Various agencies led by the Department of Trade and Industry (DTI) have signed Joint Administrative Order No. 24-03, Series of 2024 containing the Implementing Rules and Regulations (IRR) of Republic Act No. 11967, or The Internet Transactions Act of 2023 (ITA).
To recall, the ITA is intended to regulate e-commerce, protect consumer rights and data privacy, and uphold intellectual property rights.
The IRR clarifies the scope and coverage of the ITA, the enforcement powers of the DTI vis-à-vis other agencies, and the applicable procedure for imposition of fines.
Saudi Arabia updates Data Transfer Regulations and introduces the first set of Standard Contractual Clauses
On 1 September 2024, the Saudi Data and AI Authority (SDAIA) published the Regulation on Personal Data Transfer Outside the Kingdom (“Data Transfer Regulations”), which amended the previous Transfer Regulations under the Personal Data Protection Law issued by Royal Decree No. (M/19) dated 9/2/1443 AH and amended by Royal Decree No. (M/148) dated 5/9/1444 AH (“PDPL”). SDAIA also published additional information on Standard Contractual Clauses and Binding Common Rules, two of the appropriate safeguards for transferring data outside of the Kingdom, as well as a number of PDPL-related rules and guidelines. A summary of our initial takeaways can be found below.
Philippines: Key legal information and potential business challenges of the Philippines’ financial technology sector
The Primer on Fintech in the Philippines covers legal and regulatory issues and considerations related to the financial technology sector in the Philippines, including data privacy and cybersecurity considerations, anti-money laundering compliance, and the business challenges that the sector may face.
Philippines: NPC issues new guidelines on the processing of sensitive personal information for legal claims
The National Privacy Commission (NPC) recently issued NPC Advisory No. 2024-02, which lays down guidelines on the processing of sensitive personal information for the protection of lawful rights and interests or the establishment, exercise or defense of legal claims, pursuant to Section 13(f) of the Data Privacy Act (DPA).
Entities who process sensitive personal information or privileged information must ensure that such processing is compliant with the guidelines provided in the Advisory. A legitimate interest assessment will be helpful in evaluating compliance with NPC Circular No. 2023-07.