Republic Act 10173: Know Your Data Privacy Rights

Ever filled out an online form and paused, wondering where your information goes?
Or received a text from a brand you never signed up for?
You’re not alone.

That uneasy feeling is what the Data Privacy Act of 2012, or Republic Act 10173, was designed to fix.
This law protects how your personal information is collected, stored, shared, and even deleted.
It applies to both government offices and private companies, from your barangay health center to the bank you use.

At the heart of this law is the National Privacy Commission (NPC).
They make sure that people and companies follow the rules when it comes to your data.
Know your rights under the law, how to act when those are violated, and what all of this really means for you.

Data Privacy Act
Image generated for illustration purposes only

Why This Matters

Every day, you give away bits of personal information.
When you register for a SIM card, open a bank account, apply for a job, or shop online—your data gets collected.

But here’s the catch:
Without strong rules, that data could be used without your knowledge or even sold to strangers.

The Data Privacy Act helps ensure:

  • Your data is not misused
  • You’re informed about where your data goes
  • Only the needed information is collected

This law matters if you’re a student, employee, parent, or business owner.
If you share your name, number, address, ID, or health details—you’re covered.

The Three Golden Rules of Data Privacy

The law follows three core principles:

  1. Transparency
    You must be told how your information will be used.
    For example, if you’re signing up for a loyalty card, they should explain what data they’ll collect and why.
  2. Legitimate Purpose
    Organizations should only collect data for a clear and legal reason.
    If you’re applying for a driver’s license, they need your photo and ID—not your personal financial history.
  3. Proportionality
    Only the data needed for that purpose should be gathered.
    If you’re attending a seminar, they might need your name and email—but not your birth certificate.

Your Rights Under the Data Privacy Act

Now, let’s focus on what the law gives you—the data subject.
These are your rights.

Right to be Informed
You have the right to know why your data is collected, how it will be used, and who will have access to it.
This should be written in clear language—not legal jargon.

Right to Access
You can ask any organization to show you the personal data they hold about you.
You also have the right to know how it’s being processed and if it’s being shared.

Right to Object
You can say no to having your data processed or shared, especially for marketing.
No one should spam your phone with promos you didn’t ask for.

Right to Rectify
Found an error in your record? You can request that it be corrected.
This is helpful for school or employment records.

Right to Erasure or Blocking
You may ask to delete or block your data if it’s no longer needed or if it was collected without your permission.

Right to Data Portability
You have the right to obtain a copy of your data and move it to another service provider.
This is useful when switching internet or telecom providers.

Right to Damages
If your data was misused or leaked, you can file for damages.
This covers the harm caused—like stress, loss of trust, or even stolen identity.

PDF Download: Republic Act No. 10173 (Data Privacy Act of 2012)

Access the complete text of Republic Act No. 10173, also known as the Data Privacy Act of 2012, through this official PDF from the Department of Trade and Industry (DTI).
This document outlines your rights to data protection, the responsibilities of organizations handling personal information, and the penalties for violations.
It serves as a full reference for individuals, businesses, and institutions that collect, store, or manage personal data.

RA-10173-Data-Privacy-Act-of-2012_page-0001
Credits: DTI

What Happens When Your Rights Are Violated?

Let’s say your personal medical history was shared without your OK.
Or your ID photo ended up in a Facebook post from a company you don’t know.

Here’s what you can do:

  1. File a complaint with the NPC
    Visit privacy.gov.ph and fill out the complaint form.
    You’ll need basic details and a short explanation of what happened.
  2. Wait for investigation
    The NPC will review your case and may call a meeting between you and the organization involved.
  3. Get protection
    If they find the organization guilty, they can issue warnings, fines, or even file criminal charges.

Penalties for Breaking the Law

The Data Privacy Act has real consequences.
Here are some examples of what violators may face:

  • Unauthorized data processing: 1 to 3 years in prison and a fine up to ₱500,000
  • Improper disposal of data: Up to 6 years in prison
  • Accessing personal data without consent: 3 to 6 years in prison and a fine up to ₱1,000,000

Whether you’re a big company or a small shop, once you collect personal data, you must protect it.

How to Keep Your Personal Info Safe

While the law protects you, prevention is still the best step.

Here’s what you can do:

  • Never share sensitive info (ID, address, birthday) on public chats or posts.
  • Always check if websites have “https” and privacy policies.
  • Ask why and how your data will be used before signing up for anything.
  • Report suspicious activity to the National Privacy Commission.

Think of your personal data as your digital fingerprint—it’s uniquely yours and deserves protection.

Frequently Asked Questions

  1. Is it legal for businesses to collect my ID for delivery?
    Yes, if it’s part of verifying your identity for a transaction, and they explain why it’s needed.
  2. Can I ask a school or company to delete my records?
    You may, especially if they no longer need them. But some records may be kept for legal reasons.
  3. What should I do if someone posts my info without permission?
    Take screenshots, report the post, and file a complaint with the NPC.
  4. Do small businesses also need to follow this law?
    Yes. Any group that collects and stores personal data—big or small—must follow the law.

Conclusion

Data privacy isn’t just a legal topic—it’s part of your daily life.
Every click, swipe, or signup involves a choice about what you share and who you trust.

Knowing your rights gives you the power to speak up, ask questions, and take action.
And while the law won’t stop all risks, it gives you the armor to fight back when needed.

So next time someone asks for your data, pause.
Ask questions.
Stand firm.
Your information matters.

error: Content is protected !!