eGov’s risk to users: No contracts, unclear data breach liabilities
- LIGHTS Institute
- 1 day ago
- 1 min read
by Gelo Gonzales for Rappler
Nov 19, 2025 2:04 PM PHT
xx
Clicking on any button on the app triggers a prompt that requires the user to go through a full identity verification process: name, address, birthday, gender, phone number, email, a live photo, signature, and a government ID such as a driver’s license or passport.
This happens even for services that merely redirect users to the websites of agencies.
This raises proportionality concerns: is the app asking for too much personal information before even allowing access to basic information?
For instance, even if users want to only view nearby health centers, confirm an LGU’s official website, or chat with the Anti-Red Tape Authority’s (ARTA) assistant, they must still go through full identity verification.
DICT Undersecretary for eGov, David Almirol Jr. defended this as necessary to prevent fraud and identity theft.
Former National Privacy Commission (NPC) policy chief and executive director at ICT and human rights consultancy firm LIGHTS, lawyer Jam Jacob, however, said such requirements may be excessive when users simply want information.
“It serves no purpose,” he said. “Only when a user wants to avail of at least one service should identity verification be performed.”
Jacob added that DICT should minimize risk wherever possible. If DICT requires upfront verification for smoother transactions across agencies, then those agencies should no longer repeat verification when the user is referred to them.
xx
Comments