Reports of alleged data privacy violations relating to filling out contact and health declaration forms this COVID-19 pandemic surfaced online following a viral Twitter post.
A Twitter user on Wednesday claimed of receiving text messages from a staff when she went to the Fort Bonifacio Elementary School in Makati City to get vaccinated against COVID-19.
She also added that she had signed a data privacy form in the process.
Based on the screengrabs of the text messages she shared on the platform, the staff had identified himself as “Jhay” and inquired about her room number during the vaccination.
The Twitter user ignored this but the messages didn’t stop. He asked her if she was already home, to which she responded and then asked for his name.
“Jhay” then said that she might be “angry” as he got her number.
The online user responded that she signed a data privacy form and pointed out that the details she has disclosed should be used for officials reasons only.
The Twitter user in the replies thread said that the legal unit of Makati has already reached out to her regarding her complaint. She vowed to coordinate with them.
Following her experience, other online users bared of allegedly encountering similar incidents as well, particularly after signing up for contact tracing or health declaration forms in different establishments.
“Makes me wonder too because I (started) receiving unwanted promotions from random people when I used my real number filling [out] health declaration forms,” a different Twitter user claimed.
“This happens to me a lot and this has started since pandemic, when we need to fill out health declaration forms before entering an establishment. Nakakatakot, at the same time, nakakagalit, because why do they think it’s okay to do this?” another online user commented.
“Same with ‘contact tracing forms’ when we all know that NO CONTACT TRACING IS EVER DONE FOR REAL. I’ve been blocking and reporting at least 5 numbers a day since to the NTC since the lockdown began. #NationalPrivacyCommission,” shared a different Twitter user.
Another Filipino online user urged those who have encountered similar instances to exercise their “right to file a complaint” to concerned agencies.
“These kinds of malicious use of personal information are unacceptable. Know your rights as a data subject in RA 10173. This should stop,” she wrote.
RA 10173 is the Data Privacy Act of 2012 which aims to protect all forms of information, whether it be private, personal, or sensitive.
It is meant to secure the fundamental human right of privacy while at the same time, ensure the free flow of information to promote innovation and growth.
The National Privacy Commission (NPC) is the agency tasked to administer and implement provisions of the law.
Those concerned can report a complaint about data protection issues through their website.
Last year, the Palace reminded establishments to uphold data privacy in handling people’s contact tracing data for pandemic-related purposes.
The reminder came after the NPC bared that people have been complaining about the “the improper use of logbooks and the lack of appropriate data-protection measures that left in the open filled-out contact-tracing forms that contain customers’ data, such as names, addresses and contact details, which other people could see.”
Other concerns were that “personal data were used for purposes other than contact tracing in the absence of a privacy notice and baseless retention period.”
Establishments have been mandated to secure data from people for the sole purpose of contact tracing and for health declaration forms this COVID-19 pandemic.
These are done through QR codes or by manually filling out a form.