The National Association of Data Protection Officers of the Philippines (NADPOP) and the Philippine Computer Emergency Response Team (PH-CERT) have expressed support for the National Privacy Commission’s (NPC) cease-and-desist order against Tools for Humanity (TFH) while calling for an independent privacy and cybersecurity audit to strengthen transparency and public trust.
The NPC recently ordered TFH to immediately stop collecting and processing personal and biometric data in the Philippines after finding multiple violations of the Data Privacy Act of 2012.
The commission said TFH’s “proof of humanity” project — requiring iris scans through its Orb verification system — used coercive methods, lacked transparency, and collected excessive information.
NPC deputy privacy commissioner Jose Amelito S. Belarmino II said the project’s practice of offering financial incentives in exchange for biometric verification compromised the voluntariness of consent, rendering it invalid under the law.
“The integrity of a Filipino citizen’s biometric data is non-negotiable. When consent is compromised by the lure of compensation, it ceases to be a true expression of choice,” Belarmino said.
In response, NADPOP and PH-CERT said they fully support the NPC’s decision but emphasized the importance of evidence-based evaluation.
They proposed an independent audit — led by experts and volunteers from their respective Communities of Practice — to validate the findings, assess TFH’s data handling practices, and promote accountability.
“As advocates of data protection and responsible digital transformation, we believe transparency and fairness are essential to maintaining confidence in our cyber and digital ecosystems,” said Sam Jacoba, founding president of NADPOP and vice president of PH-CERT.
“An independent audit can help clarify the facts, ensure due process, and promote accountability among all stakeholders.”
PH-CERT president Lito Averia clarified that the initiative is not meant to challenge the NPC’s ruling but to “strengthen trust through evidence-based, transparent action.”
He said the goal is to uphold citizens’ privacy rights while fostering innovation that is rooted in accountability.
Jacoba added that although NADPOP and PH-CERT had previously announced a partnership with World.Org and Tools for Humanity in April 2025 during the launch of their CyberBayan movement, no concrete projects have yet been implemented.
“It is imperative that we ensure they adhere to our joint commitment to secure the digital lives and the digital future of Filipinos,” he said. “The best way to do this is for our world-class experts to conduct a full and independent review of their digital ecosystem.”
The proposed audit would be coordinated with the NPC, the Department of Information and Communications Technology (DICT), and other government, industry, and academe stakeholders.
