Section 5 of our Constitution
provides:
“The maintenance of peace and order, the
protection of life, liberty, and property, and promotion of the general welfare
are essential for the enjoyment by all the people of the blessings of
democracy.”
Section 1. of the Bill of Rights under the Constitution provides:
“No person shall be deprived of life, liberty, or property without
due process of law, nor shall any person be denied the equal protection of the
laws.”
We
as individuals have the right to keep even the most general facts known to a
numerous people known to us be kept in secret from others. Even our real name
is not something that we want to be known by all the people we interact with.
If
ten years ago, a person attracted to you may get your contact number from a
phone directory using a school book to get your identity, today, with the use
of a computer system, such information and even a lot more than that could be
obtained by one click from the web.
Three
years ago, I got a phonecall asking me if I were interested to acquire a
discount card from certain shops. He confirmed some information from me and I
was shocked to hear him enumerate such information. I asked my caller where he
had obtained those data and he answered that they came from their database.
A
number of complaints arises from telecommunications companies for making
unsolicited telephone calls to individuals who do not wish to receive marketing
calls.
Personally,
I do not like my personal information to be available to every person who feels
that he or she has an obligation whether personal, official, financial to
transact with me.
Although,
there are times when it is convenient knowing that information are just within
your reach, but I only consider it advantageous when I get benefited by it.
Like when I get interested to a guy who happens to be someone I have no
knowledge of. What I do is, click on his name on the web and when I get lucky,
I could even get information about that guy’s family. I could even checked out
the guy’s background, if he is from a family of criminals or politicians.
Going to
social networks have its advantages too. By just looking at a guy’s profile,
you could easily get his personal information and even identify if he is a
discrete gay.
But most
of the time, though, having your personal data taken by others without your
knowledge is really exasperating.
My uncle
got a call from a person claiming to be an agent of a certain company. This
agent informed my uncle that he just won a prize of a car and asked
confirmation on some information. My uncle, believing of his luck in winning a
car went to Subic, Zambales to claim it. Only to realize that he was deceived
by the caller. Of course, he was not able to locate the prank caller to get
some retributions.
This
is just one of the numerous problems being encountered with the electronic
system in data storage and processing that is widely used today.
Our
government, even with the new laws being passed and implemented for privacy
protection cannot give us assurance that our personal information will be
secured from mishandling or misuse. We
don’t even know when interference in our private life by others come in. Spread
of personal data goes through the circuit and reaches to all parts of the
world. Violations of our private life occur countlessly everyday that they even
become part of our daily transactions.
The
management of our personal information, although required by law for some legal
purposes, alarms us when a private entity is tasked to do it in behalf of the
government.
The
following are cases filed before the foreign courts on issues related to
violations of data privacy law:
Google was penalized to pay
$22.5million to the Federal Trade Commission (FTC) after the erroneous statements Google made in its online privacy
statement including a false information of tracking cookies which was not
corrected by the said company . It is
the second time that FTC has ordered data privacy violation by the said
company. This is just an example of how
the US government is in implementing its data protection regulations, and it is
planning to push through tougher laws on privacy protection (Google
Case Exposes Weak US Data Privacy Laws. http://www.spiegel.de/international/europe/americans-may-have-to-wait-for-europe-for-better-data-protection-a-849372.html).
A class action lawsuit was filed
against Facebook for violating privacy right of users by displaying ads with
users’ “names, photographs, likenesses and identities” and by clicking a “Like”
button, a user would be automatically associated with the ad campaign without
compensation and without his consent.
Proposed settlements
have been filed before the court which has not decided rendered its decision
yet due to the complexity in the issues involved, including how much each of
the 125 million class members would get evenly from the settled amount. (Facebook Tries to Settle 'Sponsored Stories' Class
Action . . . Again. October 23, 2012.
http://www.adlawbyrequest.com/articles/data-privacy/)
In the United Kingdom, there was
a case wherein employees in the childcare litigation unit accidentally sent
through a fax machine information on a case regarding child sex abuse to wrong
recipients who are members of the public. Personal data were included in the
misspent information. The county council was fined by the Information
Commissioner for data protection breaches (BBC News UK, Data Protection Act fines
issued by commissioner, November 24, 2010.
