The National Privacy Commission (NPC) issued NPC Circular No. 2024-02, entitled Closed-Circuit Television (CCTV) Systems (the Circular), on August 9, 2024. It notes the previously issued NPC Advisory No. 2020-04, entitled Guidelines on the Use of Closed-Circuit Television (CCTV) Systems, and recognizes the need to provide an updated policy in relation to the use of CCTV systems due to the continuously evolving nature of technology concerning CCTV systems. Thus, the NPC has provided guidelines to assist all personal information controllers (PICs) and personal information processors (PIPs) in navigating the emerging privacy risks arising from the use of CCTV systems.

In this Insight article, Edsel F. Tupaz and Luis Teodoro B. Pascua, from Gorriceta Africa Cauton & Saavedra, highlight salient changes in the NPC's policy since its NPC Advisory No. 2020-04 and discuss the practical implications arising from notable changes.

The National Privacy Commission (NPC) issued the NPC Circular No. 2023-07 (the Circular) on December 13, 2023. This Circular is entitled Guidelines on Legitimate Interest and seeks to clarify the framework within which a personal information controller (PIC) may establish legitimate interest as a basis for processing personal data. The Circular is not meant to introduce any new basis for processing personal information, rather, it seeks to clarify concepts and requirements of legitimate interest, which is a lawful basis for processing personal information under Philippine privacy laws. Edsel F. Tupaz, from Gorriceta Africa Cauton & Saavedra, walks through these guidelines and their implications for PICs.  

The Circular should be read alongside part one and part two of the series on the NPC Guidelines on Consent, which comprise important tool kits for PICs and personal information processors that process the personal data of Philippine data subjects.  

In today's digital landscape, consent is a cornerstone of effective privacy management and a critical safeguard for the rights of data subjects. In the Philippines, the National Privacy Commission (NPC) released the NPC Circular No. 2023-04 (the Circular) on November 7, 2023, providing guidelines on the use of consent as a lawful basis for data processing, ensuring compliance thereof by affected personal information controllers (PICs), and prohibiting, among others, the use of deceptive design patterns. On the same date, the NPC issued Advisory No. 2023-01 (the Advisory), which comprises the Guidelines on Deceptive Design Patterns. Both the Circular and the Advisory make references to each other and must be read together. 

In this Insight Article, Edsel F. Tupaz, from Gorriceta Africa Cauton & Saavedra, discusses the more salient, practical implications of the Circular and the Advisory on affected PICs. He focuses on the Circular's impact on existing mechanisms for privacy notices, timing of consent, withdrawal of consent, and level of granularity, as well as underscoring the use of the 'average member of the target audience' standard, prohibitions against deceptive design patterns, and the compliance period.