Right to Object

Plain English Translation

Data subjects have the right to object to the processing of their personal data and must be notified and given the opportunity to object whenever the declared purpose or scope of processing changes. No decision with significant legal effects on a data subject may be made based solely on automated processing unless explicit consent has been obtained. Organizations must have a mechanism for receiving, logging, and acting on objections.

Executive Takeaway

Organizations must establish clear, accessible mechanisms allowing data subjects to object to the processing of their personal data, especially for direct marketing and automated decision-making.

ImpactHigh
ComplexityMedium

Why This Matters

  • Failure to honor an objection to direct marketing or profiling is a direct violation of fundamental data privacy rights, attracting immediate regulatory penalties.
  • Providing easy opt-out mechanisms builds consumer trust and limits the organization's data footprint to users who genuinely engage with the services.
  • Automated profiling that legally affects users without a bypass mechanism can result in National Privacy Commission intervention and operational bans.

What “Good” Looks Like

  • Marketing campaigns utilize centralized preference centers that automatically suppress communications when a user exercises their right to object; tools like WatchDog Security's Compliance Center can help track the objection workflow and retain evidence that suppression occurred.
  • Privacy policies clearly articulate the right to object and provide straightforward instructions on how to submit a request.
  • A formalized Data Subject Request procedure logs all objections and ensures processing ceases unless a statutory exception applies; tools like WatchDog Security's Compliance Center can help assign ownership, monitor deadlines, and document the final decision.

Put Philippines DPA (2012) compliance + 19 others on autopilot

Starting at $99/admin/mo — includes all frameworks, evidence automation, and AI-powered gap analysis.

Start Free Trial No credit card required

The right to object allows a data subject to halt or prevent the processing of their personal data, especially concerning direct marketing, profiling, or when there are changes to the original processing terms.

A data subject can object at any time, particularly when data is being used for direct marketing, automated processing, or when the organization amends the initially declared processing purposes.

Organizations must immediately honor the objection and cease processing the individual's personal data for direct marketing campaigns, updating suppression lists without requiring further justification.

Yes, data subjects have the right to object to decisions made solely on automated processing or profiling that produce legal effects or significantly affect them, unless prior consent was explicitly given.

The privacy notice must explicitly inform the data subject of the existence of their right to object and provide clear, simple instructions on how to exercise this right.

Yes, but only if an exemption applies, such as if the processing is required pursuant to a subpoena, is necessary for the performance of a contract, or is a strict legal obligation.

They maintain a centralized Data Subject Request Log that tracks the receipt of the objection, the identity verification process, the evaluation outcome, and the technical steps taken to halt processing. WatchDog Security's Compliance Center can support this by linking objection tickets, evidence records, responsible owners, and control status in one compliance workflow.

Withdrawing consent specifically revokes permission previously granted for processing, while the right to object can also apply to processing based on legitimate interests or automated profiling.

The NPC expects organizations to provide simple, easily accessible mechanisms for objections and to act upon them promptly without imposing undue burdens or fees on the data subject.

Organizations build compliant workflows by implementing preference centers, training support staff on Data Privacy Act rights, and tightly integrating consent management tools with backend databases.

Right to object requests often fail when they are handled informally across email, support tickets, and marketing tools. WatchDog Security's Compliance Center can help centralize request logs, assign review tasks, track evidence of suppression, and show whether the organization has a repeatable process for RA 10173 data subject rights.

Privacy notices need to clearly explain when individuals can object to processing, direct marketing, or automated decision-making. WatchDog Security's Policy Management can help maintain approved privacy notice versions, route updates for review, and retain evidence that policy changes were controlled.

PHILIPPINES-DPA IRR Section 34(b)

"The data subject shall be notified and given an opportunity to object or withhold consent to processing in case of changes or any amendment to the information supplied or declared to the data subject... unless the change refers to processing of personal data in the following cases: 1. The personal data is needed pursuant to a subpoena; 2. When the collection and processing are for obvious purposes... 3. When the information is being collected and processed as a result of a legal obligation."

PHILIPPINES-DPA IRR Section 48(c)

"No decision with legal effects concerning the data subject shall be made solely on the basis of automated processing, unless data subject consents."

VersionDateAuthorDescription
1.0.02026-05-06Compliance Content TeamInitial publication