NPC pushes amendments to Data Privacy Act

MANILA, Philippines — The National Privacy Commission (NPC) is pushing for amendments to strengthen the Data Privacy Act (DPA) in light of the ongoing digital transformation.

“In the last five years, the NPC has laid down data privacy in the Philippines with a clear roadmap. In our drive to become a data privacy resilient country, we have adopted a responsive regulatory approach characterized by raising awareness, strict compliance, and enforcing the law. To do this, we find a need to amend the current DPA to keep up with the changing times,” Privacy Commissioner Raymund Liboro said during the 55th Asia Pacific Privacy Authorities Forum held virtually and hosted by the Personal Information Protection Commission of Korea.

He said the House of Representatives committee on information and communications technology approved the substitute bill to amend the DPA which would give the NPC additional powers such as the authority to issue summons, subpoenas, contempt powers, and to impose administrative penalties.

Under the bill, there are provisions redefining sensitive personal information to include biometric and genetic data and political affiliation, and clarifying the extraterritorial application of the DPA when processing personal data of Philippine citizens and/or residents is concerned.

It likewise seeks to define the digital age of consent to process personal information to more than 15 years old.

Moreover, the bill includes performance of a contract as a new criterion of the lawful basis for processing of sensitive personal information.

It also seeks to allow personal information controllers (PIC) overseas to authorize personal information processors (PIP) in the country to report data breaches on their behalf.

The proposed amendments likewise cover changes in criminal penalties under the DPA to give the courts the option to decide on either imposing imprisonment or slapping fines.

As amendments to the DPA are being pushed, the NPC is also set to introduce administrative fines for data privacy violations committed by PICs and PIPs.

Apart from the proposed amendments to the DPA, NPC also presented its efforts for the proper handling of citizens’ personal data. These include issuances relating to the COVID-19 pandemic response, as well as an online safety campaign for the youth.

NPC likewise discussed guidelines that prohibit the harvesting of contact lists of borrowers for debt collection through harassment; guidelines on the use of videoconferencing technology for hearing cases and amended rules of procedure to streamline its complaints process.

“The NPC, despite the pandemic, has shifted gears and embraced the new normal of resolving data privacy complaints. We commenced Project Decongestion 2.0, refining our strategy in handling our case dockets clogged with thousands of individual complaints,” Liboro said.