Understanding Data Privacy: Legal

Framework, Challenges, and Real-World

Applications
TOPIC: Learning Objective:
This module provides an in-depth 1. Define key concepts related to
exploration of data privacy, focusing on its data privacy and data
significance in the digital age, particularly protection.
in the field of criminal justice. It examines
key concepts, rights, and principles 2. Explain the legal frameworks
surrounding data privacy, discusses the governing data privacy in the
Philippine Data Privacy Act of 2012, and Philippines and globally.
analyzes notable real-world cases. Learners
will gain critical awareness of how to uphold 3. Analyze real-world cases of
privacy rights, comply with legal standards, data privacy violations and
and balance crime prevention with compliance.
individual rights in a data-driven world.
4. Evaluate the ethical and legal
MODULE STRUCTURE: implications of privacy issues
I. Introduction to Data Privacy
in criminal justice and digital
a. Definition and importance
environments.
b. Data privacy in criminal justice
II. Key Concepts in Data Privacy 5. Develop strategies for
a. Personal data and sensitive protecting personal and
personal information sensitive data in practice.
b. Data processing, data subjects,
consent, and breaches
III. Legal Frameworks on Data
Privacy
a. Philippine Data Privacy Act (RA
10173)
b. Global standards (GDPR, APEC
Privacy Framework)
IV. Case Studies in Data Privacy
a. Notable local and international
cases
V. Critical Issues and Challenges
a. Surveillance, digital evidence,
protection of victims and suspects
VI. Reflection and Scenario-Based
Analysis
a. Real-world privacy dilemmas
and law application

Information Technology
Living in the IT ERA Prepared by: Charlotte Junic M. Laguitan
 I. Introduction to Data Privacy
Definition and Importance
• Data Privacy refers to the right of individuals to control how their personal information is
collected, used, stored, and shared.
• In the context of criminal justice, data privacy is crucial due to the sensitive nature of
information handled by law enforcement, courts, and correctional institutions.
Data Privacy in Criminal Justice
• Handling criminal records, surveillance, profiling, and background checks require strong
privacy safeguards to protect individuals’ rights.

II. Key Concepts in Data Privacy

1. Personal Data
• Information that can directly or indirectly identify a person (e.g., name, address, ID number).
2. Sensitive Personal Information
• Includes data about race, ethnicity, religion, health, education, criminal records, or
government-issued IDs.
3. Processing of Data
• Any operation performed on personal data such as collection, storage, retrieval, or
dissemination.
4. Data Subject
• The individual whose personal data is collected or processed.
5. Consent
• Freely given, specific, informed, and explicit permission from the data subject for data
processing.
6. Data Breach
• An incident where confidential or sensitive information is exposed to unauthorized
individuals.

III. Legal Frameworks on Data Privacy

A. Philippine Data Privacy Act of 2012 (RA 10173)
• Purpose: To protect the right to privacy while promoting the free flow of information.
• Scope: Applies to any natural and juridical persons involved in processing personal data.
• National Privacy Commission (NPC): Enforces compliance and investigates violations.
• Key Rights of Data Subjects:
o Right to be informed
o Right to object
o Right to access
o Right to correct
o Right to erasure or blocking
• Lawful Processing Requirements:
o Consent
o Contractual necessity
o Legal obligation
o Vital interests
o Official authority
• Penalties for Violations:
Offense Penalty

Unauthorized processing 1–3 years in prison + fine

Access due to negligence 1–3 years in prison + fine

Improper disposal of records 1–3 years in prison + fine

Malicious disclosure of info 3–6 years in prison + fine

Unauthorized disclosure/spoofing 3–5 years in prison + fine

Accessing info with intent to harm 3–6 years in prison + fine

Information Technology
Living in the IT ERA Prepared by: Charlotte Junic M. Laguitan
 B. Global Standards
• General Data Protection Regulation (GDPR - EU): International standard for data
protection.
• APEC Privacy Framework: Guidelines for data privacy across the Asia-Pacific.
• International Human Rights Law: Article 17 of ICCPR recognizes privacy as a human right.

