On November 23, 2023, the UK government’s National Cyber Security Centre (“NCSC”) and the Republic of Korea’s National Intelligence Service (“NIS”) issued a joint advisory detailing techniques and tactics used by cyber actors linked to the Democratic People’s Republic of Korea (“DPRK”) that are carrying out software supply chain attacks. The publication follows the recent announcement of a new Strategic Cyber Partnership between the UK and the Republic of Korea where the two nations have committed to work together to tackle common cyber threats. In the statement by the NCSC, it notes that DPRK ..read more

On November 1, 2023, 29 nations, including the U.S., the UK, the EU and China (full list available here), reached a ground-breaking agreement, known as the Bletchley Declaration. The Declaration sets forth a shared understanding of the opportunities and risks posed by AI and the need for governments to work together to meet the most significant challenges posed by the technology. The Declaration states  that there is an urgent need to understand and collectively manage the potential risks posed by AI to ensure the technology is developed and deployed in a safe, responsible way. The Declar ..read more

On April 21, 2022, the United States, Canada, Japan, Singapore, the Philippines, the Republic of Korea and Chinese Taipei published a declaration (the “Declaration”) establishing the Global Cross-Border Privacy Rules Forum (the “Global CBPR Forum”). The Global CBPR Forum will establish an international certification system based on the existing APEC Cross-Border Privacy Rules (“CBPR”) and Privacy Recognition for Processors (“PRP”) Systems, enabling participation beyond APEC member economies. The Global CBPR and PRP Systems, as they will be known, are designed to support the free flow of data a ..read more

On December 17, 2021, the European Commission announced that it had adopted its adequacy decision on the Republic of Korea. The adequacy decision allows for the free flow of personal data between the EU and Korea, without any further need for authorization or additional transfer tool. The adequacy decision also covers transfers of personal data between public authorities. The adequacy decision builds on the protections afforded to Europeans under Korean law when their data is transferred, including through additional safeguards agreed by both parties as part of the adequacy dialogue, such as a ..read more

On September 27, 2021, the European Data Protection Board (“EDPB”) announced that it had adopted an opinion on the European Commission’s draft adequacy decision for the Republic of Korea (the “Opinion”). Background In March 2021, the European Commission announced the successful conclusion of adequacy talks with the Republic of Korea, thereby launching the formal adoption process of the adequacy decision. As part of this process, the European Commission asked for the opinion of the EDPB. Key Takeaways In the Opinion, the EDPB concluded that there are key areas of alignment between the EU and Ko ..read more

On September 22, 2016, Korean law firm Bae, Kim & Lee LLC released a Legal Update outlining amendments to Korea’s Personal Information Protection Act (“PIPA”) and the Act on the Promotion of IT Network Use and Information Protection (“IT Network Act”). The amendments to PIPA include: notification requirements for third-party transfers; and an obligation to submit to regular inspection by MOI. Effective September 30, 2016, “companies that either process sensitive information or unique identifying information of 50,000 data subjects or more, or process personal information of 1 millio ..read more

On April 26, 2016, Korean law firm Bae, Kim & Lee LLC released a Privacy News Alert outlining amendments to Korea’s Personal Information Protection Act (“PIPA”) and the Act on the Promotion of IT Network Use and Information Protection (“IT Network Act”). According to Tae Uk Kang, partner at Bae, Kim & Lee and author of the alert, these amendments to PIPA and the IT Network Act “reflect the general trend concerning the Korean data privacy policy, which is intended to achieve more stringent regulation (and sanctions) of processing personal information.” The amendments to PIPA include: i ..read more

On July 22-23, 2013, the APEC E-Commerce Business Alliance and the China International Electronic Commerce Center, a subsidiary organization of the Ministry of Commerce of the People’s Republic of China, held a seminar in Beijing entitled Workshop on the Online Data Privacy Protection in APEC Region. In addition to delegates from Mainland China, representatives from numerous other jurisdictions were in attendance, including the United States, the United Kingdom, Malaysia, Vietnam, South Korea, Hong Kong and Taiwan. Although many of the presentations focused on detailing current data privacy fr ..read more

As reported by Kwang Hyun Ryoo and Ji Yeon Park of Bae, Kim & Lee LLC in Korea, on May 24, 2011, the government of South Korea published draft regulations to the Personal Information Protection Act (“PIPA”), the Republic’s new omnibus data protection law. As we previously reported, PIPA was enacted on March 29, 2011, after past privacy legislation had languished in the Korean Parliament.  The recently published regulations (an Enforcement Decree and Enforcement Regulations) apply to any “handler of personal information” or “data handler,” which is any entity that uses personal informa ..read more

As we previously reported, Korea’s long-awaited Personal Information Protection Act (“PIPA”) was enacted on March 29, 2011.  The law generally requires an individual’s informed consent for the collection, use or disclosure of any personal information by any person, company or government agency.  Kwang Hyun Ryoo from Bae, Kim & Lee LLC in Korea has provided a detailed analysis of the law ..read more