NPC gathered Telcos to address data privacy concerns on the SIM Registration Act

The National Privacy Commission (NPC) convened with Telecommunications Companies (Telcos) on 29 December 2022, specifically to address the public’s data privacy concerns in relation to the effectivity of Republic Act No. 11934 also known as the “Subscriber Identity Module (SIM) Registration Act.”

The registration officially commenced on 27 December 2022 wherein it gathered various concerns from the public including matters relating to terms and conditions, and privacy policies being implemented by Telcos. The meeting was called by Privacy Commissioner John Henry Naga to shed light on these concerns, including the notices and tick-boxes that may be displayed on Telcos’ websites and mobile applications asking for the users’ permission or consent in using their personal data submitted for marketing, profiling, or sharing with third-party partners.

Smart Communications Inc., (Smart) clarified that these are just optional and are being included to determine whether the SIM card is being used by an individual or a juridical entity. Similarly, Globe Telecom (Globe) stated that the option for their clients to allow the receipt of commercial and promotional alerts, and third-party sharing, among others were only optional while Dito Telecommunity’s (Dito) SIM Card Registration which can be accessed through its application did not include other tick-boxes asking for consent on marketing, profiling, or sharing with third-party partners.

In this light, Privacy Commissioner Naga directed Telcos to totally remove the notices and tick-boxes pertaining to data sharing with third-party entities. He further directed Telcos to put on a separate page the notices and tick-boxes related to commercial and promotional alerts. Telcos assured that the users have the ability to opt out in receiving promotional alerts through SMS and email request, among others. In addition, he instructed Smart, Globe, and Dito to include modifications and improvements on their websites and applications to further comply with the Data Privacy Act of 2012.

“Telcos must ensure the secure, ethical, and responsible handling of data, especially in all data processing being conducted in compliance with the SIM Registration Act,” the Privacy Chief stated. He added that “[t]heir obligation to comply with the SIM Registration Act comes hand-in-hand with ensuring that data privacy and protection is upheld. Such includes the implementation of mechanisms that would guarantee the security of the data collected for the purposes of the SIM Card Registration.”

Telcos agreed and committed to implementing the changes on its SIM Card Registration websites and mobile applications as soon as possible. In the meantime, Telcos will remove the notices and tick-boxes related to commercial and promotional alerts until they have modified their websites and application to put these consent options on a separate page. Furthermore, the Commission maintains that protecting citizens’ privacy and ensuring that data privacy rights of mobile users are upheld as one of the cornerstones for the successful implementation of the SIM Card Registration. The Commission will continue to closely coordinate with Telcos and other stakeholders for the proper implementation of the law.