January 11, 2022 | 4:56 PM GMT+0800 Last Edit: January 11, 2022
On December 14 2021, the Court of Appeals (CA) Sixteenth Division issued a Decision denying the petition for review filed by Pieceland Corporation (Pieceland) and upholding the ruling of the National Privacy Commission (NPC) in NPC Case No. 19-528 (Pieceland Corporation v. Manila New Life Church Inc.).
“The Commission welcomes the Decision of the appellate court upholding NPC’s ruling and its recommendation to prosecute violators for the unauthorized processing of sensitive personal information under the Data Privacy Act (DPA),” said Privacy Commissioner John Henry D. Naga.
“This favorable Decision is proof that our Commission is working hard in protecting data subjects and guaranteeing their right to privacy. We will be more resolute in implementing and enforcing the DPA against violators,” the NPC Chief added.
In 2019, Manila New Life Church Inc. (MNLCI) filed a complaint before the NPC against Pieceland for the unauthorized processing of personal data, in which the NPC ruled in favor of the Complainants.
According to Deputy Commissioner Leandro Angelo Aguirre, ponente of the NPC Decision, “the availability of a far less intrusive measure demonstrates that the measures employed by Respondents [requiring data subjects to submit passports, governmentissued IDs, and colored pictures] are disproportionate to the aim they seek to achieve. In as much as Respondents recognized the issued IDs of the other tenants in the building, the same standard should have been applied to the church members of Complainant.”
The NPC also found that Pieceland processed the personal data of MNLCI members without the consent of data subjects as defined under the DPA.
Petition for Review and Decision
Pieceland filed a petition for review to the CA against NPC for allegedly committing a reversible error in ruling that Pieceland violated Section 25(b) of the DPA. However, the appellate court denied the petition and ruled the following:
NPC’s recommendation to prosecute Pieceland and its responsible officers for DPA violations is likewise upheld. Pieceland is also ordered to delete the sensitive personal information they collected from the data subjects.
“The impact of the CA’s decision will help the Commission in further promoting not just the rights and freedoms of the data subjects, but also the obligations and responsibilities of Personal Information Controllers (PICs),” Aguirre said.
“I hope that this is something that will urge PICs to be more mindful of their accountability under the DPA and to ensure that their methods of processing are aligned with the requirements of the law and pertinent issuances of the Commission,” he added.