Philippines

Republic Act No. 10173, or the Philippine Data Privacy Act of 2012 (RA10173), was signed into law on August 15, 2012. This is the comprehensive law that governs data privacy protection in the Philippines.

RA10173 mandates the creation of the National Privacy Commission (NPC) which shall implement the law. To date, however, the NPC has yet to be constituted, hence the lack of implementing rules and regulations that will enforce the provisions of this law. Currently, the ITSO of the Philippine Department of Science & Technology is overseeing, on an ad-hoc basis, the implementation of RA10173.

RA10173 applies to the processing of all types of personal information and to any natural or juridical person involved in personal information processing both in the private and government sectors. It covers data controllers and processors not found in the Philippines that either: use equipment that is located in the Philippines; or maintain an office, branch, or agency in the Philippines.

‘Processing’ is defined as any operation or set of operations performed upon personal information (such as, but not limited to, collection, recording, organisation, storage, updating, modification, retrieval, consultation, use, consolidation, blocking, erasure, destruction). ‘Personal information controller’ refers to any person or organisation that controls the collection, holding, processing, or use of personal information (except those who perform such functions as instructed by another person or organisation, and an individual who performs the same functions in connection with said individual’s personal, family, or household affairs). Meanwhile, ‘personal information processor’ refers to any natural or juridical person to whom a personal information controller may outsource the processing of personal data.
The following types of information are exempt from the coverage of RA10173:

  • Information on any current or previous government servant that relates to the position or functions of said individual;
  • Information relating to the services performed by an individual under a government contract;
  • Information relating to any discretionary financial benefit given by the government to an individual;
  • Personal information processed for journalistic, artistic, literary or research purposes;
  • Information necessary in order to carry out the functions of public authority;
  • Information necessary for banks and financial institutions to comply with the Anti-Money Laundering Act; and
  • Personal information collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions.

RA10173 distinguishes ‘personal information’ and ‘sensitive personal information’, as different requirements for lawful processing are prescribed. ‘Personal information’ refers to any information from which the identity of an individual is apparent or can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify the individual. ‘Sensitive personal information’ refers to personal information about one’s race, marital status, age, colour, religious, philosophical or political affiliations, health, education, any court proceedings issued by government agencies peculiar to an individual (e.g., social security numbers, health records, licences, tax returns) and those specifically declared as classified by law or regulation.

RA10173 extensively outlines the rights of the data subject with respect to his/her personal information. These rights must be generally observed by data controllers and data processors, except when the personal information shall be used for scientific and statistical research, no activities are carried out and no decisions are taken regarding the data subject or are gathered for the purpose of investigations in relation to any criminal, administrative or tax liabilities of a data subject.
The law outlines the general principles on security of personal information, as well as accountability with respect to transfer of personal information. Specific provisions are laid down concerning security of sensitive personal information in the government, as well as provisions on data breach.

Finally, violations of RA10173 are meted by mandatory imprisonment and fine. A higher range of penalties is imposed when sensitive personal information is involved. Maximum penalties are imposed when the personal information of at least 100 persons is affected (large scale).

