Merge SpecCom Notes

THE DATA PRIVACY ACT
Republic Act No. 10173 and its Implementing Rules and

Regulations
“The right to be let alone is . . . the beginning of all freedom.“* It is
"the most comprehensive of rights and the right most valued by
civilized men.“**
(Morfe v. Mutuc, G.R. No. L-20387, January 31, 1968)
*Quoting the dissent of Justice Douglas in Public Utilities Commission v. Pollak, 343 U.S. 451, 467 (1952).
**Quoting the dissent of Justice Brandeis in Olmstead v. United States, 277 U.S. 438, 478 (1928).
THE RIGHT TO PRIVACY
• "the right to be free from unwarranted exploitation of one's person or from

intrusion into one's private activities in such a way as to cause humiliation
to a person's ordinary sensibilities.”
• "to be free from unwarranted publicity, or to live without unwarranted
interference by the public in matters in which the public is not necessarily
concerned."
• "the right to be let alone.“
(Spouses Hing v. Choachuy, Sr., G.R. No. 179736, June 26, 2013)
Indeed, if we extend our judicial gaze we will find that
the right of privacy is recognized and enshrined in several provisions of
our Constitution.
(Ople v. Torres, G.R. No. 127685, July 23, 1998)
THE BILL OF RIGHTS
The privacy of communication and correspondence shall be inviolable except upon

lawful order of the court, or when public safety or order requires otherwise as
prescribed by law.
(Sec. 3[1])
THE BILL OF RIGHTS
No person shall be deprived of life, liberty, or property

without due process of law, nor shall any person be denied
the equal protection of the laws.
(Sec. 1)
THE BILL OF RIGHTS
The right of the people to be secure in their persons, houses, papers, and
effects against unreasonable searches and seizures of whatever nature and
for any purpose shall be inviolable, and no search warrant or warrant of
arrest shall issue except upon probable cause to be determined personally
by the judge after examination under oath or affirmation of the
complainant and the witnesses he may produce, and particularly describing
the place to be searched and the persons or things to be seized.
(Sec. 2)
THE BILL OF RIGHTS
The liberty of abode and of changing the same within the

limits prescribed by law shall not be impaired except upon
lawful order of the court. Neither shall the right to travel be
impaired except in the interest of national security, public
safety, or public health as may be provided by law.
(Sec. 6)
THE BILL OF RIGHTS
The right of the people, including those employed in the public and
private sectors, to form unions, associations, or societies for purposes
not contrary to law shall not be abridged.
(Sec. 8)
THE BILL OF RIGHTS
No person shall be compelled to be a witness against himself.

(Sec. 17)
REASONABLE EXPECTATION OF PRIVACY
Two-part test:
(1) whether, by his conduct, the individual has exhibited an expectation
of privacy (subjective); and
(2) this expectation is one that society recognizes as reasonable
(objective).
(Ople v. Torres, G.R. No. 127685, July 23, 1998)
- Citing Rakas v. Illinois,439 U.S. 128 (1978)

REASONABLE EXPECTATION OF PRIVACY
Customs, community norms, and practices may, therefore, limit or extend

an individual's "reasonable expectation of privacy." Hence, the
reasonableness of a person's expectation of privacy must be determined
on a case-to-case basis since it depends on the factual circumstances
surrounding the case.
(Spouses Hing v. Choachuy, Sr., G.R. No. 179736, June 26, 2013)
IS THERE REASONABLE EXPECTATION OF
PRIVACY IN CYBERSPACE?
[H]aving an expectation of informational privacy is not necessarily

incompatible with engaging in cyberspace activities, including those
that occur in [Online Social Networks].
(Vivares v. St. Theresa's College, G.R. No. 202666, September 29, 2014)
PRIVACY IN OSN
Before one can have an expectation of privacy in his or her OSN activity, it is first
necessary that said user. . . manifest the intention to keep certain posts private, through
the employment of measures to prevent access thereto or to limit its visibility. And this
intention can materialize in cyberspace through the utilization of the OSN's privacy tools.
In other words, utilization of these privacy tools is the manifestation, in cyber world, of the
user's invocation of his or her right to informational privacy.
PRIVACY TOOLS IN OSN
It is through the availability of . . . privacy tools that many OSN users

are said to have a subjective expectation that only those to whom they
grant access to their profile will view the information they post or
upload thereto.
“FRIENDS” SETTING ON FB
[S]etting a post's or profile detail's privacy to "friends" does not guarantee

that the content will not be accessible to another user who is not Facebook
friends with the source thereof.
(Office of the Court Administrator v. Atillo, Jr., A.M. No. RTJ-21-018, [September 29, 2021])
IN OTHER WORDS . . .
The intention to limit access to [a] particular post, instead of being broadcasted to the
public at large or all the user's friends en masse, [is] more manifest and palpable [by
the use of] the "Me Only" privacy setting, or the "Custom" setting [of Facebook or
Meta.]
(a restatement of Vivares v. St. Theresa's College, G.R. No. 202666, September 29, 2014)
THE RIGHT TO PRIVACY
• As for the exclusionary rule, the Bill of Rights was intended to protect
private individuals against government intrusions.
• Violation of the right to privacy between individuals is properly governed
by the provisions of the Civil Code, the Data Privacy Act, and other
pertinent laws. Admissibility shall be governed by the rules on relevance,
materiality, authentication of documents, and the exclusionary rules under
the Rules on Evidence.
(Cadajas y Cabias v. People, G.R. No. 247348, November 16, 2021)
CIVIL CODE PROVISIONS ON PRIVACY
Every person shall respect the dignity, personality, privacy and

peace of mind of his neighbors and other persons. The following and
similar acts, though they may not constitute a criminal offense, shall
produce a cause of action for damages, prevention and other relief:
(1) Prying into the privacy of another's residence;

(2) Meddling with or disturbing the private life or family relations of
another;
...
(Art. 26, NCC)
CIVIL CODE PROVISIONS ON PRIVACY
Any public officer or • The right against deprivation of

employee, or any private property without due process of law;
individual, who directly or
indirectly obstructs, defeats, • The right to be secure in one's
person, house, papers, and effects
violates or in any manner
against unreasonable searches and
impedes or impairs any of the seizures;
following rights and liberties
(among others) of another • The privacy of communication and
person shall be liable to the correspondence;
latter for damages:
• Freedom from being compelled to
be a witness against one's self;
(Art. 32, NCC)
OTHER PERTINENT LAWS ON PRIVACY
• Cybercrime Prevention Act • The Anti-Wiretapping Act
• Anti-Photo Voyeurism Act • The Revised Penal Code
• Anti-Child Pornography Act • Others (Rule on the Writ of Habeas

Data)
• Access Devices Regulation Act
• Electronic Commerce Act
• DICT Law
• Bank Secrecy Law
• Foreign Currency Deposit Act
THREE STRANDS OF THE RIGHT TO PRIVACY
• Locational or situational privacy

• Informational privacy
• Decisional privacy
(Vivares v. St. Theresa's College, G.R. No. 202666, [September 29, 2014])
Locational privacy, also known as situational privacy, pertains to privacy
that is felt in a physical space. It may be violated through an act of trespass
or through an unlawful search.
(Separate opinion of Justice Leonen* in Versoza v. People, G.R. No. 184535, September 3, 2019)
* Quoting Former Chief Justice Puno in his speech “The Common Right to Privacy.”
Decisional privacy involves the right to independence in making certain important
decisions, while informational privacy refers to the interest in avoiding disclosure of
personal matters.
(Disini, Jr. v. Secretary of Justice, G.R. Nos. 203335, etc., February 18, 2014)
- Citing Whalen v. Roe, 429 U.S. 589 (1977)

Decisional privacy, regarded as the most controversial among the three, refers
to one's right "to make certain kinds of fundamental choices with respect to
their personal and reproductive autonomy." It finds relevance in matters that
involve one's reproductive health.
(Versoza v. People, G.R. No. 184535 (Resolution), [September 3, 2019])
- See also Vivares v. St. Theresa’s College, G.R. No. 202666, September 29, 2014; both cases cite Justice Puno’s speech, “The
Common Right to Privacy.”
THE DPA PROTECTS INFORMATIONAL PRIVACY
Informational privacy is the right to control information about oneself.
(Vivares v. St. Theresa's College, G.R. No. 202666, [September 29, 2014])
INFORMATIONAL PRIVACY HAS THE FOLLOWING
ASPECTS:
(1) to keep inalienable information to themselves;

(2) to prevent first disclosure;
(3) to prevent further dissemination in case the information has already been
disclosed.
(4) the right to be forgotten, or the right to prevent the storage of data.
(Cadajas v. People, G.R. No. 247348, [November 16, 2021])

WHAT IS THE DATA PRIVACY ACT?
AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND

COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR,
CREATING FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR
OTHER PURPOSES
THE DATA PRIVACY ACT
Republic Act No. 10173 was signed into law

on August 15, 2012.
INTERNATIONAL DATA SECURITY STANDARDS
The . . . Data Privacy Act was based heavily [on] Directive 95/46/EC* of the
European Parliament and Council and is at par with the Asia Pacific Economic
Cooperation (APEC) Information Privacy Framework** standards.
(Senate of the Philippines, 19th Congress, Press Release, March 20, 2012)
• * has since been repealed by Regulation 2016/679.

• ** then version 2005. Now updated 2015.
THE POLICY OF THE LAW
It is the policy of the State to protect the fundamental human right of

privacy of communication while ensuring free flow of information to
promote innovation and growth. The State recognizes the vital role of
information and communications technology in nation-building and its
inherent obligation to ensure that personal information in information and
communications systems in the government and in the private sector are
secured and protected.
(Sec. 2, DPA)
INTERPRETATION
Any doubt in the interpretation of any provision of this Act shall

be liberally interpreted in a manner mindful of the rights and
interests of the individual about whom personal information is
processed.
(Sec. 38, DPA)
The law has the twin task of protecting the right to privacy while ensuring
the free flow of information. This means recognizing the fundamental right
of individuals to the protection of the privacy of their personal data, and at
the same time, recognizing interests of the government and the private
sector in the processing of personal data which is vital in the
implementation of constitutional and statutory mandates and in lawful
business operations, respectively.
(NPC, Advisory Opinion, No. 2022-0241)
The DPA indeed concerns itself with the free flow of data but limited to the
specific context of personal data processing . . ..
(NPC, Advisory Opinion, No. 2022-0241)
SCOPE
The law applies to the processing of all types of

personal information and to any natural and juridical
person involved in personal information processing,
in the government or private sector.
(Sec. 4, DPA; Sec. 4, IRR)
The Law regulates, through the National Privacy Commission, the
processing of personal data, which includes all types of personal
information.
PROCESSING OF PERSONAL DATA
"Processing" refers to any operation or any set of operations performed

upon personal data including, but not limited to, the collection, recording,
organization, storage, updating or modification, retrieval, consultation, use,
consolidation, blocking, erasure or destruction of data. Processing may be
performed through automated means, or manual processing, if the personal
data are contained or are intended to be contained in a filing system.
(IRR, DPA, Sec. 3[o])
EXTRATERRITORIAL SCOPE
The law applies to an act done or practice engaged in and outside of the Philippines if:
a. The natural or juridical person involved in the processing of personal data is found
or established in the Philippines;
b. The act, practice or processing relates to personal data about a Philippine citizen
or Philippine resident;
c. The processing of personal data is being done in the Philippines; or
d. The act, practice or processing of personal data is done or engaged in by an entity

with links to the Philippines, with due consideration to international law and comity.
(Sec. 4, IRR)
EXAMPLES OF AN ENTITY WITH LINKS TO THE
PHILIPPINES
1. Use of equipment located in the country, or maintains an office, branch or agency in
the Philippines for processing of personal data;
2. A contract is entered in the Philippines;
3. A juridical entity unincorporated in the Philippines but has central management and
control in the country;
4. An entity that has a branch, agency, office or subsidiary in the Philippines and the
parent or affiliate of the Philippine entity has access to personal data;
5. An entity that carries on business in the Philippines;
6. An entity that collects or holds personal data in the Philippines.
(Sec. 4[d], IRR)
EXEMPTIONS
The DPA does not apply to information processed in the following cases:
1. Matters of public concern (i.e., government employee, government contractor, license
grantee)
2. Journalistic, artistic, or literary purpose
3. Research purposes intended for public benefit
4. For performance of law enforcement or regulatory functions of public authority
5. For compliance by banks and other financial institutions with the CISA, AMLA, or other
laws applicable to them
6. Residents of foreign jurisdictions with applicable data privacy law
BUT . . .
• the non-applicability of the Act or these Rules do not extend to personal

information controllers or personal information processors, who remain
subject to the requirements of implementing security measures for
personal data protection;
• the processing of the information provided in the preceding paragraphs
shall be exempted from the requirements of the Act only to the minimum
extent necessary to achieve the specific purpose, function, or activity.
(Sec. 5, IRR)
PRIVACY.GOV.PH QUICK GUIDE
THE DATA SUBJECT
THE DATA SUBJECT
“Data subject” refers to an individual whose personal information is

processed.
(Sec. 3[c], DPA)
WHAT IS PERSONAL INFORMATION?
“Personal information” refers to any information whether recorded in a

material form or not, from which the identity of an individual is apparent or
can be reasonably and directly ascertained by the entity holding the
information, or when put together with other information would directly and
certainly identify an individual.
(Sec. 3[g], DPA)
PERSONAL INFORMATION
The usual identifying information regarding a person includes his name, his
citizenship, his residence address, his contact number, his place and date of birth, the
name of his spouse if any, his occupation, and similar data.
(Disini, Jr. v. Secretary of Justice, G.R. Nos. 203335, etc., February 18, 2014)
WHAT IS PRIVILEGED INFORMATION?
"Privileged information" refers to any and all forms of data,

which, under the Rules of Court and other pertinent laws
constitute privileged communication.
(Sec. 3 [g], DPA)
WHAT IS SENSITIVE PERSONAL INFORMATION?
Ethnic Marital
Race Age Color
origin status
Religious Philosophical Political

Affiliations Inclinations affiliations Health Education
Proceeding for any Information to be

Information issued
Genetic or offense committed kept classified as
by government
or alleged to have established by an
Sexual life agencies peculiar to
been committed by executive order or
an individual
an individual an act of Congress
RIGHTS OF THE DATA SUBJECT
a. Right to be informed
b. Right to object
c. Right to access
d. Right to rectification
e. Right to erasure or blocking
f. Right to Data Portability
g. Right to damages
h. Right to lodge a complaint before the commission
RIGHT TO DATA PORTABILITY
Where his or her personal data is processed by electronic means and in a

structured and commonly used format, the data subject shall have the right
to obtain from the personal information controller a copy of such data in an
electronic or structured format that is commonly used and allows for further
use by the data subject. The exercise of this right shall primarily take into
account the right of data subject to have control over his or her personal
data being processed based on consent or contract, for commercial
purpose, or through automated means.
(Sec. 36, IRR)
TRANSMISSIBILITY OF RIGHTS
The lawful heirs and assigns of the data subject may invoke the
rights of the data subject to which he or she is an heir or an
assignee, at any time after the death of the data subject, or
when the data subject is incapacitated or incapable of exercising
the rights as enumerated in the immediately preceding section.
(Sec. 35, IRR)
LIMITATIONS OF RIGHTS
The rights of a data subject shall not be applicable to personal data

gathered:
• for the needs of scientific and statistical research and, on the basis of
such, no activities are carried out and no decisions are taken regarding
the data subject;
• for the purpose of investigations in relation to any criminal, administrative
or tax liabilities of a data subject.
(Sec. 19, DPA)
Any limitations on the rights of the data subject shall only be to the
minimum extent necessary to achieve the purpose of said research or
investigation. (Sec. 37, IRR)
PROTECTION AFFORDED TO JOURNALISTS
AND THEIR SOURCES
• “Journalists” shall not be compelled to reveal their source if the information was related
in any confidence to such journalist.
• “Journalists” who are likewise personal information controllers or personal information
processors within the meaning of the law are still bound to follow the Data Privacy Act
and related issuances with regard to the processing of personal data, upholding rights of
their data subjects and maintaining compliance with other provisions that are not
incompatible with the protection provided by Republic Act No. 53.
(Sec. 7, IRR)
• The DPA did not repeal or amend Republic Act No. 53. (Sec. 5, DPA)
RECALL THAT THE LAW . . .
. . . applies to . . . any natural and juridical person

involved in personal information processing . . . . .
. . . which brings us to . . .
THE PERSONAL INFORMATION CONTROLLER
"Personal information controller" refers to a natural
or juridical person, or any other body who controls the
processing of personal data, or instructs another to
process personal data on its behalf. The term excludes:
WHO IS A • A natural or juridical person, or any other body,

