The Value of Privacy

Time again, it has been proven that information is a vital in our everyday lives. And with the advent of the fast-paced technology, everyone can have access to everything the worldwide web can offer. Such accessibility is indeed beneficial if we put it to good use; however, such accessibility has been subject of misuse and abuse.

Constitutionally-granted right to privacy

The gist of the right to privacy is the right to be let alone and the 1986 Philippine Constitution has in it various provisions guaranteeing one's right to privacy. Such provisions have been applied to great extents resulting to laws and various jurisprudence enshrined on such right. [1] 

One of the basic concepts of an individual is to be secure in his/her persons, homes, papers and effects. However, the guarantee of which the Constitution has founded upon is not absolute. Various Supreme Court decisions has time and again reiterated that the right to privacy is not an absolute. [2]

Background

According to a Senate press release, the following are the salient points of the Data Privacy Act among others: [3]

1. The Philippines lack the overarching policy framework that upholds privacy laws and penalizes individuals for overstepping them.

2. Based on a study conducted by Verizon RISK team, in conjunction with the US Secret Service and the Dutch High Tech Crime Unit, the Philippines was among the 22 countries that suffered from data breach in 2010.

3. The Data Privacy Act pushes private and public sectors to keep their information systems secure by defining who are accountable whenever breaches occur. This measure ensures that the Information and Communications Technology (ICT) environment the Philippines seek to roll out will be conducive for both business and government. 

4. The Senate version of the Data Privacy Act follows the Asia-Pacific Economic Cooperation (APEC) Privacy Framework, upholding key Information Privacy Principles, which include preventing harm, providing notice and putting limits to data collection. [4]

The Data Privacy Act of 2011 [5]

The Data Privacy Act encompasses both the public and private sector within the Philippines. It's main subject is the protection of an individual's information engaged either in the public or the private sector, and such individual has been defined as the data subject.

Consent

One interesting point to look at is the so-called consent of the data object. Section 3 (b) defines:

b.) Consent of the data subject refers to any freely given and informed expression of will, either in written or electronic form executed personally and voluntarily by the data subject, whereby the data subject agrees to the processing of personal information about and/or relating to him or her.

Such consent, must of course, be freely given. However, the more interesting portion to look at is the form by which the consent is given. Such consent may either be in written or electronic form. The former being the most common but debates may arise upon the electronic form of consent. Clearly, the use of such form is not the most safe as there are still issues as to the security surrounding the use of electronic correspondences and the likes. Furthermore, one cannot be certain for sure that the person giving the so-called consent by way of electronic means is the same person with the right giving such consent. The implementing rules and regulations on such provision must be clear on this matter.

There are other provisions that discusses consent. Section 10 (a) of the law provides for the criteria  for  lawful  processing  of personal  information which  shall  be  permitted  only  if  not  otherwise  prohibited by law, and when at least one of the following conditions exist. Section 10 (a) pertains when data subject has given his or her express or implied consent. The implied consent is one thing that may be subject to scrutiny.

Extraterritorial Application

Section 5 discusses the Extraterritorial application of the law. With the following requisites to be fulfilled before the law can be made to apply extraterritorially, this may be subject to debates. Jurisdictional problems may arise as to the extraterritorial application of the law.

Funding

The problems on funding of the law may also arise with the creation of The National Privacy Commission. Under Chapter II, Section 6, the National Privacy Application has been given the task to administer  and implement  the  provisions of the law, and to monitor and ensure  compliance of the country with  international standards  on data  protection. The National Privacy Commission is an attached agency of the Office of the President.

With the creation of another commission, we must consider where the funding will come from in order to support the mandate of the agency. We must consider that the main purpose for which such bill was created is to protect the so-called "sunrise industry" or the BPO industry. However, with the ever-widening bureaucracy and new agencies and departments being created, one must take into consideration the funds needed in the implementation of such law. It must also be taken into consideration that the law covers a very wide subject matter and the implementation of the law and the process that comes with it is massive.

Conclusion

We must commend the proponents behind the passage of the Data Privacy Act of 2011. With the ever changing landscape of technology, the safeguard of rights is but one of the most fundamental responsibility for which the government must actively work upon. Even if the law is mainly directed on those who are engaged in the ICT industry, we cannot deny the fact that these are measures to be taken to imbibe a friendlier atmosphere for business and investors alike. However, it must be still be clear that the right to privacy is not one that is absolute and is still subject to limitations.

Post Script

At the onset of this assignment, I came to realize my personal experience with regards to the right to privacy. I worked with arguably two of the largest Business Process Outsourcing (BPO) companies operating here in the Philippines and the accounts I have been assigned to handles healthcare particularly in the United States. And in the United States government has enacted the Health Insurance Portability And Accountability Act of 1996 also known as HIPAA. We did discuss the law on our training and how US citizens are very sensitive in giving personal information like SS number, etc. And even the mere use of the word "social" is strictly prohibited. 

__________________________________

Sources:

[1] Section 2 and 3 of Article III of the 1986 Philippine Constitution

[2] G.R. No. 181881 Briccio "Ricky" A. Pollo v Chairperson Karina Constantino-David, et., al.

[3] Press release, Angara Calls for Data Protection, September 21, 2011

[4] Asia-Pacific Economic Cooperation (APEC) Privacy Framework

[5] Senate Bill 2965 An Act Protecting Individual Personal Information In Information and Communications Systems in the Government and the Private Sector, Creating for this Purpose a National Data Protection Commission, and for other purposes.