Philippines: Implemented NPC guidelines on legitimate interest

On 13 April 2024, the National Privacy Commission (NPC) guidelines on legitimate interest entered into force. The guidelines apply to controllers and third parties that process or are involved in the processing of personal data on the lawful basis of the legitimate interest. Processing based on legitimate interest necessitates meeting specific criteria, such as establishing a genuine interest, ensuring the necessity and lawfulness of the chosen means, and ensuring legitimacy without violating the rights of data subjects. The NPC requires three tests when assessing a legitimate interest as the legal basis for data processing, namely the purpose test, the necessity test, and the balancing test, and defines the steps and criteria for each test. The public authorities don't have to fulfil the legitimate interest criteria when processing personal data.