http://www.bbc.co.uk/news/uk-11821203)
A woman
whose name and address were disclosed by the Department of Social and Family
Affairs (DSFA) to the Market Research Bureau of Ireland (MRBI) when a
representative of the MRBI went to her home to interview her complained of a
breach of the Data Protection Act 1988 for giving out her data without her
prior consent. In the course of the investigation, it was confirmed that MRBI
was commissioned by the DSFA to make survey under an agreement that data
provided in interviews would be protected and would not be disclosed by the
Department. Section 2(5) of the Data Protection Act of 1988 provides that the
Department is not prohibited to use personal data to conduct its research even
without the data subject not being informed in advance, provided that no
individual would be prejudiced. (“Department of Social and Family Affairs
market research survey on customer satisfaction by an agency did not breach
Data Protection provisions”. http://www.dataprotection.ie/viewdoc.asp?DocID=109)
In
response to those rampant misuse of private data, national laws protecting the
integrity, transfers, restrictions,
requirements and outsourcing arrangements have been issued to ensure that the
government and private companies comply with the strict requirements of the
law.
The office of the Data Protection
Commissioner of Ireland is one of the international organizations which is very
committed in carrying out its mandates in protecting personal privacy of
individuals. It gives short outlines of individual’s rights under the Data
Protection Acts and gives a summary of procedures in filing complaints and the
sequence of events involved in the investigation. It also shows online the
cases filed before it and the decisions rendered. (Data Protection Commissioner. http://www.dataprotection.ie)
The National Telecommunications and
Information Administration (NTIA) of the U.S. Department
of Commerce is drafting the Mobile Application Transparency Code of
Conduct which covers best privacy practices in using the mobile
system.
The
following issues were considered in the latest draft:
·scope of Mobile Devices
·type of data to be covered
·Whether to subject third-party
service providers to the Code
·Whether to require mobile app
providers to provide a “Short Notice” in addition to other Notice
·elements to be included in the
Notice
·Whether to require the
companies to establish a mechanism for consumers to access data (Privacy Stakeholders Meet Again Over Mobile Privacy
Best Practices. December 3, 2012. http://www.adlawbyrequest.com/articles/data-privacy/)
The
Data Protection Authority of the German Federal State of Schleswig-Holstein
(the Unabhaengiges Zentrum
fuer Datenschutz Schleswig-Holstein –
"ULD") recently published on its web site a white paper that covers
data privacy aspects of Cloud Computing. The
German Data Protection Act (Bundesdatenschutzgesetz – "BDSG") implements the EU
Data Protection Directive. Regardless of whether the Cloud Computing provider
is located inside or outside of the European Union, the ULD demands that
companies using Cloud Computing services must take adequate measures to
safeguard the integrity and security of the personal data processed. For
example, companies must include contractual provisions with Cloud Computing
service providers in accordance with the criteria for data controller/data
processor relationships (Auftragsdatenverarbeitung) set forth in
Section 11 BDSG – regardless of the location of the Cloud Computing provider or
the services.(Germany: Cloud Computing May Violate German Data Privacy Laws.
July 23, 2012. http://www.mondaq.com/article.asp?articleid=105920).
All European
Union (EU) member states and companies therein must comply with the European
Data Protection Directive 1995 which protects
individuals of their right to the secured processing and free flowing of
personal data. It is conveyed in the directive that it is “generally regarded
as legal to hold and use data on individuals for marketing purposes if the data
was in the public domain or if data subjects were informed of purpose of data
collection and did not object to possibility of direct marketing.” Under the
directive, individuals could also access their personal data, request corrections
and object to direct marketing. (Marketing
and data protection legislation. http://en.wikipedia.org/wiki/Marketing_and_data_protection_legislation)
In
Asia, current changes have been introduced to data protection laws:
South Korea -- The new Protection
of Personal Information Act (PPIA)
came into force on 30 September 2011 in South Korea. The new PPIA is not a
consolidation of all existing relevant data privacy laws in South Korea but
will co-exist with pre-existing data privacy laws such as the Act on
Promotion of Information and Communication Network Utilization and Information
Protection which protects the
privacy of personal data obtained by information communication service
providers.
