ALBURO ALBURO AND ASSOCIATES LAW OFFICES ALBURO ALBURO AND ASSOCIATES LAW OFFICES
contact  

Quezon City, Philippines


contact

(02)7745-4391


contact

info@alburolaw.com

contact

MON-SAT 8:30AM-5:30PM

June 1, 2022 rizzlemay

RIGHTS OF THE DATA SUBJECT UNDER THE DATA PRIVACY ACT

Image via: https://cartoonmovement.com/_flysystem/s3/styles/product_detail_image/s3/cartoons/2018/04/web_privacy__wan.jpg?itok=A_YuyD7I

Read also: Right to Privacy during COVID-19 Pandemic

  • Data Subject has the right to be informed whether personal data pertaining to him or her shall be processed and he or she has the right to object to the processing of his or her personal data.

  • The data subject has the right to reasonable access of his or her personal data and he or she has the right to rectify any personal data gathered.

  • The data subject also has the right to erase his or her personal data and he or she has the right to damages for false, unlawfully obtained or unauthorized use of his or her personal data.

Privacy is a fundamental human right recognized in the UN Declaration of Human Rights. In the Philippines, it is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information and communications systems in the government and in the private sector are secured and protected.

Accordingly, any individual who shares information requested by any entity to secure any service or procedure has the right to assume that his right to privacy is protected and no unlawful disclosure of his information will be shared to anybody.

Under Implementing Rules and Regulations of the Data Privacy Act of 2012, the Data Subject or the individual whose personal information is processed has the following rights:

a.Right to be informed.

  1. The data subject has a right to be informed whether personal data pertaining to him or her shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
  2. The data subject shall be notified and furnished with information indicated hereunder before the entry of his or her personal data into the processing system of the personal information controller, or at the next practical opportunity:
    1. Description of the personal data to be entered into the system;
    2. Purposes for which they are being or will be processed, including processing for direct marketing, profiling or historical, statistical or scientific purpose;
    3. Basis of processing, when processing is not based on the consent of the data subject;
    4. Scope and method of the personal data processing;
    5. The recipients or classes of recipients to whom the personal data are or may be disclosed;
    6. Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized, including meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
    7. The identity and contact details of the personal data controller or its representative;
    8. The period for which the information will be stored; and
    9. The existence of their rights as data subjects, including the right to access, correction, and object to the processing, as well as the right to lodge a complaint before the National Privacy Commission.

When a data subject objects or withholds consent, the personal information controller shall no longer process the personal data, unless:

b. Right to object. The data subject shall have the right to object to the processing of his or her personal data, including processing for direct marketing, automated processing or profiling. The data subject shall also be notified and given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the data subject in the preceding paragraph.

  1. The personal data is needed pursuant to a subpoena;
  2. The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which the data subject is a party, or when necessary or desirable in the context of an employer-employee relationship between the collector and the data subject; or
  3. The information is being collected and processed as a result of a legal obligation.

c. Right to Access. The data subject has the right to reasonable access to, upon demand, the following:

  1. Contents of his or her personal data that were processed;
  2. Sources from which personal data were obtained;
  3. Names and addresses of recipients of the personal data;
  4. Manner by which such data were processed;
  5. Reasons for the disclosure of the personal data to recipients, if any;
  6. Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the data subject;
  7. Date when his or her personal data concerning the data subject were last accessed and modified; and
  8. The designation, name or identity, and address of the personal information controller.

d. Right to rectification. The data subject has the right to dispute the inaccuracy or error in the personal data and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal data has been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof: Provided, That recipients or third parties who have previously received such processed personal data shall be informed of its inaccuracy and its rectification, upon reasonable request of the data subject.

e. Right to Erasure or Blocking. The data subject shall have the right to suspend, withdraw or order the blocking, removal or destruction of his or her personal data from the personal information controller’s filing system.

  1. This right may be exercised upon discovery and substantial proof of any of the following:
    1. The personal data is incomplete, outdated, false, or unlawfully obtained;
    2. The personal data is being used for purpose not authorized by the data subject;
    3. The personal data is no longer necessary for the purposes for which they were collected;
    4. The data subject withdraws consent or objects to the processing, and there is no other legal ground or overriding legitimate interest for the processing;
    5. The personal data concerns private information that is prejudicial to data subject, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
    6. The processing is unlawful;
    7. The personal information controller or personal information processor violated the rights of the data subject.
  2. The personal information controller may notify third parties who have previously received such processed personal information.

f. Right to damages. The data subject shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, taking into account any violation of his or her rights and freedoms as data subject.

Alburo Alburo and Associates Law Offices specializes in business law and labor law consulting. For inquiries, you may reach us at info@alburolaw.com, or dial us at (02)7745-4391/0917-5772207.

All rights reserved.

SUBSCRIBE NOW FOR MORE LEGAL UPDATES!

[email-subscribers-form id=”4″]

Share
Tweet
Share
0 Shares
0 Shares
Share
Tweet
Share