DATA PRIVACY ACT OF 2012

Communication is the exchange of information from one person to another through speech (verbal), writings and gestures (non-verbal) which involves listening and interpretation. Along with the radical change of our technology from the evolution of telecommunication; E-Commerce; Introduction of Online applications; electronic gadgets; and the popular social networking, the means and ways of our communication are far more complex than before.

In the Philippines, although our country has a lot of catching up to do against the first-world countries with respect to technology advancement, development of our technology is also evident. Today internet is one the of most effective means of communication through the use of social networking sites; media streaming; instant messaging applications; and other social media platforms. However, due to its changing nature and fast development, the scope of communication became more extensive and indirectly giving unrestricted rights between both parties, making it hard to control in which, the legislative body created laws for the protection and prohibition against unlawful and excessive use tending to violate one’s right such as right to privacy.

We are at a day and age when information and communication is more rapid than venom. And no longer is society to wait a month before a three-sentence message arrives at his front door. But with the advancement of technology, information and communication comes the question of privacy.

Privacy is a fundamental right bestowed to any Filipino. It is given under the Constitutional Bill of Rights specifically Article III sections 2 and 3 (1) of the 1987 constitution. Basically, there are no specific law on privacy but rather, laws which are relevant to privacy such as E-Commerce Law; Law on Secrecy of Bank Deposits; Rules on Electronic Evidence; RA 8505, otherwise known as Rape Victim Assistance and Protection Act of 1998; Anti-Wiretapping Law; Cyber Crime Law; and Data Privacy Act of 2012.

Privacy is freedom from unauthorized intrusion. But were private information is made public through networks of technology, would it result to an encroachment if the government or private individuals utilize said information without the consent of the person?

The question falls down as to what act is acceptable and/or those in violations of law. Would the act of giving a person’s number to a third person without the consent of the former, violative of R.A. 10173 otherwise known as the Data Privacy Act of 2012, or will it be acceptable to our laws intending not to include by the framers of such Act. For this purpose, let me give you my insights, opinions, and discussion of what act would be covered by R.A. 10173.

DATA PRIVACY ACT OF 2012

R.A. 10173 otherwise known as the Data Privacy Act of 2012 was designed for the protection and prohibition against abuse of data/information transmission. Taking the principal intention of the framers of the statute into account, the Data Privacy Act is within the purview of boosting and securing the Constitutional Right to Privacy. It penalize the unlawful processing, accessing, and disclosure of information whether personal or sensitive personal information.

In the above-mentioned issue as to whether giving a person’s number to a third person without the consent of the former is in violation of Data Privacy Act, needs to be qualified. At first, we might think that the issue is simple with regard to transmission of information, but then again, if we try to look at it, in reality, there are circumstances that giving of someone else’s number become more of a question of intrusion of one’s privacy. For instance, text advertisements and/or promotions made by mobile service providers that you received instantly especially to post-paid users. Some credit card companies would extend their promotions through calls that tends to invade privacy specially in circumstances that you’re in a meeting; treating a patient for doctors; while driving; running to a late class and worst when you’re in abroad under roaming services, thinking that it is an important call, only to find out,its an advertisement/promotions offering credit cards and be charged for that call around fifty (50) Pesos per minute.

Pyramiding and other forms of scam is also susceptible in this case. Communication from one person to another in other to attract clients for the consummation of such crime is essential. The need to acquire numbers especially those coming from average status, are the ones that form part and necessary for their operation.

Evidently, there is already intrusion of privacy since consent was not freely given by the users. RA 10173 does not provide for a specific definition as to what kind of consent it covers, whether express or implied. There is express consent, in this case, when prior to its application, he submits to the agreement that he/she may receive text advertisements/promotions until end of subscription or contract made. On the other hand, there is an implied consent when it is inferred to a person’s action not expressly granted by the latter.

It should be noted that RA 10173 made a distinction between personal information and sensitive personal information. Following the rules of statutory construction Expressio unius est exclusio alterius (The expression of one thing is the exclusion of another), Data Privacy Act defines sensitive personal information as a personal information not part of the exceptions mentioned therein.

