R.A. No.

10173 or
the Data Privacy
Act of 2012

R.A. No. 10173 Data Privacy Act of 2012

INTRODUCTION
An acute observer of the social scene,
Carmen Guerrero-Nakpil, once said: Privacy?
Whats that? There is no precise word for it in
Filipino, and as far as I know any Filipino
dialect and there is none because there is no
need for it. The concept and practice of
privacy are missing from conventional
Filipino life. The Filipino believes that privacy
is an unnecessary imposition, an eccentricity
that is barely pardonable or, at best, an
esoteric Western afterthought smacking of
legal trickery.

R.A. No. 10173 Data Privacy Act of 2012

OVERVIEW OF THE RIGHT TO

PRIVACY
The right to privacy is well-entrenched
in the 1987 Constitution, particularly in
the Bill of Rights and safeguarded by
several provisions of the Civil Code, the
Revised Penal Code, and certain laws
which provide penalties for their
violation in the form of imprisonment,
fines, or damages.

R.A. No. 10173 Data Privacy Act of 2012

Pertinent provisions of the Bill of

Rights
Sec. 1. No person shall be deprived of
life, liberty, or property without due
process of law, nor shall any person be
denied the equal protection of the
laws.

R.A. No. 10173 Data Privacy Act of 2012

Pertinent provisions of the Bill of

Rights
Sec. 2. The right of the people to be secure
in their persons, houses papers, and effects
against unreasonable searches and seizures
of whatever nature and for any purpose shall
be inviolable, and no search warrant or
warrant of arrest shall issue except upon
probable cause to be determined personally
by the judge after examination under oath or
affirmation of the complainant and the
witnesses he may produce, and particularly

R.A. No. 10173 Data Privacy Act of 2012

Pertinent provisions of the Bill of

Rights
Sec. 3. (1) The privacy of
communication and correspondence
shall be inviolable except upon lawful
order of the court, or when public
safety or order requires otherwise as
prescribed by law.

R.A. No. 10173 Data Privacy Act of 2012

Pertinent provisions of the Bill of

Rights
Sec. 6. The liberty of abode and of
changing the same within the limits
prescribed by law shall not be impaired
except upon lawful order of the court.
Neither shall the right to travel be
impaired except in the interest of
national security, public safety, or

R.A. No. 10173 Data Privacy Act of 2012

Pertinent provisions of the Bill of

Rights
Sec. 6. The liberty of abode and of
changing the same within the limits
prescribed by law shall not be impaired
except upon lawful order of the court.
Neither shall the right to travel be
impaired except in the interest of
national security, public safety, or

R.A. No. 10173 Data Privacy Act of 2012

Pertinent provisions of the Bill of

Rights
Sec. 8. The right of the people,
including those employed in the public
and private sectors, to form unions,
associations, or societies for purposes
not contrary to law shall not be
abridged.

R.A. No. 10173 Data Privacy Act of 2012

Pertinent provisions of the Bill of

Rights

Sec. 17. No person shall be compelled

to be a witness against himself.

R.A. No. 10173 Data Privacy Act of 2012

Civil Code provides

[e]very person shall respect the dignity,
personality, privacy and peace of mind of his
neighbors and other persons and punishes
as actionable torts several acts by a person
of meddling and prying into the privacy of
another.It also holds a public officer or
employee or any private individual liable for
damages for any violation of the rights and
liberties of another person, and recognizes
the privacy of letters and other private
communications.

R.A. No. 10173 Data Privacy Act of 2012

Revised Penal Code

Makes a crime the violation of secrets
by an officer,the revelation of trade
and industrial secrets,and trespass to
dwelling.Invasion of privacy is an
offense in special laws like the AntiWiretapping Law,the Secrecy of
Bank Deposits Actand the
Intellectual Property Code.

R.A. No. 10173 Data Privacy Act of 2012

The Rules of Court

On privileged communication likewise
recognize the privacy of certain
information.

R.A. No. 10173 Data Privacy Act of 2012

DATA PRIVACY ACT OF 2012

- Republic Act No. 10173 is an act
protecting
individual
personal
information
in
information
and
communications
systems
in
the
government and the private sector,
creating for this purpose a national
privacy commission, and for other
purposes.

R.A. No. 10173 Data Privacy Act of 2012

The Data Privacy Act of 2012 aims:

1. To protect the fundamental human
right of privacy, of communication
while
ensuring
free
flow
of
information to promote innovation
and growth.
2. To ensure that personal information
in information and communications
systems in the government and in
the private sector are secured and

R.A. No. 10173 Data Privacy Act of 2012

Prominent Characteristics:
1. Principally deals with the processing
of Personal Information (Sec. 3g) and
Sensitive
Personal
Information
(Section 3l);
2. It paved the way for the creation of
the National Privacy Commission
which has yet to promulgate the
Implementing Rules and Regulations
(Sec. 7).