Taiwan -- The new Personal Data Protection Act (Act) was enacted in 2010 and is expected to come into force in 2012 when the Enforcement Rules necessary for operation of some sections are passed by the Executive. The Act is comprehensive, applies to both the public and private sectors and is more extensive than the previous act which applied only to the private sector. The revised Act still has no oversight body and does not create a data protection authority. Enforcement of the Act is left to the Ministries responsible for each industry sector.
India -- India has in April 2011, issued the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 pursuant to the Information Technology (Amendment) Act of 2008. The new rules prescribe how personal information may be collected and used by organizations in India.
Malaysia -- Malaysia has passed the Personal Data Protection Act (Act) in June 2010 which regulates the processing of personal data in commercial transactions. The Act has not come into force although it has been announced that the Government intends to bring the Act into force in the second half of 2012.
Singapore -- Singapore has completed two rounds of public consultations of the Personal Data Protection Bill which is expected to come into force in the second half of 2012. This new Act will also see the establishment of a national Do Not Call Registry and a Data Protection Commission who will be responsible for administering the new act when it comes into force.
Hong Kong -- Hong Kong currently has a privacy law in place in the form of the Personal Data Protection Ordinance and has introduced the Personal Data (Privacy) (Amendment) Bill 2011which is expected to come into force in early 2013. The bill seeks to address recent public criticism of the transfer of customer personal data to others for direct marketing purposes and "cross-marketing" activities without consent. (Carol Ko, Data Protection Laws II – APAC Data Privacy Laws Update. September 11, 2012)
Taiwan -- The new Personal Data Protection Act (Act) was enacted in 2010 and is expected to come into force in 2012 when the Enforcement Rules necessary for operation of some sections are passed by the Executive. The Act is comprehensive, applies to both the public and private sectors and is more extensive than the previous act which applied only to the private sector. The revised Act still has no oversight body and does not create a data protection authority. Enforcement of the Act is left to the Ministries responsible for each industry sector.
India -- India has in April 2011, issued the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 pursuant to the Information Technology (Amendment) Act of 2008. The new rules prescribe how personal information may be collected and used by organizations in India.
Malaysia -- Malaysia has passed the Personal Data Protection Act (Act) in June 2010 which regulates the processing of personal data in commercial transactions. The Act has not come into force although it has been announced that the Government intends to bring the Act into force in the second half of 2012.
Singapore -- Singapore has completed two rounds of public consultations of the Personal Data Protection Bill which is expected to come into force in the second half of 2012. This new Act will also see the establishment of a national Do Not Call Registry and a Data Protection Commission who will be responsible for administering the new act when it comes into force.
Hong Kong -- Hong Kong currently has a privacy law in place in the form of the Personal Data Protection Ordinance and has introduced the Personal Data (Privacy) (Amendment) Bill 2011which is expected to come into force in early 2013. The bill seeks to address recent public criticism of the transfer of customer personal data to others for direct marketing purposes and "cross-marketing" activities without consent. (Carol Ko, Data Protection Laws II – APAC Data Privacy Laws Update. September 11, 2012)
In
our country , President Benigno Aquino III signed on August 24, 2012 the Republic Act 10173 or the “Data Privacy Act of 2012,” which
intends to protect the integrity and confidentiality of personal data in the information and communications systems
in the government and private sector and creating the National Privacy
Commission for such and other purposes.
It
would be a great help if the National Privacy Commission would actively perform
its functions in receiving complaints, monitoring compliances and compelling
entities to abide by its orders the earliest time possible as there are cases
rapidly arising due to the advancement in computer technology and
telecommunications networks making the sharing of personal information spread
around the world without sweat.
I
am not sure if membership in the said Commission has already been established.
When I checked the web to get information on the said Commission, I found out
that there is nothing posted about it, not even an update on its creation, so I
presume that said Commission is not operating yet.
With
proper implementation of Data Privacy Act, our Business Process Outsourcing
sector will primarily benefit as it its data source will be protected from
unlawful use and the media groups will be guaranteed protection from the impact
on freedom of the press.
I
hope that the outcome of the implementation of our new law will ensure us that
our personal data will be treated with security and only for legitimate
purposes.