As a rule, processing of personal information generally, is allowed provided that the conditions required by the Act and other laws relating to, shall be complied. On the other hand, processing of sensitive personal information, generally, is prohibited by the Act. This means information must first be qualified if it falls within the definition along with the conditions and exceptions provided by the law.

There being then no reason in obtaining an information from the people without his consent, there should also be no processing of personal information as it would be against our constitutional right to privacy of information and correspondence.

ISSUE

In this instance, it cannot be said that a person clearly violates RA 10173 since it is essential to determine first, the underlying facts and circumstances of a case for would result to encroachment of the Constitutional Right to Privacy.

Personal Number as Personal Information

Obviously, numbers pertaining to cellular phone; telephone; telefascimile; and other kinds of gadgets requiring numbers as a means of connection with one person to another are considered as personal information which makes it possible to identify or tending to identify a person when it is used a basis relative to other forms of information. Hence, processing of such information is allowed to be made, provided that the compliance of, at least, one of the conditions provided by law.

“Personal Number as Sensitive Personal Information”

Personal number in general, is a personal information however, it can be considered as Sensitive Personal Information when Executive Orders or Act of the Congress making personal numbers, in nature, sensitive, shall be made as part of sensitive personal information. Hence, processing such personal number that is sensitive personal information is prohibited by RA 10173.

Gleaning on the basis made in the above-mentioned paragraphs, giving a person’s number to a third person without the former’s consent is does not, per se, constitute a violation of RA 10173, Data Privacy Act. However, it cannot be said that the law is clear as it will always create perceptions that could possibly affect the interpretation and may lead to abuse of discretion of one whose intention is to circumvent and evade the rights to be protected and the obligations that have to be preserve just like in the case of text advertisement/promotion of the mobile service providers and other instances in the above-mentioned paragraph.

The apprehension we have with the law is by reason of the vagueness of its provisions and the coverage of the information to be gathered or processed. As how Data Privacy Act should be construe, it shall “liberally in a manner mindful of the rights and interests of the individual”. Such interpretation, as I reiterate, may lead to abuse of discretion hence, questions affecting vested rights bestowed by the constitution will incur. We are not America where President Obama is at the liberty of saying that they have to strike the appropriate balance between security and privacy. Well, America is at war with different nations of the world and their technology is a far cry from ours.

The technology we have in the Philippines can be compared to a diskette while theirs is an external hard drive with 10 terabytes of memory. So while we are trying to emulate their laws, we are still struggling with how are we to even implement the statute, an example would be the implementation of RA 10175 otherwise known as Cyber Crime Prevention Act of 2012, probably the scarcity of details and not the violation of the right of free speech. Framers should made a clarification as to the issues embodying the law.

Implementation

To my opinion, because of the coverage of the law and considering vast change of our society and technology, it may result to the encroachment of the privacy of the people, considering that the government has the reputation of abusing the powers vested in them, malicious implementation of this law is inviolable.

In addition to that, there are other laws which are correlated upon implementation of Data Privacy Act which would likewise, give the public, ideas irrelevant to such law.

The right to Information and Privacy comes with an obligation to preserve the sanctity the determination of its limitation. The state, on the other hand, is responsible for managing and limiting conflicts arising from different interpretations and perceptions of the public, the determination of legitimate public concerns. Both of us (state and the people), have a fair share of responsibilities to be done, Balancing Rights and Managing Conflicts.

All that, we still have to go back to our social decorum which is, having permission to communicate and to acquire not only personal numbers but also details pertaining to your personal information and following the general principles not only laws made by the legislature, but also our traditions, norms that are existing prior to the creation of such law.

 

 At the end of the day, the intention of the law is to provide equality protection and prohibition against the malicious and unreasonable acts of the people and not to make rights ineffective. As the legal maxim “salus populi est suprema lex” says, the voice of the people will always be indispensable for the determination, interpretation and implementation of law.

 

 

 

 References:

inquirer.net/79534/data-privacy-act-of-2012

somo.law.com/news-details-php?id=1

Ayer vs. Capulong

1987 Philippine Constitution, Bill of Rights

R.A. 10173 (Data Privacy Act of 2012)

R.A. 10175 (Cyber Crime Law of 2012)

R.A. 8792 (e-Commerce Law)

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s