[go: up one dir, main page]
Scribd
Upload
35 views10 pages

Philippine Data Privacy Law Guide

Uploaded by

Mary Jane Verba
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views10 pages

Philippine Data Privacy Law Guide

Uploaded by

Mary Jane Verba
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Understanding Data Privacy Law

Lesson 1

The Internet has made the access and exchange of information –


including personal data – easier and faster than ever. Individuals
are providing their personal data online, knowingly, and
sometimes unknowingly for many different purposes, such as
purchasing goods and services, playing, e-learning or paying
taxes. Social interactions are also increasingly taking place over
the net – for example in social platforms, creating new
opportunities, but also risks to privacy. This course focuses on
how Philippine data privacy law regulates organizations to
protect personal information and uphold the right to personal
privacy.

This module provides an overview of the Data Privacy Act of 2012


and its implementing agency and discusses the different data
privacy rights protected under Philippine data privacy law.

Page 1
C O N T E N T S

01 - Introduction
02 - THE Right to be Informed

03 - The Right to Access

04 - The Right to Object

05 - The Right to Erasure (or Blocking)

06 - The Right to Damages

07 - The Right to File a Complaint and

Rectify

08 - The Right to Data Portability

09 - The Right to Transmit Data Subject

Rights

Page 2
01-Introduction

Data Subjects- people whose personal information


is collected, stored, and processed

Data Privacy Right: The Right to be Informed

Personal data should never be collected,


processed and stored by any organization
without that data subject's explicit
consent, unless otherwise provided by
law
The data subject has the right to be
informed that his personal data will
be, are being, or were, collected and
processed.
The Right to be Informed is a most
basic right as it empowers the data
subject to consider other actions to
protect his data privacy and assert his
other privacy rights.

Page 3
02- The Right to be informed
Data privacy law explicitly requires organizations to notify
and furnish data subjects the following information before
they enter their personal data into any processing system:

1. Description of the personal data


2. Exact purposes for which they will be processed
3. Basis for processing
4. Scope and method of the personal data processing
5. Recipients
6. Methods used for automated access by the recipient,
and its expected consequences for the data subject
7. Identity and contact details of the personal information
controller
8. The duration for which data subject's data will be kept
9. A data subject also has to be informed of the existence
of his rights as a data subject.

Whenever anyone is making an audio


or video recording of a data subject,
or even just taking his pictures, the
data subject has a right to know ,
and he must always be given the
chance to opt out when he does not
feel comfortable.

03- The Right to access

The RIGHT TO ACCESS= This is the data subject's right to find


out whether an organization holds any personal data about
him and if so gain ''reasonable access" to them.

The data subject may demand to access...


1. The contents
2. The sources
3. Names and addresses of the recipients
4. Manner by which they were processed
5. Reasons for disclosure to recipients
6. Information on automated systems and how it may
affect him
7. Date last accessed and modified
8. The identity and address of the personal information
controller

Page 4
HOW TO EXERCISE THE RIGHT
He must execute a written
request to the organization,
addressed to it's Data
Protection Officer.
If his request is not granted,
he may file a formal
complaint with the National
Privacy Commission (NPC).

Additional notes...
A criminal suspect is not allowed access
to the personal data held about him by
law enforcement agencies as it may
impede investigation.
You are not allowed access to
information about you as contained in
communications between a lawyer and
his or her client, if such communication
is subject to legal privilege in court.
Your right to access your own medical
and psychological data may be denied in
the rare instance where it is deemed
that your health and well-being might be
negatively affected.

Page 5
04- The Right to object

The data subject can exercise his


right to object if the personal data
processing involved is based on
consent or on legitimate interest.
In case there is any change or
amendment to the information
previously given to data subject,
he should be notified and given
an opportunity to withhold
consent.

The right to object...


Is most specifically applicable when
organizations or personal information
controllers are processing data
subject's data without his consent for:
DIRECT MARKETING PURPOSES
PROFILING PURPOSES
AUTOMATED PROCESSING
PURPOSES

HOW TO EXERCISE THE RIGHT


The data subject may assert his right to object
verbally, be it in person or via a phone call
To have it formally documented, he must
execute a written request to the organization,
addressed to its Data Protection Officer(DPO),
and have it received.

Page 6
05- The Right to erasure (or Blocking)

**Under the law, data subject has the right to


suspend, withdraw or order the blocking, removal or
destruction of his personal data.

**He can exercise the right upon discovery and


substantial proof of the following:

His personal data is:


incomplete, outdated, false, or unlawfully
obtained.
being used for purposes he did not authorize.
no longer necessary for the purposes for which
it was collected.
concerns information prejudicial to the data
subject
He decided to withdraw consent, or he objects to
its processing and there is no overriding legal
ground for its processing.
The processing is unlawful.
The personal information controller, or the
personal information processor, violated his
rights as data subject.
Page 7
Examples:
Melvin vs. Reid
Sidis vs. F-R Publishing Corp
Karnataka High Court Judgement

The

Right
to
Erasure
or
Blocking

06- The right to Damages

Data subject may claim compensation if he suffered


damages due to inaccurate, incomplete, outdated,
false, unlawfully obtained or unauthorized use of
personal data, considering any violation of his rights
and freedoms as data subject.

HOW TO EXERCISE THE RIGHT


Write or speak to the organization which
mishandled data subject's personal information
He may write to the organization and inform them
of his intent to take the matter to the court before
he starts court proceedings
Talk to a legal adviser

Page 8
07- The right to file a
complaint and rectify

THE RIGHT TO FILE A COMPLAINT


(with the National Privacy Commission)
If the data subject feels that
his personal information has THE RIGHT TO RECTIFY
been misused, maliciously Data subject has the
disclosed, or improperly right to dispute and
disposed, or that any of his
have corrected any
data privacy rights have
been violated, he has a right inaccuracy or error
to file a complaint with the in the data a
NPC. personal information
controller (PIC)
HOW TO EXERCISE THE RIGHT holds about him.
execute a written request to the
organization, addressed to its Data
Protection Officer (DPO), and have it
received
file a formal complaint before the
NPC

08- The right to Data portability

THE RIGHT TO DATA PORTABILITY---This right assures that


the data subject remains in full control of his data.

DATA PORTABILITY=allows the data subject to obtain and


electronically move, copy or transfer his data in a secure
manner for further use

Page 9
The HOW TO EXERCISE THE RIGHT
Various online platforms
have been making data
Right portability an available
and instant option for its
users.
to
The data subject must
execute a written request
Data to the organization ,
addressed to its Data
Protection Officer(DPO),
Portability and have it received.

09- The right to TRANSMIT DATA


SUBJECT RIGHTS

Data subject can assign his rights as a


data subject to his legal assignee or
lawful heir.
This right is not applicable in case the
processed personal data being
contested are used only for scientific
and statistical research

The Data Privacy act of 2012 included this provision


of transmissibility to protect the deceased's privacy
rights through a living person willing to assume the
responsibility on their behalf.

Extended to living adults who are unable to protect


their own rights and wish to assign the responsibility
to someone else.

HOW TO EXERCISE THE RIGHT

ALIVE BUT INCAPACITATED


Authorize a ''legal assignee'' to act as their proxy may
execute a legal notice to the effect.

DECEASED
Legal heir must be prepared to show legal evidence to
back their claim.

MINORS
Parents or guardians assume the responsibility of
protecting their privacy rights.
Page 10

You might also like