CEBU CITY, Philippines – With the use of Facebook pages, it has become easier for local government units (LGUs) to provide updates and respond to their constituents who inquire about government transactions and services.
But data privacy issues cannot be disregarded if a government changes hands and these purportedly official Facebook pages of the LGU are not handed over to the new administration.
READ: A data privacy lawyer’s take on issues with ‘Cebu Updates’ account
What will happen to data if?
What will happen to the data collected on that Facebook page if it ceases to be recognized as the LGU’s official Facebook page and is now managed by private individuals?
Lawyer Cecilia Soria, a data privacy lawyer, told CDN Digital that private individuals or residents might inquire and ask the Facebook page’s administrator to have their data deleted–especially if these data were given for a different purpose.
For instance, a resident provided her personal information, after asking for assistance from the government.
READ: Cebu Updates is a property of Cebu City, city lawyers ask PNP, NBI to help in recovering account
Data there can’t be used legally
To say it simply, the use of that data obtained by the page when it was regarded as the LGU’s official Facebook page could not be used legally by the administrators of the same Page that now functions as a non-governmental organization page.
“What did they do with the personal data of the users? Kasi yun nga (Because that is) when you continue using it as a private individual, I would say na unauthorized na yung pag store mo. Kasi (your storing of the data is now unauthorized. Because) even storage is covered by the Data Privacy Act,” Soria told CDN Digital.
Data subject right
“Nung private na yung naghahawak (If the account is now held by private individuals), they should have deleted all of the other information that they have…Dun siguro yung (I think that is where they should have an) inquiry, that will be very important. What did you do with the data that was previously submitted? If you’re still holding on to it, what is your basis of the right to hold on to it?” she said.
The data privacy lawyer said that anyone who previously communicated with or submitted personal data to the page can write to the current Facebook page administrator and say that he or she is exercising his data subject right.
READ: Over 1 million records from NBI, PNP, other agencies leaked in huge data breach
Show me proof of deletion
He can then inquire about how the page used his data and ask if they still have his data and demand to delete it, giving a chance to the organization to correct itself.
“Show me proof that you deleted it. And then kapag hindi sila sumunod (if they will not do it), you can file a complaint with the National Privacy Commission (NPC),” she added.
“Kasi, (Because) if there will be an official ruling of the NPC on this, this will also be a domino effect in the other local government pages,” she added.
The Data Privacy Act of 2012 (DPA), or the Republic Act No. 10173, is enacted to protect personal data in information and communications systems both in the government and the private sector.
According to this law, all public and private entities or organizations that process personal data must set policies, take action, and follow procedures “to ensure and guarantee the safety and security of personal data under their control or custody, thereby upholding an individual’s data privacy rights.”
RELATED STORIES
Beware of data theft via mobile phones, Filipinos told
Campaigns through text: A breach of data privacy?
Apple moving forward on app privacy, despite pushback
/dbs