Friday, September 21, 2018

Data privacy in the Philippines

A COUPLE of days ago, May 25, the EU GDPR or the European Union General Data Protection Regulation came into effect. What is the GDPR? According to an article by CNET, it "is a sweeping law that gives residents of the European Union more control over their personal data and seeks to clarify rules and responsibilities for online services with European users."

Basically, it’s a law over all of the EU’s member states that gives its residents more power over their data. They are in control of their data. Every tech company based in the EU or has presence in the EU, will need to comply to this new law. In essence, if an EU resident wants his or her data sent to him or her, deleted or whatever else, that company who houses the resident’s data will have to comply of face penalties. Take note here that this does not only apply to EU-based companies.

This brings me to the thought of Filipinos’ own data privacy. Our own control or power over our personal data that’s being collected by any or all of the companies we constantly deal with on a daily basis. Just in case you don’t know yet, we do have our own data privacy law -- the Data Privacy Act of 2012 (DPA). It already has its implementing rules and regulations. This is why we sometimes see in the cinemas that ad about our data’s privacy and that the National Privacy Commission is our ally on this. I’ve known about the DPA for quite some time now and my interest on this skyrocketed after EU’s GDPR came into effect recently. All the more that I became interested with this with my recent dealings with my internet service provider accessing my account information without me giving permission or them notifying me that they will do so. But that’s for another story.

Anyway, I did a quick search online to look for anything posted online that might have compared DPA and GDPR in terms of its provisions and implementations. Luckily, I found one posted by an organization called International Association of Privacy Professionals. It’s a bit of a lengthy article because of its comparisons on a category by category basis but it’s worth going through. After a quick review, it seems to me that our DPA is at par with GDPR. I won’t say categorically yet because I have to read through each item and I wanna reach out to lawyer friends about this as well.

Also, I’m interested to know how many companies in the country are already

compliant of DPA since it was implemented. Along that line, I’m also interested to know when the deadline was for these companies to comply; if they did comply.

Reason why is because, of all the service providers in the Philippines that I know I have given my personal information to, I only received notification of a change in privacy policies from ONE company.

Could this hint to these other companies’ non-compliance? If they, indeed, have not yet complied after all these years, why hasn’t the government cracked down on them?

I’ll be taking advantage of the Freedom of Information order from the president to request from the National Privacy Commission the compliance data of the companies affected by the Data Privacy Act of 2012. I’ll be writing more about my experience with this as I go along.