The Internet is a transformational medium that has significantly impacted on the different sectors of our society. Through the Internet, information has become more accessible, communication exchanges have been revolutionalized, transcending geographic barriers and diversity. It heralds a sea of change, so phenomenal, the magnitude of which has never been seen before in recent history.
It is not surprising therefore why in the Philippines alone, Internet usage has grown steadily from the year 2000 up to present as shown in the table below. According to the Internet World Stats, Internet growth in the Philippines is not only substantial but also offers a considerable optimism in the years to come.
|Year||Users||Population||% of Population|
These figures are still well positioned for growth given the increasing government support for IT development together with the rising internet awareness of the populace. Internet market is expected to balloon further with the development of reliable infrastructure especially in the area of broadband services in the country.
Together with the unprecedented growth on Internet usage and accessibility around the globe, business industries, in order to stay competitive, have adopted new business practices. Long established business procedures have been altered; internet-based business models have been developed – embracing new technologies in product research and development, marketing, advertising and consumer servicing, among others.
While it is true that the Internet has been a useful tool in providing and implementing solutions to various business processes whereby increasing productivity, efficiency and profitability, the same is also prone to abuse by its employees. Understandably, employers want to make sure that their investment is being used effectively for doing work and not for the personal use of its employees. The unrestricted use of Internet in the workplace may not only result to wastage of company resources but may also lead to lower work outputs.
Thus, as confirmed in the 2005 survey by the American Management Association, three-fourths of the employers in the U.S.A. monitor their employees’ website in order to prevent inappropriate surfing. It was likewise found out that over 80% of employers disclose their monitoring practices to employees. About 84% of those surveyed have established policies governing Internet use, including e-mail use.
On the other side, these acts do not usually sit well with the employees and is often viewed as highly intrusive form of entering into the private life of persons and thus, violative of the constitutionally-enshrined right to privacy.
In the Philippines, employer’s internet monitoring is virtually unregulated. And with the growing increase in the use of Internet in the workplace, this issue has become even more significant.
Statement of the Problem:
Can the employer monitor online activities and cache content accessed by their employees using company facilities and equipment?
Brief Technological Background
Contrary to common belief, employers have a lot of latitude and available technologies to monitor employees’ Internet logs. In fact there are companies that “offer technology that claims to provide insight into individual employee behavior based on the trail of ‘digital footprints’ created each day in the workplace. This behavioral modeling technology can piece together all of these electronic records to provide behaviour patterns that employers may utilize to evaluate employee performance and conduct. Employers can use computer software that enable them to see what is on the screen or stored in the employees’ computer terminals and hard disks. Employers can monitor Internet usage such as web-surfing and electronic mail.” 
Often referred to as the cache (pronounced as cash), the Internet Browser Cache or the Temporary Internet Files Folder contains a kind of travel record of the items a person has viewed, heard or downloaded from the Web, including images, sounds, Web pages, even cookies. 
The primary purpose of the Temporary Internet Files folder is to speed up the loading of the web pages. Every time a web page is accessed, the same is sent to the browser’s temporary cache. If the page is accessed again, the browser first checks to see if the web page is already in the Temporary Internet Files cache. If they are, Internet Explorer uses the Internet connection only to check if the web page has changed since the last visit. If it was unchanged, Internet Explorer loads the page from the Temporary Internet Files folder instead of loading the page from the Internet.
1. When you visit a web page for the first time, your browser downloads from the Internet the whole content of the page. The internet connection is relatively slow and therefore there is some delay. After the content is downloaded, Internet Explorer saves it in the Temporary Internet Files folder on your hard disk.
2. On your next visit, Internet Explorer first checks to see if the page is already in the Temporary Internet Files folder. If it is there, Internet Explorer retrieves it from your hard disk, which is much faster than downloading the page from the Internet.
Illustrations and explanations from: http://www.milincorporated.com/a-temprary-internet-files.html
In addition, Temporary Internet Files, although called “temporary” are never deleted unless the cache is full. As a consequence thereof, anyone who has an access to the computer may see the internet sites a person has visited in the past and thus, compromising one’s privacy.
As shown in the above discussions it is clear that there are abundant available technologies that the employer may use to monitor the online activities of its employees in the workplace. However, a more significant issue is whether the employer can legally do so without infringing the right to privacy of its employees. For this purpose, a determination and balancing of the employer’s right in relation to that of the employees is of vital importance
Basis of the Employer’s Right
The business sector plays an indispensable role in nation building, hence, under Section 3 Article XIII of the 1987 Constitution, private enterprises enjoys the right to reasonable return of investment and the right to expansion and growth.
Further, the Supreme Court in the Case of San Miguel Brewery Sales vs. Ople, G.R. No. 53615 declared:
“Except as limited by special laws, an employer is free to regulate, according to his own discretion and judgment, all aspects of employment, including hiring, work assignments, working methods, time, place and manner of work, tools to be used. Processes to be followed, supervision of workers, working regulations, transfer of employees, work supervision, layoff of workers and the discipline, dismissal and recall of workers.”
Hence, enterprises possess inherent autonomy to direct their own affairs in the furtherance of business subject only to such limitations provided by law. Management of business is principally a property right of its owners. Business sectors, are therefore entitled to the rights guaranteed under Section 1, Article III of the 1987 Constitution which provides:
“Section 1. No person shall be deprived of life, liberty, or property without due process of law, nor shall any person be denied the equal protection of the laws.”
And under the Civil Code of the Philippines, the following are some rights incident to ownership: (a) the right to use (Jus Utendi); (b) the right to the fruits (Jus-Fruendi); and (c) the right to possess (Jus Possidendi) which includes the right to exclude any person from the enjoyment and use of the property.
The Employer’s Right as Owner of the Facilities and Equipment
With the abovementioned provisions, it appears that an employer, being the owner of the computing facilities and equipment, has the exclusive right over these tools, including the right to prohibit and/or regulate its use. It must be understood that business establishments invest a substantial portion of its resources in order to acquire computing tools and maintain internet connections in the hope of improving business efficiency and meeting other business needs. Expectedly, employers want to ensure that their investments are used solely on work-related tasks rather than the personal use and delight of its employees. With the unrestricted use of internet in the workplace, it is almost certain that a considerable portion of the employees’ working time will be used and wasted in surfing the internet thereby, affecting work outputs. Unsecured websites and uncontrolled downloading from the internet may also expose the company’s entire computer system from a higher risk of virus threat.
It now appears that the employers, in monitoring the online activities of its employees, never really intend to intrude on their employees’ privacy. This action is dictated on the employer’s legitimate desire to protect its property and other business interest.
It must be stressed however that motive alone is not sufficient to affirm the validity of an act especially so when an equally protected right, like the right to privacy, is endangered. It is also worthy to note at this point that while the Bill of Rights protects property rights, the primacy of human rights over property rights is recognized.
Therefore, unless and until it is shown that the employees’ right to privacy are not infringed, the justifications herein discussed, are unavailing.
The Employees Right
The employee’s privacy concern is primarily based on Sections 2 and 3(1), Article III of the 1987 Constitution which provides:
“Section 2. The right of the people to be secure in their persons, houses and papers, and effects against unreasonable searches and seizure of whatever nature and for any purpose shall be inviolable xxxx”
“Section 3. (1) The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.”
The afore-quoted constitutional provisions intends to secure the citizen from “any invasion of his dwelling and to respect the privacies of his life.“  To ensure the protection of these liberties, Section 3(2), Article III of the 1987 Constitution further provides:
“(2) Any evidence obtained in violation of this or the preceding section shall be inadmissible for any purpose in any proceeding.”
These provisions are often cited by the employees in order to repel the employer’s alleged intrusion on their right to be “let alone” arguing, that the employer’s attempt to monitor their online activities constitute an unreasonable search. Following this line of thought, employees must therefore be given an absolute unfettered access to the internet in order to diminish the risk of an invasion to privacy.
Unlawful Searches and Seizures a Limitation Only Against the Sovereign State
As declared in the case of People of the Philippines vs. Andre Marti and later confirmed in the case of Waterous Drug Corp. vs. National Labor Relations Commission, “the protection against unreasonable searches and seizures cannot be extended to acts committed by private individuals so as to bring it within the ambit of alleged unlawful intrusion by the government. For one thing, the constitution, in laying down the principles of the government and fundamental liberties of the people, does not govern relationships between individuals. Thus, violations against unreasonable search and seizure may only be invoked by an individual unjustly traduced by the exercise of sovereign authority.”
Other Applicable Laws
As it is now clear that that the provisions of Sections 2 and 3, Article III of the 1987 Constitution cannot be invoked against private individuals, we must now consider other laws which may be applicable on the issue at hand.
Article 290 of the Revised Penal Code provides:
“Art. 290 Discovery of secrets through seizure of correspondence. – The penalty of prision correccional in its minimum and medium periods and a fine not exceeding 500 pesos shall be imposed upon any private individual who in order to discover the secrets of another, shall seize his papers or letters and reveal the contents thereof.
If the offender shall not reveal such secrets, the penalty shall be arresto mayor and a fine not exceeding 500 pesos.”
Although an electronic document is a functional equivalent of an original document under E-Commerce Act and thus may be considered as falling under the term “paper or letters”, a closer reading of Article 290 would give us the impression that in order to be liable under this provision the seizure of papers or letters must be made “in order to discover the secrets of another.” The intent therefore must, first and foremost, be the discovery of secrets.
It thus appears that Article 290 of the Revised Penal Code may not at all applicable to the employers monitoring of the online activities of their employees since the intent and motivation thereof is not the discovery of secrets but rather the protection of a legitimate business and/or investment interest.
Article 26 of the Civil Code also provides:
“Art. 26. Every person shall respect the dignity, personality, privacy and peace of mind of his neighbors and other persons. The following and similar acts, though they may not constitute a criminal offense, shall produce a cause of action for damages, prevention and other relief:
(1) Prying into the privacy of another’s residence;
(2) Meddling with or disturbing the private life or family relations of another;
(3) Intriguing to cause another to be alienated from his friends;
(4) Vexing or humiliating another on account of his religious beliefs, lowly station in life, place of birth, physical defect, or other personal condition.”
While monitoring of online activities is not one among those enumerated in the above-quoted provision, the term “similar acts” should nevertheless be taken with extreme caution. As there is no available Philippine jurisprudence yet on this issue, privacy environment in the workplace is crucial in the determination of whether there is a reasonable expectation on the part of the employee insofar as his/her online activities are concern. In line with this, the case of Phil Thygeson vs. US Bancorp, et al. is instructive.
Phil Thygeson vs. US Bancorp Equipment Financing Inc., et al, 2004 U.S. Dist. Lexis 18863
This case was prompted by the termination of Phil Thygeson, an employee of U.S. Bancorp, “for spending inordinate amount of time on the internet during work hours and downloading and storing in his office computer sexually inappropriate material.” Thygeson then sued Bancorp for damages and claimed that the company’s “inspection of his personal folder and reviewing his computer usage, impermissibly invaded his right to privacy.”
In dismissing the claim of Thygeson, the Court held that he had “no reasonable expectation of privacy in either the ‘personal folder’ in which he stored the subject email, or his history of internet usage.” Be it noted though that this finding of the Court was primarily founded on the fact that US Bancorp has an existing company policies which apprised employees of the company’s right to monitor their (employees) internet usage and computer files. US Bancorp’s Handbook states in part:
“Our personal computers including email are intended for Company business only xxx. Do not use the company’s computer resources for personal business xxx and do not access inappropriate Internet sites and do not send emails which may be perceived as offensive, intimidating, or hostile or that are in violation of Company policy xxx”
The company also expressly “reserved the right to monitor any employee’s and computer files xxx.” 
Based on the above discussions, Atty. Jovi Tañada Yam made the following recommendations.
“An employer should have a well-drafted electronic communications monitoring policy stating that it has the right to monitor both e-mail and Internet use of its employees. This policy will not only deter inappropriate e-mail [and internet] usage. It will also put employees on notice of employer monitoring. The policy should be consented to and signed by the individual employees and kept in the employee’s personnel files.”
“Once a policy has been established, the employer should reinforce the policy through training. It should also consider log-on messages that remind employees of the company’s email [and internet usage] policy. Finally, employers should enforce the policy.”
 Villanueva vs. Querubin, 48 SCRA 345