The National Privacy Commission ("NPC") has the mandate to ensure proper and effective coordination with data privacy regulators in other countries and private accountability agents, and participate in international and regional initiatives for data privacy protection, such as those undertaken by the Association of Southeast Asian Nations ("ASEAN").
With the approval in January 2021 at the 1st ASEAN Digital Ministers' Meeting of the ASEAN Model Contractual Clauses ("MCCs") and ASEAN Data Management Framework ("DMF"), and in line with its mandate, NPC issued Advisory Opinion 2021-02 on 28 June 2021 ("Advisory Opinion") as its first guidance on the adoption of MCCs and DMF which harmonise data management and cross-border transfer standards across different jurisdictions.
The MCCs are voluntary contractual terms and conditions that may be included in the binding legal agreements between parties or entities transferring personal information and/or sensitive personal information (collectively, "personal data") across different jurisdictions. These are templates setting out the responsibilities, required personal data protection measures, and related obligations of the parties based on the ASEAN Framework on Personal Data Protection.
NPC considered the fact that there are different levels of development among ASEAN member states, and thus provided in the Advisory Opinion that companies are allowed to modify the MCCs in a way that does not contradict the clauses, as well as domestic laws on privacy and protection.
Meanwhile, the DMF is a voluntary and non-binding guidance for ASEAN businesses to establish a data management system and governance structure that appropriately safeguard different kinds of data. Organisations may adopt it to varying business needs in their own systems of managing data. It may serve as basis for sound data governance practices by helping organisations to organise datasets they have, assign it within the appropriate categories, manage their data, and protect it accordingly in compliance with relevant regulations.
With this initiative, NPC aims to promote the growth of trade and flow of information in the ASEAN internet economy, and promote the Philippines having a slice of the region growth aimed at $240 billion by 2025.
