Privacy and Data Protection in the Philippines

Cite as: 50 ATENEO L.J. 669 (2005)
Download Abstract Download Article
This publication contains material that is protected under International and Philippine Copyright Law and Treaties. Any unauthorized reprint or use of this material is prohibited. No part of this online publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system without the express written permission of the author as coursed through the Ateneo Law Journal.




This Article delves into the legal landscape of privacy and data protection in the Philippines. The Author first introduces the historical development of data and information protection in the country by analyzing how the Philippine Constitution itself laid down the basis for the protection of the rights of individuals to privacy and to information. The Article also discusses several Civil Code provisions that relate to privacy and data protection and jurisprudence and current events that helped shaped the understanding of the legal world towards its importance, such as the Ople v. Torres and the international circulation of the ILOVEYOU virus.

Certain laws were also examined in light of these events such as the Electronic Commerce Act and Presidential Decree (P.D.) No. 1718. The Author also discusses the pending legislation on data protection but remains doubtful that it shall be passed into law anytime soon.

The Article also examines the guidelines set by the Organization for Economic Cooperation and Development (OECD) and the Asia Pacific Economic Cooperation (APEC) privacy framework. The OECD guidelines presents eight basic privacy principles: (1) limitation on collection, (2) quality of data, (3) purpose specification and notice, (4) limitation of use, (5) security safeguard, (6) openness, (7) individual participation, and (8) accountability. The APEC privacy framework, on the other hand, consists of nine principles: (1) preventing harm, (2) notice, (3) limitation on collection, (4) use of personal information, (5) choice, (6) integrity of personal information, (7) security safeguards, (8) access and correction, and (9) accountability. These guidelines and principles aim to facilitate the flow of information within the region while ensuring the protection of that data although the crucial element missing from APEC’s framework concerns data exports and international cooperation in enforcement.

The Author concludes that having an information system that ensures reliability, security, and integrity of electronic communication and computerized information processing systems is crucial for the development of the Philippine business outsourcing industry. The Philippines should fully support the Global Internet Policy Initiative which provides that data protection laws should permit and facilitate commercial and governmental use of personal data. At the same time, it provides individuals control over what to disclose, awareness of how their personal data will be used, a right to insist that the data is accurate and up-to-date, and protection when personal information is used to make decisions about a person. Presently, Philippine laws and jurisprudence are not equipped to address the right to informational privacy. It is therefore important to pass a well-drafted privacy law in the country.

More Issues