[Mirror] San Juan, Marjorie

SY 2012-2013, First Semester

Data Privacy Act of 2011: One Solution to Increase Philippine Revenue and Employment Rate


While it is true that the Philippines has no general data protection law, different laws embrace rules on the collection, storage and transfer of personal data or information. Absence of any general data protection law in this country does not mean that personal data may be freely transferred and stored within and outside the country. Certain requirements, limitations and restrictions may be found in various laws which regulate the flow of personal data. Some of the laws we have which control the traffic of personal data are: Republic Act No. 7277 (the “Magna Carta of Disabled Persons”), Republic Act No. 8504 (the “Philippine AIDS Prevention and Control Act”), Republic Act No. 8792 (the “Electronic Commerce Act”), and Presidential Decree No. 1718 (“PD 1718”).

Basic Information on the Senate Bill (SB) 2965 and the House Bill (HB) 1554

The Senate, on its third and final reading, approved a bill aimed at protecting digital data collected by government agencies and service providers. It passed, on Tuesday (March 20, 2012), the Data Privacy Act (Senate Bill No. 2965)also known as “An Act Protecting Individual Personal Information in Information and Communications Systems in the Government and the Private Sector, Creating for This Purpose a National Data Protection Commission, and for Other Purposes.” It features significant notice, consent and data breach notification requirements, and it imposes direct obligations on both data information controllers and/or data information processors. Once approved, a National Privacy Commission will be created. It will be authorized not only to monitor compliance but also to recommend to the Department of Justice the imposition of penalties for noncompliance, including imprisonment and fines. Despite having no provisions on restrictions on cross-border data transfer, the law will still apply to certain foreign processing of personal information about Philippine residents. In an apparent effort to protect the domestic outsourcing industry, however, the law will not apply to “personal information originally collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions, including any applicable data privacy laws, which is being processed in the Philippines.”

Said Senate Bill differs from House Bill 1554 passed in 2011. There must now be a bicameral conference committee to ‘reconcile’ the versions of the two houses, and then the reconciled version will be sent to the President for signature after its passage by both Houses.

Rep. Roman T. Romulo (Lone District, Pasig City), author of House Bill 1554 also known as “Data Privacy Act,” believes its passage will enhance Philippine competitiveness in the international economy as a hub for BPO and promote consumer trust and user confidence in electronic commerce. He noted the absence of a unified and special law protecting citizens’ rights to privacy and confidentiality over their personal information in both private and government information and communications system. HB 1554 seeks to establish a National Privacy Commission that will act on complaints affecting personal information and compel any entity or government agency to abide or take action on matters affecting data privacy. It likewise prohibits the processing of sensitive personal information and privileged information except when consent has been given by data subject or processing is provided by law and necessary to protect the life and health of data subject or another person.

Sen. Edgardo Angara, author of SB 2965, on the otherhand, mandates public and private entities to protect and preserve the integrity, security and confidentiality of personal data collected in its operations. It emphasizes the importance of compliying with international data security standards.

From the writings of the two bills, one clear objective of both bills is to enhance and protect the integrity, security and confidentiality of personal data collected in its operations in order to boost investment in the fast-growing IT-BPO industry.

Once signed into law, the legislation will impose a privacy regime modeled on the EU Data Protection Directive. Angara said the bill is based on the Directive 95/46/EC of the European Parliament and Council, which is said to be the most widely adopted data privacy regime. This directive prohibits companies in the European Union from outsourcing the processing of private information to countries that do not follow particular data protection standards. It is based on standards set by the European Parliament and is aligned with the Asia Pacific Economic Cooperation (APEC) Information Privacy Framework, and is intended to protect the integrity and confidentiality of personal data.

The Bill and Its Projected Effects on the IT-BPO Business in the Philippines

The Business Processing Association of the Philippines (BPAP) president and CEO Benedict Hernandez said that the act will increase confidence among international investors and companies that outsource business processes to the Philippines as it brings the Philippines to international standards of privacy protection. According to him, the Philippines’ IT-BPO industry is evolving rapidly with the result that an increasing amount of the work undertaken in the Philippines involves non-voice, complex services in a wide range of functional areas and industry verticals. Complex services already account for over 30 percent of industry revenues, and these services are growing more rapidly than voice services. He further added that since much of the work involves confidential personal and company information, and client firms of the IT-BPOs want to know that the Philippines provides international standards of protection to safeguard their information. That assurance will further enhance the competitiveness of the industry, an important requisite to sustaining growth, particularly in non-voice, complex services.

