On 22 May 2023, the Philippines’ National Privacy Commission (NPC) and the Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) signed a Memorandum of Understanding (MOU)[1] to cooperate on data protection matters.

Under the MOU, the authorities will provide mutual assistance in investigations pertaining to cross-border data incidents and breaches, and facilitate information sharing with one another.

The authorities will also collaborate on training and education on current and emerging data protection issues, with a view to fostering a more secure, inclusive and data-driven digital landscape.

The parties have also agreed to explore and identify suitable organisations from both jurisdictions to participate in a cross-jurisdictional sandbox to test-bed innovative data sharing cases.


While it is certainly not new[2] for regulatory bodies to sign MOUs with one another covering cooperation and mutual assistance in data protection matters, including information sharing in incident and breach investigations, it will be interesting as more and more authorities enter into such arrangements. Among other things, such frameworks will have direct implications on how businesses handle cross-border data privacy compliance, including responding to a multijurisdictional breach and the regulatory investigations that ensue.

Privacy World will continue to cover developments. For more information, contact your relationship partner at the firm.

Disclaimer: While every effort has been made to ensure that the information contained in this article is accurate, neither its authors nor Squire Patton Boggs accepts responsibility for any errors or omissions. The content of this article is for general information only, and is not intended to constitute or be relied upon as legal advice.

[1] “PH, HK sign MOU on Personal Data Protection”, National Privacy Commission and “Privacy Commissioner’s Office Signs MoU with its Philippines Counterpart to Foster Closer Collaboration and Cooperation in Personal Data Privacy Protection”, PCPD

[2] See for instance “Memorandum of Understanding Between OAIC and PDPC”, Personal Data Protection Commission, Singapore (PDPC); “Hong Kong and Singapore Authorities Renew MOU to Maintain Close Ties and Foster Closer Collaboration in Personal Data Protection”, PDPC; and “UK ICO and PDPC Sign MOU for Mutual Regulatory Interest”, PDPC.