
PAW 2025: NPC champions global privacy in borderless digital era
The National Privacy Commission (NPC) held its week-long Privacy Awareness Week (PAW) 2025, featuring the 8th National Data Privacy Conference, on 27-28 May 2025 at Solaire Resort, Parañaque City. With the theme “Global Privacy Matters: Navigating a Borderless Digital World and Expanding New Professional Horizons,” this year’s Conference highlighted the growing significance of international cooperation and professional development in the realm of data privacy.
The Conference brought together international representatives from 31 data privacy authorities around the globe. Delegates from Africa, Asia, Europe, the Middle East, and the Americas participated in panel discussions that discussed cross-border data flows, regulatory harmonization, best practices in governance, and the future of data protection. Industry leaders, policy experts, and privacy professionals came together to share strategies for safeguarding digital rights on a global scale.
In his special message, His Excellency President Ferdinand R. Marcos Jr. emphasized the strategic value of data privacy, stating, “Reasonable regulation of privacy and personal data has become a core competency that nations must master.” Echoing this sentiment, Department of Information and Communications Technology (DICT) Secretary Henry Aguda commended the NPC for its efforts and outlined six forward-looking initiatives. These include promoting inclusive privacy education, establishing a more accessible complaints mechanism, targeted protection for vulnerable groups, enhancing transparency and accountability, deploying privacy officers at the barangay level, and making privacy more relatable by sharing real-life stories.
“It is my aspiration and dream that the Philippines becomes a good haven for the digital space,” Secretary Aguda remarked. “At a time when data is power, the NPC’s firm and meaningful action serves as a guiding light toward a safer and more just digital future for all.”
Since 2022, the NPC has been proactively serving the public and putting these strategic priorities into action through its major initiatives.
Heightened Accountability through Enforcement
In his Privacy Commissioner’s Report, Privacy Commissioner Atty. John Henry D. Naga affirmed that “In navigating a borderless digital world, data privacy remains the foundation of trust, safety, and fairness, a fundamental component of a thriving digital economy.”
Since 2022, the Commission handled 942 data breach notifications. It also processed 3,538 formal complaints - 100% of which were already acted upon.
The NPC also made its complaints mechanism more accessible through its Digital Security and Privacy Quick Response Project, implemented through a Memorandum of Agreement with the DICT in 2023. Since its launch, 99.95% of data privacy concerns and security incidents have already been successfully resolved.
In the case against Philippine Health Insurance Corporation (PhilHealth) for violations of the Data Privacy Act of 2012, the NPC imposed a ₱15 million administrative fine and recommended criminal prosecution of responsible officials.
“The decision was forwarded to the Secretary of Justice, recommending the prosecution of these certain PhilHealth officers. Following the NPC Rules of Procedure, the decision on the imposition of the administrative fines is now final and executory,” Privacy Commissioner Naga said.
Enhanced Regulatory Oversight
Throughout the years, the NPC has demonstrated unprecedented progress in policy development, public engagement, and global leadership. From 2022 to 2025, the Commission issued 13 Circulars, 6 Advisories, and 75 Advisory Opinions, designed to strengthen the implementation of the Data Privacy Act of 2012 (DPA) and provide practical guidance to data subjects, personal information controllers and processors. These policy instruments covered key areas such as consent, legitimate interest, identification systems, surveillance, and the responsible deployment of artificial intelligence.
The NPC has also introduced significant digital infrastructure to streamline compliance and promote accountability. The Data Breach Notification Management System (DBNMS) and the NPC Registration System (NPCRS) transformed the way organizations report incidents and register data processing systems. As a result, registered entities rose dramatically from 4,307 in 2023 to 11,524 in 2025. Moreover, the NPC Seal of Registration—now displayed in almost 200,000 establishments and online platforms nationwide and in 21 countries—has become a visible symbol of trust and privacy compliance. It is also one of the pioneering initiatives of the NPC, not yet seen anywhere in the world.
Strengthened Global Data Protection Collaboration
Globally, the Commission continued to strengthen its reputation as a thought leader in data protection. In 2023, the Philippines made history by becoming the first fee-funded Secretariat of the Global Privacy Assembly. The NPC actively contributes to more than 10 GPA working groups and has signed Memoranda of Understanding with data protection authorities in countries such as Singapore, Canada, Turkey, Israel, and Bermuda, to foster international cooperation and safeguard the rights of Filipinos overseas.
Expanded Privacy Awareness Campaigns
The NPC also invested heavily in public education and awareness. Programs such as Kabataang Digital, PSST!, and the webcast series Privacy in the Spotlight reached hundreds of thousands of Filipinos across all regions, tackling pressing issues like online safety, AI, gender-based privacy concerns, and children’s data rights. Bringing real-life stories of privacy violations and victories into the public discourse, the series alone amassed over 600,000 and earned national and international recognitions for its engaging, relatable, and inclusive approach to data protection education.
To further expand its reach, the Commission launched Privacy Hub PH, a dedicated Viber community that delivers real-time privacy news, updates, and educational materials directly to the public.
In closing his report, Privacy Commissioner Naga reminded all attendees that in today’s rapidly evolving digital landscape, protecting personal data is both a national responsibility and a global imperative. He reaffirmed the NPC’s pledge to uphold the right to privacy and position the Philippines as a global leader in data protection.
Bureau of Internal Revenue Commissioner Romeo Lumagui Jr. also extended his full support to the NPC for “its steadfast commitment to upholding the right to privacy and strengthening data protection practices across the country. “
“The BIR recognizes the critical role of NPC in guiding the public and private sectors alike in compliance with the DPA, and making sure that the data is protected in the digital age,” Commissioner Lumagui added.
Celebrating Excellence: PAW Awards 2025
As part of the NPC’s endeavor to recognize its stakeholders’ compliance with the DPA and to inspire personal information controllers, personal information processors, Data Protection Officers, and data privacy advocates in their efforts to strengthen data privacy and protection in the country, the Conference concluded with the PAW Awards 2025 ceremony.
The Privacy Initiative of the Year was awarded to Universal Leaf Philippines for its “Join the Green Side Campaign” initiative, while the Privacy Management Program Award was presented to SM Retail Inc.
Dr. Cecilia Mercado was recognized as the Privacy Advocate of the Year, and Mr. Joson Lim of the Waterfront Hotels and Casino was named Data Protection Officer of te Year.
Lastly, the Philippine Seven Corporation (7-eleven Philippines) was awarded the NPC Seal of Registration Award.
For more information, visit https://privacy.gov.ph/paw2025/.
###