Search for:

In brief

The Philippine National Privacy Commission (NPC) recently issued NPC Circular No. 2020-02 on the Rules on the Issuance of Cease and Desist Orders (Circular). The Circular applies to all applications for a Cease-and- Desist Order (CDO) on the processing of personal data and other matters cognizable by the NPC.


What the Circular Provides

Who Should Apply

Under the Circular, a written verified application for a CDO may be filed against any personal information controller or processor (Adverse Party) with the NPC, through its General Records Unit, by any one of the following:

  • the Complaints and Investigation Division (CID) of the NPC, through its sua sponte investigation;
  • the Compliance and Monitoring Division (CMD) of the NPC, through its conduct of compliance checks and handling of breach notifications; or
  • the data subject (Aggrieved Party), with the CDO application either attached to a complaint or as an independent action and with payment of the applicable filing fees and posting of bond, and upon recommendation by the CID after its assessment that the application is sufficient in form and substance.

Grounds and Procedure for CDO Issuance

The NPC may issue a CDO ex parte or without prior hearing if the applicant proves by substantial evidence that all of the following conditions are present:

  1. The Adverse Party is doing, threatening or is about to do, is procuring to be done, some act or practice in violation of the Data Privacy Act (DPA), its implementing rules and regulations (IRR), or other related issuances;
  2. Such act or practice is detrimental to national security or public interest, or the CDO is necessary to preserve and protect the rights of a data subject; and
  3. The commission or continuance of such act or practice, unless restrained, will cause grave and irreparable injury to a data subject.

Once issued, the NPC shall ensure the implementation of the issued CDO within 72 hours from receipt thereof by the Adverse Party. The CDO shall also direct the Adverse Party to file its comment thereon within ten (10) days from receipt. Thereafter, the NPC may conduct clarificatory hearings if necessary to secure additional information from all concerned parties regarding the issued CDO.

Within 30 days from the expiry of the period to file a comment or termination of the clarificatory hearings, the NPC shall issue its decision on whether or not to lift or extend the issued CDO; otherwise, the CDO shall be deemed automatically lifted. If the NPC extends the CDO, it shall remain effective until the same is modified or lifted by the NPC, on its own or upon motion of the Adverse Party, upon showing that the factual or legal basis for which it was issued no longer exists.

The NPC may issue a new CDO if it determines that the same acts initially complained of recommence within 12 months from the lifting of the prior CDO, without the need to apply for a new application. Beyond the said 12-month period, any future violation of the same Adverse Party shall require the filing of a new application.

Penalties for Violations

Any violation of the CDO issued by the NPC shall be subjected to fines and penalties prescribed by the NPC, contempt proceedings before the appropriate court; and/or such other actions as may be available to the NPC.

Author

Bienvenido Marquez III is a partner and head of Quisumbing Torres' Intellectual Property Practice Group and Information Technology & Communications Industry Group. He is also a member of Baker McKenzie's Asia Pacific Intellectual Property Steering Committee. He is experienced in handling IP enforcement litigation, trademark and patent prosecution and maintenance, copyright, data privacy, information security, IT, telecommunications, e-commerce, electronic transactions and cybercrime matters. He also counsels clients on compliance with consumer product laws, including packaging, labeling and regulatory requirements for food, drugs and devices and cosmetics, and conducts administrative litigation relating to the same.

Author

Divina Ilas-Panganiban is a partner in Quisumbing Torres’ Intellectual Property and Information Technology & Communications practices. She has 15 years of experience in the fields of intellectual property law, commercial law and litigation. She currently serves as the Vice-President and Director of the Philippine Chapter of Licensing Executives Society International. Ms. Panganiban often serves as resource speaker in local and international seminars on IP and IT laws.

Author

Neonette Pascual is an associate in Quisumbing Torres' Intellectual Property Practice Group and Information Technology & Communications Industry Group. She has nine years of experience handling matters involving contracts, incorporation, compliance, litigation, and corporate housekeeping. Prior to joining Quisumbing Torres, Ms. Pascual worked as legal counsel for the Philippine offices of two global outsourcing services companies

Author

Danielle Lauren K. Lim is a junior associate in Quisumbing Torres. She works with the Corporate & Commercial/M&A, Dispute Resolution, Employment and Tax Practice Groups. Danielle graduated from Ateneo Law School with honors and was awarded Best Thesis for Batch 2019.