A mobile phone and accessories vendor shows SIM cards from various networks for sale at a stall yesterday.
President Marcos is set to sign tomorrow the Subscriber Identity Module (SIM) Registration Act, which seeks to eradicate “nefarious and fraudulent digital activities” aided by SIM.
The SIM Registration Act is the first legislative measure that will be enacted into law by Marcos.
Under the bill, all SIMs sold are in a deactivated state and end-users are required to register their SIMs with the concerned Public Telecommunication Entity (PTE) as a pre-requisite to activation.
On the other hand, all existing SIM subscribers are required to register with their respective PTEs within 180 days from the effectivity of the law.
The Na tional Privacy Commission (NPC) has expressed support for the intention of the bill to prevent the proliferation of various and evolving electronic communication-aided criminal activities.
In a statement, the NPC said it is fully aware that implementing a SIM card registration system would entail a massive collection of personal data.
“Hence, there is a strong need to develop a technology-neutral approach and to future-proof the proposed legislation to achieve its intended purpose, in a manner that respects the rights and freedoms of the data subjects,” the NPC’s statement read.
The agency advocated to the House of Representatives and the Senate to consider the proportionality principle and data minimization mechanisms concerning the provisions on social media providers and authorized resellers.
Mechanisms must be developed and implemented to prevent security risks and data breaches that may arise from over-collection and improper or inadequate monitoring practices, according to the NPC.
It also underscored that the burden to determine the SIM card buyer’s identity should not fall on retailers who may not have the necessary knowhow or resources to properly verify the identity of data subjects and the authenticity of the identification cards that will be presented.
Delegating it to these retailers may result in overcollection and improper or inadequate monitoring and security practices, as adopted in Section 5 of the bill.
The NPC also discouraged the use of a centralized server or database as it carries greater risks if a security breach occurs.
This recommendation was adopted in Section 6 of the bill, which requires that the designated government agencies or PTEs maintain their own databases.
“The PTE must strictly use the database to process, activate or deactivate a SIM or subscription and not for any other purpose,” the agency said.
