Through the Digital Lens 1: Composed of IT experts coming from a wide array of variety, the two-day event gathered the Philippine IT Community to collectively discuss and contextualize the concept of Digital Justice in the Philippines, and provide insights on other issues surrounding the said topic. The four core concepts that were discussed at the event were Data Ownership, Data Protection, Data Infrastructure, and Data Democracy.
The participants in the online round table discussion on the issue of Data Ownership in the context of Data Justice in the Philippines were Nick Tobia, Senior Consultant on Social Impact Data Analytics of CyrroLytix; Kim Gargar of AGHAM National; and Brandon Jake Valeros of FEU Computer Engineering Org.
Here are the important insights produced from the discussion:
Key Principle 1: Data subjects must own their data—individually and collectively
- Are the provisions in the Data Privacy Act of 2012 sufficient to most, if not fully, cover aspects of individual and collective data ownership? Expound.
- What else can be done to protect both individual and collective data ownership in the country?
The provisions in the Data Privacy Act of 2012 are not sufficient to cover aspects of individual and collective data ownership. Several instances prove that this is the case, one such instance is the Comeleaks which happened in 2016. The provisions in the 2012 act were not enough to stop it. There is also a lot of ground to cover when it comes to technology, so it is hard to cover most of the cases in just the provisions. Also, laws need to catch up with the current situation, especially in technology where everything is evolving at a fast rate.
Key Principle 2: Our data requires protection from abuse
- Are there specific instances of data abuse in the Philippines? Expound.
- Do we have sufficient local support in terms of infrastructure, institutions, and policies to protect Filipinos from data abuse? If not, what else should be done to be able to cover this principle?
While there is local support in terms of infrastructure, institutions, and policies to protect Filipinos from data abuse (ex: writ of habeas data), these are still not enough. One area that is lacking is the implementation details, a lot of the details are skimmed or not thought out which leads to ineffective and insufficient implementation. In some cases, this leads to hopelessness in Filipinos, because of the lack of implementation there is no clear way for Filipinos to exercise their rights to protection from data abuse, so they may end up giving up because to them there is nothing, they can do about it.
Key Principle 3: We need the tools to control our data
- What tools can we as Filipinos feasibly use to control data access and usage, considering (what you perceive to be) the state of ICT in the country?
- How can we standardize the usage of such tools, considering the social, political, and economic conditions of the country?
There are no tools (that we knew during the discussion) that we as Filipinos can feasibly use to control data access and usage, though we have skilled Filipinos who can make these. This can be considered a challenge to the IT Experts in the Philippines to get out of their comfort zone and use their skills to help the Filipinos.
Key Principle 4: Data commons need appropriate governance frameworks
- Are there existing governance frameworks in the Philippines that cover data commons? Provide details, if possible.
- What else could be done to reach a point where there are appropriate frameworks in place for data commons?
While there are existing governance frameworks in the Philippines that cover data commons (ex: in Bangsamoro), these are not utilized properly (or at all), so that data is just sitting in the cloud taking space but never used to process user information. These frameworks however are more common and better utilized in private sectors, so there is potential for the public sector to do the same thing. Besides, more attention should be given to promote the existence of these data commons so that tech experts would be aware that these kinds of data exist to attract skilled people who may be able to process the data.
The participants in the roundtable discussion on the issue of Data Protection in the context of Data Justice in the Philippines were Dr. Sony Valdez, Director of Community Relations at Python PH; Mac Andre Arboleda, President of UP Internet Freedom Network; and Rick Bahague of the Computer Professionals’ Union.
Key Principle 1: Data protection, sharing and use require new institutions
- Are the existing local public institutions (DICT, NPC, etc.) in place sufficient to ensure data protection?
- What other aspects of data sharing and data use needs to be covered by local public institutions?
Local public institutions that are responsible for the overall state of data protection already exist, although they are criticized for not doing enough. They are also hard to trust to comply with their promise of data protection because of several reasons—one having an undersecretary appointee. Institutions need to talk more about data protection and data privacy (macro-level to smaller levels). Colleges, universities, and offices need to have their policies but this would still depend on NPC, DICT, or even CHED to guide them in policy-making. Data-sharing needs are coming from the public. The availability of these resources and local initiatives exists but there is a disconnect in the integration of data to make it a national asset.
