Data Privacy Act of 2012: Is it time for a reboot?


Are we seeing the end of the brick and mortar era?

When our Data Privacy Law was passed in 2012, the Philippines became one of the first countries in the region to have one. It also set us up to become a trusted hub for data-driven industries such as our BPO sector. Our privacy law became a benchmark for other countries working on having their own. However, the rapid pace of global digitalization and technology development today brings to the fore the need to revisit this law to ensure that continues to be responsive to our evolving privacy needs. 

Data is an essential resource in the global economy today. It is a valuable asset that can be used to create new products and services, improve existing ones, and generate insights and knowledge. To participate in the global digital economy, the free flow of data across borders must be allowed. In fact, the free flow of data is a critical element of most trade agreements that the Philippines has signed. 

The abundance of big data brought about by social media and the proliferation of other data-generating sources has led to the rise of data playing a vital role in boosting economic growth and digital transformation. The pandemic has caused significant disruptions in almost everything that we do. It has forced everyone to prefer a mobile-first attitude. However, the collection, processing, and sharing of personal data also pose significant risks and challenges to individuals, organizations, and society as a whole. They may include identity theft, fraud, cybercrime, surveillance, discrimination, and the loss of trust in digital interactions.

All of these when added up to the new business models of digital platforms on targeted advertisement have caused uncertainties in the data ecosystem and posed new demands and expectations for data privacy and protection.

Data privacy is a fundamental human right and forms the core of democratic values that everyone cherishes. Privacy laws and regulations, therefore, are meant to protect individuals’ dignity, autonomy, and freedom, as well as to promote transparency, accountability, trust, and responsibility in the digital ecosystem.

Data privacy and protection are essential for fostering innovation, growth, and competitiveness in a digital economy. When we trust that our personal data is handled responsibly and ethically, we are more likely to share our data and participate in digital interactions, such as online shopping, social media, and e-government services. This, in turn, can lead to more personalized and relevant products and services, better customer experiences, and increased productivity and efficiency.

Despite the current organizational limitations it is facing today, the country’s data privacy and protection watchdog, the National Privacy Commission (NPC), has been doing a good job of properly implementing the Data Privacy Act of 2012. An active member of the Asia Pacific Privacy Authorities (APPA) Forum, it also ensures compliance of the country with international standards set for data protection, such as the General Data Protection Regulations (GDPR) of the European Union.

The commission has made almost everyone aware of the importance of taking care of their personal information, the penalties for violations, and the remedies available to them when they see their privacy rights violated. The NPC, however, faces many challenges in the context of the changing and evolving digital landscape including its capacity to effectively address privacy issues on a nationwide scale. The number of data breaches and other privacy violations has exponentially increased especially in the last five years and are happening in every corner of the archipelago. Because it does not have regional offices, everything is handled centrally in Manila. This has affected the effectiveness of the commission in ensuring the quick resolution of cases brought to it for action.

The commission has recently submitted to Congress a list of proposed amendments to the law that would address the issue of setting up regional offices and allow it to determine its organizational structure and the status, qualifications, and duties of its staff. The list also includes proposed revisions that would provide better clarity on data subject rights, security of personal data,  data breach notification, and penalties. 

In essence, the proposed amendments are intended to keep our country’s privacy law more attuned to the realities of the current digital landscape. In addition, it will make the commission better able to do its job by enhancing its capacity and capability to perform its mandate and continually improve its policies and systems at par with international standards. The amendments shall ensure that it provides relevant, quality, and effective service as a technology and results-driven regulatory authority.

We need to see the National Privacy Commission better able to fulfill its role of being a 21st-century watchdog that upholds everyone’s right to privacy and data protection while ensuring the free flow of information that will make the Philippines a competitive and innovative nation.  ([email protected])

(The author is an executive member of the National Innovation Council, lead convenor of the Alliance for Technology Innovators for the Nation (ATIN), vice president of the Analytics and AI Association of the Philippines, and vice president, UP System Information Technology Foundation.)