Cruz, Elizabeth Joie

SY 2012-2013, Second Semester

AMALAYER and Data Protection Act

I. Taking Random Videos

We are in a generation where next latest model of android phone is received with such publicity as the US election. Tablets and android phone makes the world even smaller than what it is already. Now you can not just check information and updates in your facebook account when you are chilling at home – you can do so even when you are in the public transportation, at the mall or even at work. Sharing details of everyday life has become a part of daily routine for many. It gives the feeling of being connected with the people you care about. It defies the barrier between friends and relatives who are busy living their own life yet wanted to know what’s going on within their circles.

The positive impact of social networking and the technology that attaches to it need not be essayed. For real friends and relatives, it is the next best thing to going out and having coffee. Nowadays, the personal connection is not the only benefit of it, it has become a platform. For people who have important and not so important thing to say, this has become a very important venue. This is where the story begins. As social networking has been amplified by the ever dynamic market of tablets and smart phones, sharing of information has become even more indiscriminate. You see a funny sign, you take a picture of it and upload it in your account for the whole world to see.It is as easy as point, shoot and upload.

How many of us had seen the video of funny kid being bitten by his baby brother? How many of us shared a photo because it was just too cute or too funny? Making someone’s day by sharing these videos or photos seems to be so easy. We can’t get enough of it.

With the advent of high quality built in video camera in our mobile phones, some people felt the need to share information to the public in an instant. It has been good for most part. News programs are even capitalizing on it by making a segment wherein ordinary citizens can send their very own videos or photos of what has been going on around their area. If not for TV, some felt that sharing “compelling” videos is their ticket to internet fame. This has some cost. When making someone’s day by sharing heart-warming videos can be done in seconds, so is ruining the life of some people who were indiscriminately put in the public eye to be ostracized by the imbalance public opinion.

A. Vigilance or intruding someone’s privacy?

So the question is, when is sharing your personally captured video an act of vigilance and when is it an intrusion of privacy?

Perhaps distinction of the content of the video is essential and who is taking the video is another matter. For this discussion, I will limit the content as those that covers daily life of ordinary citizen and the person taking it to be a third person from its subject matter.

Countless times we have proved how technology helps us move on from the effects of national disaster. There are those who are willing to give updates as to the current situation of their area, some try to mobilize relief operations by calling out netizens to participate, some try to share videos and photos that will lift up the wounded spirit of our people.

Close Circuit Television (CCTV) had been a part of security measures of many establishments and even private buildings. It has been instrumental in catching criminals and preventing crime before it even happens.

A lot of people feel empowered by taking videos and sharing it to the public. They feel that they are doing the public a service and no doubt that they do in some worthy instances. But sensitivity is another issue. Everyone can take videos and share it to the public, but who will police the content? Has the boundary of privacy been crossed?

B. Right to Privacy

Technology has shoot up pretty fast and our sense of responsibility could not catch up. The truth is, the things we fight about in physical world are same matter as it is in cyberworld, only the latter is amplified 3x more. A video which is an internal joke to you and your friends may be shared by someone who think it is offensive and could stir up long threads of comments and criticism somewhere in cyberspace. Things get out of hand easily. Indeed, there is a much needed call to define the responsibility of the one possessing video and photos they took involving another persons.

Things get nasty online . There was an MMDA officer mauled by a motorist, a law-student-now-a-lawyer who unwittingly tried to pass a flooded street, and most recently, a young lady shouting at a lady guard. These online sensations received a wide range of criticisms from the public. Although their situation varies, it is difficult not to think whether these people deserved the amount of toungue-lashing they had received. Offline, aren’t we given some opportunity to settle our disputes alone?

II. AMALAYER’s situation

The situation of Paula Jamie Salvosa, the “berating lady” caught on tape at an LRT station, is quite special. There is no public officer in the video unlike the Carabuena incident nor there was a TV News interview where the “berating lady” fully participated in.

The video involves all private citizens just doing their same routine. It is not new to many people to hear their neighbours fight once in a while, and a prudent person would not go inside their house and interject. Point is, the matter between the lady guard and the “berating lady” is not really unusual, what is unusual is what people will do when they see situation like that. A lot of people may say that she is pretty much like Mr. Carabuena. The two are very different. The latter have a public officer involve and a clear act of crime is committed – he assaulted an officer. The lady guard should have known by now that passengers of LRT are customers, and customers may get angry when they feel like they are not treated well. This is not to condone the action of the young lady. With her education, she could have acted accordingly. She could have been the bigger person and settle the issue in a civilized manner, after all the lady guard was there primarily to do her job and not just to piss her off.

Very importantly, the person who uploaded this video is not related to Paula Jamie Salvosa, to the lady guard nor involve in the situation. This is where the imbalance of technology and sense of responsibility is demonstrated. While technology nowadays allows us to pretty much capture videos and photos we want, nothing gives us a right to use it to the detriment of others. The uploader of the video had done such damage to the “berating lady” by making her life unbearable as she receives tongue-lashing from everyone. I truly wonder whether Gregory Paulo Llamoso seriously think he has the right to “expose” the video to the public. Whatever happened to “mind your own business”?

