ABLI-FPF Convergences Series - Status of Consent for Processing Personal Data (Philippine report)
On Sale
SGD0.00
ABLI-FPF Convergences Series - Status of Consent for Processing Personal Data (Philippine report)
Author: Dominic Paulger, Policy Manager (APAC), Future of Privacy Forum
Asian Business Law Institute and Future of Privacy Forum
July 2022
This report provides a detailed overview of relevant laws and regulations in the Philippines on
b. Processing of personal information for unauthorized purposes
c. Malicious and unauthorized disclosures
b. In Re: FLI Operating ABC Online Lending Application (NPC 19-910)
c. In Re: Lisensya.Info
b. Health research
b. Drug rehabilitation
b. Necessity for law enforcement, defense, or national security
c. Necessity for prevention, detection, mitigation, and investigation of fraud, security breach, or other prohibited/illegal activities in high-risk scenarios
b. Role of IRRs
Author: Dominic Paulger, Policy Manager (APAC), Future of Privacy Forum
Asian Business Law Institute and Future of Privacy Forum
July 2022
This report provides a detailed overview of relevant laws and regulations in the Philippines on
- notice and consent requirements for processing personal data;
- alternative legal bases for processing personal data which permit processing of personal data without consent if the data controller undertakes a risk impact assessment (e.g., legitimate interests); and
- statutory bases for processing personal data without consent and exceptions or derogations from consent requirements in laws and regulations.
1. INTRODUCTION
1.1. Republic Act 10173 – Data Privacy Act of 2012 (“DPA”)
1.2. Implementing Rules and Regulations of the Data Privacy Act of 2012 (“IRRs”)
2. SECTORAL LAWS AND REGULATIONS
2.1. Healthcare
2.2. Health-related research
3. ROLE OF THE NATIONAL PRIVACY COMMISSION (“NPC”)
3.1. Advisories
3.2. Advisory Opinions
4. CONSENT AND PRIVACY SELF-MANAGEMENT IN THE DPA
5. CONDITIONS FOR CONSENT
5.1. Definition and forms of consent
5.2. Withdrawal of consent
5.3. Bundled consent
6. CONSENT FOR SPECIAL CATEGORIES OR USES OF DATA
6.1. Children
6.2. Cookies, Internet of Things, online tracking
6.3. Direct marketing
6.4. Biometric and genetic data
6.5. Financial information
6.6. Statistics and research
6.7. Pseudonymized data
6.8. Location data
7. CONSENT FOR CROSS-BORDER DATA TRANSFERS
8. TRANSPARENCY AND NOTICE
8.1. DPA.
8.2. IRRs
9. SANCTIONS AND ENFORCEMENT
9.1. Criminal liability
a. Unauthorized processing of personal and sensitive personal informationb. Processing of personal information for unauthorized purposes
c. Malicious and unauthorized disclosures
9.2. Civil liability
9.3. Enforcement actions
a. BGM v. IPP (NPC 19-653)b. In Re: FLI Operating ABC Online Lending Application (NPC 19-910)
c. In Re: Lisensya.Info
10. COLLECTING, USING, AND DISCLOSING DATA WITHOUT CONSENT SUBJECT TO A RISK IMPACT ASSESSMENT
10.1. Documenting the balancing exercise
10.2. Disclosing reliance on the balancing test
10.3. “Legitimate interests” v. “fair and reasonable” test
10.4. Factors to be applied in the “fair and reasonable” test
11. COLLECTING, USING, AND DISCLOSING DATA WITHOUT CONSENT IN OTHER CIRCUMSTANCES DEFINED BY LAW
11.1. Processing non-sensitive personal information
a. Fulfillment of a contract or preparatory steps for entering into a contract11.2. Processing sensitive personal information
11.3. Exemptions
a. Research purposesb. Health research
11.4. Sectoral laws and regulations
a. Credit Informationb. Drug rehabilitation
11.5. Specific circumstances
a. Carrying out a task in the public interestb. Necessity for law enforcement, defense, or national security
c. Necessity for prevention, detection, mitigation, and investigation of fraud, security breach, or other prohibited/illegal activities in high-risk scenarios
11.6. Rule of interpretation
a. DPAb. Role of IRRs
