DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇰🇷 Asia-Pacific

Cookie consent in 대한민국

Consent and privacy law in 대한민국

In short
South Korea's PIPA is one of the strictest privacy laws in Asia, enforced by the PIPC, which was strengthened as a central regulator after 2020. PIPA traditionally relied heavily on opt-in consent, requiring separate consent for collection, third party provision, and overseas transfer, often with itemised checkboxes. A 2023 amendment broadened lawful bases beyond consent, added the right to data portability and automated decision rights, and raised fines to a turnover-based model up to 3 percent of relevant revenue. South Korea holds EU adequacy. Notices in Korean are expected. Cookies and online identifiers are personal information and generally require consent for non-essential use.
Authority
Personal Information Protection Commission (PIPC)
Status

Personal Information Protection Act since 2011, with major amendments from 2020 and 2023

Primary law
PIPA
Languages

ko

Who must comply

Any personal information controller that processes personal information of individuals in South Korea.

Penalties

Fines up to 3 percent of relevant revenue for serious violations under the amended Act

Key obligations

  • Obtain specific, informed prior consent for collection and use
  • Get separate consent for sensitive and unique identifying data
  • Provide clear notice and itemized consent choices
  • Honor access, correction, deletion and processing-suspension rights
  • Report data breaches to the commission and affected individuals

Local guidance

  • Use separate opt-in consent for collection, sharing, and transfers
  • Account for new portability and automated decision rights
  • Provide notices in Korean
  • Rely on EU adequacy for transfers

How ConsentX helps

  • Itemized, separate opt-in consent capture
  • Distinct flows for sensitive and identifying data
  • Geo-aware banner for Korean visitors
  • Rights request workflow with evidence
  • Region rule engine tuned for South Korea
Get started free
yoursite.com
🇰🇷 South Korea

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with South Korea using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under South Korea.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that South Korea requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a South Korea audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Is South Korea's PIPA strict on consent?+

Yes. PIPA has traditionally required separate opt-in consent for collection, third party provision, and overseas transfer, often using itemised checkboxes, making it one of Asia's stricter regimes.

Does South Korea have EU adequacy?+

Yes. South Korea holds an EU adequacy decision, allowing personal data to flow from the EU to South Korea with safeguards.

Governing law

🇰🇷 PIPA

Other countries in Asia-Pacific

🇮🇳 भारत🇸🇬 Singapore🇹🇭 ประเทศไทย🇨🇳 中国🇯🇵 日本🇦🇺 Australia🇳🇿 New Zealand / Aotearoa🇮🇩 Indonesia🇻🇳 Việt Nam🇲🇾 Malaysia🇵🇭 Pilipinas