ACCRA Law Offices
ACCRALAW Tower, 2nd Avenue corner 30th Street
Crescent Park West, Bonifacio Global City, 0399 Taguig
Metro Manila, Philippines
Tel: (632) 8308000
Fax: (632) 4037007 or (632) 4037008
Email: jmgaba@accralaw.com
Website: /www.accralaw.com
Related Articles by Firm
Philippines: The POGO problem – Harmonising immigration, gaming and gambling
It is highly illegal to gamble in China save for a few state-run lotteries. To avoid this prohibition, gambling companies operate offshore so that they may continue catering to Chinese nationals who play casino and e-games online ...
Developments in the Philippine Competition Commission’s enforcement activities
Early this year, the Philippine Competition Commission (PCC) Enforcement Office launched a leniency/whistleblower programme offering immunity from suit and reduction of fines to cartel members who will provide information that will help the PCC investigate and prosecute cartels ...
Revisiting the AMLA in light of transnational money laundering
For several decades, money laundering has extended the reach of transnational organised crime throughout various nations ...
Revisiting important concepts in arbitration
Philippine courts are keen on making arbitration and other modes of ADR the staple in settling disputes domestically.
Keeping your mobile number for a lifetime
A new law facilitates the easy movement of subscribers from one service provider to another.
The right to know: Freedom of information in the Supreme Court
Like all other rights, the “right to know” is not an absolute right.
The Philippines 11th Foreign Investment Negative List and its impact on online businesses
A more liberalised foreign participation may change the internet-based business landscape in the Philippines ...
The Philippine Competition Commission bares its teeth
For the first time since its inception in 2015, the Commission has blocked a merger after conducting its review.
A peek into the revised Corporation Code of the Philippines
On February 20, 2019, President Rodrigo Duterte signed into law Republic Act No. 11232, otherwise known as the Revised Corporation Code of the Philippines (the New Code) ...
Philippines: Protecting indigenous knowledge systems and practices in intellectual property rights registration
Indigenous peoples (IPs) and indigenous cultural communities (ICCs), though explicitly protected under the constitution itself, sadly remain one of the most marginalised and forgotten sectors in Philippine society ...
Philippines: The right to know – Freedom of information in the Supreme Court
Freedom of Information is a right enshrined in our fundamental law ...
Investments for the environment
In a recent report released by the leading international body for assessment of climate change, the UN Intergovernmental Panel on Climate Change (UN IPCC), established a target global warming limit of 1.5°C ...
The PCC’s Joint Venture Guidelines
The Philippine Competition Commission must strive to strike a balance ...
How the Mental Health Act affects employees
Mental health conditions, which include anxiety and panic disorders, depression, eating disorders, substance abuse and addictions, have become a pervasive issue which permeates our present society ...
The Ease of Doing Business Act tapers red tape
RA 11032 is a welcome step towards achieving the quality government services that Filipinos deserve.
Much EndO about nothing
President Duterte says he has put an end to the “Endo” or the practice of engaging employees on a contractual basis. But has he?
Philippines: Proposed rules and regulations on crowdfunding
Crowdfunding (CF) platforms have proven to be a popular way to solicit charitable donations and to raise funds for projects or business ventures ...
Virtual currency in the Philippines: Recognition and regulation
Bitcoin is essentially a virtual currency (VC), which is any type of digital unit that is used as a medium of exchange — a veritable currency that exists in the digital world. Since it is electronic currency, VC is easily transferable ...
Protection of women employees in the Philippines
According to the World Economic Forum’s Global Gender Gap (GGG) Report conducted in 2016, the Philippines is the most gender-equal country in the Asia-Pacific region, having closed nearly 79 percent of its gender gap ...
Anti-Trust & Competition: Philippines - Towards robust yet balanced competition in the Philippines
The state of Philippine competition regulation has been slowly taking shape barely over two years after the passage of the Philippine Competition Act (RA 10667) ...
PHILIPPINES: The internet and doing business in the Philippines
Earlier this year, the Philippines Securities and Exchange Commission (SEC) issued an opinion stating that an online gaming system with absolutely no physical presence in the Philippines shall be considered as “doing business” in the Philippines and was thus required ...
Philippines: Psychological disorders in the workplace
The problem of mental health presents a particular conundrum under labour relations and standards ...
Clarifying the role of contractors and subcontractors