R.A. No. 10173 Data Privacy Act of 2012

Prominent Characteristics:
3. The Processing of Personal Information is
lawful under the following circumstances:
a. there is consent of the data subject;
b. necessary to the fulfillment of a contract or of
a legal obligation;
c. in response to national emergency, public
order and safety;
d. when the life and health, or other vital
interests of the data subject are involved;
e. in pursuit of legitimate interests by the
personal information controller or by a third
party to whom the data is disclosed provided
that the fundamental rights and freedoms of

R.A. No. 10173 Data Privacy Act of 2012

Prominent Characteristics:
4. On the other hand, processing of Companies who
subcontract processing of personal information to 3rd
party shall have full liability and cant pass the
accountability of such responsibility (Sec. 14).
5. Data subject has the right to know if their personal
information is being processed. The person can
demand information such as the source of info, how
their personal information is being used, and copy of
their information. One has the right to request removal
and destruction of ones personal data unless there is
a legal obligation that required for it to be kept or
processed. (Secs. 16 and 18)
6. If the data subject has already passed away or became
incapacitated (for one reason or another), their legal
assignee or lawful heirs may invoke their data privacy

R.A. No. 10173 Data Privacy Act of 2012

Prominent Characteristics:
7. Personal information controllers must
ensure security measures are in place to
protect the personal information they
process and be compliant with the
requirements of this law. (Secs. 20 and 21)
8. In case a personal information controller
systems or data got compromised, they
must notify the affected data subjects and
the National Privacy Commission. (Sec. 20)

R.A. No. 10173 Data Privacy Act of 2012

Prominent Characteristics:
9. Heads of government agencies must ensure
their system compliance to this law (including
security requirements). Personnel can only
access sensitive personal information off-site,
limited to 1000 records, in government
systems with proper authority and in a
secured manner. (Sec. 22)
10.Contracts, which involve the access of
sensitive personal information from one
thousand (1,000) or more individuals, shall
register their Personal Information Processing

R.A. No. 10173 Data Privacy Act of 2012

Prominent Characteristics:
11.Penalties of imprisonment ranging from three (3)
years to six (6) and a fine not less than One
Million Pesos (Php1,000,000.00) but not to exceed
Five Million Pesos (Php5,000,000.00) shall be
imposed on the processing of personal
information and sensitive personal information
based on the following acts:
a)
b)
c)
d)
e)
f)
g)
h)

Unauthorized Processing (Sec. 25);

Accessing due to Negligence (Sec. 26);
Improper disposal (Sec. 27);
Processing for Unauthorized Purposes (Sec. 28);
Unauthorized Access or Intentional Breach (Sec. 29);
Concealment of Security Breaches (Sec. 30);
Malicious Disclosure (Sec. 31); and
Unauthorized Disclosure (Sec. 32).

R.A. No. 10173 Data Privacy Act of 2012

SCOPE
- Section 4 of Republic Act No. 10173 or the
Data Privacy Act of 2012 provides that this
Act shall apply to the processing of all types
of personal information and to any natural
and juridical person involved in personal
information
processing
including
those
personal
information
controllers
and
processors who, although not found or
established in the Philippines, use equipment
that are located in the Philippines, or those
who maintain an office, branch or agency in

R.A. No. 10173 Data Privacy Act of 2012

However, this Act does not apply to the
following:
1. Information about any individual who is or
was an officer or employee of a
government institution that relates to the
position or functions of the individual;
2. Information about an individual who is or
was performing service under contract for
a government institution that relates to
the services performed, including the
terms of the contract, and the name of the
individual given in the course of the
performance of those services;

R.A. No. 10173 Data Privacy Act of 2012

However, this Act does not apply to the
following:
4. Information necessary in order to carry out the
functions of public authority which includes the
processing of personal data for the performance by the
independent, central monetary authority and law
enforcement and regulatory agencies of their
constitutionally and statutorily mandated functions.
Nothing in this Act shall be construed as to have
amended or repealed Republic Act No. 1405, otherwise
known as the Secrecy of Bank Deposits Act; Republic
Act No. 6426, otherwise known as the Foreign Currency
Deposit Act; and Republic Act No. 9510, otherwise
known as the Credit Information System Act (CISA);
5. Information necessary for banks and other financial
institutions under the jurisdiction of the independent,

R.A. No. 10173 Data Privacy Act of 2012

However, this Act does not apply to the
following:
6. Personal information originally collected
from residents of foreign jurisdictions in
accordance with the laws of those foreign
jurisdictions, including any applicable data
privacy laws, which is being processed in
the Philippines.

R.A. No. 10173 Data Privacy Act of 2012

CONCLUSION
- Theprovisions of the Data Privacy Act of
2012 clearly shows the legislatures continuing
concern to the protection of the right to
privacy consistent with the continuing
advancement in technology.

R.A. No. 10173 Data Privacy Act of 2012

RELATED CASE
G.R. No. 179736, June 26, 2013, SPOUSES
BILL AND VICTORIA HING, PETITIONERS,
VS. ALEXANDER CHOACHUY, SR. AND
ALLAN CHOACHUY, RESPONDENTS.