Commission Implementing Decision (EU) 2022/254 of 17 December 2021 pursuant to Re... (32022D0254)
INHALT
Commission Implementing Decision (EU) 2022/254 of 17 December 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the Republic of Korea under the Personal Information Protection Act (notified under document C(2021) 9316) (Text with EEA relevance)
- COMMISSION IMPLEMENTING DECISION (EU) 2022/254
- of 17 December 2021
- pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the Republic of Korea under the Personal Information Protection Act
- (notified under document C(2021) 9316)
- (Text with EEA relevance)
- 1.
- INTRODUCTION
- 2.
- THE RULES APPLYING TO THE PROCESSING OF PERSONAL DATA
- 2.1
- The data protection framework in the Republic of Korea
- 2.2
- Material and personal scope of PIPA
- 2.2.1
- Definition of personal data
- 2.2.2
- Definition of processing
- 2.2.3
- Personal information controller and ‘outsourcee’
- 2.2.4
- Special provisions for information and communication service providers
- 2.2.5
- Exemption from certain provisions of PIPA
- 2.3
- Safeguards, rights and obligations
- 2.3.1
- Lawfulness and fairness of processing
- 2.3.2
- Processing of special categories of personal data
- 2.3.3
- Purpose limitation
- 2.3.4
- Data accuracy and minimisation
- 2.3.5
- Storage limitation
- 2.3.6
- Data security
- 2.3.7
- Transparency
- 2.3.8
- Individual rights
- 2.3.9
- Onward transfers
- 2.3.10
- Accountability
- 2.3.11
- Special rules for the processing of personal credit information
- 2.4
- Oversight and enforcement
- 2.4.1
- Independent oversight
- 2.4.2
- Enforcement, including sanctions
- 2.5
- Redress
- 3.
- ACCESS AND USE OF PERSONAL DATA TRANSFERRED FROM THE EUROPEAN UNION BY PUBLIC AUTHORITIES IN THE REPUBLIC OF KOREA
- 3.1
- General legal framework
- 3.2
- Access and use by Korean public authorities for criminal law enforcement purposes
- 3.2.1
- Legal bases, limitations and safeguards
- 3.2.1.1
- Searches and seizures
- 3.2.1.2
- Access to communication information
- 3.2.1.3
- Requests for voluntary disclosure of subscriber data
- 3.2.2
- Further use of the information collected
- 3.2.3
- Oversight
- 3.2.4
- Redress
- 3.3
- Access and use by Korean public authorities for national security purposes
- 3.3.1
- Legal bases, limitations and safeguards
- 3.3.1.1
- Access to communication information
- 3.3.1.2
- Collection of information on terrorist suspects
- 3.3.1.3
- Requests for voluntary disclosure of subscriber data
- 3.3.2
- Further use of the information collected
- 3.3.3
- Oversight
- 3.3.4
- Redress
- 4.
- CONCLUSION
- 5.
- EFFECTS OF THIS DECISION AND ACTION OF DATA PROTECTION AUTHORITIES
- 6.
- MONITORING AND REVIEW OF THIS DECISION
- 7.
- SUSPENSION, REPEAL OR AMENDMENT OF THIS DECISION
- 8.
- FINAL CONSIDERATIONS
- Article 1
- Article 2
- Article 3
- Article 4
- ANNEX I
- SUPPLEMENTARY RULES FOR THE INTERPRETATION AND APPLICATION OF THE PERSONAL INFORMATION PROTECTION ACT RELATED TO THE PROCESSING OF PERSONAL DATA TRANSFERRED TO KOREA
- I.
- Outline
- II.
- Definition of terms
- III.
- Supplementary rules
- 1.
- Limitation to Out-of-Purpose Use and Provision of Personal Information (Articles 3, 15 and 18 of the Act)
- 2.
- Limitation to Onward transfer of Personal data (Articles 17(3) (4), Article 18 of the Act)
- 3.
- Notification for the data where personal data have not been obtained from the data subject (Article 20 of the Act)
- 4.
- Scope of application of the special exemption to the processing of pseudonymised information (Articles 28-2, 28-3, 28-4, 28-5, 28-6 and 28-7, Article 3 and Article 58-2 of the Act)
- 5.
- Corrective measures, etc. (Paragraphs 1, 2 and 4 of Article 64 of the Act)
- 6.
- Application of PIPA to the processing of personal data for national security purposes including investigation of infringements and enforcement in accordance PIPA(Article 7-8, Article 7-9, Article 58, Article 3, Article 4 and Article 62 of PIPA)
- ANNEX II
- Legal framework for the collection and use of personal data by Korean public authorities for law enforcement and national security purposes
- 1.
- GENERAL LEGAL PRINCIPLES RELEVANT FOR GOVERNMENT ACCESS
- 1.1.
- Constitutional framework
- 1.2.
- General data protection rules
- 2.
- GOVERNMENT ACCESS FOR LAW ENFORCEMENT PURPOSES
- 2.1.
- Competent public authorities in the area of law enforcement
- 2.2.
- Legal bases and limitations
- 2.2.1.
- Searches and seizures
- 2.2.1.1.
- Legal basis
- 2.2.1.2.
- Limitations and safeguards
- 2.2.2.
- Collection of communication information
- 2.2.2.1.
- Legal basis
- 2.2.2.2.
- Limitations and safeguards applicable to the collection of the content of communications (communication restricting measures)
- 2.2.2.3.
- Limitations and safeguards applicable to the collection of communication confirmation information
- 2.2.3.
- Voluntary disclosure by telecommunications business operators
- 2.3.
- Oversight
- 2.3.1.
- Self-auditing
- 2.3.2.
- The Board of Audit and Inspection
- 2.3.3.
- The National Assembly
- 2.3.4.
- The Personal Information Protection Commission
- 2.3.5.
- The National Human Rights Commission
- 2.4.
- Individual redress
- 2.4.1.
- Redress mechanisms available under PIPA
- 2.4.2.
- Redress before the National Human Rights Commission
- 2.4.3.
- Judicial redress
- 3.
- GOVERNMENT ACCESS FOR NATIONAL SECURITY PURPOSES
- 3.1.
- Competent public authorities in the area of national security
- 3.2.
- Legal bases and limitations
- 3.2.1.
- Collection of communication information
- 3.2.1.1.
- Collection of communication information by intelligence agencies
- 3.2.1.1.1. Legal basis
- 3.2.1.1.2. Limitations and safeguards applying to the collection of communication information involving at least one Korean national
- 3.2.1.1.3. Limitations and safeguards applying to the collection of communication information involving only non-Korean nationals
- 3.2.1.1.4. General limitations and safeguards
- 3.2.1.2.
- Collection of communication information by the police/prosecutors for national security purposes
- 3.2.2.
- Collection of information on terrorist suspects
- 3.2.2.1.
- Legal basis
- 3.2.2.2.
- Limitations and safeguards applying to voluntary disclosure under PIPA and the Location Information Act
- 3.2.2.3.
- Limitations and safeguards under the CPPA
- 3.2.3.
- Voluntary disclosure by telecommunications business operators
- 3.3.
- Oversight
- 3.3.1.
- The Human Rights Protection Officer
- 3.3.2.
- The National Assembly
- 3.3.3.
- The Board of Audit and Inspection
- 3.3.4.
- The Personal Information Protection Commission
- 3.3.5.
- The National Human Rights Commission
- 3.4.
- Individual redress
- 3.4.1.
- Redress before the Human Rights Protection Officer
- 3.4.2.
- Redress mechanisms available under PIPA
- 3.4.3.
- Redress before the National Human Rights Commission
- 3.4.4.
- Judicial redress
Feedback