SyCipLaw’s Special Projects/Telecommunications, Media and Technology (TMT) and Data practice group prepared the TMT Quick Notes, which cover significant Philippine legal and regulatory developments in data privacy.
Supreme Court Explains NPC Complaint Procedure; Waiver of Unauthenticated Electronic Evidence before the NPC
The case of Grace M. Trimillos v. FCash Global Lending, Inc., G.R. No. 271360 (13 August 2025) was decided on the basis of a procedural issue – the failure to timely object to unauthenticated electronic evidence in a proceeding before the National Privacy Commission (NPC). It also touched on the procedure for filing a complaint with the NPC. Read more >>
PhilSys QR Code is Personal Data
In NPC Advisory Opinion No. 2025-015, the NPC advised that the PhilSys QR code constitutes personal and sensitive personal information. The PhilSys QR code enables access to or verification of information linked to government-issued identifiers, which are expressly classified as sensitive personal information under Section 3(l) of the Data Privacy Act (DPA). Accordingly, the QR code and any data derived from it are subject to the stricter requirements for processing sensitive personal information. Read more >>
BIR Can Ask CondoCorps for Information about Condo Owners with Airbnb Businesses
NPC Advisory Opinion No. 2025-006 involved a condominium corporation that received an Access Letter from a Bureau of Internal Revenue (BIR) Revenue District Office requesting the names and tax identification numbers of condominium unit and parking slot owners involved in leasing, sub-leasing, Airbnb, staycations, and similar activities. The NPC advised that the BIR could do so and obtain the data without violating the DPA even without the consent of the condominium owners, as consent is not the only lawful basis for processing under the DPA. Read more >>
Read the full bulletin here or download via this link.
