According to Art. 5 of the Subscriber Identity Module (SIM) Card Registration Act, the Philippine imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card, or a passport in case of foreigners, to activate a new prepaid SIM card

A basic legal framework on intermediary liability is absent in Philippine law and jurisprudence. Arguably, safe harbor clauses are present in the Electronic Commerce Act of 2000 (RA 8792) and the Cybercrime Prevention Act of 2012 (RA 10175), but these laws’ definition of an intermediary limits its capacity to provide a safe harbor. Particularly, RA 8792’s scope is limited to electronic documents, while RA 10175 is limited to cybercrimes defined under the law. This makes safe harbors in Philippine law sectoral or content-specific.

RA 10173 requires that “any natural or juridical person or other body involved in the processing of personal data [to] designate an individual or individuals who shall function as data protection officers.” This requirement can impose additional trade costs to firms since data privacy compliance is a horizontally-applied measure.

RA 10175 mandates that “traffic data and subscriber information relating to communication services shall be kept, retained, and preserved by a service provider for a minimum period of six months from the date of the transaction.” This minimum data retention requirement, while under judicial or investigative procedure, is costly for the service provider.

The National Telecommunications Commission (NTC) regulations require telecommunications entities to retain call traffic data on the origin, destination, date, time and duration of communications, and to retain data within the following periods: two months for non-metered services with fixed monthly charges; four months for other telecommunications services; or until excused by the NTC for records requested in connection with pending complaints.

Personal data in the Philippines is regulated under the Data Privacy Act of 2012 (RA 10173) and the Cybercrime Prevention Act of 2012 (RA 10175).

According to the Circular No. 899, offshore outsourcing of bank's domestic operations is permitted only when the service provider operates in jurisdictions which uphold confidentiality. When the service provider is located in other countries, the bank should take into account and closely monitor, on continuing basis, government policies and other conditions in countries where the service provider is based during risk assessment process.
The Bangko Sentral ng Pilipinas (the Central Bank of Philippines) examiners shall be given access to the service provider and those relating to the outsourced domestic operations of the bank. Such access may be fulfilled by on-site examination through coordination with host authorities, if necessary.

Philippines has not joined any agreement with binding commitments to open transfers of data across borders.

Section 13 of the Data Privacy Act provides that the processing of sensitive data and privileged information is prohibited, except in some cases including when data subjects have given their consent, the processing of the same is provided for by existing laws and regulations, the processing is necessary to protect the life and health of the data subject or another person, the processing is necessary to achieve the lawful and non-commercial objectives of public organisations and their associations, and the processing is necessary for purposes of medical treatment.

Section 21 of the Data Privacy Act and Section 50 of the Implementing Rules and Regulations impose responsibility on the controller to ensure the confidentiality, integrity, and accessibility of the personal information transferred. Controllers are required to use contractual or other means to ensure that the third-party entity to whom the personal information is to be transferred for processing provides a comparable level of protection as that of the Philippines. In addition, data transfers to third parties, including transfers to an affiliate or parent company, require the consent of the data subject.

It is reported that the National Telecommunications Commission, the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.

The Philippines has only partially appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

DICT Circular No. 02 s 2021 provides for the licensing and regulation of satellite systems providers and operators (SSPOs). Under Sections 7 and 8, SSPOs desiring to provide satellite services by directly engaging with ISPs, value-added service providers, enfranchised telecommunications entities or public telecommunications entities, and broadcast service providers (authorised entities) shall: have an adequate digital presence in the Philippines, such as having a readily accessing website with sufficient content and information; have an adequate local presence by setting up a branch or representative office, having an institutional agent or official distributor, or a combination of such modes; have the capacity, coverage and satellite footprint in the Philippines for the purposes of providing adequate satellite services to covered areas; be accredited by the Department of Information and Communications Technology; and be a national of a country that does not prohibit Philippine satellites to operate within its territories and does not prohibit its citizens or subjects to access Philippine satellite systems.

It is reported that the Philippines does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, there is an obligation of accounting separation.

The Philippines lacks a comprehensive framework in place that provides effective protection of trade secrets, but there are limited measures addressing some issues related to them. According to Section 4 of the Intellectual Property Code, the protection of undisclosed information as an independent Intellectual Property right is recognised. In addition, the Revised Penal Code prohibits the unauthorised revelation of secrets or confidential information by either private individuals or public officers. Moreover, the Supreme Court ruling (Air Philippines Corporation v. Pennswell, Inc.) has extensively discussed the concept and defined a trade secret as a plan or process, tool, mechanism or compound known only to its owner and those of his employees to whom it is necessary to confide it.