III. RA 10173 Data Privacy Act

Paula Jamie Salvosa has learned her lesson the hard way. It is now our turn to learn .

The right to informational privacy has two aspects:

1) The right of an individual not to have private information about himself disclosed; and

2) The right of an individual to live freely without surveillance and intrusion [1]

Data Privacy Act is rooted to our right to privacy. Simply put, it meant the right to be left alone. Section 2 of RA 10173 provides:

SEC. 2. Declaration of Policy. – It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.

Interestingly , this law was passed months apart from Cybercrime Act, which is now under TRO of the Supreme Court. What is so special about RA 10173 is that it vest rights to “data subject” and that it is not under any TRO. Chapter IV of the law provides:


SEC. 16. Rights of the Data Subject. – The data subject is entitled to:

(a) Be informed whether personal information pertaining to him or her shall be, are being or have been processed;

(b) Be furnished the information indicated hereunder before the entry of his or her personal information into the processing system of the personal information controller, or at the next practical opportunity:

(1) Description of the personal information to be entered into the system;

(2) Purposes for which they are being or are to be processed;

(3) Scope and method of the personal information processing;

(4) The recipients or classes of recipients to whom they are or may be disclosed;

(5) Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized;

(6) The identity and contact details of the personal information controller or its representative;

(7) The period for which the information will be stored; and

(8) The existence of their rights, i.e., to access, correction, as well as the right to lodge a complaint before the Commission.

Any information supplied or declaration made to the data subject on these matters shall not be amended without prior notification of data subject: Provided, That the notification under subsection (b) shall not apply should the personal information be needed pursuant to asubpoena or when the collection and processing are for obvious purposes, including when it is necessary for the performance of or in relation to a contract or service or when necessary or desirable in the context of an employer-employee relationship, between the collector and the data subject, or when the information is being collected and processed as a result of legal obligation;

(c) Reasonable access to, upon demand, the following:

(1) Contents of his or her personal information that were processed;

(2) Sources from which personal information were obtained;

(3) Names and addresses of recipients of the personal information;

(4) Manner by which such data were processed;

(5) Reasons for the disclosure of the personal information to recipients;

(6) Information on automated processes where the data will or likely to be made as the sole basis for any decision significantly affecting or will affect the data subject;

(7) Date when his or her personal information concerning the data subject were last accessed and modified; and

(8) The designation, or name or identity and address of the personal information controller;

(d) Dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal information have been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by recipients thereof: Provided, That the third parties who have previously received such processed personal information shall he informed of its inaccuracy and its rectification upon reasonable request of the data subject;

(e) Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected. In this case, the personal information controller may notify third parties who have previously received such processed personal information; and

(f) Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.

“Data subject” refers to an individual whose personal information is processed. “Personal information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

“Personal information controller” refers to a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf. The term excludes:

(1) A person or organization who performs such functions as instructed by another person or organization; and

(2) An individual who collects, holds, processes or uses personal information in connection with the individual’s personal, family or household affairs.

I feel that there are many other laws that can be used to make the uploader of the video responsible to this mess. Atty.Mel Santa Maria in his article mentioned that :

If there is abuse, he or she can be held accountable for the injury to the one embarrassed. This is what we call in law the ABUSE OF RIGHT DOCTRINE. This precept is embodied in Article 19 of the Civil Code providing that “every person must, in the exercise of his rights and in the performance of his duties, act with justice, give everyone his due, and observe honesty and good faith”.

Also Article 26 relevantly provides that “every person shall respect the dignity, personality, privacy and peace of mind of his neighbors and other persons” by not, among others, “intriguing to cause another to be alienated from his friends” or “disturbing the private life or family relations of another.” [2]

It is however interesting to note that RA 10173 actually defines and specify the rights of the data subject,a milestone in giving teeth to the protection of right of privacy. Clearly, when someone’s right to privacy has been violated, this law may provide definition and clarification as to the amount of responsibility and rights inlvolve among among parties.




The Story Never Ends: Cybercrime Prevention Act 2.0

On 15 January 2013, an oral argument in the Supreme Court is scheduled to tackle the constitutionality of Republic Act No. 10175, also known as Cybercrime Prevention Act of 2012. Fifteen (15) petitions were filed against the said law which led the Supreme Court to issue a 120 days Temporary Restraining Order.

Said law was enormously criticized by netizens and media sectors. It even triggered hackers in shutting down of government websites as a sign of their protest – which was later claimed by “Anonymous Philippines.”

Some of the provision of the said law was alleged to be violative of the constitutional right of freedom of expression, privacy and due process. The most contentious provision is Section 4, which defines and enumerates the “Cybercrime Offenses,” particularly the Libel (Section 4 [c] [4]). The law provides that:

(4) Libel. — The unlawful or prohibited acts of libel as defined in Article 355 of the Revised Penal Code, as amended, committed through a computer system or any other similar means which may be devised in the future.

