Professional Documents
Culture Documents
on Privacy
LIVING IN THE IT ERA - WEEK 8-9
The Issue:
Can a person request that his name be removed from such websites pertaining to Supreme
Court decided cases as the same is a violation of his right to privacy? Why? Why not?
The Answer:
No. A person cannot ask for such removal as the same does not constitute as a violation
of his right to privacy.
The Philippines has no specific law on privacy. However, the 1987 Constitution
tried to provide under its:
Article III (Bill of Rights) provisions for the right to privacy, namely:
Section 2. The right of the people to be secure in their persons, houses, papers, and
effects against unreasonable searches and seizures of whatever nature and for any
purpose shall be inviolable, and no search warrant or warrant of arrest shall issue except
upon probable cause to be determined personally by the judge after examination under
oath or affirmation of the complainant and the witnesses he may produce, and particularly
describing the place to be searched and the persons or things to be seized.
Section 3. (1) The privacy of communication and correspondence shall be inviolable
except upon lawful order of the court, or when public safety or order requires otherwise, as
prescribed by law.
(2) Any evidence obtained in violation of this or the preceding section shall be inadmissible
for any purpose in any proceeding.
Note also that under Section 7, Article III of the Constitution, the
right of the people to information on matters of public concern shall be
recognized. A citizen has the right to access to official records, and to
documents and papers pertaining to official acts, transactions, or
decisions, subject to the limitations provided by law. Hence, the case
being jurisprudence, one has the right to access such information.
Given the situation, a person cannot invoke that his right to privacy
has been violated because of the publication of his name along with the
case he was in as the right to privacy does not prohibit the publication of
matter which is of public or general interest.
The National Identification System
It‘s been two decades since the government first initiated the establishment of a
national ID system.
In 1996, then President Fidel Ramos issued Administrative Order No. 308 adopting
a National Computerized Identification System.
Unfortunately, the order was declared unconstitutional by the Supreme Court. In
striking down A.O. 308, the Supreme Court emphasized that the Court is not per se against
the use of computers to accumulate, store, process, retrieve and transmit data to improve
our bureaucracy. The Supreme Court also emphasized that the right to privacy does not
bar all incursions into the right to individual privacy. This right merely requires that the law
be narrowly focused and a compelling interest justify such intrusions. Intrusions into the
right must be accompanied by proper safeguards and well-defined standards to prevent
unconstitutional invasions.
• The right to privacy is a constitutional right, granted recognition independently of
its identification with liberty. It is recognized and enshrined in several provisions of
our Constitution, specifically in Sections 1, 2, 3 (1), 6, 8 and 17 of the Bill of
Rights. Zones of privacy are also recognized and protected in our laws, including
certain provisions of the Civil Code and the Revised Penal Code, as well as in
special laws (e.g., Anti-Wiretapping Law, the Secrecy of Bank Deposit Act and the
Intellectual Property Code).
• The right to privacy is a fundamental right guaranteed by the Constitution.
Therefore, it is the burden of government to show that A.O. 308 is justified by some
compelling state interest and that it is narrowly drawn. The government failed to
discharge this burden.
A.O. 308 is predicated on two considerations:
(1) the need to provide our citizens and foreigners with the facility to conveniently transact
business with basic service and social security providers and other government
instrumentalities and
(2) the need to reduce, if not totally eradicate, fraudulent transactions and
misrepresentations by persons seeking basic services. While it is debatable whether these
interests are compelling enough to warrant the issuance of A.O. 308, it is not arguable that
the broadness, the vagueness, the overbreadth of A.O. 308, if implemented, will put our
people‘s right to privacy in clear and present danger.
The heart of A.O. 308 lies in its Section 4 which provides for a Population Reference
Number (PRN) as a “common reference number to establish a linkage among concerned
agencies” through the use of “Biometrics Technology” and “computer application
designs.”
Biometry or biometrics is “the science of the application of statistical methods to
biological facts; a mathematical analysis of biological data.” The methods or forms of biological
encoding include finger-scanning and retinal scanning, as well as the method known as the
“artificial nose” and the thermogram. A.O. 308 does not state what specific biological
characteristics and what particular biometrics technology shall be used.
Moreover, A.O. 308 does not state whether encoding of data is limited to biological
information alone for identification purposes. The Solicitor General‘s claim that the adoption of
the Identification Reference System will contribute to the “generation of population data for
development planning” is an admission that the PRN will not be used solely for identification but
for the generation of other data with remote relation to the avowed purposes of A.O. 308. The
computer linkage gives other government agencies access to the information, but there are no
controls to guard against leakage of information. When the access code of the control programs
of the particular computer system is broken, an intruder, without fear of sanction or penalty, can
make use of the data for whatever purpose, or worse, manipulate the data stored within the
system.
A.O. 308 falls short of assuring that personal information which will be gathered
about our people will only be processed for unequivocally specified purposes. The
lack of proper safeguards in this regard of A.O. 308 may interfere with the
individual‘s liberty of abode and travel by enabling authorities to track down his
movement; it may also enable unscrupulous persons to access confidential
information and circumvent the right against self-incrimination; it may pave the way
for “fishing expeditions” by government authorities and evade the right against
unreasonable searches and seizures. The possibilities of abuse and misuse of the
PRN, biometrics and computer technology are accentuated when we consider that
the individual lacks control over what can be read or placed on his ID, much less
verify the correctness of the data encoded. They threaten the very abuses that the
Bill of Rights seeks to prevent.
Identity Theft in the Philippines
Today, personal information is captured, processed, and disseminated
in a bewildering variety of ways, and through increasingly
sophisticated, miniaturized, and distributed technologies: identity
cards, biometrics, video surveillance, the use of cookies and spyware
by websites, data mining and profiling, and many others.
The worm arrived in people‘s email boxes with a provocative subject line, ― “I LOVE
YOU: A love letter for you.” When recipients opened the attachment, ― “LOVE
LETTER-FOR-YOU.TXT.vbs,” they unwittingly infected their own computer with the
self_x0002_replicating worm as well as the computers of everyone in their contact list.
The author of the virus is believed to be Onel de Guzman, then 25, a student at
AMA Computer University in Makati.
What many people did not realize at the time was that de Guzman‘s original
intention for creating the worm was altruistic at its roots. In the Philippines, an hour‘s
worth of Internet access cost as much as half a day‘s wage: 100 pesos, the
equivalent of two dollars.
For his graduation thesis in computer science, de Guzman wrote a program that
would enable the average Filipino to get free Internet access by stealing passwords
from the rich. His school rejected his thesis because of its bandit nature, so he could
not graduate. Undeterred, de Guzman, with the help of friends, unleashed his virus
the day before the university held its graduation ceremony.
The Philippine authorities filed theft and other charges against Mr. de Guzman,
but dropped them in August because of insufficient evidence. The case against him
was weakened because at the time, the Philippines did not have laws governing
computer espionage.
Cybercrime Prevention Act of 2012 (Republic Act 10175)
The following are the punishable acts according to Chapter II of the Cybercrime Prevention Act of 2012:
SEC. 4. Cybercrime Offenses. — The following acts constitute the offense of cybercrime punishable
under this Act:
(a) Offenses against the confidentiality, integrity and availability of computer data and systems:
(1) Illegal Access. – The access to the whole or any part of a computer system without right.
(2) Illegal Interception. – The interception made by technical means without right of any non-public
transmission of computer data to, from, or within a computer system including electromagnetic emissions
from a computer system carrying such computer data.
(3) Data Interference. — The intentional or reckless alteration, damaging, deletion or deterioration of
computer data, electronic document, or electronic data message, without right, including the introduction
or transmission of viruses.
(4) System Interference. — The intentional alteration or reckless hindering or interference with the
functioning of a computer or computer network by inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data or program, electronic document, or electronic data
message, without right or authority, including the introduction or transmission of viruses.
(5) Misuse of Devices.
(i) The use, production, sale, procurement, importation, distribution, or otherwise making available, without
right, of:
(aa) A device, including a computer program, designed or adapted primarily for the purpose of committing
any of the offenses under this Act; or
(bb) A computer password, access code, or similar data by which the whole or any part of a computer
system is capableof being accessed with intent that it be used for the purpose of committing any of the
offenses under this Act.
(ii) The possession of an item referred to in paragraphs 5(i)(aa) or
(bb) above with intent to use said devices for the purpose of committing any of the offenses under this
section.
(6) Cyber-squatting. – The acquisition of a domain name over the internet in bad faith to profit,
mislead, destroy reputation, and deprive others from registering the same, if such a domain name is:
(i) Similar, identical, or confusingly similar to an existing trademark registered with the appropriate
government agency at the time of the domain name registration:
(ii) Identical or in any way similar with the name of a person other than the registrant, in case of a personal
name; and
(iii) Acquired without right or with intellectual property interests in it.
