About Us
NPC finds no data privacy breach in Jollibee-Viber ‘Holiday Gems’ campaign
- Jollibee, NPC
-
AI-generated photo
The National Privacy Commission (NPC) said its investigation into the Jollibee Foods Corporation and Rakuten Viber “Holiday Gems Christmas Campaign 2025” found no evidence of personal data processing or unauthorized access to user communications.
In an update, the NPC’s Complaints and Investigation Division (NPC-CID) said the inquiry was launched after receiving multiple complaints raising concerns about possible data collection and message monitoring linked to the campaign.
The probe, conducted through the NPC-CID’s Quick Response and Special Cases Unit, included an evaluation of the campaign’s technical design and independent testing of the application.
Findings showed that the campaign relied on contextual, on-device matching using predefined keywords stored locally on the user’s device. This means that animated visual elements tied to the campaign were triggered within the app itself, without sending message content to external servers for processing.
The NPC-CID said this setup ensured that user messages were not transmitted, accessed, or analyzed outside the device, addressing concerns about potential intrusion into private conversations.
“After evaluation and independent testing of the application, the NPC-CID found that the campaign operated through contextual, on-device matching mechanisms using predefined keywords stored locally within the application. This process ensured that animated visual elements were deployed at the device level without transmitting message content to external servers for keyword detection,” NPC said.
The investigation also found that campaign delivery was based on country codes, rather than precise geographic location or user-specific data. As a result, regulators said there were no sufficient indicators of personal information processing as defined under Section 3 of the Data Privacy Act of 2012.
Based on these findings, the NPC-CID concluded that the campaign did not violate data privacy laws.
The commission, however, reminded the public to remain vigilant when using digital platforms and to report any suspected data privacy issues to the NPC or appropriate authorities.
The case highlights increasing scrutiny over how digital campaigns operate within messaging platforms, particularly as brands explore more interactive features that intersect with user communications.