Privacy commission advises online sellers to protect customers’ data


The National Privacy Commission (NPC) is warning all online merchants or sellers against the unauthorized disclosure/processing and improper disposal of their customers’ personal data, which are prohibited acts under the Data Privacy Act of 2012 (DPA).

Instances of alleged bogus online sellers in Cebu have been brought to the attention of the Commission. These online sellers allegedly sent items to individuals who did not purchase them. These sellers may have acquired the individuals’ personal data through misuse, malicious disclosure, or improper disposal of information.

Privacy Commissioner Raymund Enriquez Liboro is calling on all online sellers to recognize and uphold the data privacy rights of their customers.

Online stores are required to employ reasonable and appropriate organizational, physical and technical security measures, the same way physical stores are mandated to perform. Section 25 of the Implementing Rules and Regulations of the DPA states that security measures must be intended to prevent “accidental or unlawful destruction, alteration, and disclosure, as well as against any other unlawful processing” of personal data.

“We call on owners and operators of online stores to adopt best data privacy practices and to always observe compliance with the Data Privacy Act. The lack of security and privacy practices compromises your customers’ personal data, which can only lead to your loss. Consumer trust, your income, and your reputation will suffer when unauthorized disclosure of personal data happens,” Liboro said.

Online sellers are strongly advised to collect only personal data that is necessary to the transaction; to be transparent by providing a privacy notice on their respective websites; to use customers’ personal data only for the declared purpose; to keep the data for a limited time and to securely dispose of such data, that would prevent further processing and/or unauthorized access or disclosure.

Tips for online shoppers

The Commission is likewise urging online shoppers to do their part in protecting their personal data. In September last year, the Commission shared an online shopping safety video under the PSST (Privacy, Safety, Security, and Trust) campaign to educate buyers on how to have a safe and secure online shopping experience.

Online shoppers are urged to “check them out before you check out” and read first the online shopping website or app’s privacy notice before transacting. Remember that explicit consent is needed before they can use personal data for secondary purposes (e.g., marketing, surveys) and avoid sharing more personal data than what is needed to complete the online purchase. Also, using a unique username and strong password for online shopping accounts is a must.

The Commission is also encouraging the general public to purchase only from legitimate, trustworthy, and secure online shopping websites. These secure websites have URLs that begin with HTTPS and have the padlock sign or image. In addition, online shoppers are reminded to check the website for security certificates based on international standards.