THE National Privacy Commission (NPC) has issued a cease-and-desist order (CDO) to the website PiliPinas2022.ph for multiple violations of the Data Privacy Act.
The NPC has also urged the National Telecommunications Commission (NTC) to take down the website.
NPC issued the order after the Complaints and Investigation Division (CID) scrutinized PiliPinas2022.ph amid concerns that the website’s continued operations could violate the privacy of voters who were enticed to participate in the survey.
“Not only are data subjects misinformed about the true purpose and further processing of their personal information, but they are also left in the dark as to who will be held accountable in case their personal information is used for unlawful purposes,” the CID findings stated.
“The website’s continued operation is a palpable risk that can cause grave and irreparable injury to affected data subjects,” it added.
In a statement, NPC quoted the CID as concluding the website did not meet the “lawful criteria” needed to process personal information.
NPC also said PiliPinas2022.ph failed to comply with “the general data privacy principles of transparency, legitimate purpose, and proportionality.” This indicates that the processing of collected personal information is not being done fairly and legally.
The agency also said the website’s processing of personal information was “detrimental to national security or public interest” because it did not specify the purpose of collecting information from survey respondents.
NPC said the CDO was signed by Privacy Commissioner Raymund E. Liboro, and Deputy Privacy Commissioners John Henry D. Naga and Leandro Angelo Y. Aguirre.
Naga, who penned the order, said the NPC would not tolerate the act of misinforming data subjects, especially voters, on how and why their personal information was being collected.
“We also call on voters to be more vigilant and cautious in joining initiatives or campaigns that collect their personal data with questionable intentions,” Naga added. The NPC directed PiliPinas2022.ph to file a comment within 10 days from receipt of the order, and to stop processing personal data on its database until the Commission issues a decision on the submission of the comment.
The agency also sent the CDO to the email address of PiliPinas2022.ph whose owners and operators have remained unidentified.
The Commission on Elections (Comelec) earlier said that PiliPinas2022.ph was not affiliated with the election body.
The Comelec reminded the public to think twice before clicking “online survey” websites created and managed by unknown entities as these may pose security risks.