Search for:

In brief

The Philippine National Privacy Commission (NPC) recently issued NPC Circular No. 2020-02 on the Rules on the Issuance of Cease and Desist Orders (Circular). The Circular applies to all applications for a Cease-and- Desist Order (CDO) on the processing of personal data and other matters cognizable by the NPC.


What the Circular Provides

Who Should Apply

Under the Circular, a written verified application for a CDO may be filed against any personal information controller or processor (Adverse Party) with the NPC, through its General Records Unit, by any one of the following:

  • the Complaints and Investigation Division (CID) of the NPC, through its sua sponte investigation;
  • the Compliance and Monitoring Division (CMD) of the NPC, through its conduct of compliance checks and handling of breach notifications; or
  • the data subject (Aggrieved Party), with the CDO application either attached to a complaint or as an independent action and with payment of the applicable filing fees and posting of bond, and upon recommendation by the CID after its assessment that the application is sufficient in form and substance.

Grounds and Procedure for CDO Issuance

The NPC may issue a CDO ex parte or without prior hearing if the applicant proves by substantial evidence that all of the following conditions are present:

  1. The Adverse Party is doing, threatening or is about to do, is procuring to be done, some act or practice in violation of the Data Privacy Act (DPA), its implementing rules and regulations (IRR), or other related issuances;
  2. Such act or practice is detrimental to national security or public interest, or the CDO is necessary to preserve and protect the rights of a data subject; and
  3. The commission or continuance of such act or practice, unless restrained, will cause grave and irreparable injury to a data subject.

Once issued, the NPC shall ensure the implementation of the issued CDO within 72 hours from receipt thereof by the Adverse Party. The CDO shall also direct the Adverse Party to file its comment thereon within ten (10) days from receipt. Thereafter, the NPC may conduct clarificatory hearings if necessary to secure additional information from all concerned parties regarding the issued CDO.

Within 30 days from the expiry of the period to file a comment or termination of the clarificatory hearings, the NPC shall issue its decision on whether or not to lift or extend the issued CDO; otherwise, the CDO shall be deemed automatically lifted. If the NPC extends the CDO, it shall remain effective until the same is modified or lifted by the NPC, on its own or upon motion of the Adverse Party, upon showing that the factual or legal basis for which it was issued no longer exists.

The NPC may issue a new CDO if it determines that the same acts initially complained of recommence within 12 months from the lifting of the prior CDO, without the need to apply for a new application. Beyond the said 12-month period, any future violation of the same Adverse Party shall require the filing of a new application.

Penalties for Violations

Any violation of the CDO issued by the NPC shall be subjected to fines and penalties prescribed by the NPC, contempt proceedings before the appropriate court; and/or such other actions as may be available to the NPC.

Author

Bienvenido Marquez III is a partner and head of Quisumbing Torres' Intellectual Property, Data and Technology Practice Group. He also co-heads the Consumer Goods & Retail Industry Group and is a member of the Technology, Media & Telecommunications Group. He participates in initiatives of Baker & McKenzie International of which Quisumbing Torres is a member firm. He is a member of Baker McKenzie's Asia Pacific Intellectual Property Steering Committee and the Asia Pacific Intellectual Property Business Unit for Brand Enforcement. He is immediate Past President of the Philippine Chapter of the Licensing Executives Society International (2019-2021), and is currently co-chair of the LESI Asia Pacific. He is also a member of the Anti-Counterfeiting Committee of the International Trademarks Association (INTA). Bien has vast experience in handling IP enforcement litigation, trademark and patent prosecution and maintenance, copyright, data privacy, information security, IT, telecommunications, e-commerce, electronic transactions, cyber security and cybercrime. He has been consistently ranked as a leading individual for Intellectual Property and TMT in Legal 500 Asia Pacific, Chambers Asia Pacific, asialaw Leading Lawyers, Managing IP Stars, Asia IP, and World Trademark Review. He was also recognized as a Volunteer Service Awardee by INTA in 2018.

Author

Divina Ilas-Panganiban is a partner in Quisumbing Torres’ Intellectual Property and Information Technology & Communications practices. She has 15 years of experience in the fields of intellectual property law, commercial law and litigation. She currently serves as the Vice-President and Director of the Philippine Chapter of Licensing Executives Society International. Ms. Panganiban often serves as resource speaker in local and international seminars on IP and IT laws.

Author

Neonette Pascual is an associate in Quisumbing Torres' Intellectual Property Practice Group and Information Technology & Communications Industry Group. She has nine years of experience handling matters involving contracts, incorporation, compliance, litigation, and corporate housekeeping. Prior to joining Quisumbing Torres, Ms. Pascual worked as legal counsel for the Philippine offices of two global outsourcing services companies

Author

Danielle Lauren K. Lim is a junior associate in Quisumbing Torres. She works with the Corporate & Commercial/M&A, Dispute Resolution, Employment and Tax Practice Groups. Danielle graduated from Ateneo Law School with honors and was awarded Best Thesis for Batch 2019.