Philippines: It's Fine: National Privacy Commission Sets Administrative Penalties

On August 8, 2022, the NPC issued NPC Circular No. 2022-01 entitled "Guidelines on Administrative Fines" (Guidelines on Administrative Fines), which took effect on August 27, 2022. The Guidelines on Administrative Fines impose administrative penalties on PICs and PIPs found to be non-compliant with the DPA, the DPA IRR, and issuances of the NPC.

The publication of the schedule of fines comes at a time when the NPC has become more active in enforcing the DPA and its related issuances. The administrative fine can amount up to 3% of the annual gross income of the violator, but shall not exceed PHP5 Million (approx. USD88,865). The significant sum is intended to discourage infractions of the DPA, the DPA IRR, and NPC issuances.

Key provisions

• Range of Fines. The amount and range of the fines are categorized according to the gravity of the infraction:
  • Grave infractions – 0.5% to 3% of the annual gross income of the immediately preceding year when the infraction occurred but shall not exceed PHP5 Million (approx. USD88,865).
  • Major infractions – 0.25% to 2% of the annual gross income of the immediately preceding year when the infraction occurred but shall not exceed PHP5 Million (approx. USD88,865).
  • Other infractions – up to PHP200,000 (approx. USD3,508)
• Circumstances Considered. In determining the amount of fine, the NPC shall consider certain facts including the manner of occurrence, the damage to the data subject, actions or measures taken to protect the data subject, previous infractions, and mitigating actions adopted to reduce the harm to the data subject.

Read the latest SyCipLaw TMT and Data Bulletin here or via this link.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.