Currently, the main law for data protection is the Data Privacy Act (DPA) but it is inadequate because it is not framed on how to protect data subjects, more on who gets off the hook or can be acquitted or exempted in cases of data violation. The appreciation of data privacy not enough and not ingrained in our culture that when you hand over information to the government, there is a prejudice that it would not be used maliciously.
Key Principle 2: Data-creating work ought to come with data rights
- Are data creators and generators in the Philippines aware of the concept of data rights? If not, what could be done to remedy this?
- Do we have sufficient local support in terms of infrastructure, institutions, and policies to look after the data rights of data creators and generators? If not, what else should be done to be able to cover this principle?
There is a lack of appreciation for data privacy and the concept of owning data from the public. The concept of data rights is also foreign to many thus making it very easy to get or give personal info either accidentally or maliciously. Lacking appreciation for data privacy and the concept of owning data. The concept of data rights is also foreign to many. Very easy to get personal info either accidentally or maliciously. Similar to SOGIE training for employees, we also need training for data privacy and protection, not just regarding data handled within the office but also on the personal level. An improvement on policies and public dissemination on why data protection is important, as well as constant reminders about risks of sharing/oversharing. There is a need for mainstream discourse on how the data is being handled (ex. data for contact-tracing) and active officers/members within the institutions to enforce/improve policies (DPOs).
The Philippines is not a completely digital country yet, so the knowledge of data as part of the person is unfamiliar. More people in institutions are older so they do not understand the risks imposed when data is shared which might be why policies and the education system are also not wary of these dangers. Regardless of the current condition, it is still needed to be ingrained in the culture. The sense of wanting to have privacy is connected to the concept of data rights (e.g., Filipinos as #1 social media users/not very private people). There needs to be included in our education system as part of the curriculum.
Key Principle 3: Data should be processed close to its point of origin
- How applicable/feasible is this in the Philippine setting?
- Do we have sufficient local support in terms of infrastructure, institutions, and policies to support this principle? If not, what else should be done to be able to cover this principle?
The idea of processing data near its point of geographical origin is applicable in the Philippines but is still not implemented. There is a lack of local support for building the necessary infrastructure. A lot of tech expert relies on tech abroad. Services are stored outside because it is cheaper. People are also inclined to avail services offered as full/complete vs. starting/managing a new project without making sure how sustainable it is. More public discourse is needed for this. A lot of techs rely on tech abroad. Services are stored outside because cheaper. Data centers in the Philippines are costly and possibly also hard to install due to blocking policies. Initiatives are also not explored as much. Encouragement/incentives from the government are essential to put up data centers, but services should be accessible (i.e., viable for developers to use, to increase demand for local data centers). More importantly, it needs to be controlled by legislation/gov’t needs to intervene only in what is beneficial for us.
The issue of ISPs sending data outside the country (causing latency/delays) to avoid additional charges can be addressed by creating infrastructures to interconnect ISPs within the country that are already existing (ex. DOST’s). The important and missing ingredient is the initiative from the government to get major ISPs to interconnect. There is also a need to put into context and raise awareness of the risks of sending out/processing important data outside the country to put this issue in the spotlight.
Key Principle 4: Cross-border data flows must be decided nationally
- Do we have sufficient national institutions and policies in place to ensure data sovereignty?
- What else can be done to guarantee data sovereignty in the Philippines?
There is an emerging policy-making concept related to cross-border data flows. NPC created this about the European Union’s General Data Protection Regulation (GDPR). A good example of this is when BPOs cannot get clients without equivalent privacy laws to GDPR. Locally, private companies catering to EY are affected by GDPR. With regards to the data sovereignty in private entities, office data cannot be shared outside the office premises; this same idea applies to other institutions in the country. Regardless of services, data should be confined within the borders of the country.
