New Report on Limits of “Consent” in the Philippines’ Data Protection Law


Today, the Future of Privacy Forum (FPF) and Asian Business Law Institute (ABLI), as part of their ongoing joint research project: “From Consent-Centric Data Protection Frameworks to Responsible Data Practices and Privacy Accountability in Asia Pacific,” are publishing the sixth in a series of detailed jurisdiction reports on the status of “consent” and alternatives to consent as lawful bases for processing personal data in Asia Pacific (APAC).

This report provides a detailed overview of relevant laws and regulations in the Philippines, including: 

notice and consent requirements for processing personal data;the status of alternative legal bases for processing personal data which permit processing of personal data without consent if the data controller undertakes a risk impact assessment (e.g., legitimate interests); andstatutory bases for processing personal data without consent and exceptions or derogations from consent requirements in laws and regulations,

The findings of this report and others in the series will inform a forthcoming comparative review paper which will make detailed recommendations for legal convergence in APAC. 

The Philippines’ Data Protection Landscape

The main personal data protection legislation in the Philippines is Republic Act No. 10173, better known as the Data Privacy Act of 2012 (DPA), which was passed in 2012 but only fully took effect in September 2017. 

The DPA applies broadly to individuals and organizations that process the personal information of Philippine citizens, even if the individual or organization does not have a legal presence in the Philippines. For purposes of the DPA, “processing” refers to any operation(s)

Read more

Explore the site

More from the blog

Latest News