DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇵🇭 Asia-Pacific

Cookie consent in Pilipinas

Consent and privacy law in Pilipinas

In short
The Philippines Data Privacy Act of 2012, enforced by the NPC, is modelled partly on the GDPR and partly on APEC principles. Consent must be freely given, specific, and informed, and it should be evidenced by written, electronic, or recorded means, a fairly strict documentation requirement. The NPC requires many organisations to register their data processing systems and to appoint a Data Protection Officer. The law carries both fines and imprisonment, and the NPC has issued administrative fine guidelines tied to a percentage of annual gross income. Notices in English and Filipino are common. Cookies and online identifiers are personal information needing a lawful basis.
Authority
National Privacy Commission (NPC)
Status

Data Privacy Act of 2012, in force with implementing rules from 2016

Primary law
DPA
Languages

en, fil

Who must comply

Personal information controllers and processors that process personal data of individuals in the Philippines, including some processing carried out abroad.

Penalties

Fines and imprisonment, with the NPC issuing administrative fine guidelines

Key obligations

  • Obtain freely given, specific and informed consent where required
  • Provide notice of purpose and rights before collection
  • Honor access, correction, erasure and objection rights
  • Register data processing systems and appoint a data protection officer
  • Notify breaches to the commission and affected individuals

Local guidance

  • Appoint a Data Protection Officer and register where required
  • Evidence consent in written, electronic, or recorded form
  • Provide notices in English and Filipino
  • Follow NPC administrative fine guidelines

How ConsentX helps

  • Freely given, specific opt-in consent capture
  • Purpose and rights notice in the banner
  • Rights request workflow with evidence
  • Consent receipts for audit
  • Region rule engine tuned for the Philippines
Get started free
yoursite.com
🇵🇭 Philippines

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Philippines using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Philippines.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Philippines requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Philippines audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does the Philippines require a Data Protection Officer?+

Yes. The NPC requires personal information controllers and processors to appoint a Data Protection Officer and, for many, to register their data processing systems.

How must consent be evidenced in the Philippines?+

Consent must be freely given, specific, and informed, and should be evidenced by written, electronic, or recorded means, so organisations need to keep records of how consent was obtained.

Governing law

🇵🇭 DPA

Other countries in Asia-Pacific

🇮🇳 भारत🇸🇬 Singapore🇹🇭 ประเทศไทย🇨🇳 中国🇯🇵 日本🇰🇷 대한민국🇦🇺 Australia🇳🇿 New Zealand / Aotearoa🇮🇩 Indonesia🇻🇳 Việt Nam🇲🇾 Malaysia