Statement of Privacy Commissioner Raymund Enriquez Liboro On the release of passenger manifest of airlines to government agencies particularly the DOH, in relation to the 2019 nCov response
February 4, 2020 | 7:04 PM GMT+0800 Last Edit: May 12, 2020
While data privacy is a right, it is not an absolute right. The same should always be harmonized vis-à-vis the requirements of public order and safety, and to protect the life and health of the data subject or another person. (Data Privacy Act of 2012, Sec 12. D and E)
If a government agency pursuant to its constitutional or statutory mandate, requests airlines to release passenger manifest, the same is allowed under the Data Privacy Act of 2012.
In responding to a critical public health issue like nCov, the DOH has the mandate, purpose and the necessity to collect and process personal data to uphold the public welfare. Therefore, nothing should prevent airline companies from releasing relevant passenger data to competent and mandated authorities like the Department of Health.
The Data Privacy Act of 2012 is not meant to prevent the government from processing personal and sensitive personal information when necessary to fulfill their mandates. Rather, it aims to protect the right to data privacy while ensuring free flow of information. What the DPA does is to promote fair, secure, and lawful processing of such information.
We recognize that the passenger manifest to be disclosed with the pertinent government agencies may pose privacy risks to individuals. While the Data Privacy Act 2012 will not stand as an obstacle to the fulfillment by public authorities of their constitutional and statutorily mandated functions, the DPA nonetheless serves as a reminder of the need for data protection in order to assure that rights of data subjects will be protected.