Marcos Set To Sign SIM Card Registration Law

President Marcos is set to sign on Monday, Oct. 10, the Subscriber Identity Module (SIM) Registration Act, which seeks to eradicate “nefarious and fraudulent digital activities” aided by anonymous mobile numbers.

The SIM Registration Act is the first legislative measure passed by the 19th Congress that will be enacted into law by Marcos.

Under the bill, all SIM cards sold are in a deactivated state and end-users are required to register their SIMs with the concerned Public Telecommunication Entity (PTE) as a pre-requisite to activation.

On the other hand, all existing subscribers are required to register with their respective PTEs within 180 days from the effectivity of the law.

The National Privacy Commission (NPC) has expressed support for the intention of the bill to prevent the proliferation of various and evolving electronic communication-aided criminal activities.

In a statement, the NPC said it is fully aware that implementing a SIM card registration system would entail a massive collection of personal data.

“Hence, there is a strong need to develop a technology-neutral approach and to future-proof the proposed legislation to achieve its intended purpose, in a manner that respects the rights and freedoms of the data subjects,” the NPC’s statement read.

The agency advocated to the House of Representatives and the Senate to consider the proportionality principle and data minimization mechanisms concerning the provisions on social media providers and authorized resellers.

Mechanisms must be developed and implemented to prevent security risks and data breaches that may arise from over-collection and improper or inadequate monitoring practices, ac-cording to the NPC.

It also underscored that the burden to determine the SIM card buyer’s identity should not fall on retailers who may not have the necessary know-how or resources to properly verify the identity of data subjects and the authenticity of the identification cards that will be presented.

Delegating it to these retailers may result in over-collection and improper or inadequate monitoring and security practices, as adopted in Section 5 of the bill.

The NPC also discouraged the use of a centralized server or database as it carries greater risks if a security breach occurs.

This recommendation was adopted in Section 6 of the bill, which requires that the designated government agencies or PTEs maintain their own databases.

“The PTE must strictly use the database to process, activate or deactivate a SIM or subscription and not for any other purpose,” the agency said.

In fulfillment of its duty to uphold the rights of data subjects, the NPC said it would closely coordinate with other agencies to develop the necessary guidelines to properly implement the bill. – With additional reports from Jose Rodel Clapano