On March 20, 2012, the Philippines Senate unanimously passed the Data Privacy Act of 2011 (“the Act”) on its third and final reading. According to one of its sponsors, Senator Edgardo Angara, the Act is heavily based on the current EU Data Protection Directive (Directive 95/46/EC) and meets the standards of the Asia Pacific Economic Cooperation Privacy Framework. Legislators stated that the Act was necessary due to the importance of the IT industry to the Philippine economy and the need for the Philippines to adhere to international standards.

A key provision of the legislation is the creation of a data protection authority, the National Privacy Commission, whose role it will be to implement and enforce the Act’s provisions. The Act also sets out a range of penalties for offences such as the unauthorized processing or unauthorized disclosure of personal information. These include prison terms of up to six years and fines of up to PHP 5,000,000. The power to prosecute and impose these penalties however will rest with the Department of Justice, not the National Privacy Commission.

Singapore is similarly moving towards a general data protection regime which will impose minimum data protection standards on all organizations collecting personal data. The Singapore Ministry of Information, Communications and the Arts (“MICA”) issued a consultation paper on March 19, 2012, on the proposed Personal Data Protection Bill (“the Bill”). This follows two previous consultation exercises between September and December 2011.

Economic interests are a driver for the reform in Singapore, as in the Philippines, with MICA stating in the consultation paper that the legislation will “strengthen and entrench Singapore’s position as a trusted hub for businesses”. The Bill proposes the creation of a Data Protection Commission to administer the regime, with the power to impose fines of up to SIN $50,000 for breaching its terms as well as prison terms of up to three years. Submissions to the consultation must be made by 5 pm on April 30, 2012, and it is intended that the Bill will be put to Parliament by the third quarter of 2012.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Dan Cooper Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing…

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his “level of expertise is second to none, but it’s also equally paired with a keen understanding of our business and direction.” It was noted that “he is very good at calibrating and helping to gauge risk.”

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as Privacy International and the European security agency, ENISA.