On 22 May 2023, the National Privacy Commission of the Philippines ("NPC") and the Office of the Privacy Commissioner for Personal Data of Hong Kong (PCPD) (collectively, "Parties") signed a Memorandum of Understanding ("MOU") to strengthen collaboration and cooperation on personal data protection while complying with the domestic laws and regulations of each jurisdiction. With the MOU, NPC aims to build trust in digital services in order to harness the potential of data as a tool for social and economic progress.
The Parties are obliged under the MOU to provide mutual assistance during investigations regarding potential breaches of each country's privacy and data protection laws. The investigations may be conducted jointly if the case involves cross-border personal data incidents or breaches. The Parties shall also engage in knowledge sharing, training, education on data privacy and protection issues and trends, and exert joint efforts to promote personal data protection within their regions and beyond. The execution of the MOU is in line with section 6 of the Republic Act No. 10173 or the Data Privacy Act of 2012 which provides that the provisions of the Data Privacy Act of 2012 have extraterritorial application and apply to any act done or practice engaged in by an entity if:
- the act, practice or processing relates to personal information about a Philippine citizen or resident;
- the entity has a link with the Philippines and is processing personal information in the Philippines, or outside the Philippines as long as it is about Philippine citizens or residents, such as, but not limited to, a contract entered into in the Philippines, an unincorporated juridical entity in the Philippines that has its central management and control in the country, or an entity with a branch, agency, office, or subsidiary in the Philippines and the parent or affiliate has access to personal information; and
- the entity has other links in the Philippines such as, but not limited to, carrying on business in the Philippines or where the personal information was collected by or held by an entity in the Philippines.