登录查看更多内容

(Data)Sharing is Caring - Philippines NPC issues C2C Data Sharing Guide

Odia Kagan

CDPO, CIPP/E/US, CIPM, FIP, GDPRP, PLS, Partner, Chair of Data Privacy Compliance and International Privacy at Fox Rothschild LLP

发布日期: 2021年2月18日

National Privacy Commission of the Republic of the Philippines issues impressive, succinct and clear guidance on controller-controller data sharing agreements.

Per the guidance the agreement should contain the following provisions:

Purpose and lawful basis for the data sharing;
Objective of the data sharing;
All parties, and for each party (i) the type of personal data it will share; (ii) whether any personal data processing will be outsourced, including the types of service providers; (iii) method to be used for the processing and (iv) designated data protection officer.
Term (perpetual DSA's are invalid; but extension or renewal is permitted subject to period review of the sufficiency of the safeguards implemented);
Operational details of the data sharing. If the recipient may share the data or grant public access to it, the agreement must specify: (i) justification for access; (ii) parties granted access; (iii) types of personal data made accessible; (iv) estimated frequency and volume of access; and (v) any other information that would sufficiently inform the data subject of the nature and extent of the data sharing and processing . If access is by an online platform - the program, middleware and encryption method should be identified;
Security measures;
Data subject rights and the mechanisms to exercise them including: (i) identity of the party responsible; (ii) procedure for getting a copy of the DSA (which may be redacted)
Retention timeline and method of secure return, destruction of disposal of the shared data.
Any other clauses or terms provided that they are not contrary to law, morals, public order or public policy.

Each party is also required to retain record of its data sharing arrangement including:

Contact details of all parties, including their respective data protection officers;
Legal bases for the data sharing arrangement/s;-
Copy of the DSA/s, if executed;
Written, recorded, or electronic proof of the consent obtained from data subjects, where applicable; and
Date and/or time consent was obtained and withdrawn, where applicable.

要查看或添加评论，请登录

查看全部

(Data)Sharing is Caring - Philippines NPC issues C2C Data Sharing Guide

Odia Kagan

CDPO, CIPP/E/US, CIPM, FIP, GDPRP, PLS, Partner, Chair of Data Privacy Compliance and International Privacy at Fox Rothschild LLP

更多精彩文章

社区洞察

其他会员也浏览了

The European data protection day

“Data Processing Agreements-Fundamental Purpose and Professional Drafting Tips”

Basic obligations for companies processing personal data to adhere to in order to protect citizens' data

Data Privacy and Data Protection Officer

APPRAISAL OF THE NIGERIA DATA PROTECTION BILL 2019

Data Owner / Data Controller

MY COMMENT ON THE CAMEROON DATA PROTECTION BILL CHAPTER 3-5.

Guide to Cross-Border Data Transfers

Unveiling the Nuances of the Indian Data Protection Act (DPDPA): Beyond the Basics

From Consent to Compliance: Understanding Egypt's Data Protection Landscape

The APRA (Federal Privacy Bill) is here: What do you need to do?

2024年4月7日

VA Jumps into the AI Regulation Space with new Bill

2024年1月25日

CCTV: Practical Data Protection Guidance from Ireland DPC

2024年1月24日

(Sensitive) Location, Location, Location - FTC in X-Mode

2024年1月10日

Data protection in recruitment: ICO weighs in.

2024年1月4日

Smart CCTV is watching

2024年1月2日

New CPRA Regs are here again!

2023年12月2日

Profiling and automated decision making come to California: Draft CPPA Regs

2023年11月28日

A cookie is not just a cookie - EDPB issues draft guidelines on Art 5(3) ePrivacy Directive

2023年11月27日

Constitutional by Design? N.D.Cal issues Preliminary Injunction against the California Age Appropriate Design Code

2023年9月18日