PERSONAL who performs such functions as instructed by
another person or organization; or
INFORMATION • A natural person who processes personal data in
CONTROLLER? connection with his or her personal, family, or
household affairs;
There is control if the natural or juridical person or any

other body decides on what information is collected, or
the purpose or extent of its processing.
(Sec. 3 [m])
A person who sets up CCTV for household purposes is not a PIC but if the
CCTV faces outward and captures images of individuals beyond the
boundaries of such property as where it monitors a public space, the
operator is deemed a PIC and subject to the obligations under the DPA.
(NPC Advisory 20-04)
The use of closed-circuit television (CCTV) is expressly allowed under the
Safe Space Act but subject to regulations implementing
the Data Privacy Act. Moreover, the use of CCTV by a private individual
on private property is subject to Art. 26 (1) of the Civil Code.
(Calleja v. Executive Secretary, G.R. Nos. 252578, etc., December 7, 2021)
PICs and PIPs shall provide CCTV notices which are readily visible and
prominent within their premises, such as at points of entry, or other
conspicuous areas. The CCTV notices shall provide information to the
public that there is a CCTV system in operation in clear, plain, and concise
language.
(Sec. 4[C], NPC Advisory 2020-04)
PRINCIPLE OF ACCOUNTABILITY
Each personal information controller is responsible for personal

information under its control or custody, including information that has
been transferred to a third party for processing, whether domestically
or internationally, subject to cross-border arrangement and
cooperation.
(Sec. 21, DPA)
BEING ACCOUNTABLE, THE DATA
CONTROLLER SHALL . . .
• Provide, by contractual or other means, a comparable level of

protection while the information is being processed by a third party;
• Designate an individual or individuals who are accountable for the

organization's compliance with this Act (the Data Protection Officer)
(Sec. 21, DPA)
PRINCIPLE OF ACCOUNTABILITY
A personal information controller may subcontract the processing of personal

information: Provided, That the personal information controller shall be responsible
for ensuring that proper safeguards are in place to ensure the confidentiality of the
personal information processed, prevent its use for unauthorized purposes, and
generally, comply with the requirements of this Act and other laws for processing of
personal information. The personal information processor shall comply with all the
requirements of this Act and other applicable laws.
(Sec. 14, DPA)
The PIC cannot surrender its accountability and responsibility to prevent any unauthorized
processing under the DPA to the Personal Information Processor (PIP). . . . (R)espondent
cannot be absolved of its violations of the DPA on the argument that the processing for
purposes of collections was subcontracted. (R)espondent cannot escape the fact that it
was in the position to control and exercise discretion over what personal information it
processed and the extent of its processing
(In Re: FLI Operating ABC Online Lending Application, NPC 19-910, 17 December 2020)
THE PERSONAL INFORMATION PROCESSOR
WHO IS A PERSONAL INFORMATION
PROCESSOR?
"Personal information processor" refers to any natural or juridical person or any

other body to whom a personal information controller may outsource or instruct
the processing of personal data pertaining to a data subject;
(Sec. 3 [m])
PROCESSING SHOULD COMPLY WITH THE
FOLLOWING . . .
• Criteria for lawful processing
• General data privacy principles for processing (i.e, transparency, legitimate

purpose, proportionality)
• General principles of collection, processing, and retention
CRITERIA FOR LAWFUL PROCESSING OF
PERSONAL INFORMATION
Consent of the Data Subject
To fulfill a contract or enter into one
Protect vital interests, including Life and Health of Data Subject
Pursuant to a Legal Obligation of the PIC
National emergency/Public Order and Safety, as prescribed by law
To fulfill functions of public authority which necessarily includes processing of personal data
Legitimate interests of the PIC or third parties, except if against Constitutional rights
(Sec. 12, DPA)

CRITERIA FOR LAWFUL PROCESSING OF
SENSITIVE/PRIVILEGED PERSONAL INFORMATION
Protect Life and Health of

Consent of the Data Provided by existing laws DS or another person
Subject and regulations where DS cannot give
consent
Lawful rights and interests

Lawful and non- Medical Treatment done in court proceedings/
commercial objectives of by a medical practitioner, defense of legal
organizations/associations with adequate safeguards claims/given to public
authority
(Sec. 13, DPA)

“Consent of the Data Subject” refers to any freely given, specific,
informed indication of will, whereby the data subject agrees to the
collection and processing of his or her personal, sensitive personal, or
privileged information. Consent shall be evidenced by written,
electronic or recorded means. It may also be given on behalf of a data
subject by a lawful representative or an agent specifically authorized by
the data subject to do so.
(Sec. 3[b], DPA; Sec. 3[c], IRR)
These circumstances, taken together, evince the undue pressure, if not
outright intimidation and harassment, that Pieceland, et al. deliberately
applied to MNLCI members. Indubitably, “consent” given in the wake of the
foregoing incidents cannot satisfy the requirement of free and intelligent
consent required under the Data Privacy Act.
(Pieceland Corporation v. Manila New Life Church Inc., Court of Appeals,
CA-G.R. SP No. 168952, December 14, 2021 [NPC Case No. 19-528])
Sec. 13 (f) may refer to legal claims of persons other than those who
processed the personal information, in this case, the act of Respondent in
issuing the Affidavit to support a legal claim of the third person who filed the
Administrative Complaint before the DepEd against the Complainant.
(JDB v. JME, NPC 21-032, 16 May 2022)
GENERAL DATA PRIVACY PRINCIPLES ON
PROCESSING OF PERSONAL INFO
The processing of personal information shall be allowed, subject to

compliance with the requirements of this Act and other laws allowing
disclosure of information to the public and adherence to the principles of
transparency, legitimate purpose and proportionality.
(Sec. 11)
PRINCIPLE OF TRANSPARENCY
The data subject must be aware of the nature, purpose, and extent
of the processing of his or her personal data, including the risks and
safeguards involved, the identity of personal information controller,
his or her rights as a data subject, and how these can be exercised.
Any information and communication relating to the processing of
personal data should be easy to access and understand, using clear
and plain language.
(Sec. 19 [a], IRR)
PRINCIPLE OF LEGITIMATE PURPOSE
The processing of information shall be compatible with a declared

and specified purpose which must not be contrary to law, morals,
or public policy.
(Sec. 18 [b]. IRR)
PRINCIPLE OF PROPORTIONALITY
The processing of information shall be adequate, relevant, suitable,

necessary, and not excessive in relation to a declared and specified
purpose. Personal data shall be processed only if the purpose of the
processing could not reasonably be fulfilled by other means.
(Sec. 18 [c])
a. Collection must be for a declared,
specified, and legitimate purpose;
b. Personal data shall be processed fairly
GENERAL PRINCIPLES and lawfully;
IN COLLECTION, c. Processing should ensure data quality;
PROCESSING AND d. Personal Data shall not be retained
RETENTION longer than necessary; and
e. Any authorized further processing shall
have adequate safeguards.

WHAT ABOUT DATA SHARING?
“Data sharing” is the disclosure or transfer to a third party of personal

data under the custody of a personal information controller or
personal information processor. In the case of the latter, such
disclosure or transfer must have been upon the instructions of the
personal information controller concerned. The term excludes
outsourcing, or the disclosure or transfer of personal data by a
personal information controller to a personal information processor.
(Sec. 3[f], IRR)
PRINCIPLES OF DATA SHARING
• Data sharing shall be allowed when it is expressly authorized by law, Provided, there
are adequate safeguards;
• Data Sharing shall be allowed in the private sector if the data subject consents to data
sharing;
• Data sharing for purpose of research shall be allowed when the personal data is
publicly available, or has the consent of the data subject for purpose of
research, Provided, adequate safeguards are in place, and no decision directly affecting
the data subject shall be made on the basis of the data collected or processed.
• Data sharing between government agencies for the purpose of a public function or
provision of a public service shall be covered by a data sharing agreement.
(Sec. 21, IRR)
IN RELATION TO DATA SHARING . . .
The Bill of Rights guarantees the right of the people to information on

matters of public concern, subject to limitations provided by law:
SECTION 7. The right of the people to information on matters of public concern shall be
recognized. Access to official records, and to documents, and papers pertaining to official
acts, transactions, or decisions, as well as to government research data used as basis for
policy development, shall be afforded the citizen, subject to such limitations as may be
provided by law.
EXECUTIVE ORDER NO. 2, 2016
OPERATIONALIZING IN THE EXECUTIVE BRANCH THE PEOPLE’S CONSTITUTIONAL

RIGHT TO INFORMATION AND THE STATE POLICIES TO FULL PUBLIC DISCLOSURE
AND TRANSPARENCY IN THE PUBLIC SERVICE AND PROVIDING GUIDELINES
THEREFOR
INVENTORY OF EXCEPTIONS TO EO NO. 2
1. Information covered by Executive privilege;
2. Privileged information relating to national security, defense or international relations;
3. Information concerning law enforcement and protection of public and personal safety;
4. Information deemed confidential for the protection of the privacy of persons and certain
individuals such as minors, victims of crimes, or the accused;
5. Information, documents or records known by reason of official capacity and are deemed as
confidential, including those submitted or disclosed by entities to government agencies, tribunals,
boards, or officers, in relation to the performance of their functions, or to inquiries or investigation
conducted by them in the exercise of their administrative, regulatory or quasi-judicial powers;
6. Prejudicial premature disclosure;
7. Records of proceedings or information from proceedings which, pursuant to law or relevant rules
and regulations, are seated as confidential or privileged;
8. Matters considered confidential under banking and finance laws, and their amendatory laws; and
9. Other exceptions to the right to information under laws, jurisprudence, and regulations.
(Memorandum from the Executive Secretary dated November 24, 2016)

THERE MUST BE ADEQUATE SAFEGUARDS
The accountability principle as well as the criteria and principles of data

processing and data sharing require that adequate safeguards are in place,
for both information controller and information processor, to protect the
privacy of personal data.
(Secs. 11, 12, 13 and 14, DPA)
EVEN EO NO. 2 PROTECTS PRIVACY
While providing access to information, public records, and official records, responsible officials shall afford
full protection to an individual's right to privacy as follows:
(a) Each government office per Section 2 hereof shall ensure that personal information in its custody or
under its control is disclosed or released only if it is material or relevant to the subject matter of the
request and its disclosure is permissible under this Order or existing laws, rules or regulations;
(b) Each government office must protect personal information in its custody or control by making
reasonable security arrangements against leaks or premature disclosure of personal information which
unduly exposes the individual whose personal information is requested to vilification, harassment, or
any other wrongful acts, and
(c) Any employee or official of a government office per Section 2 hereof who has access, authorized or
unauthorized, to personal information in the custody of the office must not disclose that information
except when authorized under this, Order or pursuant to existing laws, rules or regulations.
(Sec. 7, EO2)
HENCE, THE NEED FOR SECURITY MEASURES
TO PROTECT PERSONAL DATA
Personal information controllers and personal information

processors shall implement reasonable and appropriate
organizational, physical, and technical security measures for
the protection of personal data.
GUIDELINES FOR ORGANIZATIONAL SECURITY
• Compliance Officers/Data Protection Officer

• Data Protection Policies
• Records of Processing Activities
• Management of Human Resources
• Processing of Personal Data
• Contracts with Personal Information Processors
(Sec. 26, IRR)
GUIDELINES FOR PHYSICAL SECURITY
• Policies and Procedures to monitor and limit access and activities

• Design of office space and workstations
• Clearly define duties, responsibilities and schedule of individuals involved in the
processing
• Policies and procedures regarding the transfer, removal, disposal, and re-use of
electronic media
• Policies and procedures that prevent the mechanical destruction of files and
equipment shall be established
(Sec. 27, IRR)
GUIDELINES FOR TECHNICAL SECURITY
a. A security policy with respect to the processing of personal data;
b. Safeguards to protect their computer network against accidental, unlawful or unauthorized
usage
c. Ensure confidentiality, integrity, availability, and resilience
d. Regular monitoring for security breaches, and a process both for identifying and assessing
vulnerabilities, and for taking preventive, corrective, and mitigating action
e. The ability to restore the availability and access to personal data in a timely manner
f. A process for regularly testing, assessing, and evaluating the effectiveness of security
measures;
g. Encryption of personal data during storage and while in transit, authentication process, and
other technical security measures that control and limit access.
(Sec. 27, IRR)

Also, to observe the criteria for lawful processing of personal and sensitive personal information.
THE NATIONAL PRIVACY COMMISSION
FUNCTIONS OF THE NPC
• Rule Making
• Advisory
• Public Education
• Compliance and Monitoring
• Complaints and Investigations
• Enforcement
• Other functions
(Sec. 9, IRR)
COMPLIANCE AND MONITORING
• Registration of personal data processing systems operating in the country that

involves accessing or requiring sensitive personal information of at least one
thousand (1,000) individuals;
• Notification of automated processing operations where the processing
becomes the sole basis of making decisions that would significantly affect the
data subject;
• Annual report of the summary of documented security incidents and personal
data breaches; and
• Compliance with other requirements that may be provided in other issuances
of the Commission.
(Sec. 46, IRR)
REGISTRATION OF PERSONAL DATA
PROCESSING SYSTEMS
• Registration of personal data processing systems operating in the country that
involves accessing or requiring sensitive personal information of at least one
thousand (1,000) individuals, including the personal data processing system of
contractors, and their personnel, entering into contracts with government agencies;
(Sec. 46[a], DPA)
• The personal information controller or personal information processor that

employs fewer than two hundred fifty (250) persons shall not be required to
register unless the processing it carries out is likely to pose a risk to the rights and
freedoms of data subjects, the processing is not occasional, or the processing
includes sensitive personal information of at least one thousand (1,000) individuals.
(Sec. 47, DPA)
NOTIFICATION OF AUTOMATED PROCESSING
SYSTEMS
The personal information controller carrying out any wholly or partly
automated processing operations or set of such operations intended to
serve a single purpose or several related purposes shall notify the
Commission when the automated processing becomes the sole basis
for making decisions about a data subject, and when the decision
would significantly affect the data subject.
(Sec. 48, DPA)
NOTIFICATION OF AUTOMATED PROCESSING
SYSTEMS
No decision with legal effects concerning a data subject shall

be made solely on the basis of automated processing
without the consent of the data subject.
(Sec. 48 [b], DPA)
ANNUAL REPORTS
All security incidents and personal data breaches shall be documented through
written reports, including those not covered by the notification requirements. In the
case of personal data breaches, a report shall include the facts surrounding an
incident, the effects of such incident, and the remedial actions taken by the personal
information controller. In other security incidents not involving personal data, a
report containing aggregated data shall constitute sufficient documentation. These
reports shall be made available when requested by the Commission. A general
summary of the reports shall be submitted to the Commission annually.
(Sec. 41[b], IRR)
"Security incident" is an event or occurrence
that affects or tends to affect data protection,
or may compromise the availability, integrity
and confidentiality of personal data. It
includes incidents that would result to a
personal data breach, if not for safeguards
that have been put in place.
"Personal data breach" refers to a breach of
security leading to the accidental or unlawful
destruction, loss, alteration, unauthorized
disclosure of, or access to, personal data
transmitted, stored, or otherwise processed;
DATA BREACH NOTIFICATION
The personal information controller shall promptly notify the Commission and
affected data subjects when:
• sensitive personal information; or
• other information that may, under the circumstances, be used to enable identity
fraud
• are reasonably believed to have been acquired by an unauthorized person; and
• the personal information controller or the Commission believes that such
unauthorized acquisition is likely to give rise to a real risk of serious harm to any
affected data subject.
(Sec. 20[f], DPA)
DATA BREACH NOTIFICATION
Within 72 hours . . .
upon knowledge of, or when there is reasonable belief by the personal information controller
or personal information processor that, a personal data breach requiring notification has
occurred.
(Sec. 38[a], IRR)
CONTENT OF THE NOTICE
The notification shall at least describe the nature of the breach, the
sensitive personal information possibly involved, and the measures
taken by the entity to address the breach. Notification may be delayed
only to the extent necessary to determine the scope of the breach, to
prevent further disclosures, or to restore reasonable integrity to the
information and communications system.
(Sec. 20[f], DPA)
The content and information of the complete breach report is needed by
the Commission in order to determine whether [a PIC] has acted
adequately in order to protect the rights of the affected data subject and to
see if [it] has undertaken measures to avoid further damage and prevent
similar incidents from recurrence.
(In Re: Rokko & Associates, Inc., CID BN 19-034, 21 September 2020)
Notification of data subjects of a personal data breach is the general rule and exemptions
are allowed only under specific circumstances. The purpose of the requirement to notify
data subjects of a breach incident is to give them the opportunity to take the necessary
precautions or such other measures to protect themselves against possible effects of the
breach. PICs are likewise required to establish all reasonable mechanisms to ensure that
all affected data subjects are made aware of the breach. A delay in notification can cause
harm to affected data subjects as they cannot protect themselves from the consequences
of the breach.
(IN RE: BPI PHILAMLIFE ASSURANCE CORP., NPC BN No. 21-054, 15 April 2021)
COMPLIANCE WITH OTHER REQUIREMENTS