(b) Computer-related Offenses:
(1) Computer-related Forgery. —
(i) The input, alteration, or deletion of any computer data without right resulting in inauthentic
data with the intent that it be considered or acted upon for legal purposes as if it were
authentic, regardless whether or not the data is directly readable and intelligible; or
(ii) The act of knowingly using computer data which is the product of computer-related forgery
as defined herein, for the purpose of perpetuating a fraudulent or dishonest design.
(2) Computer-related Fraud. — The unauthorized input, alteration, or deletion of computer
data or program or interference in the functioning of a computer system, causing damage
thereby with fraudulent intent: Provided, That if no damage has yet been caused, the penalty
imposable shall be one (1) degree lower.
(3) Computer-related Identity Theft. – The intentional acquisition, use, misuse, transfer,
possession, alteration or deletion of identifying information belonging to another, whether
natural or juridical, without right: Provided, That if no damage has yet been caused, the
penalty imposable shall be one (1) degree lower.
(c) Content-related Offenses:
(1) Cybersex. — The willful engagement, maintenance, control, or
operation, directly or indirectly, of any lascivious exhibition of sexual
organs or sexual activity, with the aid of a computer system, for favor or
consideration.
(2) Child Pornography. — The unlawful or prohibited acts defined and
punishable by Republic Act No. 9775 or the Anti-Child Pornography Act
of 2009, committed through a computer system: Provided, that the
penalty to be imposed shall be (1) one degree higher than that provided
for in Republic Act No. 9775.
(3) Unsolicited Commercial Communications. — The transmission of commercial electronic
communication with the use of computer system which seek to advertise, sell, or offer for sale
products and services are prohibited unless:
(i) There is prior affirmative consent from the recipient; or
(ii) The primary intent of the communication is for service and/or administrative announcements from
the sender to its existing users, subscribers or customers; or
(iii) The following conditions are present:
(aa) The commercial electronic communication contains a simple, valid, and reliable way for the
recipient to reject. receipt of further commercial electronic messages (opt-out) from the same source;
(bb) The commercial electronic communication does not purposely disguise the source of the
electronic message; and
(cc) The commercial electronic communication does not purposely include misleading information
in any part of the message in order to induce the recipients to read the message.
(4) Libel. — The unlawful or prohibited acts of libel as defined in Article 355 of the Revised Penal
Code, as amended, committed through a computer system or any other similar means which may be
devised in the future.
SEC. 5. Other Offenses. — The following acts shall also constitute an offense:
(a) Aiding or Abetting in the Commission of Cybercrime. – Any person who
willfully abets or aids in the commission of any of the offenses enumerated in this Act
shall be held liable.
(b) Attempt in the Commission of Cybercrime. — Any person who willfully
attempts to commit any of the offenses enumerated in this Act shall be held liable.
Any person found guilty of any of the punishable acts enumerated in Section 4(c)(3) shall
be punished with imprisonment of arresto mayor or a fine of at least Fifty thousand pesos
(PhP50,000.00) but not exceeding Two hundred fifty thousand pesos (PhP250,000.00) or
both.
Any person found guilty of any of the punishable acts enumerated in Section 5 shall be
punished with imprisonment one (1) degree lower than that of the prescribed penalty for the
offense or a fine of at least One hundred thousand pesos (PhP100,000.00) but not exceeding
Five hundred thousand pesos (PhP500,000.00) or both.
The Data Privacy Act (RA 10173):
How is it implemented?
• RA 10173 protects and maintains the right of customers to
confidentiality by setting a legal list of rules for companies to
regulate the collection, handling, and disposal of all personal
information. Companies legally responsible for keeping their
customers‘ data protected from third parties or any form of misuse,
internally or externally.
The Data Privacy Act (RA 10173):
What is “consent?”
Consent of the data subject refers to any freely given, specific, informed
indication of will, whereby the data subject agrees to the collection and
processing of personal information about and/or relating to him or her. Consent
shall be evidenced by written, electronic or recorded means. It may also be given
on behalf of the data subject by an agent specifically authorized by the data
subject to do so (RA. No. 10173, Ch. 1, Sec. 1).
The Data Privacy Act (RA 10173):