commission and Korea’s Personal Information Protection Commission have concluded successfully. A joint statement by the parties explained that “the adequacy dialogue confirmed the high degree of convergence between the European Union and the Republic of Korea in the area of data protection, which increased further with the recent entry into force of the new Personal Information Protection Act in the Republic of Korea and the strengthening of the powers of the Personal Information Protection Commission”.

Once further procedures are completed at the EU and member state level, the Commission will adopt the two adequacy decisions.

CLICK HERE to read the EDPB’s opinion about the UK’s adequacy.

CLICK HERE to read the joint statement made by the EU and the Republic of Korea.