Skip to main content

NPC Advisory No. 2023-01: Implications for Businesses and Data Privacy in the Philippines

NPC Advisory No. 2023-01: Implications for Businesses and Data Privacy in the Philippines

On November 7, 2023, the National Privacy Commission (NPC) of the Philippines issued Advisory No. 2023-01, providing crucial guidelines on deceptive design patterns. This advisory has significant implications for businesses operating in the Philippines, particularly those with digital interfaces that process personal data. Here’s what you need to know:

What Are Deceptive Design Patterns?

The NPC defines deceptive design patterns as “design techniques embedded on an analog or digital interface that aim to manipulate or deceive a data subject to perform a specific act relating to the processing of their personal data.” These can be categorized into two main types:

1. Appearance-Based Deceptive Design Patterns

2. Content-Based Deceptive Design Patterns

Key Points of the Advisory

1. Impact on Consent

The use of deceptive design patterns can invalidate a data subject’s consent, potentially rendering the processing of personal data unlawful. This aligns with the NPC’s previous Guidelines on Consent, which emphasize that consent must be freely given.

2. Transparency and Fairness

The advisory underscores the importance of transparency in presenting information to data subjects. User interfaces must provide clear, concise, and straightforward language about data processing activities. Moreover, the principle of fairness dictates that data processing should not be detrimental, discriminatory, unexpected, or misleading to data subjects.

3. Accountability and Privacy by Design

Personal Information Controllers (PICs) are held accountable for the data they process through analog or digital interfaces. The advisory also emphasizes that using deceptive design patterns is inconsistent with the obligation to adopt a Privacy by Design approach.

Implications for Businesses

1. Review of Digital Interfaces: Companies should conduct thorough audits of their websites, apps, and other digital platforms to identify and eliminate any deceptive design patterns.

2. Consent Mechanisms: Businesses must reassess their consent acquisition processes to ensure they are transparent, fair, and free from manipulation.

3. User Experience (UX) Design: UX designers and developers need to be aware of these guidelines to create interfaces that respect user privacy and autonomy.

4. Privacy Policy Updates: Organizations may need to update their privacy policies and consent forms to align with the advisory’s requirements.

5. Training and Awareness: Staff involved in UI/UX design, data processing, and privacy compliance should be trained on recognizing and avoiding deceptive design patterns.

The NPC’s Advisory No. 2023-01 represents a significant step towards protecting data subject rights in the digital age. It places the onus on businesses to ensure their digital interfaces are designed with privacy and transparency in mind. Non-compliance could lead to invalidated consent and potential regulatory action.

As the digital landscape continues to evolve, it’s crucial for businesses to stay informed about such regulatory developments and adapt their practices accordingly. This advisory serves as a reminder that data privacy considerations should be at the forefront of digital design and user experience strategies.