From the office of the National Privacy Commission of the Philippines:
Amendments to Republic Act No. 10173, known as the Data Privacy Act of 2012 (DPA), are sought to strengthen the current law amid the digital transformation in the Philippines.
During the 55th Asia Pacific Privacy Authorities (APPA) Forum, Privacy Commissioner Raymund Enriquez Liboro said that the House of Representatives – Committee on Information and Communications Technology, has approved the substitute bill to amend the DPA last February 4, 2021.
Efforts to amend the DPA began in the last quarter of 2019. The substitute bill grants additional powers to the National Privacy Commission (NPC). It gives the authority to issue summons, subpoenas, contempt powers, and to impose administrative penalties.
“In the last five years, the National Privacy Commission has laid down data privacy in the Philippines with a clear roadmap. In our drive to become a data privacy resilient country, we have adopted a responsive regulatory approach characterized by raising awareness, strict compliance, and enforcing the law. To do this, we find a need to amend the current DPA to keep up with the changing times,” Commissioner Liboro said in his speech at the APPA 55, which was held virtually last June 16-18 and hosted by the Personal Information Protection Commission of Korea.
Other provisions of the substitute bill:
- Redefining “sensitive personal information” to include biometric and genetic data, and political affiliation, considering the innate sensitivity of these classes of personal data.
- Clarification on extraterritorial application of the DPA by specifying clear instances when processing personal data of Philippine citizens and/or residents is concerned. This ensures the end-to-end protection of data subjects’ information (i.e., offering of goods or services, or monitoring of behavior within the Philippines or when the entity has a link with the country), to which they are entitled under the DPA.
- Define the digital age of consent to process personal information to more than fifteen (15) years, applicable where information society services are provided and offered directly to 5th Floor Delegation Building, Philippine International Convention Center (PICC) Complex, Pasay City 1307 URL: http://privacy.gov.ph Email Add: [email protected] a child (as children more than 15 years old under Philippine laws may already act with discernment).
- Inclusion of performance of a contract as a new criterion of the lawful basis for processing of sensitive personal information.
- Allowing Personal Information Controllers (PICs) outside of the Philippines to authorize Personal Information Processors (PIPs) in the country to report data breaches to the Commission on behalf of the controller.
- Modifying criminal penalties under the DPA, giving the proper courts the option to impose either imprisonment or fine upon its sound judgment.