The Philippine National Privacy Commission (NPC) has released an official advisory outlining the application of the Data Privacy Act of 2012 (DPA) to artificial intelligence (AI) systems that process personal data. The move, announced on December 19, 2024, marks a significant step in regulating AI technologies while ensuring the protection of personal information in the country.
The advisory explicitly states that the DPA and its Implementing Rules and Regulations apply to AI systems involved in processing personal data, including their training, testing, and deployment phases. The guidelines aim to ensure that AI development aligns with the principles of transparency, accountability, fairness, accuracy, and data minimization, as mandated by the DPA.
Under the guidelines, personal information controllers (PICs) must inform data subjects about the nature, purpose, and extent of AI-driven data processing. This includes disclosing risks, expected outputs, and available dispute mechanisms. PICs are also required to implement governance mechanisms such as Privacy Impact Assessments and the integration of privacy-by-design principles.
The guidelines call for the creation of AI ethics boards and require mechanisms for meaningful human intervention in automated decision-making processes. PICs are also tasked with monitoring AI systems regularly to ensure their operations remain ethical and compliant with privacy laws.
To address the risks of bias in AI, the NPC has mandated that PICs monitor systemic, human, and statistical biases in their systems. Organizations must implement measures to mitigate these biases, ensuring that AI systems do not produce manipulative or oppressive outcomes for data subjects.
The advisory reinforces the importance of upholding data subject rights, including the right to object, rectify, or erase personal data. Mechanisms must be in place to allow data subjects to exercise these rights effectively, even if their data has been integrated into AI datasets.
The NPC plans to provide additional guidance and training to help organizations comply with these new requirements. Organizations using AI systems are encouraged to review their data privacy practices and implement the necessary adjustments by 2025.
Need Help?
If you have questions or concerns about any global guidelines, regulations and laws, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.
