As the campaign period is now in full swing, the National Privacy Commission (NPC) has reminded poll candidates — including political parties, party-list groups or organizations, and their nominees — to be mindful of the Data Privacy Act of 2012 in obtaining data from voters.
The NPC, in a statement on Tuesday, said the collection of personal data in connection with electoral campaigns must strictly adhere to the DPA, its Implementing Rules and Regulations (IRR), and relevant NPC issuances.
Under NPC Advisory No. 2021–03, the processing of personal data for election campaign purposes must comply with the general data privacy principles of transparency, legitimate purpose, and proportionality.
“This means that individuals must be (clearly) informed of the purpose of data collection, and the amount of information gathered must be limited to what is necessary. The processing of personal information must always be based on a lawful basis, such as valid and freely given consent,” the NPC said.
Further, political organizations and candidates must implement appropriate organizational, physical, and technical security measures to protect the personal information they collect.
“They are also accountable for ensuring that all personal data are processed fairly and lawfully. We also urge the public to exercise caution when giving out personal information,” it said.
With this, the NPC urged voters to always ask why their data is being collected, how it will be used, and who will have access to it.
“If something feels unclear or questionable, you have the right to object. Protect your privacy and do not share your personal data if you feel pressured, misled, or unsure. The NPC urges anyone who believes their personal data has been improperly collected or misused to file a complaint through our official website: www.privacy.gov.ph, or reach us via email at complaints@privacy.gov.ph,” according to the NPC.