In an online article entitled “Internet Law – Data Protection Law in Philippines’ Business Process Outsourcing Industry” written by Martha L. Arias, IBLS Director, she mentioned that “Offshore Business Process Outsourcing (BPO) is a growing industry in Eastern Europe and Asia countries. Typical BPO include customer and support call centers, payroll, and medical transcripts centers. Philippines ranked second, to India, in business process outsourcing for the year 2005, by producing $1 billion revenue through BPO contracts (compared to $800 million in 2004). Philippines BPO is particularly interesting for United States (“US”) business due to its strong English-speaking ability, capable workforce availability, IT infrastructure, and cultural skills to interact with US citizens and other Western cultures (including Spanish-speakers).”

The IBLS Director went further in saying that “In 2006, the Government of Philippines recognized the significance of data protection laws in their profitable and growing BPO industry and issued ‘Administrative Order 8’ that contains the Guidelines for the Protection of Personal Data in Information and Telecommunication System in the Private Sector (“Guideline 8”). The objectives of Guideline 8 are to encourage and provide support to private entities to adopt personal data protection policies, and provide rules for data protection certifiers in Philippines. BPO entities must comply with Guideline 8’s principles and rules, including lawful access, confidentiality obligation and security.”

The Bill and Its ‘Anti-Media’ Provisions

Media organizations demonstrated protest for the enactment of the bill claiming that certain provisions may be used to impose penalties on journalists for “breaches of confidentiality” and may suppress press freedom. Said issue was already rectified. The Data Privacy Act was approved with more safeguards put in place to protect press freedom. Senator Angara, however, confirmed that there is absolutely no reason to be alarmed. He attested that “Press freedom is provided clearly in our Constitution, but so is a person’s right to privacy. What the Data Privacy Act does is simply extend the safeguards on privacy to the personal information transmitted and stored via the Internet and the other ICT.” He further clarified that the bill’s “main intention was to generate confidence in IT-BPO, e-governance and e-commerce in the country. Many other countries where these industries are flourishing have similar laws in place. In that way, this law is not unique and just puts us on a par with global standards.”

Legal Bases of the Act

In an online article written by ACCRALAW lawyers Aleli Angela G Quirino and John Paul M Gaba entitled “Data Protection: Philippines,” they mentioned that there is no existing comprehensive legislation on personal data protection or information privacy. Privacy rights are generally considered to be connected with the due process clause of the Constitution. The right to privacy is closely related to constitutional guarantees granted to individuals:

  • Against unreasonable searches and seizures (section 2, Article III, Constitution).
  • For privacy of communications and correspondence (section 3, Article III, Constitution).

These guarantees serve as safeguards for private citizens against the state’s actions, and do not limit private transactions and activities undertaken by non-state entities and individuals in relation to private persons.

There are specific statutory provisions that recognise and safeguard an individual’s right to privacy providing a cause of action for damages and for other equitable relief if intrusive acts are committed by private persons. These acts include (Articles 26 and 32, Civil Code):

  • Prying into the privacy of an individual’s residence.
  • Meddling with or disturbing the private life or family relations of an individual.
  • Causing an individual to be alienated from his friends.
  • Aggravating or humiliating an individual, on account of his religious beliefs, status in life, place of birth, physical defect, or other personal condition.
  • Infringing an individual’s right to be secure in his person, house, papers, and effects against unreasonable searches and seizures.
  • Breaching an individual’s privacy of communication and correspondence.

The courts have yet to interpret these privacy provisions in relation to personal data. However, the collection, processing, and use of personal information for commercial and non-commercial purposes without an individual’s (data subject’s) knowledge and consent can be construed as, and can give rise to, a cause of action for violation of privacy rights.

Specific provisions concerning the right to privacy over information are found in the:

  • Republic Act No. 1405, as amended (Secrecy of Bank Deposits Law).
  • National Internal Revenue Code 1997 in relation to the power of the Commissioner of Internal Revenue to obtain information from certain taxpayers.
  • New Social Security Law in relation to information contained in membership applications.
  • AIDS Prevention and Control Act of 1998.
  • The Writer’s Appraisal of the Data Privacy Act of 2011
  • The decision foreign companies to set up their business process outsourcing operations in the Philippines is a vote of trust and confidence not only in the quality of the local workforce but on the belief that we are at par with the global standards when it comes to data protection and security.

    There are currently efforts to draft legislation for a general data protection law aimed for the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data Protection Directive).

    In our current economic situation, a job-hunter and a regular employee can only hope and be optimistic that our Government could provide enough jobs if not for everyone, at least for the majority. The members of the Senate, in unanimously approving the bill, believe that the passage of the bill into a law will attract more investors in the information technology and BPO industry in the Philippines. According to BPAP, the IT-BPO industry generated $11 billion in revenues in 2011, and directly employed approximately 640,000 people. With the bill passed into law, the Philippine IT-BPO industry can achieve projections of revenue increase from $9 billion in 2011 to $25 billion by 2016 according to Angara. He also pointed out that employment in the industry could increase from about 1 million to 4 million in the next four years.