QUASI-JUDICIAL POWER
THE NPC SHALL . . .
Receive complaints, institute investigations, facilitate or enable

settlement of complaints through the use of alternative dispute
resolution processes, adjudicate, award indemnity on matters affecting
any personal information, prepare reports on disposition of complaints
and resolution of any investigation it initiates, and, in cases it deems
appropriate, publicize any such report;
(Sec. 7[b], DPA)
THE NPC CAN ALSO . . .
Issue cease and desist orders, impose a temporary or permanent ban

on the processing of personal information, upon finding that the
processing will be detrimental to national security and public interest;
(Sec. 7[c], DPA)
APPEALS
Appeal from final decisions of the Commission shall be made to the

proper courts in accordance with the Rules of Court, or as may be
prescribed by law.
(Sec. 66)
AVAILABLE SANCTIONS FOR VIOLATION OF
THE DPA
Violation of the Act is punishable criminally, civilly, and administratively.

CRIMINAL SANCTIONS
Recommend to the Department of Justice (DOJ) the prosecution and
imposition of penalties specified in Sections 25 to 29 of this Act;
(Sec. 7[i], DPA)
The president of a condo corporation posted a letter, containing complainants’ personal
information as delinquent unit owners with unpaid dues, in public spaces of the condo, and
published the same in a magazine distributed to unit owners.
This is unauthorized disclosure. Unauthorized disclosure is committed when a perpetrator
processes personal information without any lawful basis; conversely, the presence of any lawful
criteria is sufficient to justify the processing of personal or sensitive personal information.
Requisites unauthorized disclosure: (1) perpetrator is PIC/P; (2) perpetrator disclosed
information; (3) information relates to personal or sensitive personal information; (4) perpetrator
disclosed personal or sensitive personal information to a third party; (5) disclosure was without
any lawful basis; (6) disclosure is neither malicious nor done in bad faith and information
disclosed is not unwarranted nor false.
(MVC v. DSL, NPC 21-010 to 015, 3 February 2022)
IF THE OFFENDER IS A JURIDICAL PERSON
• the penalty shall be imposed upon the responsible officers,

as the case may be, who participated in, or by their gross
negligence, allowed the commission of the crime.
• the court may suspend or revoke any of its rights under the
DPA.
(Sec. 34, DPA)
IF THE OFFENDER IS AN ALIEN
• he or she shall, in addition to the penalties herein

prescribed, be deported without further proceedings after
serving the penalties prescribed.
(Sec. 34, DPA)
IF THE OFFENDER IS A PUBLIC OFFICIAL OR
EMPLOYEE
. . . and such public official or employee is found guilty of acts penalized

under Sections 27 and 28 of this Act, he or she shall, in addition to the
penalties prescribed herein, suffer perpetual or temporary absolute
disqualification from office, as the case may be.
(Sec. 34, DPA)
IF THE OFFENDER IS A PUBLIC OFFICER
When the offender or the person responsible for the offense is a

public officer as defined in the Administrative Code of the
Philippines in the exercise of his or her duties, an accessory
penalty consisting in the disqualification to occupy public office
for a term double the term of criminal penalty imposed shall be
applied.
(Sec. 36, DPA)

LARGE-SCALE OFFENSE
The maximum penalty in the scale of penalties respectively provided

for the preceding offenses shall be imposed when the personal
information of at least one hundred (100) persons is harmed, affected
or involved as the result of the abovementioned actions.
(Sec. 35, DPA)
CIVIL INDEMNITY
RESTITUTION AND INDEMNITY
• Restitution for any aggrieved party shall be governed by the provisions of the New Civil
Code. (Sec. 37, DPA)
• Pursuant to the exercise of its quasi-judicial functions, the Commission shall award
indemnity to an aggrieved party on the basis of the provisions of the New Civil Code.
Any complaint filed by a data subject shall be subject to the payment of filing fees,
unless the data subject is an indigent.(Sec. 7[b], DPA; Sec. 64, IRR)
ADMINISTRATIVE SANCTIONS
CEO, CDO, BAN, FINE
Violations of the Act, these Rules, other issuances and orders of the
Commission, shall, upon notice and hearing, be subject to compliance and
enforcement orders, cease and desist orders, temporary or permanent ban
on the processing of personal data, or payment of fines, in accordance with
a schedule to be published by the Commission.
(Sec. 65. IRR)
LIST OF CASES
CASES
General Privacy Cases:
• Morfe v. Mutuc, G.R. No. L-20387, January 31, 1968
• People v. Marti, G.R. No. 81561, January 18, 1991

• Ople v. Torres, G.R. No. 127685, July 23, 1998
• Pollo v. Constantino-David, G.R. No. 181881, October 18, 2011
• Disini, Jr. v. Secretary of Justice, G.R. Nos. 203335, etc., February 18, 2014
• De Leon v. Duterte, G.R. No. 252118, May 8, 2020
• Kilusang Mayo Uno v. Director-General, G.R. Nos. 167798 & 167930, April 19, 2006
CASES

• Roan v. Gonzales, G.R. No. 71410, November 25, 1986
• Abines v. Duque III, G.R. No. 235891, [September 20, 2022])

• Sister Versoza v. People, G.R. No. 184535 (Resolution), [September 3, 2019])
• White Light Corp. v. City of Manila, G.R. No. 122846, [January 20, 2009], 596 PHIL 444-472)
• In the Matter of the Petition for Writ of Habeas Corpus/Data v. De Lima, G.R. Nos. 215585 &
215768, [September 8, 2020])
• Hilado v. Reyes, G.R. No. 163155, July 21, 2006
• Zarate v. Aquino III, G.R. No. 220028 (Notice), November 10, 2015
CASES
• Re Request for Copy of 2008 SALN, A.M. Nos. 09-8-6-SC & 09-8-07-CA (Resolution), June 13,
2012
• Subido Pagente Certeza Mendoza and Binay Law Offices v. Court of Appeals, G.R. No. 216914,
December 6, 2016
• Re: Rolando Espinosa, Sr., A.M. Nos. RTJ-17-2494 & RTJ-19-2557, January 26, 2021
• Yonzon v. Coca-Cola Bottlers Philippines, Inc., G.R. No. 226244 , June 16, 2021
• Calleja v. Executive Secretary, G.R. Nos. 252578, etc., December 7, 2021
• Vivares v. St. Theresa's College, G.R. No. 202666, September 29, 2014
• Office of the Court Administrator v. Atillo, Jr., A.M. No. RTJ-21-018, September 29, 2021
• Gamboa v. Chan, G.R. No. 193636, July 24, 2012
Data Privacy Act cases:
• Cadajas v. People, G.R. No. 247348, November 16, 2021
• Philippine Stock Exchange v. Secretary of Finance, G.R. No. 213860, July 5, 2022
National Privacy Commission Decisions:
• NPC, Advisory Opinion, No. 2022-0241

• NPC Advisory 20-04
• In Re: FLI Operating ABC Online Lending Application, NPC 19-910, 17 December 2020
• JDB v. JME, NPC 21-032, 16 May 2022
• In Re: Rokko & Associates, Inc., CID BN 19-034, 21 September 2020
• In re: BPI PhilamLife Assurance Corp., NPC BN No. 21-054, 15 April 2021
• MVC v. DSL, NPC 21-010 to 015, 3 February 2022
• Pieceland Corporation v. Manila New Life Church Inc., Court of Appeals, CA-G.R. SP NO. 168952,
December 14, 2021 (NPC Case No. 19-528)
IF YOU CAN’T PROTECT IT, DON’T COLLECT IT.
THE DATA PRIVACY GOLDEN RULE
CREDIT: NATIONAL PRIVACY COMMISSION

THE ELECTRONIC
COMMERCE ACT OF 2000
Republic Act No. 8792, its Implementing Rules and Regulations,
and the Rules on Electronic Evidence
Electronic commerce has long been recognized internationally. However,
countries with varying degrees of recognition of e-commerce transactions
hamper the efficiency of international trade, highlighting the need to
harmonize e-commerce legislation. At the forefront is the United Nations
Commission on International Trade Law (“UNCITRAL”), which crafted the
Model Laws on Electronic Commerce and Electronic Signatures to facilitate
international trade.
INTERNATIONAL INSTRUMENTS
• United Nations Commission on International Trade Law (“UNCITRAL”)

Model Law on Electronic Commerce (1996; amended 1998) – “MLEC”
• UNCITRAL Model Law on Electronic Signatures (2001); - “MLES”

and
• United Nations (UN) Convention on the Use of Electronic Communication
in International Contracts (2005).
The UNCITRAL Model Law on Electronic Commerce was adopted by the
United Nations Commission on International Trade Law (“UNCITRAL”) in
1996 in furtherance of its mandate to promote the harmonization and
unification of international trade law, so as to remove unnecessary
obstacles to international trade caused by inadequacies and divergences in
the law affecting trade.
(UNCITRAL Model Law on Electronic Commerce with Guide to Enactment

[1996 with additional article 5 bis as adopted in 1998])
The Model Law was prepared in response to a major change in the means
by which communications are made between parties using computerized or
other modern techniques in doing business (sometimes referred to as
“trading partners”).
The Model Law is intended to serve as a model to countries for the
evaluation and modernization of certain aspects of their laws and practices
in the field of commercial relationships involving the use of computerized or
other modern communication techniques, and for the establishment of
relevant legislation where none presently exists.
3 PRINCIPLES EMBODIED IN THE MODEL LAW
• principle of non-discrimination
• principle of technological neutrality
• principle of functional equivalence
Aside from the embodied principles . . ., [the Model Law] also provides rules
for the formation, validity, enforcement, and interpretation of electronic
contracts, and for admissibility and evidentiary weight. These rules help
facilitate international commerce by providing a common ground among the
states.
[https://uncitral.un.org/en/texts/ecommerce/modellaw/electronic_commerce
(last accessed 11/27/2023)]
The [Model Law] was the first legislative text to adopt the fundamental
principles of non-discrimination, technological neutrality and functional
equivalence that are widely regarded as the founding elements of modern
electronic commerce law.
These principles are also embodied in the Electronic Commerce Act of 2000.
REPUBLIC ACT NO. 8792
THE E-COMMERCE ACT OF 2000
AN ACT PROVIDING FOR THE RECOGNITION AND USE

OF ELECTRONIC COMMERCIAL AND NON-COMMERCIAL
TRANSACTIONS, PENALTIES FOR UNLAWFUL USE THEREOF, AND
OTHER PURPOSES
Signed into law on June 14, 2000
Republic Act No. 8792 is based largely on the
UNCITRAL Model Law
on Electronic Commerce.
DECLARATION OF POLICY
The State recognizes the vital role of information and communications

technology in nation-building (Sec. 2, ECA).
Article II, Section 24 of the 1987 Constitution recognizes the vital role of
communication and information in nation-building.
THE STATE ALSO RECOGNIZES . . .
1. the need to create an information-friendly environment which supports and ensures the availability,
diversity and affordability of ICT products and services;
2. the primary responsibility of the private sector in contributing investments and services in ICT;
3. the need to develop, with appropriate training programs and institutional policy changes, human
resources for the information age, a labor force skilled in the use of ICT and a population capable of
operating and utilizing electronic appliances and computers;
4. its obligation to facilitate the transfer and promotion of technology;
5. the need to ensure network security, connectivity and neutrality of technology for the national benefit;
and
6. the need to marshal, organize and deploy national information infrastructures, comprising in both
communications network and strategic information services, including their interconnection to the
global information networks, with the necessary and appropriate legal, financial, diplomatic and
technical framework, systems and facilities.
ROLE OF THE PRIVATE SECTOR
The development of electronic commerce shall be led primarily by the

private sector in response to market forces. Participation
in electronic commerce shall be pursued through an open and fair
competitive market.
(Sec. 3[b], IRR)
GOVERNMENT AS MODEL USER
Government shall utilize new electronic means to deliver

core public services in order to demonstrate the benefits
derived therefrom and to promote the use of such means. In
this regard, the Government will be a pioneer in using new
technologies.
(Sec. 3[j], IRR)
OBJECTIVE
[The ECA] aims to facilitate domestic and international dealings,

transactions, arrangements, agreements, contracts and exchanges and
storage of information through the utilization of electronic, optical and
similar medium, mode, instrumentality and technology, to recognize the
authenticity and reliability of electronic data messages
or electronic documents related to such activities, and to promote the
universal use of electronic transactions in the government and by the
general public.
(Sec. 3, ECA)
SPHERE OF APPLICATION
The Law applies to any kind of electronic data message

and electronic document used in the context of commercial and non-
commercial activities to include domestic and international dealings,
transactions, arrangements, agreements, contracts and exchanges and
storage of information.
(Sec. 4, ECA)
SPHERE OF APPLICATION
Unlike the UNCITRAL Model Laws, the ECommerce Act also applies to
electronic data messages or electronic documents used in non-commercial
activities.
(Disini, Jr.: Philippine Electronic Contracting)*
- https://law.upd.edu.ph/wp-content/uploads/2021/07/Asian-Comparative-Law-Volume-1-pages-103-114.pdf (last accessed 11/27/2023)

INTERPRETATION
Unless otherwise expressly provided for, the interpretation of [the ECA]

shall give due regard to its international origin and the need to
promote uniformity in its application and the observance of good faith
in international trade relations. The generally accepted principles of
international law and convention on electronic commerce shall likewise
be considered.
(Sec. 37, ECA)
PARTY AUTONOMY
BUT PARTIES HAVE THE
FREEDOM TO OPT-OUT
SECTION 16. Formation and Validity of Electronic Contracts. —

(1) Except as otherwise agreed by the parties . . .
(Sec. 16, ECA)

FREEDOM TO OPT-OUT
This is intended to reinforce party autonomy and to make it clear that the
law is not intended to impose electronic contracting upon those who insist
upon paperbased communications if they so stipulate.
(Disini, Jr.: Philippine Electronic Contracting)*
- https://law.upd.edu.ph/wp-content/uploads/2021/07/Asian-Comparative-Law-Volume-1-pages-103-114.pdf (last accessed 11/27/2023)

SAME IDEA: USE NOT MANDATORY
Except when required in government transactions as provided in Sec.

