This Week in Privacy: 5 April 2021
April 05, 2021
International: European Commission and PIPC conclude adequacy finding for South Korea
The European Commission and the Personal Information Protection Commission of South Korea announced the successful conclusion of adequacy decision talks.
The European Commission noted that the recent amendments to South Korea's data protection law and the strengthening of the PIPC has enabled a high degree of convergence between the EU and South Korea in the area of data protection. Furthermore, the European Commission confirmed that it will now proceed with the decision-making procedure.
This includes an opinion by the European Data Protection Board, and approval by a committee composed of representatives of the EU Member States.
Panama: Data protection law enters into effect
In Panama, Law No. 81 on Personal Data Protection entered into effect on 29 March following its enactment in 2019.
In particular, the Law which will be further regulated by an Executive Decree which is yet to be published governs rights, obligations, and procedures in relation to the protection of personal data in Panama. Furthermore, the law provides for consent procedures for the processing of personal data; obligations for the cross-border processing of personal data oringinating in Panama; and a Personal Data Protection Council with advising power and functions.
UK: PRA publishes policy statement on outsourcing and third-party risk management
The Prudential Regulatory Authority in the UK published a policy statement and a supervisory statement on outsourcing and third-party risk management.
The supervisory statement is relevant to all:
- UK banks, building societies, and PRA-designated investment firms;
- insurance and reinsurance firms and groups in scope of Solvency II; and
- UK branches of overseas banks and insurers
The statement aims to complement the requirements and expectations on operational resilience in the PRA Rulebook; facilitate greater resilience and adoption of the cloud and other new technologies as set out in the Bank of England's response to the Future of Finance report; and implement the European Banking Authority Guidelines on outsourcing arrangements.
The PRA highlighted that firms will be expected to comply with the statement by 31 March 2022.