    In an online article by Daxim Lucas of Philippine Daily Inquirer dated March 11, 2012, he mentioned that the industry has the backing of the administration of President Benigno Aquino III, which hopes to see some 1.3 million Filipinos employed in BPO centers by 2016. It also hopes to double the total of the industry’s revenues to around $25 billion during the same time frame.

    The important role of the IT-BPO companies should be acknowledged in generating both direct and indirect jobs which contribute to an increased revenue and employment rate in the country. Numerous data are available to support the vital role that the IT-BPO companies play to our economic growth. Indeed, this IT-BPO industry generates revenue and helps improve employment rate in the Philippines.

    Senate President Juan Ponce Enrile expressed his optimism with the approval of the trio ICT bills in this period when Filipinos have experienced an exodus in skilled workers and professionals. As mentioned by Enrile: “Today, we live in an open and seemingly borderless world marked by amazing advancements in technology. It is essential to pass measures that are timely and those which adhere to international standards, at the same time, keeping up with the rapid changes in ICT sector.”

    The Congress and the administration have been extremely supportive of the industry and that gave way to their initiative in creating a general law on data protection. The act imposes mandatory compliance obligations on the data information controller and/or data information processor. Unlike the previous Department of Trade and Industry Guidelines which served only as regulatory measures and dealt directly with the protection of personally identifiable information but gave no penal nor administrative sanctions for beach, an inclusion of penal and/or administrative sanctions for breach in this Act shows how serious our Senate officials are in its objective to strengthen the IT-BPO industry in their hope that the said industry would contribute to an increased in investment, job-generation, and high-value services.


    The Legality of Fan Art in the Philippines

    Fan art, according to Wikipedia, is an artwork that is based on a character, costume, collage, item, or story that was created by someone other than the artist, such as a fan, from which the word is derived from. Usually, it refers to fan labor artworks by amateur artists, or artists who are unpaid for their fan creations. Originally, fan art was used as a term to designate the work of an artist who was not necessarily professionally employed or pursuing a career in a field of genre arts, but simply created work based on topics of which he or she was a “fan.” Wikimedia, on the other hand, defines fan art as an art describing unauthorized artistic representations of elements or characters in an original work of fiction, usually created by amateur enthusiasts for their own amusement. Fan art is created by someone other than the owner of the intellectual property rights in the original work or a permitted licensee. Jomo Thomson, in his online article entitled “Does fan art violate copyright?” defines fan art as a drawing based on a character, costume, or location that is made without permission by the original creator.

    In the US, fan art using settings and characters from a previously created work could be considered a derivative work, which would place control of the copyright with the owner of that original work. Display and distribution of fan art that would be considered a derivative work would be unlawful. Since fan art can be considered a derivative work, therefore most fan art is an infringement

    However, American copyright law allows for the production, display and distribution of derivative works if they fall under a fair use exemption. Fair use protects certain uses that would otherwise be an infringement. To find protection in fair use, a second work must be an artistically transformative use of the first, not have a great economic impact on the first, and not take too much of the first. A truly transformative work, therefore, may be protected. Fair use is a vague doctrine, giving courts great freedom in application.

    In an online article entitled “The Messy World of Fan Art and Copyright” by Jonathan Bailey on May 13, 2010, he said that fair use may protect some fan creations from being an infringement, but that is handled on a case-by-case basis, looking at the facts of the actual work.

    Sarah Says, in her article “Fan Art and Fair Use: One Truth and Five Myths” enumerated four factors to be considered in determining whether or not a particular use is fair. These factors are the following:

    1. The purpose and character of the use, including whether such use is of commercial nature or is for non profit educational purposes: Non-commercial uses are far more likely to fall under fair use than commercial uses. Regardless of whether your work is commercial or non-commercial, a court would also look at whether the work is transformative, whether you alter the “expression, meaning, or message” of the original content through your use of the copyrighted material. Parody and critique are transformative uses, but they are not the only examples of transformative use. When determining whether a use is transformative, we want to look at the how the new use impacts our view of the original work;
    2. The nature of the copyrighted work: How you use a copyrighted work matters, but so too does what copyrighted work you use;
    3. Amount and substantiality of the portion used in relation to the copyrighted work as a whole: How much you copied can also be a factor. There’s no rule about just how much is too much, but how much you use is one of the factors courts examine in determining fair use; and
    4. The effect of the use upon the potential market for or value of the copyrighted work: Market harm and potential market harm are biggies, and whether a work is considered a legitimate fair use often hinges on a whether a court determines that use harms the market for the original work.