27 of the Law, nothing in the Act or the Rules requires a person to use
or accept information contained in electronic data
messages, electronic documents, or electronic signatures, but a
person's consent to do so may be inferred from the person's conduct.
(Sec. 9, IRR)
VARIATION AGREEMENT
As between parties involved in generating, sending, receiving, storing or

otherwise processing electronic data message or electronic document,
any provision of the [ECA] may be varied by agreement between and
among them.
(Sec. 38, ECA)
CONCEPTS AND DEFINITIONS
Electronic Data Message

Electronic Document
Electronic Signature
Digital Signature
Computer
Originator
Addressee
ELECTRONIC DATA MESSAGE
"Electronic data message" refers to information generated,

sent, received or stored by electronic, optical or similar means.
ELECTRONIC DOCUMENT
"Electronic document" refers to information or the representation of

information, data, figures, symbols or other modes of written expression,
described or however represented, by which a right is established or an
obligation extinguished, or by which a fact may be proved and affirmed,
which is received, recorded, transmitted, stored, processed, retrieved or
produced electronically.
ELECTRONIC DATA MESSAGE VS.
ELECTRONIC DOCUMENT
[T]here is a slight difference between the two terms [“Electronic Data Message” and
“Electronic Document”]. While "data message" has reference to information electronically
sent, stored or transmitted, it does not necessarily mean that it will give rise to a right or
extinguish an obligation, unlike an electronic document. Evident from the law, however, is
the legislative intent to give the two terms the same construction.
(MCC Industial Sales Corp. v. Ssangyong Corp., G.R. No. 170633, October 17, 2007)
ELECTRONIC SIGNATURE
"Electronic signature" refers to any distinctive mark, characteristic and/or

sound in electronic form, representing the identity of a person and attached
to or logically associated with the electronic data message
or electronic document or any methodology or procedures employed or
adopted by a person and executed or adopted by such person with the
intention of authenticating or approving an electronic data message
or electronic document.
"Digital Signature" refers to an electronic signature consisting of a
transformation of an electronic document or an electronic data
message using an asymmetric or public cryptosystem such that a
person having the initial untransformed electronic document and
the signer's public key can accurately determine:
i. whether the transformation was created using the private
key that corresponds to the signer's public key; and
ii. whether the initial electronic document had been altered
after the transformation was made.
(Rule 2, Sec. 1[e] REE)
For purposes of [the REE], an electronic signature includes
digital signatures.
(Rule 2, Sec. 1[j] REE)
An electronic signature may come in two forms: a distinctive
mark, characteristic or sound in electronic form; or a method or
procedure employed by a person with the intention of
approving or authenticating an electronic document.
COMPUTER
"Computer" refers to any device or apparatus singly or interconnected

which, by electronic, electro-mechanical, optical and/or magnetic impulse,
or other means with the same function, can receive, record, transmit, store,
process, correlate, analyze, project, retrieve and/or produce information,
data, text, graphics, figures, voice, video, symbols or other modes of
expression or perform any one or more of these functions.
ORIGINATOR
"Originator" refers to a person by whom, or on whose behalf,

the electronic document purports to have been created, generated and/or
sent. The term does not include a person acting as an intermediary with
respect to that electronic document.
ADDRESSEE
"Addressee" refers to a person who is intended by the originator to receive

the electronic data message or electronic document, but does not include a
person acting as an intermediary with respect to that electronic data
message or electronic document.
INTERMEDIARY
"Intermediary" refers to a person who in behalf of another person and with

respect to a particular electronic data message or electronic document
sends, receives and/or stores or provides other services in respect of
that electronic data message or electronic document.
THE PRINCIPLES
• principle of non-discrimination
• principle of technological neutrality
• principle of functional equivalence
PRINCIPLE OF NON-DISCRIMINATION
The principle of non-discrimination ensures that a document would not be
denied legal effect, validity or enforceability solely on the grounds that it is
in electronic form.
PROVISIONS IN THE ECA ON NON-DISCRIMINATION:
LEGAL RECOGNITION OF INFORMATION
Information shall not be denied validity or enforceability solely on the

ground that it is in the form of an electronic data message purporting to
give rise to such legal effect, or that it is merely incorporated by reference
in that electronic data message. (Sec. 6, ECA)
LEGAL RECOGNITION OF DOCUMENTS
Electronic documents shall have the legal effect, validity or enforceability

as any other document or legal writing . . . (Sec. 7, ECA)
INCORPORATION BY REFERENCE
Information shall not be denied validity or enforceability solely on the

ground that it is not contained in an electronic data message
or electronic document but is merely incorporated by reference
therein.
(Sec. 8, IRR)
FORMATION AND VALIDITY OF CONTRACTS
Except as otherwise agreed by the parties, an offer, the acceptance of an offer and such
other elements required under existing laws for the formation of contracts may be
expressed in, demonstrated and proved by means of electronic data messages
or electronic documents and no contract shall be denied validity or enforceability on the
sole ground that it is in the form of an electronic data message or electronic document, or
that any or all of the elements required under existing laws for the formation of the
contracts is expressed, demonstrated and proved by means of electronic data messages
or electronic documents.
(Sec. 16[1]), ECA)
PROVISIONS IN THE ECA ON NON-
DISCRIMINATION: RECOGNITION BY PARTIES
As between the originator and the addressee of an electronic data
message or electronic document, a declaration of will or other statement
shall not be denied legal effect, validity or enforceability solely on the
ground that it is in the form of an electronic data message
(Sec. 17, ECA)
THEREFORE . . .
a. A requirement under law that information is in writing is satisfied if the information is
in the form of an electronic data message or electronic document.
b. A requirement under law for a person to provide information in writing to another
person is satisfied by the provision of the information in an electronic data message
c. A requirement under law for a person to provide information to another person in a
specified non-electronic form is satisfied by the provision of the information in
an electronic data message or electronic document if the information is provided in
the same or substantially the same form.
However, nothing limits the operation of any requirement under law for information to be
posted or displayed in specified manner, time or location; or for any information or
document to be communicated by a specified method unless and until a functional
equivalent shall have been developed, installed, and implemented.
(Sec. 7, IRR)
PRINCIPLE OF TECHNOLOGICAL NEUTRALITY
The principle of technological neutrality mandates the adoption of
provisions that are neutral with respect to technology used. In light of the
rapid technological advances, neutral rules aim at accommodating any
future development without further legislative work.
None of the provisions of [the] Rules shall be applied so as to exclude,
restrict, or deprive of legal effect any method of electronic signature
that satisfies the requirements [on legal recognition of electronic
signatures] which is as reliable as was appropriate for the purpose for
which the data message was generated or communicated, in the light
of all the circumstances, including any relevant agreement.
(Rule 4, IRR ES)
PRINCIPLE OF FUNCTIONAL EQUIVALENCE
The functional equivalence principle lays out criteria under which
electronic communications may be considered equivalent to paper-based
communications.
• The principle of “functional equivalence” is an approach used to deal
with impediments to the use of electronic commerce posed by such
requirements in national laws prescribing the use of traditional paper-
based documentation.
• It involves an analysis of the purposes and functions of the traditional
paper-based requirement with a view to determining how those purposes
or functions could be fulfilled through electronic-commerce techniques.
The “functional equivalence principle” sets out the specific requirements
that electronic communications need to meet in order to fulfill the same
purposes and functions that certain notions in the traditional paper-based
system - for example, "writing," "original," "signed," and "record"- seek to
achieve.
IN OTHER WORDS . . .
The principle extends the scope of such notions as “writing”,

“signature” and “original” to encompass computer-based
techniques.
(par. 15, UNCITRAL Model Law on Electronic Commerce with Guide to Enactment
For evidentiary purposes, therefore, an electronic document shall be the
functional equivalent of a written document under existing laws.
(Sec. 7, ECA)
AND IT IS ONLY FOR THIS PURPOSE . . .
. . . as the law merely recognizes the admissibility in evidence (for their

being the original) of electronic data messages and/or electronic
documents. It does not, for instance, make the internet a medium for
publishing laws, rules and regulations.
(Garcillano v. House of Representatives Committees on Public Information,
G.R. Nos. 170338 & 179275, December 23, 2008)
WHAT IS “WRITING”?
Writing is information that is stored in a stable and readable

format.
(Sorieul, et al, Establishing A Legal Framework for Electronic Commerce)

WHAT IS THE PURPOSE OF A SIGNATURE?
The two (2) most basic functions of a signature are:

1. To identify the signer; and
2. To indicate the signer’s approval of the information being signed.
(Sorieul, et al, Establishing A Legal Framework for Electronic Commerce)

INTEGRITY AND RELIABILITY
Where the law requires a document to be in writing, that requirement

is met by an electronic document if the said electronic document
maintains its integrity and reliability and can be authenticated so as to
be usable for subsequent reference.
(Sec. 7, ECA)
INTEGRITY AND RELIABILITY
At the core of the functional equivalence principle is the

requirement of integrity and reliability of electronic documents,
electronic signatures, and Information and Communication
Systems.
INTEGRITY
The electronic document has remained complete and unaltered,

apart from the addition of any endorsement and any authorized
change, or any change which arises in the normal course of
communication, storage and display.
(Sec. 7[a], ECA)
RELIABILITY
The electronic document is reliable in the light of the purpose for

which it was generated and in the light of all relevant
circumstances.
(Sec. 7[b], ECA)
SOLEMN CONTRACTS
No provision of the Act shall apply to vary any and all requirements of
existing laws and relevant judicial pronouncements respecting
formalities required in the execution of documents for their validity.
Hence, when the law requires that a contract be in some form in order
that it may be valid or enforceable, or that a contract is proved in a
certain way, that requirement is absolute and indispensable.
(Sec. 12, IRR)
Contracts shall be obligatory, in whatever form they may have been
entered into, provided all the essential requisites for their validity are
present.
(Civil Code, Art. 1356)
Forms of contracts serve any of the following ends:
a. for it to be valid;
b. for it to be enforceable or proved in a certain way; or
c. for the convenience of the parties or for the purpose of binding third
persons.
When the law requires that a contract be in some form for its validity or
enforceability, or it requires that it be proved in a certain way, that
requirement is absolute and indispensable.
When the law prescribes a particular form for a contract for convenience or
for purposes of binding third persons, the contracting parties may compel
each other to observe that form, once the contract has been perfected.
This right may be exercised simultaneously with the action upon the
contract.
The right to compel observance of the required form may also be
availed of by the parties when a public document is necessary for the
registration of the contract in the Registry of Deeds.
EXAMPLES OF CONVENIENCE
Public documents as evidence. – Documents consisting of entries in public

records made in the performance of a duty by a public officer are prima
facie evidence of the facts therein stated. All other public documents are
evidence, even against a third person, of the fact which gave rise to their
execution and of the date of the latter.
(Rule 132, Sec. 23, ARRE)
FORM FOR CONVENIENCE
Proof of notarial documents. – Every instrument duly acknowledged or

proved and certified as provided by law, may be presented in evidence
without further proof, the certificate of acknowledgment being prima facie
evidence of the execution of the instrument or document involved.
FORM FOR CONVENIENCE
When the sale is made through a public instrument, the execution thereof
shall be equivalent to the delivery of the thing which is the object of the
contract, if from the deed the contrary does not appear or cannot clearly be
inferred.
FORM TO BIND THIRD PERSONS
1. Contracts involving real rights over immovables

2. Cession, repudiation or renunciation of hereditary rights
3. Cession, repudiation or renunciation of the conjugal partnership of gains
4. Power to administer property
5. Power which should appear in a public instrument
6. Power which should prejudice a third person
7. The cession of actions or rights proceeding from an act appearing in a public document
8. Assignment of credit, right or action
9. Accessory contract of pledge
10. Contract of partnership with capital or three thousand or more
•
FORM FOR ENFORCEABILITY
a. An agreement that by its terms is not to be performed within a year from the making
thereof;
b. A special promise to answer for the debt, default, or miscarriage of another;
c. An agreement made in consideration of marriage, other than a mutual promise to marry;
d. An agreement for the sale of goods, chattels or things in action, at a price not less than five
hundred pesos, unless the buyer accept and receive part of such goods and chattels, or the
evidences, or some of them, of such things in action, or pay at the time some part of the
purchase money; but when a sale is made by auction and entry is made by the auctioneer
in his sales book, at the time of the sale, of the amount and kind of property sold, terms of
sale, price, names of the purchasers and person on whose account the sale is made, it is a
sufficient memorandum;
e. An agreement for the leasing for a longer period than one year, or for the sale of real
property or of an interest therein;
f. A representation as to the credit of a third person.
(Civil Code, Art. 1403[2])
STATUTE OF FRAUDS
In the foregoing cases an agreement made shall be unenforceable by

action, unless the same, or some note or memorandum, thereof, be in
writing, and subscribed by the party charged, or by his agent. Evidence,
therefore, of the agreement cannot be received without the writing, or
secondary evidence of its contents. This is known as the Statue of Frauds.
RATIFICATION
However, contracts infringing the Statute of Frauds can also be ratified by

the failure to object to the presentation of oral evidence to prove the same,
or by the acceptance of benefits under them.
Thus, even if the foregoing contracts have not been reduced into writing
but were fully or partially performed, the ratification or performance takes it
out of the Statute of Frauds and the same becomes enforceable.
FORM FOR VALIDITY
The following should be in a public instrument to be valid:
1. Donation of an immovable
ARTICLE 749. In order that the donation of an immovable may be valid, it must be made in a public document,
specifying therein the property donated and the value of the charges which the donee must satisfy.
The acceptance may be made in the same deed of donation or in a separate public document, but it shall not take
effect unless it is done during the lifetime of the donor.
If the acceptance is made in a separate instrument, the donor shall be notified thereof in an authentic form, and this
step shall be noted in both instruments.
•
2. Partnerships where immovables are contributed
ARTICLE 1771. A partnership may be constituted in any form, except where immovable property or real rights are
contributed thereto, in which case a public instrument shall be necessary. (1667a)
ARTICLE 1773. A contract of partnership is void, whenever immovable property is contributed thereto, if an inventory
of said property is not made, signed by the parties, and attached to the public instrument.
FORM FOR VALIDITY
3. Power of attorney to sell land or any interest therein (Art. 1874, Civil Code);
4. Stipulations limiting a common carrier’s liability to less than extraordinary
diligence (Art. 1744, Civil Code);
5. Marriage Settlements (Art. 77, Family Code);
•
RULES ON ELECTRONIC EVIDENCE
APPLICABILITY OF THE REE
Unless otherwise provided, the [REE] applies whenever

an electronic document or electronic data message . . . is offered or used
in evidence.
(Rule 1, Sec. 1. REE)
Evidence is the means of ascertaining the truth respecting a matter of fact.

Evidence is admissible when it is relevant to the issue and not excluded by
the Constitution, the law, or the rules on evidence.

To be relevant, evidence must have such a relation to the fact in issue as
to induce belief in its existence or non-existence. Evidence on collateral
matters shall not be allowed, except when it tends in any reasonable
degree to establish the probability or improbability of the fact in issue.

