Not a contradiction: Privacy and freedom of information
By Adelle Chua
In making data on public contracts available to citizens, government agencies should not pit data privacy against the right to information because the two are not contradictory.
At a Hivos Southeast Asia-sponsored breakout session during the Freedom of Information Summit held at the Peninsula Manila earlier this month, National Privacy Commission lawyer Erlaine Lumanog explained why and how data privacy and FOI could be harmonized to serve the public interest without compromising the data security and privacy of any individual, and while promoting transparency.
Data privacy in the Philippines is embodied in Republic Act 10173 of 2012, while FOI is expressed in Executive Order No. 2 issued by President Rodrigo Duterte in July 2016. The EO, however, applies only to agencies under the Executive department of the government. There is no FOI Law yet in the Philippines; the current Congress is hearing 16 different versions of the bill.
At the outset, Atty. Lumanog sought to clarify misconceptions about privacy and the right to information.
“Privacy is our most valued right as an individual,” she said. “It is the right to be left alone, for us to flourish by ourselves.”
The Data Privacy Act, however, only pertains to the protection of individual personal information.
“Data privacy in this context, limits the application of data privacy to information privacy – the right of an individual to control the collection or processing of his or her information in the custody of the government or the private sector.”
Section 2 of the law articulates the policy of the state to protect the fundamental human rights of privacy and communication while ensuring the free flow of information.
The free flow of information, she said, is necessary for a democratic society.
Real cases, special cases
Lumanog said her agency receives many complaints and inquiries that there are certain entities in the public and private sector that do not disclose information, citing the Data Privacy Act.
“This is essentially wrong,” she said.
The DPA, however, through Sections 12 and 13, cites eight special cases – all concerning public interest – where the requesting party does not need the consent of the individual for the latter’s information to be made public.
Specifically, there are three special cases applicable to the right of information and good governance, especially in the context of public contracts. These special cases are:
Information about an individual who was or is an employee of a government institution. Information relating to his or her position, or functions in that position, are allowed to be disclosed;
Information related to an individual who was or is performing a service under the government, where the nature of that service is imbued with public interest; and
Individuals enjoying discretionary benefits over public funds. Their personal information relating to these benefits are disclosable because public funds are of public interest.
Similarities and differences
The right to information says that anything related to public funds and public transactions, not necessarily personal information, can be disclosed. The protection offered by the Data Privacy Act is limited to personal information. If the required information is about a corporation or entity that does government transactions, this is also not covered by the DPA.
The right to information has exemptions; they are based on law, jurisprudence and public interest. For the right to privacy, there are basic cases based on public interest, The general rule is that transactions and documents are disclosable unless they are exempted under the right to information, or fall under special cases under the data privacy act.
“There is no contradiction between the right to information and data privacy,” said Lumanog. The right to information is needed to grow as a society. Still, it does not mean that those in public service have to let go of their individual rights to privacy, which is guaranteed by the law.”