Module 1 - Introduction to Privacy and Data Protection


A proper appreciation of privacy—how it is defined and sometimes classified, as well as how it evolved into a modern-day social concern—is critical for anyone seeking to understand current data protection (or data privacy) policies and practices here in the Philippines and abroad.

The concept predates data protection. This means it has been discussed more thoroughly not just in scholastic literature, but also in courtrooms, lecture halls, business venues, and various other settings. It is this long and comprehensive history that guides today’s technologies and the policies and guidelines designed to govern them.


The concept of privacy is been around for quite some time:

  • It is referenced numerous times in the laws of classical Greece and in the Bible.

  • The concept of the freedom from being watched has historically been recognized by Jewish law.

  • Privacy is recognized in the Qur’an and in the sayings of Mohammed.

  • (1890) Samuel D. Warren and Louis Brandeis published “The Right to Privacy” in the Harvard Law Review, setting forth the essential definition of privacy as “the right to be left alone”.

Since then, numerous other individuals, organizations, and world bodies have proposed their own definitions for privacy.


Numerous individuals and organizations have proposed their own privacy definitions. Some definitions include:

  • the right to be left alone

  • the desire of people to freely choose the circumstances and degree to which individuals will expose their attitudes and behavior to others.

  • a means to protect an individual’s independence, dignity, and integrity.

  • right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information.

Classes, Types, or Aspects

Most literature on the subject identify four distinct areas or aspects of privacy:

  • Data (Informational) privacy is concerned with establishing rules that govern the collection and handling of personal information.

  • Bodily privacy is focused on a person’s physical being and any invasion thereof.

  • Territorial privacy is concerned with placing limits on the ability to intrude into another individual’s environment. “Environment” is not limited to the home; it may be defined as the workplace or public space.

  • Communications privacy encompasses protection of the means of correspondence, including postal mail, telephone conversations, e-mail and other forms of communicative behavior and apparatus.


  • Essential to human dignity. It protects people from being mis-defined and judged out of context. It is a requirement for maintaining the human condition with dignity and respect.

  • Enabler of other human rights. For instance, it protects freedom and self-expression. Freedom is impossible in a society that refuses to respect the fact that people act different in private than in public. (related concepts: anonymity, freedom of assembly, freedom of association, etc.)

  • Protection from unwarranted surveillance

  • Protection from identity theft, profiling, and discrimination (including other types of oppression and abuse)

  • Key to autonomy and creativity

  • Makes intimacy possible. It is necessary for the formation of intimate relationships. It allows us to act appropriately in whatever setting we find ourselves.

  • Makes social life, professional interactions, and democracy possible

Privacy Laws (International)

The legal protection of privacy rights also has a long history. Among the notable policies include:

  • (1948) UN’s Universal Declaration of Human Rights

  • (1948) Organization of American States’ American Declaration of the Rights and Duties of Man.

  • (1950) Council of Europe’s European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR).

  • (1966) International Covenant on Civil and Political Rights

  • (1969) American Convention on Human Rights

  • (1989) UN Convention on the Rights of the Child

Privacy Laws (Philippines)

  • 1987 Philippine Constitution:

  1. No person shall be deprived of life, liberty, or property without due process of law, nor shall any person be denied the equal protection of the laws. (SECTION 1, ARTICLE III)

  2. The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures of whatever nature and for any purpose shall be inviolable, and no search warrant or warrant of arrest shall issue except upon probable cause to be determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized. (SECTION 2, ARTICLE III)

  3. (1) The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise as prescribed by law.

(2) Any evidence obtained in violation of this or the preceding section shall be inadmissible for any purpose in any proceeding. (SECTION 3, ARTICLE III)

  1. The right of the people, including those employed in the public and private sectors, to form unions, associations, or societies for purposes not contrary to law shall not be abridged. (SECTION 8, ARTICLE III)

  2. No person shall be compelled to be a witness against himself. (SECTION 17, ARTICLE III)

  3. The Congress shall give highest priority to the enactment of measures that protect and enhance the right of all the people to human dignity, reduce social, economic, and political inequalities, and remove cultural inequities by equitably diffusing wealth and political power for the common good. (SECTION 1, ARTICLE XIII)

  • Some international human rights instruments form part of Philippine Law by virtue of the Doctrine of Incorporation.

