NPC’s new initiative.
The National Privacy Commission (NPC) has issued its first guidance on the adoption of tools which compliments data management and cross-border transfer standards across the Association of Southeast Asian Nations (ASEAN), a move that will help Philippine businesses unlock more gains in the fast expanding digital economy across the ASEAN.
These tools, namely the Model Contract Clauses (MCCs) and the Data Management Framework (DMF), “are vital… for ASEAN businesses to use in their data-related business operations and help build trust, transparency, and accountability,” according to NPC Advisory.
The MCCs are voluntary standards that businesses in the economic bloc can adopt in legally binding contracts to ensure the protection of customer data when transferred across different jurisdictions.
However, given the different levels of development among ASEAN member states, companies are allowed to modify the MCCs in a way that does not contradict the clauses, as well as domestic laws on privacy and protection.
Meanwhile, the DMF is a voluntary and non-binding guidance for ASEAN businesses to establish a data management system and governance structure that appropriately safeguard different kinds of data.
The DMF identifies six areas that need robust measures to ensure the confidentiality, integrity and availability of data throughout its lifecycle.
These areas are on:
- Governance and oversight
- Policies and procedural documents
- Data inventory
- Impact / Risk assessment
- Monitoring and continuous improvement
Privacy Commissioner Raymund E. Liboro encouraged local businesses to explore these new tools and usher in the burgeoning ASEAN internet economy.
The ASEAN digital economy is estimated to have reached $72 billion in gross merchandise value in 2018. This was powered by a fast-growing internet user base across online travel, e-Commerce, online media, and ride hailing.
“Given the great shift to digitalization during this pandemic, the region can surely exceed the $240 billion it is projected to attain by 2025. But as early as now, we must ensure that the Philippines will have a slice of that growth,” Liboro said, noting that adopting the MCCs and DMF, which also support businesses’ compliance with the Data Privacy Act of 2012, can help realize this.
According to Liboro, with its focus on trust, transparency, and accountability, the MCCs and DMF will elevate Philippines companies’ competitiveness and readiness to capture new markets. Because what companies do to safeguard their customers’ data from hacks, unauthorized access and other emerging threats is what is defining competitiveness.
He added that the NPC will soon be launching more efforts to capacitate companies, especially micro, small, and medium enterprises who are hardest hit from the pandemic, in conforming with these new ASEAN tools for a more inclusive growth.
Approved in January 2021 at the ASEAN Digital Ministers’ meeting, the MCCs and DMF are initiatives built on the principles of the ASEAN Framework on Personal Data Protection which aims to promote the growth of trade and flow of information in the ASEAN internet economy.