The closure of Jollibee Foods Corporation ordered by the National Policy Commission brought by the

identified vulnerabilities in its site, aligns with the principles of R.A. No. 10173 or the Data Privacy Act of
2012. The identified vulnerabilities is said to put into high risk personal data of approximately 18 million
people which covers its customers and applicants. These data included their names, email addresses,
home addresses, contact numbers, and resumés. Under the Data Privacy Act, such information fall
under personal information which is information strictly protected by the Act. Jollibee Foods
Corporation which was entrusted with all these personal information has the obligation to implement
security measures aimed at ensuring the confidentiality, integrity, and availability of all these data. With
the vulnerabilities that surfaced which threatened the privacy of all these data, it is only rightful that
action be taken immediately. Also, Jollibee Food Corporations customers and job applicants are entitled
to such actions and Jollibee Food Corporations is obligated to uphold the rights of the data subjects and
adhere to general data privacy principles.

R.A. No. 10173 or the Data Privacy Act also applies to the use of webcams in online learning. The turning
on of webcams shares various personal information relating to the student to everyone else that are
present in the meeting room. For one, it shares information regarding the place that the student lives.
Another, it also exposes details regarding the personal life of the student. And then lastly and very
importantly, it exposes the face of the student turning on the webcam. Once the webcam is turned on,
the people who have access to these information gets to be able to use everything they see without
regard to the privacy of those involved. This interferes with the data subjects’ right to access their
shared information. They fail to be able to access how all the personal data they have shared or
accidentally shared in the video meeting, is being processed or used. It also gets in the way of the
students’ right to erasure or blocking. It will be difficult to exercise their right to suspend, withdraw or
order the blocking, removal or destruction of his/her personal information once it gets collected by
unauthorized persons or used for unauthorized purposes. The risk for violation of data privacy is
increased further if the meeting is recorded and shared with other classes. Furthermore, even if the
teacher and all the students in the meeting get to be monitored closely enough, there is still the risk of
outsiders or hackers getting access to the meeting. Consent of the students who will be asked to the
turn on their webcams is then key to this. Teachers must ask for the students’ consent with regards to
opening their webcams, recording the meeting, as well as sharing the recording meeting with other
classes. Stated under Section 12 of the Data Privacy Act is the criteria for lawful processing of personal
information, or under General Principles of Data Sharing, and this states the strict requirement for the
consent of the data subject.

The student’s education data under the care of the school is also protected under R.A. No. 10173 or the
Data Privacy Act. Personal information relating to education is even classified under sensitive personal
information which requires greater cautions for processing and protection. This includes the students’
grades and outputs. The processing of sensitive personal information for this case is prohibited and only
allowed if the data subject gives his/her consent specific to the purpose prior to the processing. The
educational institution must then have the consents of its students and use it only for allowed and
legitimate purposes and never for personal use. Many activities of schools today in relation to the ‘new
normal’ exposes to a significant to high risk the protection of the personal data of its students. It is then
definitely ideal for schools to secure safe platforms for their online activities.

People has a fundamental human right of privacy. Personal information can be very useful for many
things and truthfully, many people is still unaware of how much value their data actually has. The State
recognizes its inherent obligation to ensure that personal information in information and
communications systems in the government and in the private sector are secured and protected hence
the creation and strict implementation of the Data Privacy Act of 2012.