Recent changes to labour laws in the Philippines attempt to clarify the status of contractors and subcontractors in certain industries ...
Fake news and its web of legal issues in the post-truth era
Oxford Dictionaries’ Word of the Year for 2016 is “post-truth” — an adjective defined as “relating to or denoting circumstances in which objective facts are less influential in shaping public opinion than appeals to emotion and personal belief”. ...
Dollar-denominated securities in relation to Corporation Code’s provisions on capital
The Philippines Stock Exchange (PSE) issued rules on December 2, 2016 governing the listing, trading and settlement of US dollar-denominated securities (DDS)....
Cyber bullying in the Philippines
The pen is mightier than the sword or so the adage goes. When this was once said, it was to highlight the power of thoughts and ideas over brute force and violence as a way to effect change. Today, the ...
Uber/GrabCar drivers: Independent contractors or employees?
The buzz about the legality of Uber and GrabCar operating in the Philippines might have died down, but now there is another legal issue surrounding them: whether their drivers are employees or ...
Price fixing in the context of the Philippine Competition Act
In light of the enactment of the Philippine Competition Act (PCA) in 2015, competitors, manufacturers, retailers and sellers or suppliers, in general, should be ...
Implementation of the data privacy act in Philippines now in full swing
Since 2012, the Philippines has had a comprehensive law governing personal data privacy. However, full implementation ...
Taxability of service fees received by non-resident foreign companies from online advertising in the Philippines
The use of the internet for the promotion of goods and services, particularly social media (Facebook, Twitter and ...
Levelling the playing field in the Philippines
Before the enactment of the Philippine Competition Act in 2015, the Philippines was the only founding member of Asean that did not have a comprehensive competition law in place. Francisco Ed Lim, Patricia-Ann T Prodigalidad, Eric R Recalde of <...
Age discrimination in the workplace
Republic Act No. 10911 (also known as the ‘Anti-Age Discrimination in Employment Act’) lapsed into law on 21 July ...
Green jobs: greening the Philippine labour sector
With the threat of climate change, the international community created the Paris Agreement which aims to stop global warming and preserve ...
Interplay of domestic law on compulsory licensing and international agreements on medicine prices
The price of pharmaceutical products in the Philippines appears to be on the high side compared to that in other Asian ...
Restrictive covenants in employment contracts
One of the means of keeping afloat in today’s competitive market is to hire employees who are ‘fit’ for a particular job. However, before employers ...
Make our system work: litigation practice expedited
The perception that litigation is a slow and arduous process has drawn many of us closer to the idea of alternative modes of dispute resolution. ...
Department of Labor and Employment (DOLE) Department Order No. 18-A: The Rules and Regulations on Contracting
On December 4, 2011, Department of Labor and Employment (DOLE) Department Order No. 18-A (D.O. 18-A), the new Rules Implementing Articles 106 to 109 ...
New competition law for the Philippines
The Philippine Competition Act (PCA) went into effect on August 5, 2015. The law applies not only to acts committed in the Philippines but ...
Related Articles
Joko Widodo re-elected: How will it affect doing business in Indonesia?
In his election campaign, Jokowi declared nine missions ...
Africa: Guinea emerging from the shadows
Recent reports from three respected international organisations sketch a relatively upbeat picture of economic prospects in the west African state of Guinea ...
Philippines: The POGO problem – Harmonising immigration, gaming and gambling
It is highly illegal to gamble in China save for a few state-run lotteries. To avoid this prohibition, gambling companies operate offshore so that they may continue catering to Chinese nationals who play casino and e-games online ...
Related Articles by Jurisdiction
Keeping your mobile number for a lifetime
A new law facilitates the easy movement of subscribers from one service provider to another.
Much EndO about nothing
President Duterte says he has put an end to the “Endo” or the practice of engaging employees on a contractual basis. But has he?
Cyber bullying in the Philippines
The pen is mightier than the sword or so the adage goes. When this was once said, it was to highlight the power of thoughts and ideas over brute force and violence as a way to effect change. Today, the ...
Latest Articles
Joko Widodo re-elected: How will it affect doing business in Indonesia?
In his election campaign, Jokowi declared nine missions ...
Africa: Guinea emerging from the shadows
Recent reports from three respected international organisations sketch a relatively upbeat picture of economic prospects in the west African state of Guinea ...
Keeping track of sanctions
Governments around the world are increasingly using economic sanctions and embargoes as a foreign policy tool ...