Japan has formed a huge data market together with the European Union as it won the EU’s recognition in January this year for the stability of its personal information protection system. Yet that is not the case with Korea. The three data-related bills, including the one on personal information protection, are still pending in the National Assembly due to conflicts among political parties, blocking Korean companies’ entry into the lucrative European data market, estimated at US$80.8 billion (about 95 trillion won).
The EU began to implement the General Data Protection Regulation (GDRP) in May last year, allowing countries with the same level of personal data protection with the EU to transfer data freely in the continent. However, Korea has not yet won the EU’s recognition due to the lack of an independent agency in charge of private information protection.
Korea can win the EU’s recognition when the Personal Information Protection Act (PIPA) is revised. The revision bill now pending in the National Assembly proposes to make the Personal Information Protection Commission (PIPC), which is currently a presidential committee, a ministry-level organization.
The bill is not in dispute. However, it needs to be discussed together with a bill on telecommunications network, which has not even been put on the table due to conflicts among political parties.
Small and medium-sized companies and startups with difficulty in responding to the EU regulations individually are highly likely to face heavy penalties if they fail to comply with them. Thus, the passage of the three data-related bills is urgent.
The amendment to the PIPA was passed by the National Assembly’s Public Administration and Security Committee on Nov. 27. It is mainly about integrating the personal information protection management and supervision functions of the Ministry of Security and Public administration, Korea Communications Commission and Financial Services Commission into the PIPC, and promoting the PIPC to a ministry-level organization.
But the bill’s passage through the National Assembly is still unclear as it is tied with the disputed network bill.
Korea already applied for EU’s evaluation twice in 2016 and 2018 but has yet to win recognition.
Korean companies operating in the EU or doing business with the EU feel anxious. Companies from countries that have been recognized by the EU are allowed to move data freely, but those from countries that have yet to be recognized by the EU are subject to the new EU regulations. Violations of the regulations result in a penalty of 20 million euros (about 26 billion won) or 4 percent of the company’s worldwide sales, so small and medium-sized companies and startups, who are unable to respond individually, are nervous.