COVID-19 software developers invited to NPC data privacy assembly

The National Privacy Commission (NPC) has invited COVID-19 contact-tracing application developers to a data privacy summit for the technology sector scheduled for September 27.

More than 300 software developers are expected to attend the event, dubbed “DPO 24: The Data Protection Officers’ Assembly for the Technology Sector,” via MS Live Events.

The event is open to information technology offices and departments of local government units (LGUs), individual software developers and those from private institutions.

The NPC has reached out to the Department of the Interior and Local Government (DILG) and the League of Cities of the Philippines to invite their internal or partner software developers for their contact-tracing apps or websites.

Through the virtual summit, the Commission will deliver insights into and learnings on how to adapt to the evolving environment brought by the pandemic and how government regulators, private entities, and key stakeholders can prepare for future data protection and privacy challenges. The insights of world-renowned personal information controllers will also guide the Commission in its future data privacy policy regulations.

“Holding the summit for the technology sector is crucial to the National Privacy Commission, as technology has become the primary means to conduct business, especially during the pandemic,’’ Privacy Commissioner Raymund Enriquez Liboro said.

“Data privacy does not just require secure technology and tools to collect and process personal data. It also requires well-informed data protection officers and developers and implementors of these tools,” Liboro added.

Discussions in the summit will include contractual agreements and balancing privacy with data sharing, building trust in the age of digital transformation, privacy by design in social media, data privacy best practices in eCommerce, best practices in consent particularly electronic consent and online privacy notices, and mobile app privacy.

Software developers as privacy watchers

The NPC is calling on software teams developing COVID-19 contact-tracing apps for LGUs to act as privacy watchers, integrate a privacy-by-design (PbD) approach, and employ a proper consent mechanism in which users can easily withdraw consent at any time.

Recommended measures include incorporating a PbD in software engineering encompassing modeling, method, definition, and analysis; following secure coding and design principles; and conducting essential software testing. Encryption of all network communications between the app and the backend is also a must.

Earlier this year, the DILG issued a memorandum circular directing local chief executives such as governors, mayors, and barangay captains to appoint data protection officers as part of setting data privacy standards in the collection and processing of personal data.