The consumer (the data subject) is a principal source of information of business and non-business entities in the formulation of their strategies and operations. The data subject stands at the heart and center of data protection laws. Here in the Philippines, Republic Act 10173 or the Data Privacy Act (DPA) of 2012 protects data subjects while ensuring the free flow of information.
Thus protecting data subject from attacks, abuses, and negligence should be the highest priority. Government agencies and private institutions must commit to treating data with the best care, consideration, and respect through strategizing and pouring resources into ensuring the security of their customers’ and stakeholders’ data privacy.
The DPA affords rights to data subject that obligate organizations to prevent misuse and improper handling of their personal information.
These eight (8) rights are the right to be informed, to access, to object, to erasure or blocking, to damages, to file a complaint, to rectify, and to data portability.
The goal is to find the balance between protecting the privacy and encouraging a culture of nationwide innovation through the free flow of data. In pursuit of this goal, both organizations and data subjects must be well-informed on how they can exercise their rights.
1. Right to be informed
The right to be informed is a key transparency obligation under the DPA. Personal data must never be collected, processed, and stored by any organization without explicit consent from the data subject.
Individuals have the right to be given clear and concise information about what is happening to their personal data. Though the most basic right, the right to be informed empowers data subjects and is the starting point of individuals’ assertion of their data privacy rights.
2. Right to access
The right to access is another obligation of a personal information controller to demonstrate transparency. This allows data subject to obtain from an organization a copy of any information relating to them, such as the contents of the data subject’s personal data being processed; names and addresses of recipients of the personal data; and sources from which the personal data were obtained, among others.
3. Right to object
Under the DPA, data subject has the right to withdraw consent or object to the processing of their personal data. Organizations must explicitly inform or remind data subject of their right to object and provide them a hassle-free way to opt out of any processing they previously consented to.
4. Right to erasure or blocking
The DPA affords data subjectthe right to request for erasure or blocking of their personal data. Requests for erasure or blocking, however, are allowed only under the following circumstances: the data subject’s personal data is incomplete, outdated, false, or unlawfully obtained; the personal data is being used for unauthorized purposes; and if the personal data is no longer necessary for the purposes on which they were initially collected, among others.
5. Right to damages
The misuse of personal data can negatively affect an individual’s reputation and well-being. Data subjectis entitled to file damages and claim compensation if they suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data.
6.Right to file a complaint
Filing a complaint is a data subject right enshrined under the DPA. Individuals who feel that their personal data has been misused, maliciously disclosed, or improperly disposed of may assert this right.
Organizations must provide a clear complaint policy. Accepting and addressing complaints from data subject is a boon to consumer trust and signifies an organization’s commitment to accountability and improvement.
7. Rght to rectify
Data subject have the right to dispute and have corrected any inaccuracy or error in the data an organization holds about them if the request is reasonable. The right to rectify ensures that the confidentiality, availability, and integrity of the data stands. It prevents further inaccuracies, inefficiency, and flawed processing.
8. Right to data portability
Data portability allows data subject to obtain and electronically move, copy, or securely transfer their data for further use. Asserting this right puts data subjects in control of their personal data and promotes the free flow of information across organizations consistent with the data subject’s preference.
Establishing privacy rules and guidelines show that the collecting entities value the rights of data subject. Organizations should adopt data privacy as part of their institutional responsibility and target it as a business imperative. This builds consumer trust, an investment that drives engagement and growth. However, trust will only happen if citizens are confident that their data is collected and processed fairly, lawfully, and securely.
I acknowledge the contribution of the National Privacy Commission Secretary Raymund Liboro.
Atty . Vic Dimagiba is President of Laban Konsyumer Inc., a full term member of the Consumers International.
Email us at [email protected]