How to Request Deletion of Personal Data from Online Lending Applications

In the digital economy of the Philippines, Online Lending Applications (OLAs) have become a primary source of quick credit. However, the convenience of these platforms often comes at the cost of extensive personal data collection—ranging from government IDs and contact lists to location data and social media profiles.

Under Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012 (DPA), Filipinos are granted specific rights over their personal information. One of the most critical, yet often misunderstood, is the Right to Erasure or Blocking.

1. The Legal Basis: The Data Privacy Act of 2012

Section 16 of the DPA provides that a data subject has the right to suspend, withdraw, or order the blocking, removal, or destruction of their personal information from a personal information controller's (PIC) filing system.

In the context of OLAs, the lending company acts as the Personal Information Controller. They are legally obligated to respect your request for data deletion, provided certain conditions are met.

When Can You Demand Deletion?

According to the law and National Privacy Commission (NPC) guidelines, you may exercise this right if:

  • The personal information is incomplete, outdated, false, or unlawfully obtained.
  • The personal information is being used for unauthorized purposes.
  • The personal information is no longer necessary for the purposes for which it was collected.
  • You withdraw consent or object to the processing, and there is no other legal ground for the processing.
  • The data processing concerns personal information that is prejudicial to the data subject, unless justified by freedom of speech or other legal requirements.

2. Limitations: When Deletion Can Be Denied

It is a common misconception that requesting data deletion wipes away financial obligations. A lending app is not required to delete your data if:

  1. Existence of a Valid Contract: If you have an outstanding loan, the company has a "legitimate interest" and a contractual necessity to retain your data to facilitate collection and management of the account.
  2. Legal Requirements: Other laws, such as the Anti-Money Laundering Act (AMLA) or Bureau of Internal Revenue (BIR) regulations, may require financial institutions to retain records for a specific period (usually 5 to 10 years).
  3. Ongoing Legal Claims: If the data is necessary for the establishment, exercise, or defense of legal claims.

3. Step-by-Step Process for Requesting Deletion

To formally request the deletion of your data from an OLA, follow this legal procedure:

Step 1: Verify Account Status

Ensure that your loan is fully paid. Obtain a "Certificate of Full Payment" or a "Clearance" from the OLA. If the account is still active or in default, the OLA will likely deny the request based on contractual necessity.

Step 2: Identify the Data Protection Officer (DPO)

Every legitimate OLA registered with the SEC and NPC is required to appoint a Data Protection Officer. Look for the "Privacy Policy" section within the app or on their website to find the DPO’s official email address.

Step 3: Submit a Formal Written Request

Send a formal email or letter to the DPO. Your request should include:

  • Your full name and registered mobile number/email.
  • The specific purpose of the request (Exercise of the Right to Erasure).
  • The reason for the request (e.g., the loan is settled and the data is no longer necessary).
  • A clear demand to remove your data from their active database, backups, and any third-party processors (like collection agencies).

Step 4: Await a Response

Under NPC rules, the company must act on your request within a reasonable timeframe. If they refuse, they must provide a legal justification.

4. Summary of Rights and Actions

Action Legal Context
Withdrawal of Consent You can stop the OLA from processing data for marketing or third-party sharing at any time.
Right to Object You can object to your data being shared with collection agencies if the debt is already settled.
Blocking You can request that your data be "blocked" from further processing while a dispute regarding its accuracy is being resolved.

5. Recourse for Non-Compliance

If an OLA ignores your request, refuses to delete data after a loan is settled without a valid legal reason, or continues to harass your contact list after you have withdrawn consent, you have two primary avenues for redress:

A. Filing a Complaint with the National Privacy Commission (NPC)

You may file a formal complaint for violation of the DPA. The NPC has the power to issue Cease and Desist Orders and can recommend the prosecution of OLA owners for "Unauthorized Processing" or "Malicious Disclosure."

B. Reporting to the Securities and Exchange Commission (SEC)

If the OLA is engaging in abusive collection practices alongside data privacy violations, a complaint should be filed with the SEC’s Corporate Governance and Finance Department. The SEC can revoke the OLA’s "Certificate of Authority" to operate as a lending company.

Important Note: Always keep screenshots of your loan settlements, copies of your sent emails to the DPO, and any automated responses as evidence for future litigation or administrative complaints.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login