On 22 May 2023, the Philippines’ National Privacy Commission (NPC) and the Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) signed a Memorandum of Understanding (MOU)[1] to cooperate on data protection matters.
Under the MOU, the authorities will provide mutual assistance in investigations pertaining to cross-border data incidents and breaches, and facilitate information sharing with one another.
The authorities will also collaborate on training and education on current and emerging data protection issues, with a view to fostering a more secure, inclusive, and data-driven digital landscape.
The parties have also agreed to explore and identify suitable organisations from both jurisdictions to participate in a cross-jurisdictional sandbox to test-bed innovative data sharing cases.
Commentary
While it is certainly not new[2] for regulatory bodies to sign MOUs with one another covering cooperation and mutual assistance in data protection matters, including information sharing in incident and breach investigations, it will be interesting as more and more authorities enter into such arrangements. Among other things, such frameworks will have direct implications on how businesses handle cross-border data privacy compliance, including responding to a multijurisdictional breach and the regulatory investigations that ensue.
[1] “PH, HK sign MOU on Personal Data Protection”, National Privacy Commission and “Privacy Commissioner’s Office Signs MoU with its Philippines Counterpart to Foster Closer Collaboration and Cooperation in Personal Data Privacy Protection”, PCPD
[2] See for instance “Memorandum of Understanding Between OAIC and PDPC”, Personal Data Protection Commission, Singapore (PDPC); “Hong Kong and Singapore Authorities Renew MOU to Maintain Close Ties and Foster Closer Collaboration in Personal Data Protection”, PDPC; and “UK ICO and PDPC Sign MOU for Mutual Regulatory Interest”, PDPC.