DOCUMENTS AS EVIDENCE
Documents as evidence consist of writings, recordings, photographs or any

material containing letters, words, sounds, numbers, figures, symbols, or
their equivalent, or other modes of written expression offered as proof of
their contents. Photographs include still pictures, drawings, stored images,
x-ray films, motion pictures or videos.
WRITING
Where the law requires a document to be in writing, or obliges the parties to conform to
a writing, or provides consequences in the event information is not presented or retained
in its original form, an electronic document or electronic data message will be sufficient if
the latter:
a. maintains its integrity and reliability; and,

b. can be authenticated so as to be usable for subsequent reference, in that —
(i) It has remained complete and unaltered, apart from the addition of any
endorsement and any authorized change, or any change which arises in the
normal course of communication, storage and display; and
(ii) It is reliable in the light of the purpose for which it was generated and in the
light of all relevant circumstances.
(Sec. 7, ECA, Sec. 10, IRR)
CLASSES OF DOCUMENTS
For the purpose of their presentation in evidence, documents are either

public or private.
PUBLIC DOCUMENTS
Public documents are:
a. The written official acts, or records of the sovereign authority, official bodies and
tribunals, and public officers, whether of the Philippines, or of a foreign country;
b. Documents acknowledged before a notary public except last wills and testaments;
c. Documents that are considered public documents under treaties and conventions
which are in force between the Philippines and the country of source; and
d. Public records, kept in the Philippines, of private documents required by law to be
entered therein.
All other writings are private.
(Rule 132, Sec. 19)
GENUINENESS AND DUE EXECUTION
When the law makes use of the phrase "genuineness

and due execution of the instrument" it means nothing more
than that the instrument is not spurious, counterfeit, or of
different import on its face from the one executed.
(Bough v. Cantiveros, G.R. No. 13300, September 29, 1919)
ELECTRONIC DOCUMENTS AS FUNCTIONAL
EQUIVALENT OF PAPER-BASED DOCUMENTS
Whenever a rule of evidence refers to the term writing, document,

record, instrument, memorandum or any other form of writing, such
term shall be deemed to include an electronic document . . . .
(Rule 3, Sec. 1, REE)
The [ECA] does not modify any statutory rule relating to the admissibility
of electronic data messages or electronic documents, except the rules
relating to authentication and best evidence.
(Sec. 7, ECA)
An electronic document is admissible in evidence if it complies with the
rules on admissibility prescribed by the Rules of Court and related laws
and is authenticated in the manner prescribed by these Rules.
BEST EVIDENCE RULE
When the subject of inquiry is the contents of a document,
writing, recording, photograph or other record, no evidence is
admissible other than the original document itself . . . .
ORIGINAL
Where the law requires that a document be presented or retained in its original
form, that requirement is met by an electronic document or electronic data
message if —
a. There exists a reliable assurance as to the integrity of

the electronic document or electronic data message from the time when
it was first generated in its final form and such integrity is shown
by evidence aliunde (that is, evidence other than the electronic data
message itself) or otherwise; and
b. The electronic document or electronic data message is capable of being
displayed to the person to whom it is to be presented.
(Sec. 7[c] and Sec. 10. ECA; Sec. 11, IRR)
For purposes of determining reliable assurance of integrity:
i. The criteria for assessing integrity shall be whether the information has
remained complete and unaltered, apart from the addition of any
endorsement and any change which arises in the normal course of
communication, storage and display; and
ii. The standard of reliability required shall be assessed in the light of the
purpose for which the information was generated and in the light of all
relevant circumstances.
(Sec. 11, IRR)
An electronic data message or electronic document meeting and
complying with the [requirement of original form] shall be the
best evidence of the agreement and transaction contained therein.
(Sec. 11, IRR)
BEST EVIDENCE RULE
An electronic document shall be regarded as the equivalent of an original

document under the Best Evidence Rule if it is a printout or output readable
by sight or other means, shown to reflect the data accurately.
COPIES AS EQUIVALENT OF THE ORIGINAL
When a document is in two or more copies executed at or about the same time with
identical contents, or is a counterpart produced by the same impression as the
original, or from the same matrix, or by mechanical or electronic re-recording, or by
chemical reproduction, or by other equivalent techniques which accurately
reproduces the original, such copies or duplicates shall be regarded as the
equivalent of the original.
Notwithstanding the foregoing, copies or duplicates shall not be admissible to the
same extent as the original if:
(a) a genuine question is raised as to the authenticity of the original; or
(b) in the circumstances it would be unjust or inequitable to admit the copy in
lieu of the original.
[T]o be admissible in evidence as an electronic data message or to be
considered as the functional equivalent of an original document under the Best
Evidence Rule, the writing must foremost be an "electronic data message" or
an "electronic document.“
The terms "electronic data message" and "electronic document," as
defined under the Electronic Commerce Act of 2000, do not include
a facsimile transmission. Accordingly, a facsimile transmission cannot be
considered as electronic evidence. It is not the functional equivalent of an
original under the Best Evidence Rule and is not admissible as electronic
evidence.
A facsimile is not a genuine and authentic pleading. It is, at best, an exact
copy preserving all the marks of an original. Without the original, there is
no way of determining on its face whether the facsimile pleading is genuine
and authentic and was originally signed by the party and his counsel. It
may, in fact, be a sham pleading.
(Garvida v. Sales, G.R. No. 124893, April 18, 1997)
AUTHENTICATION
Authentication is proving the “genuineness and due execution” or
“authenticity and due execution” of a document offered as authentic.
If it is not offered as authentic, it need only be identified as that which it is

claimed to be. (Rules 132[B], Sec. 20)
BURDEN OF PROVING AUTHENTICITY
The person seeking to introduce an electronic document in any legal

proceeding has the burden of proving its authenticity in the manner
provided in [the REE].
MANNER OF AUTHENTICATION
Before any private electronic document offered as authentic is received in evidence, its
authenticity must be proved by any of the following means:
a. by evidence that it had been digitally signed by the person purported to have
signed the same;
b. by evidence that other appropriate security procedures or devices as may be
authorized by the Supreme Court or by law for authentication
of electronic documents were applied to the document; or
c. by other evidence showing its integrity and reliability to the satisfaction of the
Judge.
CONTRAST WITH THE ARRE
Before any private document offered as authentic is received in evidence, its due
execution and authenticity must be proved by any of the following means:
a. By anyone who saw the document executed or written;
b. By evidence of the genuineness of the signature or handwriting of the maker;or
c. By other evidence showing its due execution and authenticity.
Any other private document need only be identified as that which it is claimed to be.
(Rules 132[B], Sec. 20)
AUTHENTICATION OF E-SIGNATURES
An electronic signature or a digital signature authenticated in the
manner prescribed [under the REE] is admissible in evidence as the
functional equivalent of the signature of a person on a written
document.
AUTHENTICATION OF E-SIGNATURES
An electronic signature may be authenticated in any of the following

manner:
a. By evidence that a method or process was utilized to
establish a digital signature and verify the same;
b. By any other means provided by law; or
c. By any other means satisfactory to the judge as establishing
the genuineness of the electronic signature.
PRESUMPTION AS TO E-SIGNATURES
Upon the authentication of an electronic signature, it shall be presumed that:
a. The electronic signature is that of the person to whom it correlates;

b. The electronic signature was affixed by that person with the intention of
authenticating or approving the electronic document to which it is related
or to indicate such person's consent to the transaction embodied therein;
and
c. The methods or processes utilized to affix or verify the electronic signature
operated without error or fault.
PRESUMPTION AS TO DIGITAL SIGNATURES
Upon the authentication of a digital signature, it shall be presumed, in addition to those

mentioned in the immediately preceding section, that:
(a) The information contained in a certificate is correct;

(b) The digital signature was created during the operational period of a certificate;
(c) No cause exists to render a certificate invalid or revocable;
(d) The message associated with a digital signature has not been altered from the
time it was signed, and,
(e) A certificate had been issued by the certification authority indicated therein.
A DIGITAL SIGNATURE ASSURES . . .
• Authorship
• Integrity
• Non-repudiation
EVIDENTIARY WEIGHT
FACTORS FOR ASSESSING EVIDENTIARY
WEIGHT
In assessing the evidentiary weight of an electronic document, the following
factors may be considered:
a. The reliability of the manner or method in which it was generated,
stored or communicated [including but not limited to input and output procedures,
controls, tests and checks for accuracy and reliability of the electronic data message or
document, in the light of all the circumstances as well as any relevant agreement];
b. The reliability of the manner in which its originator was identified;

c. The integrity of the information and communication system in which
it is recorded or stored [including but not limited to the hardware and computer
programs or software used as well as programming errors];
...
FACTORS FOR ASSESSING EVIDENTIARY
WEIGHT
...
d. The familiarity of the witness or the person who made the entry
with the communication and information system;
e. The nature and quality of the information which went into the
communication and information system upon which
the electronic data message or electronic document was based; or
f. Other factors which the court may consider as affecting the
accuracy or integrity of the electronic document or electronic data
message.
INTEGRITY OF AN INFORMATION AND
COMMUNICATION SYSTEM
In any dispute involving the integrity of the information and communication system in which
an electronic document or electronic data message is recorded or stored, the court may consider,
among others, the following factors:
(a) Whether the information and communication system or other similar device was
operated in a manner that did not affect the integrity of the electronic document, and there
are no other reasonable grounds to doubt the integrity of the information and
communication system;
(b) Whether the electronic document was recorded or stored by a party to the proceedings
with interest adverse to that of the party using it; or
(c) Whether the electronic document was recorded or stored in the usual and ordinary
course of business by a person who is not a party to the proceedings and who did
not act under the control of the party using it.
(Rule7 , Sec. 2, REE; Sec. 17, IRR)
EXCEPTION TO THE HEARSAY TO RULE
A memorandum, report, record or data compilation of acts, events, conditions,

opinions, or diagnoses, made by electronic, optical or other similar means at or near
the time of or from transmission or supply of information by a person with knowledge
thereof, and kept in the regular course or conduct of a business activity, and such was
the regular practice to make the memorandum, report, record, or data compilation
by electronic, optical or similar means, all of which are shown by the testimony of the
custodian or other qualified witnesses, is excepted from the rule on hearsay evidence.
THE EXCEPTION MAY BE OVERCOME
The exception to the hearsay rule may be overcome by evidence of the

untrustworthiness of the source of information or the method or
circumstances of the preparation, transmission or storage thereof.
AFFIDAVIT EVIDENCE
All matters relating to the admissibility and evidentiary weight of

an electronic document may be established by an affidavit stating facts
of direct personal knowledge of the affiant or based on authentic
records. The affidavit must affirmatively show the competence of the
affiant to testify on the matters contained therein.
The affiant may be cross-examined as a matter of right. (Rule 9, Sec. 2, REE)

AUDIO, VIDEO AND SIMILAR DEVICE
Audio, photographic and video evidence of events, acts or transactions

shall be admissible provided it shall be shown, presented or displayed to
the court and shall be identified, explained or authenticated by the person
who made the recording or by some other person competent to testify on
the accuracy thereof.
EPHEMERAL ELECTRONIC COMMUNICATION
"Ephemeral electronic communication" refers to telephone

conversations, text messages, chatroom sessions, streaming audio,
streaming video, and other electronic forms of communication
the evidence of which is not recorded or retained.
(Rule 2, Sec. 1[k])
HOW TO PROVE EPHEMERAL ELECTRONIC
COMMUNICATION
Ephemeral electronic communications shall be proven by the testimony of a person
who was a party to the same or has personal knowledge thereof. In the absence or
unavailability of such witnesses, other competent evidence may be admitted.
A recording of the telephone conversation or ephemeral electronic communication
shall be covered by the immediately preceding section.
If the foregoing communications are recorded or embodied in
an electronic document, then the provisions of Rule 5 shall apply.
VIOLATIONS OF THE ECA
PUNISHABLE ACTS
• Hacking or cracking - P100,000.00 and a maximum commensurate to the damage

incurred; and six (6) months to three (3) years imprisonment
• Piracy – P100,000.00 and a maximum commensurate to the damage incurred; and
six (6) months to three (3) years imprisonment
• Violations of the Consumer Act or Republic Act No. 7394 and other relevant or
pertinent laws through transactions covered by or using electronic data messages
or electronic documents – same penalties as provided in those laws
• Other violations of the provisions of the ECA – up to P1,000,000.00 or six (6) years
imprisonment
(Sec. 33, ECA)
LAWFUL ACCESS
Access to an electronic file, or an electronic signature of an electronic data message

or electronic document shall only be authorized and enforced in favor of the
individual or entity having a legal right to the possession or the use of the
plaintext, electronic signature or file and solely for the authorized purposes.
The electronic key for identity or integrity shall not be made available to any person or
party without the consent of the individual or entity in lawful possession of
that electronic key.
(Sec. 31, ECA)
OBLIGATION OF CONFIDENTIALITY
Except for the purposes authorized under [the Law], any person who
obtained access to any electronic key, electronic data message
or electronic document, book, register, correspondence, information,
or other material pursuant to any powers conferred under [the ECA],
shall not convey to or share the same with any other person.
(Sec. 32, ECA)
HACKING
“Hacking” or “cracking” refers to unauthorized access into or interference
in a computer system/server or information and communication system; or
any access in order to corrupt, alter, steal, or destroy using a computer or
other similar information and communication devices, without the
knowledge and consent of the owner of the computer or information and
communication system, including the introduction of computer viruses and
the like, resulting in the corruption, destruction, alteration, theft or loss
of electronic data messages or electronic documents.
(Sec. 33[a], ECA)
PIRACY
“Piracy” is the unauthorized copying, reproduction, dissemination,

distribution, importation, use, removal, alteration, substitution,
modification, storage, uploading, downloading, communication, making
available to the public, or broadcasting of protected
material, electronic signature or copyrighted works including legally
protected sound recordings or phonograms or information material on
protected works, through the use of telecommunication networks, such
as, but not limited to, the internet, in a manner that infringes
intellectual property rights.
(Sec. 33[b], ECA)
LIST OF CASES
LIST OF CASES
• Garvida v. Sales, G.R. No. 124893, April 18, 1997 – filing of pleading with the COMELEC through
facsimile
• MCC Industial Sales Corp. v. Ssangyong Corp., G.R. No. 170633, October 17, 2007 – sale
documents sent through facsimile
• Torres v. Philippine Amusement and Gaming Corp., G.R. No. 193531, [December 6, 2011] – filing
of motion for reconsideration with the CSC by facsimile
• National Power Corporation v. Codilla, Jr., G.R. No. 170491, [April 3, 2007 – where petitioner
erroneously claimed that photocopies are the functional equivalent of their original
• Garcillano v. House of Representatives Committees on Public Information, G.R. Nos. 170338 &
179275, December 23, 2008 – where the Court did not consider as valid publication rules posted
on the website
• Capalla v. Commission on Elections, G.R. Nos. 201112, etc., June 13, 2012 – where the
COMELEC was questioned on its Poll Automation Project
• Gunda y Alamodin v. People, G.R. No. 264245 (Notice), [March 29, 2023]
• Nuez v. Cruz-Apao, A.M. No. CA-05-18-P [Formerly OCA I.P.I. No. 05-80-CA-P], [April 12, 2005]
• People v. Enojas y Hingpit, G.R. No. 204894, [March 10, 2014])
• Commissioner of Internal Revenue v. Philippine Airlines, Inc., G.R. Nos. 236343-45 & 236372-74
(Notice), [January 17, 2023])
• Domingo, Jr. v. Agliam, G.R. No. 226162 (Notice), [February 6, 2017])

• Aznar v. Citibank, N.A. (Philippines), G.R. No. 164273, [March 28, 2007], 548 PHIL 218-242)
• Ang y Pascua v. Court of Appeals, G.R. No. 182835, [April 20, 2010], 632 PHIL 609-624)
• Gomez y Declaro v. People, G.R. No. 255088 (Notice), [September 19, 2022])
• People v. Manansala y Alfaro, G.R. No. 233104, [September 2, 2020])
• Bartolome v. Maranan, A.M. No. P-11-2979, [November 18, 2014], 747 PHIL 72-87)
• Guerrero v. Phil. Phoenix Surety & Insurance, Inc., G.R. No. 223178, [December 9, 2020])
• Vidallon-Magtolis v. Salud, A.M. No. CA-05-20-P (Formerly OCA IPI No. 05-81-CA-P), [September 9,
2005], 506 PHIL 423-454)
• Francia v. Abdon, A.C. No. 10031, [July 23, 2014])
• People v. Concepcion y Arguelles, G.R. No. 249500, [December 6, 2021])
• People v. Manansala, G.R. No. 233104, September 2, 2020

• Banal v. Tallado, G.R. Nos. 241569 & 241622 (Notice), [July 22, 2022])
• Purugganan v. People, G.R. No. 251778, [February 22, 2023])
• Maliksi v. Commission on Elections, G.R. No. 203302, [March 12, 2013], 706 PHIL 214-279)
• Bagumbayan-VNP Movement, Inc. v. Commission on Elections, G.R. Nos. 206719, 206784 &
207755, [April 10, 2019])
ACCESS DEVICES
REGULATION CODE
Republic Act No. 8484
Republic Act No. 8484 was signed into law on February 11, 1998.
Its amendatory law, Republic Act No. 11449, took effect on October 16, 2019.
Rep. Act No. 11449 provides for additional prohibitions and increased the
penalties for violations of RA No. 8484.
The State recognizes the recent advances in technology and the

widespread use of access devices in commercial transactions. Toward this
end, the State shall protect the rights and define the liabilities of parties in
such commercial transactions by regulating the issuance and use of
access devices.
(Sec. 2, ADRA)
POLICY
The State likewise acknowledges that the advances in information technology

on access devices have been exploited by criminals and criminal syndicates in
perpetrating fraudulent activities that ultimately undermine the trust of the
public in the banking industry. Due to this deleterious effect on the economy,
the State declares that the commission of a crime using access devices is a
form of economic sabotage and a heinous crime and shall be punishable to
the maximum level allowed by law.
(Sec. 2, ADRA; RA11449)
Republic Act No. 8484 (RA 8484), or the Access Devices Regulation Act of 1998,
approved on February 11, 1998, is the controlling legislation that regulates the
issuance and use of access devices, including credit cards. The more salient portions
of this law include the imposition of the obligation on a credit card company to
disclose certain important financial information to credit card applicants, as well as a
definition of the acts that constitute access device fraud.
(Pantaleon v. American Express International, Inc.,

G.R. No. 174269 (Resolution), August 25, 2010)
This was true until the enactment of Republic Act No. 10870, which lapsed
into law on July 17, 2016, which governs all credit card issuers, acquirers
and all credit card transactions.
Republic Act No. 8484, however, still governs the offense of Access
Device Fraud as well as Economic Sabotage.
ACCESS DEVICE
“Access device” means any card, plate, code, account number,

electronic serial number, personal identification number, or other
telecommunications service, equipment, or instrumental identifier, or
other means of account access that can be used to obtain money,
good[s], services, or any other thing of value or to initiate a transfer of
funds (other than a transfer originated solely by paper instrument);
(Sec. 3[a], ADRA)
PAYMENT CARD
“Payment Card” refers to cards that can be used by cardholders

and accepted by terminals to withdraw . . . cash and/or make payment
for purchase of goods or services, fund transfer, and other financial
transactions. Typically, payment cards are electronically linked
deposits, prepaid, or loan credit accounts;
(Sec. 3[b], ADRA)
“Payment card” also refers to any card of whatever material or form
including any kind of debit card, but not a credit card, issued by a bank
or business entity that enables a customer to access an automated
teller machine in order to perform transactions such as deposits, cash
withdrawals and obtaining account information. A payment card shall
be considered as an access device for . . . purposes of this Act;
(Sec. 3[o], ADRA)
COUNTERFEIT ACCESS DEVICE
“Counterfeit Access Device” means any access device that is

counterfeit, fictitious, altered, or forged, or an identifiable component
of an access device or counterfeit access device or any fraudulent copy
or reproduction of a valid access device;
(Sec. 3[c], ADRA)

“Unauthorized access device” means any access device that is stolen,
lost, expired, revoked, canceled, suspended, or obtained with intent to
defraud;
(Sec. 3[c], ADRA)
ACCESS DEVICE FRAUDULENTLY APPLIED FOR
“Access Device Fraudulently Applied for” means any access

device that was applied for or issued on account of the use of falsified
document, false information, fictitious identities and addresses, or any
form of false pretense or misrepresentation;
(Sec. 3[d], ADRA)
CREDIT CARD
“Credit Card” means any card, plate, coupon book, or other credit
device existing for the purpose of obtaining money, goods,
property, labor or services or any thing of value on credit;
(Sec. 3[f], ADRA)
Credit card refers to any card or other credit device intended for the
purpose of obtaining money, property, or services on credit;
(Sec. 4[g], RA10870)
3 CONTRACTS
[E]every credit card transaction involves three contracts, namely: (a) the sales
contract between the credit card holder and the merchant or the business
establishment which accepted the credit card; (b) the loan agreement between the
credit card issuer and the credit card holder; and lastly, (c) the promise to
pay between the credit card issuer and the merchant or business establishment.

G.R. No. 174269 (Resolution), August 25, 2010
From the loan agreement perspective, the contractual relationship begins to exist only upon
the meeting of the offer and acceptance of the parties involved. In more concrete terms,
when cardholders use their credit cards to pay for their purchases, they merely offer to enter
into loan agreements with the credit card company. Only after the latter approves the
purchase requests that the parties enter into binding loan contracts, in keeping with Article
1319 of the Civil Code, which provides:
Article 1319. Consent is manifested by the meeting of the offer and the acceptance
upon the thing and the cause which are to constitute the contract. The offer must be
certain and the acceptance absolute. A qualified acceptance constitutes a counter-offer.
(Pantaleon v. American Express International, Inc., G.R. No. 174269 (Resolution), [August 25,
2010], 643 PHIL 488-519)
[T]he use of a credit card to pay for a purchase is only an offer to the
credit card company to enter a loan agreement with the credit card
holder. Before the credit card issuer accepts this offer, no obligation
relating to the loan agreement exists between them.
G.R. No. 174269 (Resolution), August 25, 2010)
TRAFFICKING
“Trafficking” means transferring, or otherwise disposing of,

to another, or obtaining control of, with intent to transfer or
dispose of.
(Sec. 3[l], ADRA)
HACKING
“Hacking” refers to the unauthorized access into or interference in a

computer system/server or information and communications system; or any
access in order to corrupt, alter, steal, or destroy using a computer or other
similar information and communication devices, without the knowledge and
consent of the owner of the computer or information and communications
system, including the introduction of computer viruses and the like, resulting
in the corruption, destruction, alteration, theft or loss of electronic data
messages or electronic documents;
(Sec. 3[n], ADRA)
SKIMMING
Card Skimming — refers to a type of fraud which involves

illegal copying of information from the magnetic stripe of
payment card to gain access to customer accounts;
(Sec. 3[p], ADRA)
Since a credit card is "any card, plate, coupon book, or other credit
device existing for the purpose of obtaining money, goods, property,
labor or services or anything of value on credit," it is considered an
access device.
(Cruz v. People, G.R. No. 210266, June 7, 2017)
PROHIBITED ACTS
The following acts shall constitute access device fraud and are hereby declared to be
unlawful:
a. producing, using, trafficking in one or more counterfeit access devices;
b. trafficking in one or more unauthorized access devices or access devices
fraudulently applied for;
c. using, with intent to defraud, an unauthorized access device;
d. using an access device fraudulently applied for;
e. possessing one or more counterfeit access devices or access devices fraudulently
applied for;
(f) producing, trafficking in, having control or custody of, or possessing
device-making or altering equipment without being in the business or
employment, which lawfully deals with the manufacture, issuance, or
distribution of such equipment;
(g) inducing, enticing, permitting or in any manner allowing another, for
consideration or otherwise to produce, use, traffic in counterfeit access
devices, unauthorized access devices or access devices fraudulently
applied for;
(h) multiple imprinting on more than one transaction record, sales slip
or similar document, thereby making it appear that the device holder
has entered into a transaction other than those which said device
holder had lawfully contracted for, or submitting, without being an
affiliated merchant, an order to collect from the issuer of the access
device, such extra sales slip through an affiliated merchant who
connives therewith, or, under false pretenses of being an affiliated
merchant, present for collection such sales slips, and similar
documents;
(i) disclosing any information imprinted on the access device, such as,
but not limited to, the account number or name or address of the
device holder, without the latter's authority or permission;
(j) obtaining money or anything of value through the use of an access
device, with intent to defraud or with intent to gain and fleeing
thereafter;
(k) having in one's possession, without authority from the owner of the
access device or the access device company, an access device, or any
material, such as slips, carbon paper, or any other medium, on which
the access device is written, printed, embossed, or otherwise indicated;
(l) writing or causing to be written on sales slips, approval numbers
from the issuer of the access device of the fact of approval, where in
fact no such approval was given, or where, if given, what is written is
deliberately different from the approval actually given;
(m) making any alteration, without the access device holder's authority,
of any amount or other information written on the sales slip;
(n) effecting transaction, with one or more access devices issued to
another person or persons, to receive payment or any other thing of
value;
(o) without the authorization of the issuer of the access device,
soliciting a person for the purpose of —
1) offering an access device; or
2) selling information regarding or an application to obtain
an access device;
(p) without the authorization of the credit card system member or its
agent, causing or arranging for another person to present to the
member or its agent, for payment, one or more evidence or records of
transactions made by credit card.
"(q) skimming, copying or counterfeiting any credit card, payment card
or debit card, and obtaining any information therein with the intent of
accessing the account and operating the same whether or not cash is
withdrawn or monetary injury is caused by a perpetrator against the
account holder or the depositary bank;
"(r) production or possession of any software component such as
programs, application, or malware, or any hardware component such
as skimming device or any electronic gadget or equipment that is used
to perpetrate any of the foregoing acts;
"(s) accessing, with or without authority, any application, online
banking account, credit card account, ATM account, debit card account,
in a fraudulent manner, regardless of whether or not it will result in
monetary loss to the account holder; and
"(t) hacking refers to the unauthorized access into or interference in a
computer system/server, or information and communication system,
or any access in order to corrupt, alter, steal, or destroy using a
computer or other similar information and communication devices
without the knowledge and consent of the owner of the computer or
information and communication system, including the introduction of
computer viruses and the like resulting in the corruption, destruction,
alteration, theft, or loss of electronic data messages or electronic
documents."
ECONOMIC SABOTAGE
Economic sabotage is deemed committed when any of the prohibited

acts described in Section 9 hereof is committed under the following
circumstances:
1. the prohibited act involves the hacking of a bank's system;
2. the act of skimming affected fifty (50) or more payment cards; or
3. the prohibited act affected fifty (50) or more online banking
accounts, credit cards, payment cards, and debit cards.“
(Sec. 10[g], ADRA)
ECONOMIC SABOTAGE
Life imprisonment and a fine of not less than One million pesos
(P1,000,000.00) but not more than Five million pesos (P5,000,000.00) if
the offense constitutes economic sabotage.
CONSPIRACY TO COMMIT ADF
If two (2) or more persons conspire to commit any of the offenses listed
in Section 9 and one or more of such persons does any act to effect the
object of the conspiracy, each of the parties to such conspiracy shall be
punished as in the case of the doing of the act, the accomplishment of
which is the object of such conspiracy.
FRUSTRATED AND ATTEMPTED ADF
Any person who performs all the acts of execution which would produce any of the
unlawful acts enumerated in Section 9 of this Act, but which nevertheless does not
produce it by reason of causes independent of the will of said person, shall be
punished with two-thirds (2/3) of the fine and imprisonment provided for the
consummated offenses listed in said section. Any person who commences the
commission of any of the unlawful acts enumerated in Section 9 of this Act directly by
overt acts and does not perform all the acts of execution which would produce the
said acts by reason of some cause or accident other than said person's own
spontaneous desistance, shall be punished with one-half (1/2) of the fine and
imprisonment provided for the consummated offenses listed in the said section.
ACCESSORY TO ADF
Any person who, with intent to gain for himself or for another, buys, receives,
possesses, keeps, acquires, conceals, sells, or disposes of, shall buy and sell, or in any
manner deal in any article, item, object or anything of value which he knows or should
be known to him, to have been acquired through the use of counterfeit access device
or an unauthorized access device or an access device known to him to have been
fraudulently applied for, shall be considered as an accessory to an access device fraud
and shall be punished with one-half (1/2) of the fine and imprisonment provided for
the applicable consummated offenses listed in Section 9 of this Act. Said person shall
be prosecuted under this Act or under the Anti-Fencing Law of 1979 (Presidential
Decree No. 1612) whichever imposes the longer prison term as penalty for the
consummated offense.
WHAT TO DO IN CASE OF LOSS OF ACCESS
DEVICE
• In case of loss of an access device, the holder thereof must notify the
issuer of the access device of the details and circumstances of such
loss upon knowledge of the loss. Full compliance with such procedure
would absolve the access device holder of any financial liability from
fraudulent use of the access device from the time the loss or theft is
reported to the issuer. (Sec. 15, ADR)
• In case a credit card is lost or stolen, any transaction made prior to
reporting to the credit card issuer shall be for the account of the
cardholder. (Sec. 15, RA 10870)
LIABILITY UNDER THE RPC AND OTHER LAWS
Prosecution under this Act shall be without prejudice to any liability for
violation of any provision of the Revised Penal Code or any other law.
(Sec. 17, ADRA)
PRIMA FACIE EVIDENCE OF INTENT TO
DEFRAUD
The mere possession, control or custody of :
a. an access device, without permission of the owner or without any lawful
authority;
b. a counterfeit access device;
c. access device fraudulently applied for;
d. any device-making or altering equipment by any person whose business
or employment does not lawfully deal with the manufacture, issuance, or
distribution of access device;
e. an access device or medium on which an access device is written, not in
the ordinary course of the possessor's trade or business; or
f. a genuine access device, not in the name of the possessor, or not in the
ordinary course of the possessor's trade or business . . .
. . . shall be prima facie evidence that such device or equipment is intended to be used
to defraud.
(Sec. 14, ADRC)
TORRES V. PEOPLE
(G.R. NO. 255262, SEPTEMBER 14, 2021)
On May 6, 2015, Aldrin Torres y David (petitioner) was charged with violation of Section 9 (f) of
Republic Act (R.A.) No. 8484 (Access Devices Regulation Act of 1998) in an Information, which reads:
On the 4th of May 2015, in the City of Makati, the Philippines, accused[,] not being in
the business or employment that deals with the manufacture, issuance or distribution of
access device-making or altering equipment, with intent to defraud, did then and there
willfully, unlawfully and feloniously, without authority of law, possess[,] have in his custody
and control one piece of an unauthorized pin pad cover with improvised camera and
unauthorized card reader slot, a skimming device containing a card reader with memory
storage capability, with intent to defraud, in violation of the aforesaid law and to the
damage and prejudice of complainant Bank of the Philippine Islands.
[T]he card reader slot and personal identification number (PIN) pad cover with an attached
camera which were in the possession of petitioner and subsequently seized from him, were
intended to be used to retain data contained in access devices, i.e., the automated teller
machine (ATM) cards of unwary bank customers, and to record and secure the ATM PINs
without authority. These illegally obtained data and information would make possible the
creation of counterfeit access devices, such as fake ATM cards, which R.A. No. 8484 seeks to
prevent.
(Torres y David v. People, G.R. No. 255262 (Notice), [September 14, 2021])
Intent is immaterial in crimes involving special laws. Criminal law has long divided crimes into
acts which are wrong in themselves called "acts mala in se," and acts which would not be wrong
but for the fact that positive law forbids them, called "acts mala prohibita." This distinction
determines whether proof of intent to commit a wrongful act is necessary. In acts mala in se,
intent governs, while in acts mala prohibita, the only question is, has the law been violated?
When an act is illegal per se, the intent of the offender is immaterial.
It is incumbent upon petitioner to overthrow the presumption of intent to defraud by
sufficient and convincing evidence . . . . Petitioner could only offer a mere denial.
Between the categorical statements of the prosecution witnesses, on one hand, and
the bare denial of the petitioner, on the other, the former must perforce prevail. An
affirmative testimony is far stronger than a negative testimony, especially when given
by a credible witness who was not shown to have any ill motive to testify against the
appellant.
"A cardholder who abandons or surreptitiously leaves the place of employment,
business or residence stated in his application for credit card, without informing the
credit card company of the place where he could actually be found, if at the time of
such abandonment or surreptitious leaving, the outstanding and unpaid balance is
past due for at least ninety (90) days and is more than Two hundred thousand pesos
(P200,000.00), shall be prima facie presumed to have used his credit card with intent
to defraud.“
(Sec. 14, ADRC)
CRUZ V. PEOPLE
(G.R. NO. 210266, JUNE 7, 2017)
Cruz purchased two (2) bottles of Calving Klein perfumes and a pair of Ferragamo Shoes
using counterfeit Citibank Visa Cards at the Duty Free Philippines Festival Mall. When
apprehended by Mall guards, he tried to escape.
Cruz was charged with using as well as possessing counterfeit access device.
During pre-trial the prosecution marked a certification stating that the access device
used was counterfeit. The access device itself was not marked. The trial court, however,
allowed the presentation of the counterfeit access device. The SC held that the trial
court did not violate the Rules on Pre-Trial.
(G.R. No. 210266, June 7, 2017)

The possession and use of a counterfeit credit card is considered access device fraud
and is punishable by law. To successfully sustain a conviction for possession and use
of a counterfeit access device, the prosecution must present not only the access
device but also any evidence that proves that the access device is counterfeit.
CORPUS DELICTI
Under Section 9 (a) and (e) of Republic Act No. 8484, the possession and use of an
access device is not illegal. Rather, what is prohibited is the possession and use of
a counterfeit access device. Therefore, the corpus delicti of the crime is not merely the
access device, but also any evidence that proves that it is counterfeit.
PEOPLE V. CALDA
(G.R. No. 227876, December 1, 2021)
Brastel Co., Ltd. (Brastel) is a corporation in Japan engaged in the business of

telecommunications. Accused was hired by JUH Corporation, Brastel's customer service support
in Manila, as a customer service representative. His primary duty was to respond to customers'
or clients' inquiries and complaints regarding Brastel Phonecard service.
As such accused had access to customers' confidential data, such as card number, access code,
personal identification number and airtime load credit balance. An investigation was conducted
after several customers of Brastel complained about depletion of their airtime load. It was
revealed that accused effected the transfer of airtime load credits of the customers' accounts to
various Philippine mobile phones totaling to ¥3,506,080 or its peso equivalent of P1,753,040,
without prior request from clients. Accused was able to do this by accessing various client
accounts thru their access code, personal identification number, and card number on file with
JUH Corporation.
(People v. Calda, G.R. No. 227876 (Notice), December 1, 2021)
Accused is liable for access device fraud under Section 9[c] of Republic Act No. 8484:
(c) using, with intent to defraud, an unauthorized access device.
There is no dispute that accused-appellant's act of accessing the customers' accounts to be

able to make the complained transfers was unauthorized.
(People v. Calda, G.R. No. 227876 (Notice), [December 1, 2021])

Congress has not amended the Revised Penal Code to include theft of services or theft of business as
felonies. Instead, it approved a law, Republic Act No. 8484, otherwise known as
the Access Devices Regulation Act of 1998, on February 11, 1998. Under the law, an access device
means any card, plate, code, account number, electronic serial number, personal identification
number and other telecommunication services, equipment or instrumentalities-identifier or other
means of account access that can be used to obtain money, goods, services or any other thing of
value or to initiate a transfer of funds other than a transfer originated solely by paper instrument.
Among the prohibited acts enumerated in Section 9 of the law are the acts of obtaining money or
anything of value through the use of an access device, with intent to defraud or intent to gain and
fleeing thereafter; and of effecting transactions with one or more access devices issued to another
person or persons to receive payment or any other thing of value. Under Section 11 of the law,
conspiracy to commit access devices fraud is a crime.
(Laurel v. Abrogar, G.R. No. 155076, February 27, 2006.
SOLEDAD V. PEOPLE
(G.R. NO. 184274, FEBRUARY 23, 2011)
Accused was charged with Violation of Section 9 (e), R.A. No. 8484 for "possessing a
counterfeit access device or access device fraudulently applied for.“
Accused for a credit card from Metrobank using the name of complainant Henry C. Yu
and his personal documents fraudulently obtained from him. The credit card in the
name of Henry Yu was successfully issued and delivered to said accused using a
fictitious identity and addresses of Henry Yu, to the damage and prejudice of the real
Henry Yu.
(Soledad y Cristobal v. People, G.R. No. 184274, February 23, 2011)
LIST OF CASES
CASES
• Torres y David v. People, G.R. No. 255262, September 14, 2021

• Cruz v. People, G.R. No. 210266, June 7, 2017
• People v. Calda, G.R. No. 227876, December 1, 2021
• Laurel v. Abrogar, G.R. No. 155076, February 27, 2006
• Laurel v. Abrogar, G.R. No. 155076 (Resolution), January 13, 2009
• Pantaleon v. American Express International, Inc., G.R. No. 174269 (Resolution), August 25, 2010
• Commissioner of Internal Revenue v. American Express International, Inc., G.R. No. 152609, June
29, 2005
• Soledad y Cristobal v. People, G.R. No. 184274, February 23, 2011
PHILIPPINE COMPETITION
ACT
Republic Act No. 10667 and its Implementing Rules and
Regulations
REPUBLIC ACT NO. 10667
Republic Act No. 10667 was signed into law on July 21, 2015.
The efficiency of market competition as a mechanism for allocating goods

and services is a generally accepted precept. The State recognizes that past
measures undertaken to liberalize key sectors in the economy need to be
reinforced by measures that safeguard competitive conditions. The State
also recognizes that the provision of equal opportunities to all promotes
entrepreneurial spirit, encourages private investments, facilitates
technology development and transfer and enhances resource productivity.
Unencumbered market competition also serves the interest of consumers
by allowing them to exercise their right of choice over goods and services
offered in the market.
(Sec. 2, PCA)
POLICY
Pursuant to the constitutional goals for the national economy to attain a more
equitable distribution of opportunities, income, and wealth; a sustained
increase in the amount of goods and services produced by the nation for the
benefit of the people; and an expanding productivity as the key to raising the
quality of life for all, especially the underprivileged and the constitutional
mandate that the State shall regulate or prohibit monopolies when the public
interest so requires and that no combinations in restraint of trade or
unfair competition shall be allowed, the State shall:
(Sec. 2, PCA)
a. Enhance economic efficiency and promote free and fair competition in trade,
industry and all commercial economic activities, as well as establish a
National Competition Policy to be implemented by the Government of the
Republic of the Philippines and all of its political agencies as a whole;
b. Prevent economic concentration which will control the production, distribution,
trade, or industry that will unduly stifle competition, lessen, manipulate or
constrict the discipline of free markets; and
c. (c) Penalize all forms of anti-competitive agreements, abuse of dominant
position and anti-competitive mergers and acquisitions, with the objective of
protecting consumer welfare and advancing domestic and international trade
and economic development.
SCOPE AND APPLICATION
This Act shall be enforceable against any person or entity engaged in any trade,
industry and commerce in the Republic of the Philippines. It shall likewise be
applicable to international trade having direct, substantial, and reasonably
foreseeable effects in trade, industry, or commerce in the Republic of the
Philippines, including those that result from acts done outside the Republic of the
Philippines.
This Act shall not apply to the combinations or activities of workers or employees
nor to agreements or arrangements with their employers when such combinations,
activities, agreements, or arrangements are designed solely to facilitate collective
bargaining in respect of conditions of employment.
(Sec. 3, PCA)
EXPRESSLY REPEALS . . .
• Article 186 of Act No. 3815

• Section 4 of Commonwealth Act No. 138
• Section 43 (u) of the "Electric Power Industry Reform Act of 2001",
• Section 24 of the "Universally Accessible Cheaper and Quality Medicines Act of 2008",
• Executive Order No. 45, Series of 2011
DEFINITIONS
Acquisition refers to the purchase of securities or assets, through

contract or other means, for the purpose of obtaining control by:
(1) One (1) entity of the whole or part of another;
(2) Two (2) or more entities over another; or
(3) One (1) or more entities over one (1) or more entities;
Control refers to the ability to substantially influence or direct the
actions or decisions of an entity, whether by contract, agency or
otherwise;
Merger refers to the joining of two (2) or more entities into an existing
entity or to form a new entity;
AGREEMENT
Agreement refers to any type or form of contract, arrangement,

understanding, collective recommendation, or concerted action,
whether formal or informal, explicit or tacit, written or oral;
Dominant position refers to a position of economic strength that an
entity or entities hold which makes it capable of controlling the relevant
market independently from any or a combination of the following:
competitors, customers, suppliers, or consumers;
RELEVANT MARKET
Relevant market refers to the market in which a particular

good or service is sold and which is a combination of the
relevant product market and the relevant geographic market.
RELEVANT PRODUCT MARKET
A relevant product market comprises all those goods and/or services

which are regarded as interchangeable or substitutable by the
consumer or the customer, by reason of the goods and/or services'
characteristics, their prices and their intended use;
RELEVANT GEOGRAPHIC MARKET
The relevant geographic market comprises the area in which the entity
concerned is involved in the supply and demand of goods and services,
in which the conditions of competition are sufficiently homogenous
and which can be distinguished from neighboring areas because the
conditions of competition are different in those areas.
The determination of a particular relevant market depends on the
consideration of factors which affect the substitutability among goods
or services constituting such market, and the geographic area
delineating the boundaries of the market.
(Gios-Samar, Inc. v. Department of Transportation and Communications,
G.R. No. 217158, [March 12, 2019])
PROHIBITED ACTS
ANTI-COMPETITIVE AGREEMENTS
Prohibited per se:

(1) Restricting competition as to price, or components thereof, or
other terms of trade;
(2) Fixing price at an auction or in any form of bidding including
cover bidding, bid suppression, bid rotation and market allocation
and other analogous practices of bid manipulation;
If these have the object or effect of substantially preventing,
restricting or lessening competition, they shall be prohibited:
(1) Setting, limiting, or controlling production, markets, technical
development, or investment;
(2) Dividing or sharing the market, whether by volume of sales or
purchases, territory, type of goods or services, buyers or sellers or
any other means;
Any other agreement which have the object or effect of substantially
preventing, restricting or lessening competition shall also be
prohibited: Provided, Those which contribute to improving the
production or distribution of goods and services or to promoting
technical or economic progress, while allowing consumers a fair share
of the resulting benefits, may not necessarily be deemed a violation of
this Act.
ABUSE OF DOMINANT POSITION
Republic Act No. 10667 prohibits one or more entities which has/have
acquired or achieved a "dominant position" in a "relevant market" from
"abusing" its dominant position. In other words, an entity is not
prohibited from, or held liable for prosecution and punishment for,
simply securing a dominant position in the relevant market in which it
operates. It is only when that entity engages in conduct in abuse of its
dominant position that it will be exposed to prosecution and possible
punishment.

G.R. No. 217158, [March 12, 2019])
An entity with a dominant position in a relevant market is deemed to
have abused its dominant position if it engages in a conduct that would
substantially prevent, restrict, or lessen competition.
G.R. No. 217158, [March 12, 2019])
ABUSE OF DOMINANT POSITION
In determining whether an entity has market dominant position for purposes of this Act, the
Commission shall consider the following:
(a) The share of the entity in the relevant market and the ability of the entity to fix prices
unilaterally or to restrict supply in the relevant market;
(b) The share of other market participants in the relevant market;
(c) The existence of barriers to entry and the elements which could foreseeably alter both
the said barriers and the supply from competitors;
(d) The existence and power of its competitors;
(e) The credible threat of future expansion by its actual competitors or entry by potential
competitors (expansion and entry);
(f) Market exit of actual competitors;
(g) The bargaining strength of its customers (countervailing power);
(h) The possibility of access by its competitors or other entities to its sources of inputs;
(i) The power of its customers to switch to other goods or services;
(j) Its recent conduct;
(k) Its ownership, possession or control of infrastructure which are not easily duplicated;
(l) Its technological advantages or superiority, compared to other competitors;

(m) Its easy or privileged access to capital markets or financial resources;
(n) Its economies of scale and of scope;
(o) Its vertical integration; and
(p) The existence of a highly developed distribution and sales network.

There shall be a rebuttable presumption of market dominant position if
the market share of an entity in the relevant market is at least fifty
percent (50%), unless a new market share threshold is determined by
the Commission for that particular sector.
(Rule 8, Sec. 3, IRR)
Dominance can exist on the part of one entity (single dominance) or of
two or more entities (collective dominance).
(Rule 8, Sec. 1, IRR))
PROHIBITED MERGERS AND ACQUISITIONS
Merger or acquisition agreements that substantially prevent, restrict or

lessen competition in the relevant market or in the market for goods or
services as may be determined by the Commission shall be prohibited.
(Sec. 20, PCA)
EXEMPTIONS
(a) The concentration has brought about or is likely to bring about

gains in efficiencies that are greater than the effects of any limitation
on competition that result or likely to result from the merger or
acquisition agreement; or
(b) A party to the merger or acquisition agreement is faced with actual
or imminent financial failure, and the agreement represents the least
anti-competitive arrangement among the known alternative uses for
the failing entity's assets:
EXEMPTIONS
Provided, That an entity shall not be prohibited from continuing to own and hold the
stock or other share capital or assets of another corporation which it acquired prior
to the approval of this Act or acquiring or maintaining its market share in a relevant
market through such means without violating the provisions of this Act:
Provided, further, That the acquisition of the stock or other share capital of one or
more corporations solely for investment and not used for voting or exercising
control and not to otherwise bring about, or attempt to bring about the prevention,
restriction, or lessening of competition in the relevant market shall not be
prohibited.
THE PHILIPPINE COMPETITION COMMSSION
PHILIPPINE COMPETITION COMMISSION
. . . is an independent quasi-judicial body attached to the Office

of the President.
THE PCA
. . . composed of the Chairman and four (4) commissioners, with a term of

seven (7) years without reappointment.
POWERS AND FUNCTIONS
• Conduct inquiry, investigate, and hear and decide on cases

• Impose sanctions, after due notice and hearing, for anti-competitive agreements or abuse of
dominant position
• Conduct administrative proceedings for violation of the Act and impose the necessary sanction
• Issue subpoena duces tecum and subpoena ad testificandum t
• Review proposed mergers and acquisitions

• Monitor and undertake consultation to understand market behavior
• Upon order of the court, undertake inspections of business premises and other offices
• Others, including capacity building
LIST OF CASES
CASES
• Gios-Samar, Inc. v. Department of Transportation and Communications, G.R. No. 217158, March
12, 2019
PUBLIC SERVICE ACT
Commonwealth Act No. 164, as amended
by Republic Act No. 11659
COMMONWEALTH ACT NO. 164
Enacted on November 7, 1936
Its amendatory law, Republic Act No. 11659, was enacted on
March 21, 2022.
The provisions on limitation on foreign ownership in the following laws are hereby amended or
modified:
(a) Republic Act No. 6957, entitled, "An Act Authorizing the Financing, Construction,
Operation and Maintenance of Infrastructure Projects by the Private Sector, and for Other
Purposes," as amended;
(b) Republic Act No. 9295, otherwise known as the "Domestic Shipping Development Act of
2004," as amended;
(c) Republic Act No. 9497, otherwise known as the "Civil Aviation Authority Act of 2008," as
amended;
(d) Republic Act No. 776, otherwise known as "The Civil Aeronautics Act of the Philippines,"
as amended;
(e) Presidential Decree No. 1112, otherwise known as the "Toll Operation Decree,"
as amended;
(f) Department of Transportation Department Order No. 2018-13, as amended, on

the classification of the Transport Network Companies and Transportation Network
Vehicles Service as public utilities; and
(g) Republic Act No. 7925, otherwise known as the "Public Telecommunications
Policy Act of the Philippines," as amended, on the classification of all
telecommunications entities as public utilities.
THE 1987 CONSTITUTION SAYS . . .
No franchise, certificate, or any other form of authorization for the operation

of a public utility shall be granted except to citizens of the Philippines or to
corporations or associations organized under the laws of the Philippines at
least sixty per centum of whose capital is owned by such citizens, nor shall
such franchise, certificate, or authorization be exclusive in character or for
a longer period than fifty years.
(Art. 12, Sec. 11)
FURTHER . . .
Neither shall any such franchise or right be granted except under the
condition that it shall be subject to amendment, alteration, or repeal by the
Congress when the common good so requires.
(Art. 12, Sec. 11)
STILL FURTHER . . .
The State shall encourage equity participation in public utilities by the

general public. The participation of foreign investors in the governing body
of any public utility enterprise shall be limited to their proportionate share in
its capital, and all the executive and managing officers of such corporation
or association must be citizens of the Philippines.
(Art. 12, Sec. 11)
POLICY
The State recognizes the role of the private sector as one of the main
engines for national growth and development. It is hereby declared the
policy of the State to encourage private enterprise and expand the
base of investment in the country, with the goal of providing efficient,
reliable and affordable basic services to all. These policies are fulfilled
by: (a) ensuring effective regulation of public services; (b) providing
reasonable rate of return to public services; (c) rationalizing foreign
equity restrictions by clearly defining the term "public utilities"; and (d)
instituting processes for the protection of national security.
INTERPRETATION
Th[e] Act shall be subject to and consistent with the regulatory powers
of the State to promote public interest in Article IX-C, Section 4 and
Article XII, Section 17 of the Constitution.
ART. IX-C, SECTION 4
The Commission may, during the election period, supervise or regulate the enjoyment or
utilization of all franchises or permits for the operation of transportation and other public
utilities, media of communication or information, all grants, special privileges, or
concessions granted by the Government or any subdivision, agency, or instrumentality
thereof, including any government-owned or controlled corporation or its subsidiary. Such
supervision or regulation shall aim to ensure equal opportunity, time, and space, and the
right to reply, including reasonable, equal rates therefor, for public information campaigns
and forums among candidates in connection with the objective of holding free, orderly,
honest, peaceful, and credible elections.
ART. XII, SEC. 17
In times of national emergency, when the public interest so requires, the

State may, during the emergency and under reasonable terms prescribed
by it, temporarily take over or direct the operation of any privately owned
public utility or business affected with public interest.
REQUIRED CERTIFICATE
Certificates refer to any franchise, certificate of public convenience,

certificate of public convenience and necessity, concession, or any
other appropriate form of authorization for the operation of a public
service, including a public utility, as may be applicable;
It shall be unlawful for any individual, partnership, association, corporation or joint-
stock company, their lessees, trustees, or receivers appointed by any court
whatsoever, or any municipality, province, or other department of the Government of
the Philippines, to engage in any public service business without having first secured
from the Commission a certificate as provided for in this Act, except grantees of
legislative franchises expressly exempting such grantee from the requirement of
securing a certificate from this Commission, as well as concerns at present existing
expressly exempted from the jurisdiction of the Commission, either totally or in part,
by the provisions of section thirteen of this Act."
PUBLIC UTILITY
. . . refers to a public service that operates, manages or controls for

public use any of the following:
PUBLIC UTILITY
(1) Distribution of Electricity;
(2) Transmission of Electricity;
(3) Petroleum and Petroleum Products Pipeline Transmission Systems;
(4) Water Pipeline Distribution Systems and Wastewater Pipeline

Systems, including sewerage pipeline systems;
(5) Seaports; and
(6) Public Utility Vehicles.

