Backgrounder
Since time immemorial, the right to privacy has been recognized in civilized societies. Take for instance the Anglo-Saxons in England made the edict that not even the King can enter into one’s humble home. Hundreds of years later, in 1928, Justice Louis Brandeis of the United States Federal Supreme Court termed the right to privacy as the “the right to be left alone” in his dissenting opinion in Olmstead vs. United States.
In our own jurisdiction, in 1968, the Philippine Supreme Court acknowledged the right to privacy as deserving of constitutional guarantee in Morfe vs. Mutuc. Then too, decades later or in 2008, it came up with the “writ of habeas data” which safeguards a person’s right to privacy and allows the individual to control any information concerning him/her.
Note that I am speaking of privacy in general owing to the fact that the right to privacy takes several forms like the privacy of communication/correspondence, the integrity of one’s person/body, one’s home, and, most especially, personal data/information which is the subject matter of this discussion.
In this light, sometime in 2014, the Court of Justice of the European Union in the Google Spain SL case broadened the right to privacy by recognizing the “right to be forgotten” having its leanings on the 1995 Directive for Data Protection.
Indeed, data privacy laws have been in place in the West since the 1970s. But with the rapid advancement in technology and the digitization of information, personal data today has become a highly monetized product. This must be secured and protected in the face of increasing incidents of hacking and data breaches, thereby necessitating an updating of existing laws. Hence, data protection laws were enacted in the 1990s and again further updated up until recent years.
In our own country, the law has caught up with data privacy brought about by the pressure and dictates of the modern world. Our leaders thus came up with the Data Privacy Act of 2012. However, it was not until March 2016 that the National Privacy Commission (NPC, for brevity) was appointed. The said Commission came up with the Implementing Rules and Regulations only in September 2016. Soon after, circulars, advisories and advisory opinions were released while the NPC’s initial deadline for mandatory registration ended in September 2017. Presently, government agencies and those organizations and individuals/professionals in the covered business sectors who registered during the first deadline need not renew their registration until March 2020.
References: Partly from retired Chief Justice Artemio Panganiban; and from the National Privacy Commission