As a law student and person familiar with some development in technology, a huge implication can be seen with this encompassing provision, if not at all vague to be considered void. The provision talks about committing libel through computer system, [1] a scenario wherein even a person who “share”, “retweet” or any acts which constitute reposting works that represent shared opinion in the internet regarding public issues can be considered a cybercrime offense of libel. Therefore, restricts, without any qualification, the freedom of expression of every netizens or individual using computer. This can be said to be a clear violation of our freedom of speech, which defined by Wendell Philips as “at once the instrument and guaranty and the bright consummate flower of all liberty.” Freedom of speech includes free of expression which embraces a number of cognate rights all aimed at insuring the free and effective communication of ideas from mind to mind. [2]

At the very least, free speech and free press may be identified with the liberty to discuss publicly and truthfully any matter of public interest without censorship or punishment. There is to be then no previous restraint on the communication of views or subsequent liability whether in libel suits, prosecution for sedition, or action for damages, or contempt proceedings unless there be a clear and present danger of substantive evil that Congress has a right to prevent. [3]

As an individual “particle of sovereignty,” every citizen has a right to offer his views and suggestions in the discussion of the common problems of the community or nation. This is not only a right but a duty. [4] But with the given provision of law, devoid of regards to the constitutional right of the people, ultimately offend the constitution.

It can be noted that the trend now is to decriminalize libel and as evidence, Supreme Court headed then by Justice Reynato S. Puno even issue an Administrative Circular No. 08-2008 giving the guidelines in imposing penalty to libel. The circular, in summary, encourage judges to impose civil penalty as much as possible and refrain from imposing imprisonment which is also not addressed in the Cybercrime Prevention Acts of 2012.

The law becomes more alarming, especially for those maintaining blogs and websites, when it gives the Department of Justice an excessive power to restrict or block access to any computer data if they find it, prima facie, in violation of the law. This certainly is not only violative of the right of the netizens to due process and against unreasonable searches and seizure but also to their right to privacy under the Civil Code of the Philippines. [5] Section 19 of the Cybercrime Prevention Acts of 2012 provides that:

Section 19. Restricting or Blocking Access to Computer Data. — When a computer data is prima facie found to be in violation of the provisions of this Act, the DOJ shall issue an order to restrict or block access to such computer data.

The above quoted provision is too pervasive. It may be wisely applied to cybercrime offenses such as child pornography etc., but definitely not to all libel cases especially when it can be used in arbitrary way as it could block all computer data which criticize or express redress against the government. It is easy to see that the defect of this law may result to an evil greater than what we can imagine. The movie of “Identity Theft” and “Eagle Eye” are more illustrative of the same.

Fortunately enough, Senator Miriam Defensor-Santiago proposed another bill amending the Cybercrime Prevention Act 2012. The bill, Senate Bill No. 3327, whilst recognizing the urgent need to prevent computer-related crimes like child pornography and the necessity of expanding the applicability of the law in the world of Information and Communication Technology, also protects and upholds the Constitutional Rights of the people. The bill clearly gives guidelines and rules on how to deal with the cybercrime offense without violating the Constitutional rights of the people. For instance is the Part 2 of the bill which enumerates and define the Internet Rights and Freedoms. One of the interesting parts of the bill is the provision under Section 8, Chapter III, Part 2 which provides for the Right to Freedom of Speech and Expression in the Internet. Subsection 4 of said Section 8 provides that:

No person shall be compelled to restrict access to information on the internet or to remove published material or uploaded information from the internet except upon Order following a special proceeding for the purpose xxx

The proposed is far more conscionable than the Cybercrime Prevention Act of 2012 which is in my opinion is passed prematurely without studying other facet of law and its effects.

The bill even deals with one of the most serious issues in cybercrime which is Cyberwarfare and National Defense. Even the explanatory note of the bill gives the very reason why Information and Communication Technology must be given serious attention as this contribute to the development and improvement of our economy.

The bill also recognized and considered the International Treaties which the Philippines are bound to respect in good faith.

The Bill of Senator Santiago seems to cover everything essential (at least on paper), that is by not contravening constitutional provisions and being at par with our international obligation in securing information communication technology. The bigger challenge is how we are going to put the law into action. Though it is an entirely separate issue, focus should be put on the consequences and implications of our laws which are created with “best intentions”. As my realization, our law-makers should be aware of the implication of every law that they craft and should disregard their personal motive. More importantly, ample time in studying the subject matter of a law should be a standard procedure so that a bill will not be passed prematurely.


[1] A complete, working computer. Computer system will include the computer along with any software and peripheral devices that are necessary to make the computer function. (

[2] Isagani A. Cruz, Constitutional Law, 2007 Edition. p. 200

[3] Gonzales vs. Commission on Election, 27 SCRA 835.

[4] Isagani A. Cruz, Constitutional Law, 2007 Edition. p. 201

[5] By analogy under Article 26 of the Civil Code of the Philippines.

1 comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: