The National Privacy Commission issued Circular No. 2022-04 on 5 December 2022, which sets out the registration framework of Data Protection Officers and Data Processing Systems. Under the Circular, personal information controllers and personal information processors operating in the Philippines are required to register with the NPC as long as they meet any of the conditions for registration. The Circular took effect on 11 January 2023.

On 10 October 2022, President Ferdinand Marcos Jr. signed into law Republic Act No. 11934, otherwise known as the “Subscriber Identity Module (SIM) Registration Act”. The primary purpose of the Act is to mandate all public telecommunications entities to require the registration of SIM cards prior to their sale and activation, in an effort to promote accountability and provide law enforcement with an identification tool in resolving crimes .

The guide provides the latest regulatory information on sandboxes, robo-advisers, online lenders, payment processors, marketplaces, exchanges and trading platforms, high-frequency and algorithmic trading, financial research platforms, insurtech, regtech, blockchain, non-fungible tokens (NFTs) and open banking.

The Philippines logged one of the highest growth rates as an emerging data center market alongside Malaysia and Thailand, supporting the active digital profile of Filipinos.
Access Quisumbing Torres’ Developing and Operating Data Centers in the Philippines to learn more about the key legal issues for data center investors. The guide provides the relevant regulatory information including issues and considerations related to foreign investment controls, data (i.e., privacy, telecommunications laws, cybersecurity, data localization, antitrust),tax, M&A, financing, sustainability and real estate.

The National Privacy Commission issued Circular No. 2022-01 on 12 August 2022, entitled “Guidelines on Administrative Fines”. The Circular fixes the administrative fines to be imposed upon personal information controllers or personal information processors for infractions of the Data Privacy Act of 2012, its implementing rules and regulations, and the issuances of the NPC. The Circular takes effect on 27 August 2022 and will apply prospectively. Thus, complaints that have already been filed with the NPC prior to the effectivity date are not covered by the Circular.

The National Privacy Commission recently announced that the deadline for the submission of Annual Security Incident Reports for the years 2018 to 2021 is on 31 October 2022, while the deadline to submit the 2022 version of said report is on 31 March 2023.

On 12 May 2022, the President issued Executive Order No. 169, which seeks to intensify government efforts in strengthening the franchising industry and to help businesses, especially micro, small and medium enterprises, by developing a transparent and business-friendly environment, and promoting fair and equitable practices.

In March 2022, Baker McKenzie’s Data Privacy & Security Team across offices presented the Asia Pacific edition of Deciphering Data, the Firm’s webinar series that aims to help companies and organisations decode complex developments in data privacy and cybersecurity. Our diverse team of cross-border experts offered their expertise and insight in this webinar series to help you understand the legal lay of the land and prepare for the future of privacy in Asia Pacific and beyond.

Explore Data PULSE, a platform which helps you to navigate the complex landscape of data, regulatory and IP protection concerns at each stage of the medical product life cycle. As you navigate through each key issue, Data PULSE will help you to identify and mitigate risks across multiple jurisdictions and optimize your strategy through research, market authorization and post-market study phases.