A policy rift has emerged within the Department of Information and Communications Technology (DICT) after secretary Henry Aguda publicly endorsed cooperation with World.org’s iris-scanning technology — a move that directly contradicts a cease-and-desist order (CDO) issued by the National Privacy Commission (NPC), an attached agency of the DICT, against the project’s operators over alleged violations of the Data Privacy Act of 2012 (DPA).
In remarks delivered last Oct. 7 in a Malacanang press briefing, Aguda said the DICT is “cooperating with new technologies that will be launched like World.org,” describing it as a “unique solution” for identity verification in banking and government transactions.
“If you’re the banker and you’ll make sure the person talking to you is not a robot or a deepfake, you can enlist in World.org,” Aguda said. “It’s like Captcha — but instead of clicking boxes, this is a retinal scan. We encourage bankers to use this.”
Aguda also said the DICT is working with the Cybercrime Investigation and Coordinating Center (CICC) to sign a memorandum of understanding (MOU) related to the technology, and that the department was open to exploring the system’s potential in authenticating beneficiaries in government aid programs.
However, his endorsement came just days after the NPC — which operates under the DICT umbrella — ordered Tools for Humanity (TFH), the developer of World.org app and the Orb iris scanner, to immediately cease and desist from processing personal and biometric data of Filipinos.
NPC: Invalid consent and excessive data collection
In its ruling, the NPC found TFH’s activities to be in violation of multiple provisions of the DPA, citing invalid consent, lack of transparency, and excessive collection of sensitive biometric data.
The commission said the project’s practice of offering monetary incentives in exchange for iris scans constituted “undue influence,” making consent not freely given.
It also flagged the “excessive and disproportionate” nature of collecting immutable biometric identifiers such as iris patterns merely to prove “humanness.”
“The integrity of a Filipino citizen’s biometric data is non-negotiable,” said NPC deputy privacy commissioner Jose Amelito S. Belarmino II. “When consent is compromised by the lure of compensation, it ceases to be a true expression of choice.”
The NPC warned that continued data collection could expose citizens to grave and irreparable harm, including identity theft and lifetime reputational damage.
NPC reasserts authority amid confusion
Following Aguda’s statement, the NPC released a clarification emphasizing that its official position on data privacy matters is expressed only through formal issuances — such as decisions or orders — approved by the commission en banc.
“Any assertions made outside of these issuances should not be construed as the Commission’s official position,” it said in a statement.
The clarification is seen as a subtle rebuke of Aguda’s remarks, which appeared to endorse a technology currently under regulatory prohibition.
A clash within the same department
The rare public contradiction between the DICT’s top official and one of its attached agencies underscores a growing policy tension over biometric technologies and data privacy enforcement.
While the DICT has sought to position itself as a partner in technological innovation — including artificial intelligence and digital identity systems — the NPC has maintained a stricter stance on data collection practices that may exploit economic vulnerabilities or bypass consent requirements.
Industry observers say the disagreement highlights the need for policy coherence within the DICT, especially as the Philippines navigates the rapid adoption of AI and identity verification technologies amid growing concerns over privacy and cybersecurity.
As of posting time, World.org’s operations in the Philippines remain suspended pending compliance with the NPC’s cease-and-desist order.
