Philippines Archives

In Cybersecurity, Data and Tech

Philippines: Minimum requirements for security of personal data issued by the National Privacy Commission

April 19, 2024 by Bienvenido A. Marquez III, Divina Pastora V. Ilas-Panganiban and Berenice Joanna G. Dela Cruz 8 Mins Read

The Data Privacy Act provides that a personal information controller (PIC) must implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing. The PIC shall also protect personal information against natural dangers and human dangers. For this purpose, the National Privacy Commission (NPC) recently issued NPC Circular No. 2023-06 (“Circular”), which sets out the updated minimum requirements for the security of personal data.

In AML & Financial Services Regulatory

Philippines: Issuance of implementing rules and regulations of the Public-Private Partnership Code

April 17, 2024 by Ramon Miguel E. Bacani and Karl Raymond Cruz 1 Min Read

Excerpt: On 5 December 2023, the Public-Private Partnership (PPP) Code of the Philippines (“PPP Code”) was enacted into law. The PPP Code was enacted to further the State’s policy to provide an enabling environment for the private sector to mobilize its resources to finance, design, construct, operate, and maintain infrastructure or development projects and services. The PPP Code provides for, among others, (i) a unified framework for both national and local PPP projects, (ii) stricter timelines for the evaluation and approval of PPP projects, and (iii) updated thresholds and requirements for approval of national and local PPP projects.

In Cybersecurity, Data and Tech

Philippines: National Privacy Commission issues rules for Philippine Privacy Mark certification

April 6, 2024 by Bienvenido A. Marquez III, Divina Pastora V. Ilas-Panganiban and Berenice Joanna G. Dela Cruz 3 Mins Read

The National Privacy Commission (NPC) recently issued NPC Circular No. 2023-05, which sets out the prerequisites for certification under the Philippine Privacy Mark Certification Program.
The NPC Privacy Mark, obtained through the PPM Certification Program, offers the highest level of assurance on data privacy compliance and secure cross-border data transfers of personal information controllers and personal information processors. It helps data subjects identify organizations they can entrust their personal data with.
The Circular took effect on 15 March 2024.

Philippines: National Privacy Commission amends certain provisions of its Rules of Procedure

March 6, 2024 by Divina Pastora V. Ilas-Panganiban, Frederick August I. Jose and Jonathan Peter A. Gregorio 13 Mins Read

The National Privacy Commission (NPC) recently issued NPC Circular No. 2024-01 (“Circular”), which amends certain provisions of the 2021 Rules of Procedure. The Circular aims to further streamline the process of receiving complaints and instituting investigations on matters affecting any personal information. The amendments impose certain requirements in case of privacy violation complaints by minors or persons alleged to be incompetent.

In Tax

Philippines: BIR clarifies withholding tax imposed on the remittances by e-marketplace operators, digital financial services providers to merchants

February 17, 2024 by Kristine Anne Mercado-Tamayo and Roberto Romalio G. Reyes 2 Mins Read

On 27 December 2023, the BIR published RR No. 16-2023 to amend RR No. 2-1998 and impose withholding tax on the gross remittances by e-marketplace operators and digital financial services providers to sellers/merchants. On 11 January 2024, the BIR issued RMC 8-2024 to provide guidance on the timeline and procedures to implement RR No. 16-2023. According to RR No. 16-2023, e-marketplace operators and digital financial services providers are allowed a transitory period of 90 days from the issuance of RMC 8-2024 to comply with the provisions of RR No. 16-2023.

In Corporate Compliance

Philippines: Doing Business in the Philippines

February 8, 2024 by Ramon J. Quisumbing 1 Min Read

The Doing Business in the Philippines handbook aims to equip both local and foreign entrepreneurs with a practical guide to navigating the ever-evolving business landscape in the Philippines. It provides information on the requirements needed when setting up and operating a business in the Philippines, including incentives under special registrations, taxation, employment, IP, dispute resolution, and industry-specific regulations.

In Tax

Philippines: Bureau of Internal Revenue issues regulations on withholding tax on remittances by online platforms to online sellers/merchants

February 7, 2024 by 4 Mins Read

On 8 January 2024, Commissioner of Internal Revenue Romeo D. Lumagui Jr. issued an advisory regarding the cessation of the Bureau of Internal Revenue (BIR)’s collection of the Annual Registration Fee (ARF), in compliance with Republic Act (RA) No. 11976 or the “Ease of Paying Taxes Act.”

Philippines: Annual Security Incident Report due on 31 March 2024

February 7, 2024 by 3 Mins Read

The National Privacy Commission (NPC) formally announced through its official website that the Annual Security Incident Report for the year 2023 must be filed by 31 March 2024.
Any natural and juridical person in the government or private sector processing personal data in or outside of the Philippines that are subject to the provisions of Republic Act No. 10173 or the Data Privacy Act of 2012 must submit the ASIR containing the following information:
• Summary of the number of security incidents encountered in a particular calendar year and categorized by type, i.e., theft, identity fraud, sabotage/physical damage, malicious code, hacking, misuse of resources, hardware failure, software failure, communication failure, natural disaster, design error, user error, operations error, software maintenance error, third-party service, and other analogous causes
• Summary of the number of personal data breaches encountered in a particular calendar year and classified based on the application of the breach notification obligations, i.e., mandatory and voluntary notification

In Tax

Philippines: Bureau of Internal Revenue issues regulations on withholding tax on remittances by online platforms to online sellers

February 2, 2024 by 4 Mins Read

The Bureau of Internal Revenue recently issued Revenue Regulations No. 16-2023, which sets out the guidelines on the imposition of withholding tax on gross remittances by electronic marketplace operators and digital financial services providers to online sellers/merchants, in connection with goods and services sold or paid through the former’s platform.
The Regulations took effect on 12 January 2024.

Philippines: National Privacy Commission issues guidelines on the processing of personal information based on legitimate interest

January 22, 2024 by Bienvenido A. Marquez III, Divina Pastora V. Ilas-Panganiban, Felicisimo Agas III and Jonathan Peter A. Gregorio 8 Mins Read

Consent is not the only available lawful basis for processing personal information. Personal information controllers and other parties engaged in the processing of personal information may also use legitimate interest as a lawful basis for processing. However, these parties must be aware of the conditions and limitations for processing personal information based on legitimate interest. For this reason, the National Privacy Commission (“NPC”) recently issued NPC Circular No. 2023-07, which provides guidelines on the processing of personal information based on legitimate interest. The Circular takes effect on 14 January 2024.