Cybersecurity challenges are intensifying alongside the rapid growth of artificial intelligence (AI), which is creating a wealth of opportunities for innovation and transforming industries worldwide. As experts say, “With great power comes great responsibility,” and this could not be more relevant when balancing AI adoption with data privacy and cybersecurity.
Integrating AI with cybersecurity and data privacy in the Philippines introduces unique complexities, underscoring the need for regulatory frameworks to keep pace with these advancements.
As AI use expands, so does the volume of personal data it requires — thus raising pressing questions about data security, privacy, and ethical implications.
Cybersecurity issue: Fostering responsible data management practices
The Data Privacy Act of 2012 (Republic Act 10173) is the foundational piece of legislation for data privacy in the Philippines, setting the standard for protecting personal data.
Designed to foster responsible data management practices, the law requires companies and organizations to respect individuals’ privacy rights. It promotes the principles of proportionality, transparency, and legitimate purpose in data handling, which aligns it with international data protection standards.
However, the rise of AI brings new privacy risks, requiring adaptive regulations that go beyond traditional data protection to address AI’s unique needs.
International regulations, particularly the European Union’s General Data Protection Regulation (GDPR), set a high standard for data privacy. Enacted in 2018, the GDPR gives individuals extensive control over their personal data and places strict obligations on companies to safeguard it.
Other privacy laws, like California’s Consumer Privacy Act (CCPA) and Japan’s Act on the Protection of Personal Information, emphasize strong security measures and require swift reporting of data breaches.
The Philippines’ Data Privacy Act echoes these priorities but does not yet address AI-specific concerns, such as data minimization and privacy-by-design, at the level of the GDPR. In response, the National Privacy Commission (NPC) has issued advisories and guidelines to fill this gap, although comprehensive AI governance is still developing.
Increasing risks to privacy and cybersecurity
As data and AI adoption grow, the risks to privacy and cybersecurity increase. Model inversion attacks, which aim to extract sensitive information from AI models, and data poisoning attacks, where malicious data influences AI outcomes, are two emerging threats.
The Department of Information and Communications Technology (DICT) and the NPC oversee data protection efforts in the Philippines, but resource constraints leave the nation’s cybersecurity infrastructure more vulnerable than those in larger economies.
During the 8th ASEAN CIO forum in Manila recently, Benjamin Goh, Senior Vice President of Deep Cybersecurity Capabilities at ST Engineering, stressed the need for advanced AI-driven solutions to counter increasingly sophisticated cyber threats. He also highlighted the urgency for ASEAN nations to bolster their cybersecurity frameworks to protect critical infrastructure and sensitive data, noting how AI presents both opportunities and challenges in driving economic growth.
Advanced frameworks, like the National Institute of Standards and Technology Cybersecurity Framework in the United States, provide a model for strengthening the cybersecurity of AI systems—something the Philippines may look to as it works to mitigate these risks.
Despite having penalties in place for data breaches, the Philippines’ enforcement mechanisms lack the same gravity as the GDPR, which imposes fines of up to 4% of a company’s global revenue.
Under the Philippines’ revised regulations, the NPC can levy fines between 0.25% and 3% of an entity’s annual gross income, a significant step forward but one that remains largely untested.
As breaches increase in scope and sophistication, further refining these regulations may be necessary to ensure a deterrent effect that aligns with global standards.
Strengthening AI governance
In addition to security concerns, the ethics and governance of AI require urgent attention.
The European Union mandates transparency in AI-driven decisions, especially those that impact individual rights. Although the Philippines has yet to introduce specific legislation addressing AI ethics, efforts are underway to promote fairness, transparency, and accountability in AI applications.
Establishing these standards will help the Philippines navigate issues like AI-driven bias and discrimination, ensuring that the technology benefits all citizens equitably.
In the end, the Philippines has made significant strides in data privacy through the Data Privacy Act, but the increasing adoption of AI necessitates a more comprehensive approach.
Strengthening AI governance, bolstering cybersecurity measures, and aligning with global standards will be crucial for the Philippines to navigate the challenges of the digital era. Proactive measures will protect citizens’ privacy and enhance national cybersecurity, ensuring that AI remains a positive force for innovation and development.
With a commitment to data protection and innovation, the Philippines can effectively balance the promise of AI with the protection of its citizens’ rights.
As the adage goes, “The best defense is a good offense.” Both public and private sectors can draw inspiration from global leaders and improve local regulations to tackle data breaches and cyberattacks head-on.