  • Philippine statutes and executive issuances:

  1. Privacy of One’s Home (see: Civil Code, Revised Penal Code)

  2. Privacy of Communication (see: Civil Code, Revised Penal Code, RA 4200 or the Anti-Wire Tapping Act of 1965, RA 9732 or Human Security Act of 2007)

  3. Privacy of Information

  1. Privacy of Bank Deposits and Investments (RA 1405 or the Secrecy of Bank Deposits Act, Foreign Currency Deposit Act of 1974, BSP Circular No. 542 [2006], RA 9160 or the Anti-Money Laundering Act (AMLA) of 2001, RA 8424 or the Tax Reform Act of 1997, RA 3019 or the Anti-Graft and Corrupt Practices Act)

  2. Privileged Communication (see: Rules of Court, Code of Professional Responsibility for lawyers, Revised Penal Code)

  3. Privacy of Information in certain Legal Proceedings (see: RA 7610 or the Special Protection of Children Against Abuse, Exploitation and Discrimination Act, RA 9262 or the Anti-Violence Against Women and Children (Anti-VAWC) Act of 2004, Supreme Court Administrative Matter No. 04-10-11-SC, RA 8505 or the Rape Victim Assistance and Protection Act of 1998, Rules of Court, RA 7160 or the Local Government Code of 1991)

  4. Privacy of Information Submitted to Government as required by Law (see: RA 7919 or Alien Social Integration Act of 1995, RA 1161 or the Social Security Law of 1997 [as amended by RA 8282], Executive Order No. (EO) 420 of 2005, National Internal Revenue Code)

  5. Privacy of Information Acquired by Private Persons in the course of Work (see: Revised Penal Code, RA 8504 or the Philippine AIDS Prevention and Control Act of 1998)

  6. Privacy in the Right to Personal Information Collected by Public and Private Entities (see: 2008 Rule on the Writ of Habeas Data)

  7. Privacy of Information contained in Electronic Files (see: RA 8792 or the Electronic Commerce Act of 2000, Department of Trade and Industry (DTI) issued Administrative Order No. 8)

Data Privacy


It refers to the individual’s control over his or her personal data.

  • WHO can collect and use personal data

  • WHAT personal data can be collected and used

  • WHEN can personal data be collected or used

  • WHERE can personal data be collected or used

  • HOW can personal data be collected and used


With the emergence of information technology in the 1960s, so did the need for more detailed rules that protect individuals by protecting their (personal) data.

In 1970, the German state of Hesse enacted the first known modern data protection law. This was motivated in part by the growing potential of IT systems as well as an attempt to prevent a reoccurrence of the personal information abuses that took place under Hitler’s Third Reich, before and during World War II.

By the mid-1970s, the Committee of the Ministers of the Council of Europe had adopted various resolutions on the protection of personal data, by referring to Article 8 of the European Convention on Human Rights (ECHR).

Over the next decade, several European countries enacted national privacy laws of differing objectives and scope.

Data Protection/Data Privacy Laws

  • (1970) The German state of Hesse enacted the first known modern data protection law.

  • (Mid-1970s) The Committee of the Ministers of the Council of Europe had adopted various resolutions on the protection of personal data, by referring to Article 8 of the European Convention on Human Rights (ECHR).

  • Other countries that came up with data protection laws: Sweden, U.S., Germany, and France

  • (1980) OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data [updated: 2013]

  • (1981) Convention for the Protection of Individuals with regard to the Automatic Processing of Data [addt’l protocol: 2001]

  • (1990) UN Guidelines concerning Computerized Personal Data Files

  • (1995) EU Directive on Data Protection

  • (2000) Charter of Fundamental Rights of the European Union

  • (2004) Asia Pacific Economic Conference Privacy Framework

  • (2016) General Data Protection Regulation

  • (2016) approximately 108 national data protection laws

Data Privacy Regimes

  • Comprehensive

  • Sectoral

  • Co-regulatory

  • Self-Regulatory

  • Technology-based