The government needs to know if and when you are exporting data, and legal frameworks for it should exist. It is hard to protect/impose data rights if the basic backbone for data sovereignty does not exist. Data is harder to trace if it is stored locally. The shift from being reactive to proactive in terms of responding to problems in ICT remains a challenge for the government. On the part of the IT/CS field, the challenge lies in how to convince/propagate information to the public so more people would be aware of the importance of this topic.
The participants in the roundtable discussion on the issue of Data Infrastructure in the context of Data Justice in the Philippines were Reynier Tasico of PWA Philippines, Rom Feria of the UP Diliman Department of Computer Science), Zorex Salvo of PythonPH, and Francis Quintana of AGHAM Educators.
Key Principle 1: Techno-structures need to be reclaimed as personal and public spaces
- Are techno-structures considered personal and public spaces in the Philippines? Why or why not?
- What do you think are key steps that need to be taken to reclaim techno-structures in the Philippines as personal and public spaces?
Regarding reclaiming techno-structures as personal and public spaces, first, it must be recognized that the focus of reclamation should be towards Big Tech, who tend to monopolize ownership, control, and access to techno-structures, and not necessarily the entirety of the Internet. This is because the Internet was built as a public utility, and as such should be recognized as public spaces, to begin with. Applying to the local setting, the Internet must therefore be legally recognized as a public utility. Once that is done, there is then a need to clarify which techno-structures have to be prioritized to be made public. It is noted, however, that national policies are lagging and reactive in terms of keeping up with technology, therefore policymakers need to be proactive to be able to properly maintain techno-structures as public spaces. There are some problems though with reclaiming techno-structures as personal spaces as the concept of “personalness” is difficult. Thus, boundaries must be defined on what “personal” should mean to be able to proceed on determining how best to reclaim techno-structures as personal spaces. It should be noted though that generally, and also here in the Philippines, personal artifacts such as data ceases to be personal if one chooses to have it used for some services. Ultimately though, the power to determine whether techno-structures have to be made personal/public should best be given to the consumers.
Key Principle 2: We should own our software and be able to control it
- What do you think are key policies that the Philippine government should push to enable individuals to fully own and control their software?
- In the Philippine context, what are the hindrances for individuals in owning and controlling the software they install in their personal or collectively owned equipment?
Regarding ownership and control of software, companies that sold software applications, even as part, must yield control of the software to the consumer/buyer, and allow the buyer/consumer limited freedom to customize/modify but within “personal” space. There should be a need to identify which specific pieces of software can be owned as well as a need to define the scope of the developer’s responsibility when ownership is transferred. However, it is noted that the concept of software ownership for all is currently not realistic unless everybody is empowered to develop their software. Another issue that surfaced in the discussions was regarding how intellectual property for software will now be treated. This is noted as even some free and open-source software only gives license on what kinds of modifications are allowed, and intellectual property is still maintained by the (original) developers.
Key Principle 3: Key digital infrastructures need to be governed as public utilities
- What are relevant digital infrastructures that need to be considered as public utilities here in the country?
- What steps do we need to take to ensure that the enumerated digital infrastructures would be governed as public utilities?
On what digital infrastructures need to be governed as public utilities, in the Philippines’ case, the Internet has to be the key digital infrastructure to be made a public utility. Other digital infrastructure that the general public needs/identifies as a necessary public good or essential should be public utilities. It should be noted though those applications are just as good or as popular as the size of the user base and enabling factors (e.g., telecommunications).
Key Principle 4: Techno-structures must be decentralized for open use, with interoperability
- What steps can be done to push international tech companies to decentralize for open use of their techno-structures?
On decentralization and interoperability of techno-structures for open use, it should be noted that the Internet as a key platform for techno-structures is designed to be decentralized. Therefore, to allow decentralization and interoperability of techno-structures for open use, access to the Net in the Philippines has to be democratized, and should not only be made accessible through Facebook and Google as is the current case. Telecommunications companies must therefore be pushed to open access to other parts of the Net. While putting pressure on “gatekeepers” to techno-structures locally can be done, the question remains if the Philippines can pressure international tech to decentralize authority/power over techno-structures. Here, it is recognized that the country may not be ready because of the clout Big Tech has. Finally, an important factor to consider as well would be to look at who should be empowered by the decentralization and interoperability of techno-structures. One must therefore ask, “For whom are/should techno-structures be decentralized?”.
