In a pivotal move towards reinforcing data privacy in the realm of online lending, the National Privacy Commission (NPC) has introduced crucial amendments through NPC Circular No. 2022-02 (“Circular 22-02”).
This circular, dated 1 December 2022, builds upon the foundations laid by NPC Circular No. 2020-01 (“Circular 20-01”) and specifically focuses on refining the Guidelines on the Processing of Personal Data for Loan-Related Transactions.
Amended Guidelines on Processing Personal Data
Just-in-Time Notices: Enhancing Transparency
Under the revamped guidelines, Lending Entities are now mandated to provide just-in-time notices to data subjects before seeking their consent. This approach empowers individuals by offering clear information on how the provided data will be processed. The circular emphasizes that these notices must not only be informative but also consider the accessibility and convenience of borrowers. For instance, in the case of mobile applications facilitating loan transactions, pertinent information should be readily accessible within the application.
Streamlining Online Application Processes
Circular 22-02 places restrictions on online applications used for loan processing activities, urging Lending Entities to refrain from unnecessary processing that involves personal and sensitive information. The circular underscores the importance of obtaining only appropriate, necessary, and reasonable permissions for debt collection and lawful purposes. Moreover, once the purpose for accessing application permissions is fulfilled, entities are obligated to prompt users to turn off or disallow these permissions.
Stringent Controls on Borrower’s Contract Information
The circular introduces stringent controls on the processing of a borrower’s contract information for identity verification and truthfulness checks. Access to the borrower’s phone camera, photo gallery, and contact lists is permitted but with a strict mandate against excessive or unethical processing. Harassment, debt collection from unauthorized sources, and unethical collection methods are explicitly prohibited.
Registration Requirements
In a bid to fortify accountability, Lending Entities are now obliged to submit a comprehensive list of publicly available applications used for loan processing activities during their registration with the NPC. Failure to comply with this rule can lead to the revocation of registration, accompanied by penalties and disciplinary measures as outlined in the Data Privacy Act and its regulations.
Protection of Character References and Guarantors
Circular 22-02 extends its safeguarding measures to encompass the data privacy rights of a borrower’s character reference and guarantor.
Character References: Informed Consent
For character references, Lending Entities must properly advise individuals chosen as references regarding the purpose and collection of their contact information. It is strictly forbidden to contact character references for non-loan-related reasons such as marketing or sharing with third parties.
Guarantors: Separate Consent Required
In the case of guarantors, Lending Entities must obtain separate consent for the processing of their personal data. Additionally, the circular explicitly prohibits entities from contacting individuals on the borrower’s contact list who have not been declared as guarantors for debt collection purposes.
Circular 22-02 marks a significant stride in the NPC's commitment to fortify data privacy in loan-related transactions. Lending Entities must diligently adhere to the amended guidelines, fostering a culture of transparency, accountability, and heightened data protection. By doing so, they not only comply with regulatory standards but also contribute to building trust and confidence among borrowers in the burgeoning landscape of online lending.
FAQ on NPC's Guidelines for Processing Personal Data in Loan Transactions
- What are the key guidelines issued by the National Privacy Commission (NPC) for processing personal data in loan-related transactions?
- The NPC released Circular No. 20-01, setting guidelines for online lending entities, including Lending Companies and Financing Companies[1].
- Why did the NPC issue these guidelines?
- Circular No. 20-01 was issued in response to complaints about online lenders illegally using personal data, prompting the need for regulations to protect borrowers[2].
- Have there been any amendments to these guidelines?
- Yes, Circular No. 2022-02 amended certain provisions of Circular No. 20-01, strengthening the guidelines on processing personal data for loan-related transactions[5].
- What changes were introduced through the amendments?
- The amendments focused on enhancing the guidelines and addressing specific aspects related to the processing of personal data in loan transactions[4].
- When did these amendments come into effect?
- Circular No. 2022-02 was issued on January 5, 2023, amending certain provisions of the guidelines specified in Circular No. 20-01[5].
- How do these guidelines impact online lenders?
- The guidelines prohibit online lenders from engaging in abusive practices, including unauthorized harvesting of borrowers' data, with clear boundaries even if consent is given[2].
- Is the online loan app barred from getting and using my data even if I have consent?
- Yes, the National Privacy Commission (NPC) in the Philippines has implemented guidelines to regulate online lending entities' processing of personal data, even with consent. Circular No. 20-01 and subsequent amendments, such as Circular No. 2022-02, emphasize the protection of borrowers' personal information. The guidelines prohibit online lenders from engaging in abusive practices, including the unauthorized harvesting of borrowers' data, even if consent is given.
- Yes, the National Privacy Commission (NPC) in the Philippines has implemented guidelines to regulate online lending entities' processing of personal data, even with consent. Circular No. 20-01 and subsequent amendments, such as Circular No. 2022-02, emphasize the protection of borrowers' personal information. The guidelines prohibit online lenders from engaging in abusive practices, including the unauthorized harvesting of borrowers' data, even if consent is given.
🌐 Sources
- NPC Releases Updated Guidelines on the Processing of Personal Data
- Online lenders barred from harvesting borrowers' phone
- NPC amends Circular on the processing of personal data
- Lenders Beware: National Privacy Commission Strengthens Guidelines
- NPC amends Circular on the processing of personal data
- NPC Amends Guidelines On Processing Data For Loan
- privacy.gov.ph - NPC Releases Updated Guidelines on the Processing of Personal Data for Loan-Related Transactions
- privacy.gov.ph - NPC amends Circular on the processing of personal data
- privacy.gov.ph - Online lenders barred from harvesting borrowers' phone
- dataguidance.com - NPC amends Circular on the processing of personal data
- privacy.gov.ph - Privacy Commission orders immediate takedown of four online lending apps
- syciplawresources.com - Lenders Beware: National Privacy Commission Strengthens Guidelines
