Does the United States Have a Data Privacy Act?

When one thinks of laws aimed at protecting customer data and personal privacy, the European Union’s GDPR and California’s Consumer Privacy Act (CCPA) often are the first to come to mind.

However, in our increasingly globalized world, it is important to understand the scope and rules of other data privacy laws, such as the Philippines’ Data Privacy Act, which has country-wide implications.

So what is the scope of the Data Privacy Act, and does the United States have a similar data privacy act that marketing professionals need to be aware of?

What Is the Data Privacy Act?

The Filipinos are heavy internet and social media users, regularly topping world rankings of the amount of time spent on social media platforms and online. In fact, 2021 also saw big growth in Filipinos’ adoption of e-commerce, with it reaching 80.2 percent of internet users aged 16-64, up 4 percentage points from last year.

With such pervasive internet usage and the growth of its digital economy, the Philippines passed the Data Privacy Act 2012 “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.”

The Act also defines personal information as being:

  • About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations
  • About an individual’s health, education, genetic or sexual life of a person, or to any proceeding or any offense committed or alleged to have committed
  • Issued by government agencies “peculiar” (unique) to an individual, such as social security number
  • Marked as classified by executive order or act of the Filipino Congress

Currently, the United States does not have an equivalent federal law. While legislation has been proposed in the U.S. Congress and there are state-level laws with similar requirements, one at the scale of the Philippines’ Data Privacy Act is not in place.

What Is the Scope of the Data Privacy Act?

The Filipino Data Privacy Act is similar to the EU’s GDPR in its definition of data, the individual, the scope of protections, and individual privacy rights as well as creating requirements for notifying users of data breaches.

The Filipino Data Privacy Act states that the collection of personal data must be for a “declared, specified, and legitimate purpose.” It also states that consent is required:

  • Prior to the collection of all personal data, informing the customer about the extent and purpose of processing including the “automated processing of his or her personal data for profiling, or processing for direct marketing, and data sharing.”
  • For sharing information with affiliates or even parent companies.
  • To be collected and processed by a recorded means.

The Data Privacy Act applies to businesses with offices in the Philippines, but also with equipment based in the Philippines used for data processing. The Act also applies to the processing of the personal information of Philippines citizens regardless of where they reside, but it does not include the processing of personal information “that was lawfully collected from residents of foreign jurisdictions.”

However, unlike state-level privacy laws, the Data Privacy Act does cover the collection and processing of publicly available information.

How Does the Data Privacy Act Affect My Marketing Approach?

Regulations like the GDPR, the Data Privacy Act, and other state-level regulations can introduce more complexities to how businesses approach their marketing. However, with the right tools and preparation, organizations can still effectively reach their customers.

Some of the primary methods that businesses can employ include:

  • Using a data privacy platform that can ease the collection and ongoing management of consent, by country and by type (e.g., email marketing, website traffic data), with personalized control panels.
  • Using a solution like Dataships, which can help your team easily build compliant marketing lists.
  • Implementing a process to synchronize customer consent data across your marketing technology ecosystem in real time.
  • Partnering with an industry leader that automates monitoring and maintaining compliance with the data privacy laws where your business operates.

Stay Ahead of Data Privacy Compliance with Dataships

The United States does not have its own data privacy act, but that doesn’t mean U.S.-based companies can let their guard down. As governments around the world continue to pass laws aimed at protecting consumers’ data privacy, it is only going to get more complex and time-consuming for businesses to effectively market to their potential customers while avoiding the risks of noncompliance.

Fortunately, platforms like Dataships make it easy for marketing professionals and their organizations to stay ahead of data privacy laws, no matter the size and scope of their business. Dataships helps your organization’s marketing processes weave in data compliance rules while keeping up with the pace of business.

Your first-party data strategy for Shopify

Over the last 5 years, customer acquisition costs have grown by over 60%, and this trend is only set to continue. See how your Shopify business can spend less and sell more with a first-party data strategy.