INCOGNITO | Data sharing agreements: who needs them? Share on email A couple of days before Christmas, the National Privacy Commission (NPC) managed to release one more policy for 2020: NPC Circular 2020-03. The issuance basically sounds the death knell for Data Sharing Agreements (DSAs), which are a key feature of the Commission’s very own Data Privacy Accountability and Compliance Checklist. For the uninitiated, DSAs are contracts between two or more entities sharing, transferring, or disclosing personal data to or between one another, while acting as personal information controllers (PICs). As PICs, they each determine the purpose and means of their respective data processing activities. They may agree on the general parameters of the data transfer, but no one really gets to tell the other what to do with the data. For this reason, DSAs are not used in transactions between principals and service providers.