Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

International: EDPB responds to South Korea's PIPC

The European Data Protection Board (EDPB) published, on January 3, 2024, its response letter to the Personal Information Protection Commission (PIPC) of South Korea, after public consultation. In particular, the letter addresses questions made to the EDPB regarding the collection of user's online behavioral data, as well as the data processing practices of large technology companies.

What was the EDPB's response?

The first question related to which party is obliged to obtain consent under the General Data Protection Regulation (GDPR) for the collection of users' online behavioral data using cookies and online identifiers. The EDPB noted that a website operator which embeds a social media plugin on its website causing the transmission of personal data to the provider of the plugin can be considered a controller, jointly with the social media plugin provider.

In the case of joint controllers, the EDPB shared the view that the obligation to collect consent for processing online behavioral data comes down to determining which of the joint controllers is involved first with the data subject. This determination will depend on the circumstances of the specific case at hand, according to the EDPB.

The second question related to data processing practices of large technology companies and claims that are made by these companies. The EDPB shared the view that it cannot make general statements about any category of controllers and their practices in third countries.

You can read the letter here.