Today, the Future of Privacy Forum (FPF) and Asian Business Law Institute (ABLI) – as part of their ongoing joint research project: “From Consent-Centric Data Protection Frameworks to Responsible Data Practices and Privacy Accountability in Asia Pacific” – are publishing a second report in their series of detailed jurisdiction reports on the status of “consent” and alternatives to consent as lawful bases for processing personal data in Asia Pacific (APAC) – this time focusing on South Korea.
This report provides a detailed overview of relevant laws and regulations in South Korea, including:
notice and consent requirements for processing personal data;the status of alternative legal bases for processing personal data which permit processing of personal data without consent if the data controller undertakes a risk impact assessment (e.g., legitimate interests); andstatutory bases for processing personal data without consent and exceptions or derogations from consent requirements in laws and regulations.
The first report focused on the People’s Republic of China and explained how the country’s data protection framework has evolved over the past few years from a consent-centric model to one which provides various alternatives to consent in a GDPR-type model.
The findings of this report and others in the series will inform a forthcoming comparative review paper which will make detailed recommendations for legal convergence in APAC.
South Korea’s Data Protection Landscape
South Korea’s data protection law is founded on similar principles to those of other major data protection laws internationally stemming from the Fair Information Practice Principles, including lawfulness,