Browse

Cross-Border Transfers of Personal Data and Practical Implications

Cited 0 time in Web of Science Cited 0 time in Scopus
Authors
Lee, Inhwan; Keh, Jennifer S.
Issue Date
2017-12
Publisher
서울대학교 아시아태평양법연구소
Citation
Journal of Korean Law, Vol.17 No.1, pp. 33-52
Keywords
personal datacross-border transferthird-party provisiondelegation of personal data processing
Abstract
The cross-border transfer of personal data is an important and often-discussed issue in South Korea. As Koreas representative personal data protection regulations, namely, the Personal Information Protection Act (PIPA) and the Act on the Promotion of IT Network Use and Information Protection (Network Act), distinguish between the third-party provision of personal data and the delegation of personal data processing, it is helpful to analyze the overseas provision of personal data separately from the overseas delegation of personal data processing. Regarding the overseas provision of personal data, the requisite consent is deemed valid only if each third-party recipient is disclosed prior to obtaining the data subjects consent. Thus, it is difficult to obtain consent initially and when new recipients are added. In addition, as the PIPA and the Network Act do not address the issue of whether personal data can be submitted to foreign government authorities pursuant to foreign laws, it is difficult for companies to respond to requests for personal data from foreign government authorities. As for the overseas delegation of personal data processing, although the Network Act includes an exception to the consent requirement for the overseas delegation of personal data processing, companies that want to rely on this exception must carefully analyze the underlying scope of the delegation and the delegated tasks, as there is a lack of precedents and guidance from regulators on exactly when this exception applies. Moreover, companies that delegate the processing of their personal data overseas should ensure that they and their overseas delegatees comply with PIPA and the Network Acts various security requirements for protecting personal data. Last, companies should stay current on the latest international developments in light of Koreas recently joining the APEC CBPRs and Koreas ongoing efforts to obtain an adequacy decision from the European Commission.
ISSN
1598-1681
Language
Korean
URI
http://hdl.handle.net/10371/168346
Files in This Item:
Appears in Collections:
College of Law/Law School (법과대학/대학원)The Law Research Institute (법학연구소) Journal of Korean LawJournal of Korean Law Volume 17 Number 1/2 (2017/2018)
  • mendeley

Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.

Browse