Freedom of Information and Data Protection
Freedom of Information (FOI), also called the “right to information”, is a fundamental human right enshrined in many international treaties, national constitutions, as well as domestic laws. The same can be said of the right to privacy.
In terms of intersections, a specific aspect of the right to privacy — data privacy — sometimes gets embroiled in FOI matters. For the European Union and some other jurisdictions, they prefer the term “data protection”. Last year, this was in full display when Malacañang released heavily-redacted SALNs of certain Cabinet officials, citing the country’s Data Privacy Act (DPA) as legal basis.
Data privacy or data protection proclaims that an individual has—or at least ought to have—control over his or her personal data. This right to control implies a corresponding duty to uphold and protect on the part of other individuals or organizations who get to access and use such data.
The overlap typically occurs when an FOI request by a private individual prompts a government agency to disclose or give access to personal data under its control or custody. Oftentimes, it involves a journalist or media outfit that wishes to obtain some personal details about a sitting or former government official in the course of its investigative work or research.
By default, any organization (including government agencies) engaged in the collection and processing of personal data is obliged to safeguard such data from any unlawful or unauthorized use, access, or disclosure. In some instances, a higher standard of security is expected from government, as in the case of the Philippines as per the provisions of the DPA.
With these, it is easy to appreciate how an obligation to protect data is directly challenged by a request to make that information accessible or publicly available. While each one represents a manifestation of a basic human right, they stand on opposite sides of the spectrum insofar as disclosure of personal data is concerned. One says to keep it confidential. The other insists on making it public.
Fortunately, it’s rarely that simple. Like most things in life, these two rights and the laws that aim to see them realized do not exist in a vacuum. There are many factors out there that need to be considered when attempting to resolve this dilemma. In some instances, the laws themselves leave instructions as to how such a problem ought to be resolved.
That said, it is critical that any effort to reconcile these two rights begins with a full appreciation of the ways they align and complement each other. This establishes the proper mindset necessary to bridge any actual differences.
First, they are both meant to benefit the individual. FOI gives a person reasonable access to government-held data. Data protection, on the other hand, gives the individual protection from unauthorized or unlawful intrusions by the government.
Second, they both promote government accountability. The underlying principle for FOI is transparency on the part of the State. A transparent government is likely to be more responsible in its affairs than one shrouded in secrecy. On the other hand, data protection also compels the government to be more circumspect in developing and handling its programs and projects, especially when they involve the personal data of its citizens. Harsh penalties await the officials responsible for an agency’s failure to meet such obligation.
These two reasons alone should dispel any thought that FOI and data protection are mutually exclusive concepts, whereby upholding one necessarily entails sacrificing the other. One can be an FOI advocate and a privacy advocate, at the same time.
Sure, there will be a few tricky situations when reconciling the two is easier said than done. Last year’s hot mess is an excellent example. But as shown by the outcome of that controversy, there will always be a way forward if all concerned parties are willing to listen to one another and work toward a common goal. The key lies in the proper balancing of their respective interests. This does not mean a solution will always involve concessions of equal proportion, but that is exceptionally rare, anyway, when figuring out a problem.
The final takeaway here should be this: it is no coincidence that government and the people who work there are collectively referred to as the public sector and public servants, respectively, while the rest assume the titles of private sector and private individuals. This is a dead giveaway. One is expected to exhibit more transparency. The other is supposed to enjoy more privacy. FOI and the right to privacy operate to make this a reality. And in a world with (arguably) no absolutes, it is everyone’s responsibility to ensure they actually succeed.
For more information about this topic, check out the briefing paper by the Foundation for Media Alternatives.
Jamael Jacob (@jamjacob) is a lawyer specializing in the field of law, ICT, and human rights. He is currently the Director of the University Data Protection Office of the Ateneo de Manila University, and Policy and Legal Advisor to the Foundation for Media Alternatives. The views expressed herein do not necessarily represent or reflect the views of the organizations he is currently affiliated with.