
The National Privacy Commission (NPC) of the Philippines has issued Advisory No. 2024-04, detailing crucial guidelines on applying the Data Privacy Act of 2012 (DPA) to Artificial Intelligence (AI) systems that process personal data. This move places the Philippines among a growing list of nations proactively addressing the ethical and privacy implications of AI.
As AI adoption accelerates globally, businesses, Data Protection Officers (DPOs), and HR leaders face increasing pressure to ensure that their systems comply with privacy regulations while maintaining fairness, accountability, and transparency.
The Global Context of AI and Privacy
AI systems are revolutionizing industries by analyzing vast amounts of data, automating decision-making, and providing actionable insights. However, these benefits come with significant risks, including potential misuse of personal data, algorithmic bias, and challenges to individual privacy rights.
Comparative AI Adoption and Regulation:
- Philippines: With an estimated 40% of businesses adopting AI technologies in 2023, the NPC’s guidelines aim to safeguard the 52 million Filipinos active online from misuse of personal data.
- United States: Nearly 91% of leading companies invest in AI, but privacy regulations are fragmented across federal and state laws, such as the California Consumer Privacy Act (CCPA).
- European Union: The General Data Protection Regulation (GDPR) offers the world’s most robust privacy framework, with provisions addressing AI-specific risks. As of 2024, 67% of EU companies using AI are under regulatory scrutiny to ensure compliance.
- Singapore: The country has implemented an AI Ethics & Governance Toolkit, with 76% of organizations reporting AI usage, surpassing the adoption rates in the Philippines and its ASEAN neighbors.
Why NPC’s Advisory is Timely
In the Philippines, 60% of organizations report that privacy risks pose a barrier to AI adoption. This advisory addresses a gap by ensuring that AI systems align with globally accepted standards, such as transparency, fairness, and accountability, while being tailored to local contexts.
The advisory applies to any AI system that processes personal data, from its development to deployment, including training and testing phases.
Key Takeaways from NPC’s Guidelines
1. Transparency
- Global Best Practices: Transparency is a cornerstone of the EU’s GDPR, requiring clear communication about data usage. Similarly, the NPC now mandates Personal Information Controllers (PICs) in the Philippines to:
- Explain the purpose, inputs, and risks of AI systems to data subjects.
- Use simple, plain language for accessibility across all demographics.
- What This Means Locally: With 94% of Filipino internet users accessing social media, transparency in AI-driven customer profiling or recruitment tools is paramount.
2. Accountability
- Governance and Ethical AI: PICs must implement governance mechanisms, including:
- Privacy Impact Assessments (PIAs)
- Creation of AI ethics boards
- Regular retraining and monitoring of AI systems
- Global Trends: In Singapore, 85% of businesses reported conducting similar assessments as part of their AI ethics programs, highlighting the growing demand for ethical AI governance frameworks.
3. Fairness
- Bias Mitigation: Addressing biases—whether systemic, human, or statistical—is critical to ensuring fairness. For example:
- In the United States, a 2022 study found 64% of AI models used in hiring exhibited bias against women or minorities.
- The NPC’s guidelines explicitly prohibit deceptive practices like “AI Washing” and mandate mechanisms to identify and mitigate bias.
4. Accuracy and Data Minimization
- Local Context: The Philippines faces unique challenges in maintaining data accuracy, with 23% of data breaches in 2023 attributed to outdated or incorrect records.
- Global Comparison: The EU and Singapore require organizations to validate and update datasets regularly, ensuring data quality for AI outputs.
5. Data Subject Rights
- Empowering Individuals: Filipinos will have mechanisms to exercise rights such as objection, rectification, and erasure, even in AI applications.
- Global Insights: A recent survey revealed that 75% of EU citizens are aware of their data rights, compared to just 40% in the Philippines. This gap underscores the need for stronger awareness campaigns in the country.
The Road Ahead: Implications for Businesses and HR Leaders
This advisory is a call to action for companies to integrate privacy by design into their AI systems. For HR leaders, this means ensuring that AI tools used in recruitment, employee monitoring, or performance evaluation comply with the following:
- Conduct regular Privacy Impact Assessments (PIAs).
- Establish clear AI ethics governance.
- Implement bias monitoring systems in AI-driven recruitment platforms.
- Ensure robust data subject rights mechanisms, especially for employees and job applicants.
A Spotlight on AI in Recruitment:
Globally, 67% of HR leaders are exploring AI to streamline hiring processes, but 48% worry about bias. In the Philippines, where talent acquisition often involves AI tools, HR professionals must be vigilant in ensuring ethical practices, particularly as brain drain and remote work trends create a more competitive landscape.
How the Philippines Measures Up
While the NPC’s efforts are commendable, the Philippines still lags behind global leaders like the EU and Singapore in AI governance. The implementation of these guidelines can position the country as a model for ethical AI in ASEAN, but only if businesses take proactive steps to comply.
Call to Action
The Institute of Data Privacy and Protection offers comprehensive training and resources to help businesses, DPOs, and HR leaders align with these new guidelines. We can help you:
- Conduct effective Privacy Impact Assessments (PIAs).
- Train your teams on AI ethics and privacy.
- Implement governance frameworks tailored to your industry.
Ready to take action? Reach out today to ensure your AI systems are compliant, ethical, and ready to build trust in the digital age.