The participants in the roundtable discussion on the issue of Data Democracy in the context of Data Justice in the Philippines were Michael Lance Domagas of the Department of Software and Technology of De La Salle University, Kayecee Palisoc of Department of Statistics of University of the Philippines, Dominic Ligot of Data Ethics Philippines, Jose Angelo Tapel of the House of Representatives Information Technology Communications Community, and Benjar Fernandez.
Key Principle 1: Global digital monopolies should be broken
- Are there local digital monopolies/oligopolies in the country?
- What key digital industries and infrastructure are under local monopolies/oligopolies?
- What steps can be taken to ensure that digital monopolies/oligopolies in the country are broken?
Similar to any type of industry, various forms of digital monopoly/oligopoly already exist in the Philippines exist: internet connection (ISPs), data traffic, e-commerce, digital payment, among others. To address the problems of digital injustice in the Philippines, it is important to know which of the causes and effects should be addressed first or focused on. Open Data Access Bill–which is currently under deliberation—is one of the legal frameworks aiming to address the problems of internet distribution in the archipelago and the oligopoly of the internet in the Philippines. In terms of alternative types of connection, the participants raised the possibility of using a satellite connection.
Key Principle 2: Societies’ datafication needs to be managed democratically
- How do local institutions currently approach the implementation of datafication and ‘intelligencification’? Are Filipinos well-equipped, capacitated, and ready to accept and participate in these implementations? Cite examples.
- Are Filipinos given proper platforms for feedback, and if so, do institutions actually take them into consideration to improve implementation?
- How much involvement is given to the people when designing these implementations? How can we ensure implementation is planned and executed democratically?
Datafication and “intelligencification” happens because of two types of driving factors: the market-driven one, and the government-mandatory. The majority of the Filipinos are not aware of these particular phenomena—had not because of the COVID-19 pandemic, the government and people would not have been forced to adopt digital processes that are crucial under the “new normal”. In a sense, although the economy and society of the Philippines is in the transition stage of the 4th Industrial Revolution and is at the phase of paradigmatic shift on how data affects our lives, the development has been and is only concentrated on the private sector while the government and the majority of the people are being left behind.
Key Principle 3: Digital standards must be developed by public interest bodies
- What are existing public institutions and/or interest bodies that develop digital standards and are enforced properly? Are they sufficient? Explain.
- What other steps that need to be taken to help the development and enforcement of digital standards in the country?
As of the writing, no institution ensures that digital standards are properly observed. And although the Philippine Constitution implies the importance of data and privacy, there should be an explicit and clear-cut statement that emphasizes this to serve as the backbone for laws and institutions. The possible use of Data Trust should be considered and explored in the Philippines as a means to solve problems related to companies mishandling important aspects of data privacy and security.
Key Principle 4: The digital has to be governed in a local-to-global manner
- Do local players/institutions assert their economic and sovereign interests? Do we have enough local policies to enable and support these assertions? If not, what policies must we have to do so?
Being the cluster of workers mostly involved in the outsourcing industry, freelancers, BPO workers, and gig economy workers are the most exposed to data exportation in the form of their labor. The question of data sovereignty is at play here. The already rolling Freelancing Protection Act can provide the first line of protection on their data rights. However, considering the pace of how data evolves exponentially on yearly basis, new issues to data will rise and can outdate the written law addressing this particular issue. The need for the appointment of a Data Ombudsman or establishment of a government agency specializing in creating and defining fundamental laws related to data rights is a possible solution. In addition, a conglomeration of academicians, IT professionals, lawmakers, workers, and other important stakeholders should be formed to formulate concepts and policies related to data rights that are multi-angular and evolving to adapt to the fast-paced transformation of data and how it affects the current Filipino society.