A Memorandum of Understanding has been signed between the UK’s ICO and the Philippines’ NPC, effective January 12th 2021.

The UK’s ICO and the Philippines’ NPC have recently signed a Memorandum of Understanding in a move to strengthen their current relations. Recognizing the nature of this globalized economy, and the fact that they perform similar roles in their respective countries, the ICO and NPC decided on this memorandum, which is not legally binding, and is not applicable in circumstances which would breach either party’s legal responsibilities. Each organisation is expected to continue enforcing their respective legislations, but may collaborate on any joint enforcements, and aid in the enforcement of their respective laws, as long as it is not in contravention of national security or other relevant laws. 

The Memorandum of Understanding provides several opportunities for collaboration and cooperation. 

This Memorandum of Understanding signed by the ICO and NPC sets forth the intention to implement joint research projects and exchange information on best practices for data protection policies and training programmes. They will be coming together for bilateral meetings annually, or as decided. There will be no sharing of personal data, however, the ICO and NPC do intend to exchange information concerning potential or ongoing investigations, within their respective jurisdictions. The memorandum also encourages jointly investigating any cross border personal data breaches or other security incidents which involve organisations in both jurisdictions, as well as any other areas of cooperation decided on by both parties. 

This Memorandum does not create an obligation to share information and does not allow for the sharing of personal information. 

This agreement is not legally binding, and neither of the parties are under an obligation to cooperate or to share information, particularly information which is outside the scope of this memorandum, or which may compromise their legal responsibilities. While these parties agree to share certain information, this does not imply the transfer of ownership of, or rights to the shared information. There is no intention for the parties to share personal information, however this term is defined in each party’s domestic law. However, if the ICO or NPC wishes to share personal information and deem it necessary, as may be the case in sharing any information regarding a cross border personal data breach, this should not in any way compromise compliance with the respective parties’ own data protection laws.

The Memorandum of Understanding will be continuously monitored and reviewed, settling any disputes amicably through negotiations. 

The Memorandum of Understanding is regarded as a statement of intent, and it is anticipated that it will be continuously monitored, and reviewed biennially, seeking to resolve any disputes amicably, through the use of consultations and negotiations and without any legislative forum. The agreement does not imply any legally binding commitments. Therefore any issues which arise are to be handled by first notifying the point of contact for each party, and after the negotiating process, the agreement can be amended with changes agreed upon by both parties, and signed into the memorandum. The respective points of contact are expected to maintain open communication to ensure that the agreement remains effective and serves its purpose. 

Do you have questions about how this new agreement may affect your company? We can help you. Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.