Global DPAs take a close look at AI in Korea

I was pleased to attend the Global Privacy Assembly in Korea in September where Data Protection Authorities and organisations from 95 countries discussed data protection issues with a heavy focus on AI.

While there is no global approach to AI, the Council of Europe’s AI Convention tries to create a level playing field where it applies - public authorities and private entities acting on their behalf. The main piece of legislation is the EU’s AI Act, adopted in May 2024. Korea itself adopted an AI Act in January 2025, to enter into force in January 2026.

The EU DPAs have been saying for some time that GDPR principles apply to AI and that this framework works well. In the US, the Trump administration is shaping US policy on AI with its AI Action Plan, and revoking the previous administrations’ executive orders. Read an analysis by Professor Graham Greenleaf on US developments in the digital field.

However, there are many state level developments on AI in the US. For example in California, OpenAI is advocating that the state of California aligns its AI rules with international frameworks. It remains to be seen what influence the state-level activity will have at the federal level. Join us at the 4 November conference, in London and online, to find out.

In this issue, our correspondents analyse why Deepseek is under international DPA scrutiny and what stance France’s regulator is taking on AI in its recent guidance. Also, read how the EU’s privacy and AI regulatory framework governs automated decision-making, and how this is reflected in the CJEU’s interpretation of these provisions.

In Korea, I also had an opportunity to interview Australia’s Information Commissioner Carly Kind about her office’s work on a children’s code. Australia is now watched closely by many, also because of its radical policy to ban social media accounts for under 16s.

Laura Linkomies
Editor, Privacy Laws & Business

October 2025