Philippines - DPA (2012 Data Privacy Act)

What does the DPA inform about the handling of cookies?

The Philippines introduced a law called Republic Act No. 10173, also known as the "2012 Data Privacy Act" (DPA), which aligns closely with the GDPR. The Data Privacy Act of 2012 and its Implementation Rules and Regulations (IRR) were enacted on August 24, 2016.

The Philippines doesn't have specific legislation addressing cookies, and they are not mentioned in the Data Privacy Act of 2012 (Republic Act No. 10173). However, the National Privacy Commission (NPC) has stated in Advisory Opinion No. 2017-63 ("Advisory Opinion 63") that when combined with other data, information obtained from cookies can identify individuals and may be considered personal information.

Regarding the use of cookies, the NPC also addressed whether it is necessary to display pop-ups providing information about them if it's already covered in the privacy policy. Advisory Opinion 47 emphasizes that personal information controllers or processors can decide whether to display such pop-ups. Furthermore, Advisory Opinion 47 highlights that controllers and processors are in the best position to determine the most suitable mechanisms to demonstrate transparency based on their unique circumstances.

If you want to know more about the different regulations you can access our article "Laws and regulations for each region"

So, is a cookie banner required in the Philippines?

While not mandatory, pop-ups like consent banners can serve as an immediate notification for users interested in the use of cookies. Even though there is currently no obligation, it's important to follow best practices in data privacy. Therefore, at illow, we recommend having an active banner with the following features to ensure transparency and user awareness:

• Include a Button to Reject Cookies: Although it does not specifically clarify a button as in other cases, we must provide an opt-out option that “takes effect immediately and is consistent.”
• Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
• Alert the User if the Website Shares Data with Third Parties: If the website shares the data collected through cookies with third parties the cookie banner should explain this.
• Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.
• Include a Link to the Cookie Settings: This isn’t required under GDPR as long as users have the choice to reject all cookies. However, it does have the benefit of allowing users who would otherwise reject all cookies to permit some forms of data collection. 

Observations: With illow´s GLOBAL banner, your site will be ready to comply with this regulation.

If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"