Professional Documents
Culture Documents
The Data Privacy Act - Bar Exam Guide: Subject For Updates - Last Updated March 29, 2019
The Data Privacy Act - Bar Exam Guide: Subject For Updates - Last Updated March 29, 2019
EXAM GUIDE
Introduction
Subject for updates – last updated March 29, 2019
Recently there has been unofficial sources citing the Data Privacy
Act (RA 10173) is now part of the coverage for the 2019 Bar
Examinations as a topic for Commercial Law Review.
Source is now OFFICIAL. Data Privacy Act is now covered under
Mercantile Law for the 2019 Bar Examinations
– http://sc.judiciary.gov.ph/baradmission/2019/MERCANTILE-
LAW.pdf
As a disclaimer, this is guide is based from a Privacy professional
and practitioner’s standpoint with experience in privacy law and
practice, not from a lawyer or data privacy attorney.
The coverage for the Data Privacy Act are as follows:
1. Personal vs Sensitive Personal Information
2. Scope
3. Processing of Personal Information
4. Rights of a Data Subject
Some important Data Privacy topics, of which we already discussed
(linked below) under the Data Privacy Act and Privacy Law in
general which are not covered but are important to know:
1. Constitutional and Statutory Basis for the Right to Privacy
under Philippine Law (except the Data Privacy Act)
2. The Reasonable Expectation of Privacy Test (Pollo vs
Constantino-David G.R. 181881, Oct. 18, 2011)
3. The Data Protection Officer – Roles, Responsibilities and
Rights
4. Data Controller, Data Processor and Data Subjects (Tripartite
privacy relationship)
5. Legal Basis for Processing of Personal Information
6. Cybercrime Warrants
7. Privacy Torts
8. Writ of Habeas Data
9. Mutual Legal Assistance Treaties and Letters Rogatory (for
Public International Law)
Today we’re going to discuss about the coverage for the Data
Privacy Act specifically for the 2019 Bar Examinations.
Constitutional Basis
Under the most recent 1987 Philippine Constitution, the Right to
Information and Communications Privacy is recognized under
Article III, Sec. 3(1), which states:
The privacy of communication and correspondence shall be
inviolable except upon lawful order of the court, or when
public safety or order requires otherwise, as prescribed by
law.
Scope
Scope is discussed under Sec. 4 of the Data Privacy Act.
x x x Applies to the processing of all types of personal
information and to any natural and juridical person involved in
personal information processing including those personal
information controllers and processors who, although not
found or established in the Philippines, use equipment that
are located in the Philippines, or those who maintain an
office, branch or agency in the Philippines x x x
Requisites
Must involve any processing of personal information
By either natural or juridical persons
Either acting as a controller or processor
Whether or not found in the Philippines that uses equipment or
maintains an office, branch or agency in the Philippines.
Processing of Personal
Information
Principles of Transparency, Legitimate Purpose
and Proportionality (Sec. 11)
Transparency
The data subject must be aware of the nature, purpose,
and extent of the processing of his or her personal data,
including the risks and safeguards involved, the identity of
personal information controller, his or her rights as a data
subject, and how these can be exercised. Any information
and communication relating to the processing of personal
data should be easy to access and understand, using clear
and plain language.
Legitimate purpose
The processing of information shall be compatible with a
declared and specified purpose which must not be contrary
to law, morals, or public policy.
Proportionality
The processing of information shall be adequate,
relevant, suitable, necessary, and not excessive in relation
to a declared and specified purpose. Personal data shall be
processed only if the purpose of the processing could not
reasonably be fulfilled by other means.
– Ariel Conrad
References:
Republic Act 10173 – Data Privacy Act
Implementing Rules and Regulations of RA 10173 – Data
Privacy Act