Philippines and Bermuda seal strategic partnership on cross-border data protection

April 22, 2025 10:08 AM Last Edit: April 25th, 2025

WASHINGTON, D.C. - The National Privacy Commission (NPC) of the Republic of the Philippines and the Office of the Privacy Commissioner of the Islands of Bermuda (PrivCom) signed a Memorandum of Understanding (MoU) to strengthen cooperation on personal data protection and cross-border enforcement on 21 April 2025.

The signing ceremony was attended by Atty. John Henry D. Naga, Privacy Commissioner of the NPC, and Deputy Privacy Commissioner of the NPC, Atty. Nerissa N. De Jesus, along with Alexander White, Privacy Commissioner of PrivCom Bermuda. It was held at the Walter E. Washington Convention Center in Washington, D.C., during the first day of the International Association of Privacy Professionals (IAPP) Global Privacy Summit 2025, a gathering of global data protection regulators, privacy professionals, and industry leaders.

“Cross-border data transfers are fundamental to economic growth and international cooperation. This strategic partnership with PrivCom is a concrete step towards operationalizing mutual accountability and enhancing enforcement cooperation on data protection,” said Privacy Commissioner Naga.

“With a significant Filipino community contributing to Bermuda’s labor force and economy, it is imperative that we ensure their personal data is protected to the same standards we uphold in the Philippines. This MoU allows us to respond more effectively to cross-border privacy complaints, coordinate investigations, and help our kababayans in Bermuda. It also sends a clear message that no matter where Filipinos are in the world, their data subject rights travel with them,” he added.

Key Areas of Collaboration

The MoU outlines the key areas of collaboration between the NPC and PrivCom. It includes the exchange of information involving potential or on ongoing investigations related to suspected violations of data privacy laws, as well as mutual assistance in facilitating such investigations in their respective jurisdictions. Both parties agreed to coordinate and provide support in joint investigations involving cross-border personal data incidents or breaches. The agreement also covers assistance in enforcing decisions and resolutions issued by either party concerning data protection within their own jurisdictions.

Furthermore, the MoU lays the groundwork for the development of compatible mechanisms to facilitate trusted cross-border data flows, including mutual recognition of comparable protection or national trust mark and privacy certification frameworks. It promotes the adoption of international certification systems among companies in both jurisdictions. The partnership also encompasses knowledge-sharing initiatives such as joint training, education programs, and exchanges on emerging privacy trends. In addition, both parties may identify organizations to participate in cross-jurisdictional sandbox environments for testing innovative data-sharing cases.

“This MoU demonstrates our shared vision that privacy is a global concern requiring global collaboration,” Privacy Commissioner Naga emphasized.

###