    While copyright laws differ from one country to another, the view of the US regarding fan art and fair use may be made applicable in the Philippine setting. Technically, fan-art of copyrighted characters enjoys no legal protection. The legalities of fan art are often debated within the fandom community, and not always easy to answer particularly from one country to the next because of varying copyright laws. If fan art is considered “derivative work”, then its copyright would belong to the original copyright holder for a particular character, property, movie universe or book and not the artist. The artist should not have the right, therefore, to display the work without permission of the original copyright holder, and certainly should not be allowed to sell it without first obtaining a license to do so.

    However, many in fandom attempt to claim that fan art falls under fair use including “commentary, criticism, news reporting, research, teaching, library archiving and scholarship.” Others consider fan art a transformative work which “takes something extant and turns it into something with a new purpose, sensibility, or mode of expression” therefore suitable of legal protection in its own right.

    In general, most media copyright holders turn a reasonable “blind eye” to fan art activity as it can be seen, to an extent, as a form of “free advertising” for their products. Artists, whether they are musicians, authors or filmmakers, are typically very lenient about such practices. They realize that such creations are not only free promotion for their work, but that such efforts create a community that comes together and supports the original work. The community works to ensure they don’t hurt the original creator’s ability to profit from the work and the creator tolerates what is technically a copyright infringement in many cases.


    Downloading Copyrighted Works and Copyright Infringement

    Copyright law protects the value of creative work. It is against the law the law to not only make unauthorized copies but also to both upload and download copyrighted works without the permission of the copyright owner because it is as if you are taking something of value from the owner without his or her permission. Any said act may subject the doer to civil and criminal liability. In the United States, the courts have consistently ruled that many peer-to-peer (P2P) programs and other unauthorized uploading and downloading inherently amount to copyright infringement and therefore constitute a crime. It amounts to stealing since it violates the copyright owner’s distribution right and, as a result, constitutes copyright infringement.

    Early this year, reports about a plan to pass a bill to stop (or at least reduce) online piracy in our country (Philippines) began to catch not only the attention of the copyright owners who are expected to be protected but also the society in general. The proposal was to adopt a bill somewhat similar to SOPA (Stop Online Piracy Act) or PIPA (Protect IP Act) and to help protect copyright owners from having their content being pirated by others.

    Several actions had been taken to remedy online policy:

    In New Zealand, for example, a report last July stated that internet piracy in the said country have halved since the introduction of the controversial “three strikes” rule where fines of up to NZ$15,000 will be issued to illegal downloaders caught three times;

    In Europe, Anti-Counterfeiting Trade Agreement (ACTA) was signed. According to an online article of BBC, ACTA is an international treaty aiming to standardize copyright protection measures. It seeks to curb trade of counterfeit physical goods, including copyrighted material online. Possible imprisonment and fines may be issued to violators of the said agreement. However, ACTA was attacked by several issues which have affected its ratification by other joining countries. It has been said to have adversely affect fundamental rights including freedom of expression and privacy, and endanger access to medicines in developing countries. It has been said to create a culture of surveillance and suspicion. It has also been said to limit the freedom of countries – like India and Africa who cannot afford to pay for patented HIV drugs – to determine their own medical choices since said agreement treats a generic drug just as a counterfeited drug. These issues, however, were addressed by Commissioner De Gucht at his speech the European Parliament in the Workshop on the Anti-Counterfeiting Trade Agreement on March 1, 2012. He assured that ACTA is not an attack on the liberties of the people but rather a defence of their livelihoods; that it will not censor the internet and not mandate the monitoring or controls on people’s emails, blogs or file-sharing activities; that it will not impose any restrictions on trade in generic medicines. In another online source (http://ec.europa.eu/trade/tackling-unfair-trade/acta) , it mentioned that ACTA does not contain any provision that provide for the cutting of internet access or for monitoring of the internet. It is not about checking private laptops or smart phones at borders. In fact, ACTA is after only on large scale traffic. It also stated that ACTA considers a fair balance between the interests of the parties concerned – the citizens, consumers, civil society or business. In addition, ACTA does not prevent people from sharing content online. It only fights against piracy and provides the tools to react against illegal content as defined by European and national legislation. Lastly, said agreement does not provide any direct or indirect effect on the legitimate trade in generic medicines or the global public health.

    In the Philippines, we have the Business Software Alliance that does rounds to help reduce software policy, and the Optical Media Board (OMB) that raids shops and stalls selling fake CDs. However, despite these measures, counterfeiting and piracy have been a problem in our country. A call for a similar agreement (ACTA) might be a good route to help lessen pirates who steal money that should have gone to those deserving creative individuals. ACTA aims not only to establish international standards for intellectual property rights enforcement, but also to establish an international legal system to end counterfeit goods and copyright infringement of the Internet. It is about time that we comply with a comprehensive framework to protect intellectual property, the rights that can be protected and the means to enforce them.


1 comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: