The National Privacy Commission suspends Grab’s selfie verification and audio-video recordings after it had found some deficiencies with its implementation.
In a press release, the agency mentions that they have issued a Cease and Desist Order (CDO) to Grab Philippines, Inc. (Grab PH) after finding deficiencies in complying with the Data Privacy Act of 2012 (DPA) for three personal data processing systems, which may endanger the privacy rights of the riding public.
These were all noted in a Notice of Deficiencies issued to Grab PH last 31 January 2020. The NPC found several deficiencies in its selfie verification, as well as in-vehicle audio and video pilot tests.
NPC claims that it did not sufficiently identify and assess the risks posed by the data processing systems to the rights and freedoms of data subjects, saying that “only the risks faced by the company were taken into account” in its Privacy Impact Assessment (PIA).
“The video recording system will also enable grab employees to monitor the situation live from the Grab Office and take photos of what is happening inside the vehicle, once the driver prompts the office through an emergency button,” the notice reads.
While the NPC suspends these features, it doesn’t mean that Grab will get an immediate sanction. The government agency has given Grab PH 15 days to comply with the remedial measures directed in their Notice of Deficiencies. The lifting of the CDO, however, will be decided by the Commission on a per-system basis. As such, the order is applied separately for each of the systems and takes effect until such time that the company fully implements proper controls to address the deficiencies identified in the notice.
We have reached out to Grab for their response.