The National Privacy Commission (NPC) has cleared a joint holiday campaign by Jollibee Foods Corporation and Rakuten Viber, concluding that it did not involve personal data processing or unauthorized access to user messages.
The NPC’s Complaints and Investigation Division said its probe into the “Holiday Gems Christmas Campaign 2025” was triggered by multiple complaints alleging possible data privacy violations. Concerns centered on whether the campaign accessed private communications or tracked user activity without consent.
After conducting an evaluation and independent technical testing, the regulator found no evidence to support those claims. According to the NPC, the campaign relied on contextual, on-device matching systems.
Predefined keywords were stored locally within the Viber app, enabling festive animations to appear on users’ screens without transmitting message content to external servers.
The commission emphasized that no message data left users’ devices during the process, effectively ruling out risks of interception or unauthorized processing. It added that campaign distribution was determined using country codes, not geolocation tracking or individualized location data.
Crucially, the NPC said there were insufficient indicators that “personal information,” as defined under the Data Privacy Act of 2012, had been collected or processed at any stage of the campaign.
The findings ultimately found no breach or compromise of private communications linked to the initiative.
Still, the regulator urged the public to remain vigilant. It encouraged users to report suspected data privacy violations, underscoring the role of citizen awareness in strengthening compliance and safeguarding digital rights as marketing technologies continue to evolve.