IV. Case Studies in Data Privacy

A. Philippine Context
1. ComeLeak (2016):
o Leak of 55M voter records.
o Violation of Data Privacy Act.
o Accountability: COMELEC Chair.
2. Jollibee Data Breach (2024):
o Exposure of customer data.
o NPC ordered cessation of data processing operations.
3. PNP Profiling of Muslim Students (2019):
o Police requested schools for student profiles.
o Criticized as discriminatory and a privacy breach.

B. International Context
1. Cambridge Analytica – Facebook Scandal (2018):
o Unauthorized harvesting of millions of users' data for political purposes.
2. South Korea Nth Room Case (2020):
o Digital sex crime through Telegram groups.
o Digital footprints helped solve the case.

V. Critical Issues and Challenges

Surveillance vs. Privacy
• Balancing national security needs with individual rights.
Digital Evidence Gathering
• Collecting digital evidence must follow lawful procedures.
Protection of Victims’ and Suspects’ Data
• Sensitive handling of personal and criminal information.
Misuse of Law Enforcement Databases
• Risks of profiling, discrimination, and unauthorized access.

VI. Reflection and Scenario-Based Analysis

A. Scenario-Based Questions
Scenario Situation Verdict Key Points
Mugshot Goes Viral Officer posts suspect’s Violation Unauthorized disclosure;
mugshot on Facebook. presumption of innocence.
School's Crime Watch University posts Violation Public disclosure without
List names/photos of offenders. lawful basis.
Surveillance Footage Store posts CCTV footage of Violation Sensitive data of a minor
Leak minor stealing. exposed.
Posting a Victim’s Student posts sexual assault Violation Breach of confidentiality even
Story case details. with blurred images.
Crime Files Group Students share police records Violation Unauthorized data processing
Chat in Messenger group. even in private groups.
Unconsented Barangay official stalks Violation Unauthorized access and
Investigation Facebook using dummy deceptive information
account. collection.
Public Shaming of Barangay livestreams names Likely Violates privacy despite
Quarantine Violators and addresses. Violation public interest claims.

Information Technology
Living in the IT ERA Prepared by: Charlotte Junic M. Laguitan
 References:
• Republic Act No. 10173 – Data Privacy Act of 2012. (2012). Official Gazette of the Republic of
the Philippines. https://www.officialgazette.gov.ph/2012/08/15/republic-act-no-10173/
• National Privacy Commission (NPC). (n.d.). Data Privacy Act of 2012 and Implementing Rules
and Regulations. Retrieved from https://www.privacy.gov.ph/
• European Union. (2016). General Data Protection Regulation (GDPR). Official Journal of the
European Union. https://eur-lex.europa.eu/eli/reg/2016/679/oj
• Asia-Pacific Economic Cooperation (APEC). (2005). APEC Privacy Framework. Retrieved from
https://www.apec.org/Publications/2005/12/APEC-Privacy-Framework
• United Nations. (1966). International Covenant on Civil and Political Rights (ICCPR), Article 17.
Retrieved from https://www.ohchr.org/en/instruments-
mechanisms/instruments/international-covenant-civil-and-political-rights
• BBC News. (2018). Facebook–Cambridge Analytica data scandal. Retrieved from
https://www.bbc.com/news/technology-43465968
• Rappler. (2016). ComeLeak: Inside the biggest government-related data breach. Retrieved from
https://www.rappler.com/technology/features/130915-comelec-leak-data-breach-analysis/
• Philippine Daily Inquirer. (2019). Muslim students' profiling condemned. Retrieved from
https://newsinfo.inquirer.net/1082684/muslim-students-profiling-condemned
• Korea Times. (2020). Nth Room case: South Korea's digital sex crime scandal. Retrieved from
http://www.koreatimes.co.kr/www/nation/2020/03/251_286224.html
• Jollibee Foods Corporation Data Breach. (2024). National Privacy Commission Case. Internal
Reports and News Releases.

Information Technology
Living in the IT ERA Prepared by: Charlotte Junic M. Laguitan