NPC joins APEC data privacy network

Font Size


THE National Privacy Commission (NPC) has joined the Asia Pacific Economic Cooperation (APEC) Cross-border Privacy Enforcement Arrangement (CPEA), allowing it to share information and cooperate with APEC member states.

The APEC CPEA is an enforcement network developed for the Cross-Border Privacy Rules (CBPR). The initiative facilitates information-sharing among privacy enforcement authorities in APEC member countries; provides mechanisms to promote effective cross-border privacy cooperation; and promote information sharing with authorities outside APEC.

Privacy Commissioner and Chairman Raymund Enriquez Liboro said in a statement: “The CBPR System enables Philippine-based companies to get their data-privacy and protection systems certified with a local Accountability Agent. This would allow them to freely transfer data to all CBPR-participating countries. For businesses, this would mean less hassle as certification would amount to meeting the privacy requirements of each member-country in the system.”

Mr. Liboro added that the cooperation with APEC member states can help form remedial measures for addressing data privacy incidents, such as the current issue with the data breach involving Uber Technologies, Inc., which involves Philippine users.

Mr. Liboro said that the commission is still in the information-gathering stage in the investigation of the Uber data breach.

“We are drafting a compliance order,” Mr. Liboro said, adding that the NPC does not yet have a timeline for releasing the order.

Uber’s Philippine unit has confirmed to the NPC that personal data of its Filipino customers and drivers were exposed in a data breach involving Uber Technologies. The worldwide breach in October 2016, left unreported by the company until recently, involved 57 million users and around 600,000 drivers.

NPC also reminded Uber that the concealment of a data breach has serious consequences under the Data Privacy Act of 2012. — Patrizia Paola C. Marcelo