All concessionaires, joint ventures and other similar entities that
wholly operate, manage or control for public use the sectors above
are public utilities.
Nothing in this Act shall be interpreted as a requirement for
legislative franchise where the law does not require any. No other
person shall be deemed a public utility unless otherwise
subsequently provided by law.
DEFINITIONS
A "public utility" is "a business or service engaged in regularly supplying the public with some
commodity or service of public consequence such as electricity, gas, water, transportation,
telephone or telegraph service." To constitute a public utility, the facility must be necessary for
the maintenance of life and occupation of the residents. However, the fact that a business
offers services or goods that promote public good and serve the interest of the public does not
automatically make it a public utility. Public use is not synonymous with public interest. As its
name indicates, the term "public utility" implies public use and service to the public. The
principal determinative characteristic of a public utility is that of service to, or readiness to serve,
an indefinite public or portion of the public as such which has a legal right to demand and
receive its services or commodities.
(JG Summit Holdings v. Court of Appeals, G.R. No. 124293 (Resolution), September 24, 2003)
Stated otherwise, the owner or person in control of a public utility must have devoted it to such
use that the public generally or that part of the public which has been served and has accepted
the service, has the right to demand that use or service so long as it is continued, with
reasonable efficiency and under proper charges. 19 Unlike a private enterprise which
independently determines whom it will serve, a "public utility holds out generally and may not
refuse legitimate demand for service.”
(JG Summit Holdings v. Court of Appeals, G.R. No. 124293 (Resolution), September 24, 2003)
Concession refers to a contract granting a private concessionaire the
privilege to, among others, finance, construct, manage, operate and/or
maintain concession assets;
Distribution of Electricity refers to the conveyance of electric power by
a distribution utility through its distribution system as defined by
Section 4 (n) of Republic Act No. 9136, otherwise known as the "Electric
Power Industry Reform Act of 2001," as amended;
Transmission of Electricity refers to the conveyance of electricity
through the high voltage backbone system, as defined by Section 4
(ccc) of Republic Act No. 9136, as amended;
Electricity is a basic necessity that is imbued with public interest. Its
provider is considered as a public utility subject to the strict regulation
by the State in the exercise of its police power. Failure to comply with
the regulations laid down by the State gives rise to the presumption of
bad faith or abuse of right.
(Manila Electric Co. v. Yu, G.R. No. 255038, June 26, 2023)
Petroleum and Petroleum Products Pipeline Transmission
Systems refer to the operation and maintenance of pipeline
transmission systems to ensure an uninterrupted and adequate supply
and transmission of petroleum and petroleum products to the public;
and excludes petroleum pipeline systems operated exclusively for
private or own use, or incidental to the operations of a distinct
business;
Seaport refers to a place where ships may anchor or tie up for the
purpose of shelter, repair, loading or discharge of passengers or cargo,
or for other such activities connected with water-borne commerce, and
including all the land and water areas and the structures, equipment
and facilities related to these functions, as defined by the charters of
relevant authorities or agencies, such as the Philippine Ports Authority,
Subic Bay Metropolitan Authority, PHIVIDEC Industrial Estate Authority,
Cebu Port Authority, local government units, and other similar agencies
or government bodies;
Water Pipeline Distribution Systems and Wastewater Pipeline Systems refer to the
operation and maintenance of water pipeline distribution systems to ensure an
uninterrupted and adequate supply and distribution of potable water for domestic
and other purposes and the operation and maintenance of wastewater pipeline
systems, except desludging companies and septic tanks, to ensure public health and
safety, as regulated by Republic Act No. 6234, entitled "An Act Creating the
Metropolitan Waterworks and Sewerage System and Dissolving the National
Waterworks and Sewerage Authority; and for Other Purposes," as amended,
and Presidential Decree No. 198, otherwise known as the "Provincial Water Utilities
Act of 1973," as amended;
Sewerage Pipeline Systems refer to the operation and maintenance of
sewerage pipeline systems to ensure public health and safety, as
regulated by Republic Act No. 6234, as amended, and Presidential
Decree No. 198, as amended.
Public Utility Vehicles (PUVs) refer to internal combustion engine
vehicles that carry passengers and/or domestic cargo for a fee, offering
services to the public, namely trucks-for-hire, UV express service, public
utility buses (PUBs),public utility jeepneys (PUJs),tricycles, filcabs, and
taxis: Provided,That transport vehicles accredited with and operating
through transport network corporations shall not be considered as
public utility vehicles;
FOREIGN STATE-OWNED ENTERPRISE
Foreign State-owned Enterprise refers to an entity in which a foreign State:
(i) directly or indirectly owns more than fifty percent (50%) of the capital taking
into account both the voting rights and beneficial ownership;
(ii) controls, through ownership interests, the exercise of more than fifty percent
(50%) of the voting rights; or
(iii) holds the power to appoint a majority of members of the board of directors
or any other equivalent management body.
A joint venture is an association of persons or companies jointly
undertaking some commercial enterprise with all of them generally
contributing assets and sharing risks. It requires a community of
interest in the performance of the subject matter, a right to direct and
govern the policy in connection therewith, and duty, which may be
altered by agreement to share both in profit and losses.
(JG Summit Holdings, Inc. v. Court of Appeals, G.R. No. 124293, November 20, 2000)
Upon the recommendation of the NEDA, the President may
recommend to Congress the classification of a public service as a
public utility on the basis of the following criteria:
(1) The person or juridical entity regularly supplies and transmits and distributes to the
public through a network a commodity or service of public consequence;
(2) The commodity or service is a natural monopoly that needs to be regulated when the
common good so requires. For this purpose, natural monopoly exists when the market
demand for a commodity or service can be supplied by a single entity at a lower cost than
by two or more entities;
(3) The commodity or service is necessary for the maintenance of life and occupation of
the public; and
(4) The commodity or service is obligated to provide adequate service to the public on
demand.
BUSINESSES AFFECTED WITH PUBLIC
INTEREST
SECTION 17. In times of national emergency, when the public interest so requires, the
State may, during the emergency and under reasonable terms prescribed by it, temporarily
take over or direct the operation of any privately owned public utility or business affected
with public interest.
SECTION 18. The State may, in the interest of national welfare or defense, establish and
operate vital industries and, upon payment of just compensation, transfer to public
ownership utilities and other private enterprises to be operated by the Government.
BUSINESS AFFECTED WITH PUBLIC INTEREST
A public service which is not classified as a public utility under this Act
shall be considered a business affected with public interest for
purposes of Sections 17 and 18 of Article XII of the Constitution.
CRITICAL INFRASTRUCTURE
Critical Infrastructure refers to any public service which owns, uses, or

operates systems and assets, whether physical or virtual, so vital to the
Republic of the Philippines that the incapacity or destruction of such
systems or assets would have a detrimental impact on national
security, including telecommunications and other such vital services as
may be declared by the President of the Philippines;
Telecommunications refers to any process which enables a
telecommunications entity to relay and receive voice, data, electronic
messages, written or printed matter, fixed or moving pictures, words, music
or visible or audible signals or any control signals of any design and for any
purpose by wire, radio or other electromagnetic, spectral, optical or
technological means, as defined by Section 3 (a) of Republic Act No. 7925,
otherwise known as the "Public Telecommunications Policy Act of the
Philippines," as amended;
. . . except passive telecommunications tower infrastructure and
components, such as, but not limited to, poles, fiber ducts, dark fiber
cables, and passive telecommunications tower infrastructure, as
defined by the Department of Information and Communications
Technology (DICT), and value-added services, as defined in Section 3 (h)
of Republic Act No. 7925, as amended;
INVESTMENTS BY AN ENTITY CONTROLLED BY OR
ACTING ON BEHALF OF THE FOREIGN GOVERNMENT, OR
FOREIGN STATE-OWNED ENTERPRISES
. . . shall be prohibited from owning capital in any public service
classified as public utility or critical infrastructure: Provided, That the
prohibition shall apply only to investments made after the effectivity
of this Act.
Those foreign state-owned enterprises which own capital prior to the
effectivity of this law are prohibited from investing in additional
capital upon the effectivity of this Act. Notwithstanding the
immediately preceding clause, the sovereign wealth funds and
independent pension funds of each state may collectively own up to
thirty percent (30%) of the capital of such public services.
In the interest of national security, an entity controlled by or acting on
behalf of the foreign government or foreign-owned enterprises shall
not make any data or information disclosure, nor extend assistance,
support or cooperation to any foreign government, instrumentalities
or agents.
POWERS OF THE PRESIDENT
Powers of the President to Suspend or Prohibit Transaction or Investment.—

In the interest of national security, the President, after review,
evaluation and recommendation of the relevant government
department or Administrative Agency, may, within sixty (60) days from
the receipt of such recommendation, suspend or prohibit any
proposed merger or acquisition transaction, or any investment in a
public service that effectively results in the grant of control, whether
direct or indirect, to a foreigner or a foreign corporation.
RECIPROCITY CLAUSE
Foreign nationals shall not be allowed to own more than fifty percent (50%) of the
capital of entities engaged in the operation and management of critical
infrastructure unless the country of such foreign national accords reciprocity to
Philippine Nationals as may be provided by foreign law, treaty or international
agreement. Reciprocity may be satisfied by according rights of similar value in other
economic sectors. The NEDA shall promulgate rules and regulations for this
purpose.
Unless otherwise provided by law, or by any international agreement, a public

service shall employ a foreign national only after the determination of non-
availability of a Philippine National who is competent, able and willing to perform
the services for which the foreign national is desired.
ROLE OF THE DOLE: PERMITS
Any foreign national seeking admission to the Philippines for

employment purposes and any public service which desires to engage
a foreign national for employment in the Philippines must obtain an
employment permit pursuant to Presidential Decree No. 442,
otherwise known as the "Labor Code of the Philippines," as amended.
ROLE OF DOLE: SKILLS AND TECHNOLOGY
TRANSFER
Public services employing foreign nationals issued employment
permits in industries to be determined by the Department of Labor
and Employment (DOLE) shall implement an understudy/skills
development program to ensure the transfer of technology/skills to
Filipinos, whether next-in-rank or otherwise, with the potential of
succeeding the foreign national in the same establishment or its
subsidiary, within a specific period as may be determined by the
DOLE, upon consultation with relevant government agencies and
industry experts.
When, therefore, one devotes his [or her] property to a use in which the public has an
interest, he [or she], in effect, grants to the public an interest in that use, and must
submit to be controlled by the public for the common good, to the extent of the
interest he [or she] has thus created. He [or she] may withdraw his [of her] grant by
discontinuing the use, but so long as he [or she] maintains the use, he [or she] must
submit to control.
(Republic v. Maria Basa Express Jeepney Operators and Drivers Association, Inc., G.R. Nos. 206486,
etc., August 16, 2022)
LIST OF CASES
CASES
• Laguna Tayabas Bus Co. v. Regodon, G.R. No. L-9586, December 27, 1956
• Republic v. Maria Basa Express Jeepney Operators and Drivers Association, Inc., G.R. Nos. 206486,
etc., August 16, 2022
• JG Summit Holdings v. Court of Appeals, G.R. No. 124293 (Resolution), September 24, 2003)

Merge SpecCom Notes

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Merge SpecCom Notes

Uploaded by

Copyright:

Available Formats

THE DATA PRIVACY ACT

Republic Act No. 10173 and its Implementing Rules and

• "the right to be free from unwarranted exploitation of one's person or from

The privacy of communication and correspondence shall be inviolable except upon

No person shall be deprived of life, liberty, or property

The liberty of abode and of changing the same within the

No person shall be compelled to be a witness against himself.

- Citing Rakas v. Illinois,439 U.S. 128 (1978)

Customs, community norms, and practices may, therefore, limit or extend

[H]aving an expectation of informational privacy is not necessarily

It is through the availability of . . . privacy tools that many OSN users

[S]etting a post's or profile detail's privacy to "friends" does not guarantee

Every person shall respect the dignity, personality, privacy and

(1) Prying into the privacy of another's residence;

Any public officer or • The right against deprivation of

• Cybercrime Prevention Act • The Anti-Wiretapping Act

• Anti-Photo Voyeurism Act • The Revised Penal Code

• Anti-Child Pornography Act • Others (Rule on the Writ of Habeas

• Locational or situational privacy

- Citing Whalen v. Roe, 429 U.S. 589 (1977)

Informational privacy is the right to control information about oneself.

(1) to keep inalienable information to themselves;

(Cadajas v. People, G.R. No. 247348, [November 16, 2021])

AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION AND

Republic Act No. 10173 was signed into law

• * has since been repealed by Regulation 2016/679.

It is the policy of the State to protect the fundamental human right of

Any doubt in the interpretation of any provision of this Act shall

The law applies to the processing of all types of

"Processing" refers to any operation or any set of operations performed

d. The act, practice or processing of personal data is done or engaged in by an entity

• the non-applicability of the Act or these Rules do not extend to personal

“Data subject” refers to an individual whose personal information is

“Personal information” refers to any information whether recorded in a

"Privileged information" refers to any and all forms of data,

Religious Philosophical Political

Proceeding for any Information to be

Where his or her personal data is processed by electronic means and in a

The rights of a data subject shall not be applicable to personal data

. . . applies to . . . any natural and juridical person

WHO IS A • A natural or juridical person, or any other body,

There is control if the natural or juridical person or any

Each personal information controller is responsible for personal

• Provide, by contractual or other means, a comparable level of

• Designate an individual or individuals who are accountable for the

A personal information controller may subcontract the processing of personal

"Personal information processor" refers to any natural or juridical person or any

• Criteria for lawful processing

• General data privacy principles for processing (i.e, transparency, legitimate

Consent of the Data Subject

To fulfill a contract or enter into one

Protect vital interests, including Life and Health of Data Subject

Pursuant to a Legal Obligation of the PIC

National emergency/Public Order and Safety, as prescribed by law

(Sec. 12, DPA)

Protect Life and Health of

Lawful rights and interests

(Sec. 13, DPA)

The processing of personal information shall be allowed, subject to

The processing of information shall be compatible with a declared

The processing of information shall be adequate, relevant, suitable,

(Sec. 11, DPA; Sec. 19, IRR)

“Data sharing” is the disclosure or transfer to a third party of personal

The Bill of Rights guarantees the right of the people to information on