Philippines: Issued NPC advisory on model contractual clauses for cross-border transfers of personal data

On 30 May 2024, the Philippine National Privacy Commission (NPC) issued an advisory on model contractual clauses (MCCs) for cross-border transfers of personal data. The advisory aligns with the Data Privacy Act of 2012 (DPA), which protects privacy rights while ensuring the free flow of information to promote growth and innovation. The NPC is part of the Global Privacy Assembly (GPA) and its Global Frameworks and Standards Working Group (GFSWG), which published a comparative guide on MCCs from various jurisdictions, including ASEAN, EU, and the UK. The NPC previously issued guidance on using ASEAN MCCs and acknowledged the importance of these clauses for secure cross-border data transfers. In particular, the advisory provides guidance to personal information controllers (PICs) and processors (PIPs) on available MCCs for cross-border data transfers, emphasising that these clauses can be included in legal agreements to govern such transfers. The guidance is voluntary and does not impose additional obligations. Furthermore, the advisory aims to aid PICs in maintaining accountability during cross-border data transfers, though the NPC will not review agreements for conformity with MCCs.