A CIVIC organization advocating for Philippine data sovereignty has asked the National Privacy Commission (NPC) to investigate the Land Transportation Office (LTO) over alleged security and data privacy concerns involving the agency’s driver’s license system.
In a letter to NPC Commissioner and Chairman Johann Carlos Barcena, a copy of which was obtained by The Manila Times, the Flag Maharlika, alleged that Dermalog, a foreign technology provider LTO previously contracted, has gained access to and control of the agency’s driver’s license inventory and printing application modules.
The group said the LTO’s own Management Information Division reportedly concluded in a 2020 report that Dermalog had “access and control” over the modules.
The same report allegedly warned that the situation posed a potential national security threat because driver’s license cards could be printed beyond the direct control of the Philippine government, it said.
Flag Maharlika also cited concerns that certain system functions allegedly required assistance from personnel based outside the Philippines, raising questions regarding cross-border access to sensitive personal information of Filipino motorists.
Salvador Piamonte, head of the group’s Community Affairs, said the issue goes beyond administrative concerns, stressing that millions of Filipinos may potentially be affected if personal data security safeguards are found inadequate.
Piamonte noted that the LTO database contains highly sensitive information, including names, addresses, photographs, biometric identifiers, signatures, government-issued identification numbers, and driver’s license classifications.
Under the Data Privacy Act, government agencies acting as personal information controllers must implement organizational, physical and technical safeguards to protect personal information from unauthorized access, disclosure, misuse, or transfer.
The group also asked the NPC to require public disclosure of entities and individuals with administrative access to the driver’s license systems, determine whether cross-border processing or foreign access to Filipino motorists’ personal information occurred and recommend appropriate administrative or criminal action should violations be established.
It called on the concerned authorities to strengthen safeguards protecting government-held data, emphasizing that issues involving national identification and driver’s license systems directly impact public trust, national security, and digital sovereignty.
The LTO and Dermalog have yet to issue statements on the group’s request before the commission.
