Professional Documents
Culture Documents
King Dominguez - Philippines
King Dominguez - Philippines
In a 2014 case1, the Philippine Supreme agreements under ASEAN Vision 2020 controllers and processors
Court rejected a Facebook user’s claim (a plan adopted by members of the need to comply with; and,
that her right to privacy (over photos of Association of Southeast Asian Nations to • Sanctions violations of the law.
herself in swimwear) had been violated, create an EU-like economic community),
observing that the user had lost an partly at the urging of the local business The DPA was modelled after the
expectation of privacy when she failed process outsourcing industry, the Data Protection Directive (95/46/
to properly deploy the platform’s privacy Philippines passed Republic Act No. EC) and adopts terminology and
tools. The Supreme Court reiterated 10173 or the Data Privacy Act of 2012 principles common to many current
this view in a more recent case2 that (‘DPA’). The DPA is founded on ‘the policy privacy regimes and policies.
upheld a lawyer’s suspension from of the State to protect the fundamental
the practice of law for his ‘Facebook human right to privacy of communication For example, it makes a distinction
posts maligning and insulting’ the while ensuring free flow of information between personal information and
complainant, a famous beauty doctor to promote innovation and growth sensitive personal information, with the
who counted local movie stars as clients. [and] the [State’s] inherent obligation latter being data that involves matters
to ensure that personal information in such as age, marital status, ethnicity,
The Court did not accept the lawyer’s information and communications systems religion and sexual orientation. The
argument that the statements were in government and in the private sector requirements and standards for collecting
private since he had restricted access are secured and protected3.’ Its ‘twin’ bill and processing sensitive personal
to the page to ‘Friends Only,’ further (since it aims to promote cyber security), information are more restrictive.
observing that ‘even if the Court were Republic Act No. 10175 or the Cybercrime
to accept the [lawyer’s] allegation that Prevention Act, was also passed in 2012. A distinction is also made between
his posts were limited to or viewable by personal information controllers and
his ‘Friends’ only, there is no assurance In a nutshell, the DPA: personal information processors,
that the same […] will be safeguarded as processors being persons to whom
within the confines of privacy.’ It noted • Regulates the collection and controllers may outsource processing
the social media platform’s goal of processing of data that enables of personal data. But while processing
allowing ‘the world to be more open and identification of individuals; can be subcontracted, the controller
connected […] in every conceivable way,’ • Requires that collection and remains responsible for ensuring the
the implied message being that a person processing of personal data must confidentiality of data, and can be made
who shares information on social media have a lawful basis or ‘criteria for liable for damages to a data subject, even
shouldn’t be surprised or angry if that lawful processing,’ e.g. consent; if the processor was at fault. The DPA’s
information actually does get shared. • Requires that personal information key touchstones are the principles of
controllers and processors adhere transparency (‘the data subject must be
So is privacy dead in the Philippines? Not to the general privacy principles aware of the nature, purpose, and extent
quite, and under a new regulatory regime of transparency, legitimate of processing’)4, legitimate purpose
on data protection, perennially connected purpose and proportionality; (‘processing […] shall be compatible with
Filipinos may actually become much more • Identifies rights of data subjects a declared and specified purpose’) and
conscious and vigilant about their privacy. that personal information controllers proportionality (‘retention of personal data
and processors must observe; shall only be for as long as necessary’)5
A new privacy regime • Sets out certain measures and and the DPA reiterates them in specific
Partly in line with the Philippines’ steps that personal information expressions of principles for collection,