Faltado, Ray

SY 2012-2013, Second Semester


Tech: RA 10173 and RA 10175

Introduction:

“Once you’ve lost your privacy, you realize you’ve lost an extremely valuable thing”

– Billy Graham

“So long as the laws remain such as they are today, employ some discretion: loud opinion forces us to do so; but in privacy and silence let us compensate ourselves for the cruel chastity we are obliged to display in public.”

– Marquis de Sade

In today’s fast pacing world, data integrates into our lives without being noticed. Privacy, a fundamental though not absolute is human right which underpins human dignity and other key values such as freedom of association and freedom of speech. It has become one of the most important human rights issues of the modern age. We need a law to ensure that our rapidly growing and changing data is protected. The clamor for creating that specific law started in the recent economic boom of BPO business. it is a tool in promotion of E-commerce. Maybe the intention of the government is to improve the system but it just so happened that it went the other way around. They over looked the deprivation of rights as a result of passing RA 10173 and RA 10175 into a law. It made a negative impact especially with the imposed penalties for every offense.

Statement of the Problem:

This research includes an examination of the RA 10173 and RA 10175 and its significant implication to the rights of an individual under Philippine Laws; specifically, it will seek to answer the following questions:

1. What is RA 10173?

2. What is RA 10175?

3. What are the advantages of Data Privacy Act?

4. What are the rights violated in implementing RA 10173 and how will the government respond to address such deprivation?

5. What are the advantages of Cyber Crime Law?

6. What are the rights violated in implementing RA 10175 and how will the government respond to address such deprivation?

Presentation, Analysis and Interpretation of Data

Data, Analysis and interpretations will be presented to provide answers to the questions on this study.

Problem 1: What is RA 10173?

Data Privacy Act of 2012 is an act protecting individual information in information and communications systems in the government and the private sector, creating for this purpose a national privacy commission, and for other purposes enable to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected. It applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines.

Problem 2: What is RA 10175?

Cyber crime prevention act of 2012 is an act defining cyber crime, providing for prevention, investigation, suppression and the imposition of penalties therefore and for other purposes. The National Bureau of Investigation (NBI) and the Philippine National Police (PNP) shall be responsible for efficient and effective law enforcement of the provisions of this Act. The NBI and PNP shall organize a cyber crime unit or center manned by special investigators to exclusively handle cases involving violations of this Act.

Problem 3: What are the advantages of Data Privacy Act?

The newly approved Data Privacy Act benefits Information Technology and Business Process Outsourcing industry by making it in line with international standards of privacy. It also protects publishers, editors or duly accredited reporters of any newspaper, magazine or periodical of general circulation protection from being compelled to reveal the source of any news report or information appearing in said publication which was related in any confidence to such publisher, editor, or reporter.

Another good thing about data privacy Act, Under the personal information must be fairly and lawfully processed, Processed for specified purposes, Adequate, relevant and not excessive, Accurate, and where necessary, kept up to date, not kept for longer than is necessary, processed in line with the rights of the individual and Kept secure. In that way, the new law in personal information and it will prevent fraud and personal information theft. It helps preserve people’s personal information. The new law states:

“The State recognizes the vital role of information and communications technology (ICT) in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.”

Along with the new law is the creation of the National Privacy Commission, which will administer and implement the Act as well as ensure the country complies with international standards for data protection.BPO industry, will bring in projected revenues of US$25 billion by 2016. It will also increase job openings from about 1 million to 4 million positions in the next four years which was supported by Angara in that way, we can say that it will not only secure our personal information, it will also open job opportunities in the country. Who are we to refuse such opportunity?

Lawful access, confidentiality obligation and security are just few of the obligations imposed by Guideline 8 and to be followed by BPO as well. The Lawful access rule says, “access to personal data in an information or communications system shall only be authorized in favor of the individual or entity having a legal right to the possession or the use of the file and solely for the authorized purpose. It shall not be made available to any person or party without the consent of the individual or entity in lawful possession, or in the absence of court order.” This is a very useful customer protection rule that indirectly prohibits selling personal data to no-authorized parties and when outside the data collection purpose.

Section 7 Guideline 8 establishes the confidentiality principle. Under this principle, any person who gets access to personal data in an information or communication system, pursuant to powers conferred under E-commerce law, ‘shall not convey or share the same with any other person.’ This confidentiality rule will have an important impact in the Philippines’ Medical Transcription BPO market. Fortunately it happens to be that Philippines is a major player in offshore Medical Transcription services and confidentiality is paramount in the medical field.

Guideline 8, section 8, addresses the issue of Security of Data. In Philippines, data controllers must implement organizational and technical means to assure protection of personal data from destruction, alteration or disclosure. If data controllers use the services of data processors, the first one must assure data processors follow the organizational and technical protection means established by the company and data controllers must provide data processors with specific instructions on processing personal data. This security rule also imposes data processors and those data controller’s employees a confidentiality duty even after the employment is terminated. (INTERNET LAW – Data Protection Law in Philippines’ Business Process Outsourcing Industry)

The general rule is that access to personal data in information and communications system shall only be authorized in favor of the individual or entity having a legal right to the possession or the use of the file and solely for the authorized purposes. Personal data shall not be made available to any person or party without the consent of the individual or entity in lawful possession, or in the absence of court order. Personal data is defined as any information relating to an identified or identifiable natural person. The intention of the Law speaks of an extension of sec. 3 of Art III of the constitution that states the privacy of communication and correspondence shall be violable except upon lawful; order of the court or when public safety and order requires prescribed by law. Encryption protects electronic messages from unauthorized access and use which is particularly important for secure Internet and email use. Increased use of encryption technologies has prompted the Government to enact controversial legislation allowing access to electronic data protected by encryption

Problem 4: What are the rights violated in implementing RA 10173 and how will the government

ART III Sec 7.Bill of Rights of the Constitution

The right of the people to information on matters of public concern shall be recognized. Access to official records and documents and papers pertaining to official acts, transactions or decisions as well as to government research data used as a basis for policy development, shall be afforded the citizen, subject to such limitations provided by law.

ART III Sec 19. (1) Bill of Rights of the Constitution

Excessive fines shall not be imposed, nor cruel, degrading or inhuman punishment inflicted. This is in conflict with RA 10173 sections:

SEC. 25. Unauthorized Processing of Personal Information and Sensitive Personal Information. – (a) The unauthorized processing of personal information shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who process personal information without the consent of the data subject, or without being authorized under this Act or any existing law.

(b) The unauthorized processing of personal sensitive information shall be penalized by imprisonment ranging from three (3) years to six (6) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Four million pesos (Php4,000,000.00) shall be imposed on persons who process personal information without the consent of the data subject, or without being authorized under this Act or any existing law.

SEC. 26. Accessing Personal Information and Sensitive Personal Information Due to Negligence. – (a) Accessing personal information due to negligence shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.

(b) Accessing sensitive personal information due to negligence shall be penalized by imprisonment ranging from three (3) years to six (6) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Four million pesos (Php4,000,000.00) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.

SEC. 27. Improper Disposal of Personal Information and Sensitive Personal Information. – (a) The improper disposal of personal information shall be penalized by imprisonment ranging from six (6) months to two (2) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than Five hundred thousand pesos (Php500,000.00) shall be imposed on persons who knowingly or negligently dispose, discard or abandon the personal information of an individual in an area accessible to the public or has otherwise placed the personal information of an individual in its container for trash collection.

b) The improper disposal of sensitive personal information shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than One hundred thousand pesos (Php100,000.00) but not more than One million pesos (Php1,000,000.00) shall be imposed on persons who knowingly or negligently dispose, discard or abandon the personal information of an individual in an area accessible to the public or has otherwise placed the personal information of an individual in its container for trash collection.

SEC. 28. Processing of Personal Information and Sensitive Personal Information for Unauthorized Purposes. – The processing of personal information for unauthorized purposes shall be penalized by imprisonment ranging from one (1) year and six (6) months to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00) shall be imposed on persons processing personal information for purposes not authorized by the data subject, or otherwise authorized under this Act or under existing laws.

The processing of sensitive personal information for unauthorized purposes shall be penalized by imprisonment ranging from two (2) years to seven (7) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons processing sensitive personal information for purposes not authorized by the data subject, or otherwise authorized under this Act or under existing laws.

SEC. 29. Unauthorized Access or Intentional Breach. – The penalty of imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be imposed on persons who knowingly and unlawfully, or violating data confidentiality and security data systems, breaks in any way into any system where personal and sensitive personal information is stored.

SEC. 30. Concealment of Security Breaches Involving Sensitive Personal Information. – The penalty of imprisonment of one (1) year and six (6) months to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00) shall be imposed on persons who, after having knowledge of a security breach and of the obligation to notify the Commission pursuant to Section 20(f), intentionally or by omission conceals the fact of such security breach.

SEC. 31. Malicious Disclosure. – Any personal information controller or personal information processor or any of its officials, employees or agents, who, with malice or in bad faith, discloses unwarranted or false information relative to any personal information or personal sensitive information obtained by him or her, shall be subject to imprisonment ranging from one (1) year and six (6) months to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00).

SEC. 32. Unauthorized Disclosure. – (a) Any personal information controller or personal information processor or any of its officials, employees or agents, who discloses to a third party personal information not covered by the immediately preceding section without the consent of the data subject, shall he subject to imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00).

(b) Any personal information controller or personal information processor or any of its officials, employees or agents, who discloses to a third party sensitive personal information not covered by the immediately preceding section without the consent of the data subject, shall be subject to imprisonment ranging from three (3) years to five (5) years and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00).

SEC. 33. Combination or Series of Acts. – Any combination or series of acts as defined in Sections 25 to 32 shall make the person subject to imprisonment ranging from three (3) years to six (6) years and a fine of not less than One million pesos (Php1,000,000.00) but not more than Five million pesos (Php5,000,000.00).

While it is true that we adhere in the Latin principle DURA LEX SED LEX or the law may be harsh but still it is the law, in my view the penalties that have been imposed is too much. It violates the right of the people not to be imposed with excessive fines. As we can observed, the fines range between php500,000 to 4,000,000. Though the intention of the law is to protect sensitive information, the penalties are too high that an ordinary man may not afford to comply.

Sec 3(a) Commission shall refer to the National Privacy Commission created by virtue of this Act.

The administration and implementation of the provisions of this act aim to create National privacy Commission however, it would also create overlapping of power

Problem 5: What are the advantages of Cyber Crime Law?

While it is true that there are so many protests in the passage of cyber crime Law which infact lead to suspension due to certain rights violation, advantages are as follows:

It punishes computer related forgery, fraud and identity theft, crimes in the internet, offenses against confidentiality, integrity and availability of computer data system, illegal access, illegal interception, data interference, system interference and misuse of devices, content related offenses on cybersex and child pornography, cyber squatting (the user of other person domain name to profit, misled, destroy the reputation and deprive others from registering) and offenses on libel committed through a computer system.

Cyber sex, a modern style of prostitution will now be considered as a crime and punishable. It will prevent citizens specially youth from poor sector from engaging and performing indecent acts using modern devices. Victims will be saved and Cyber sex operators will be imprisoned depending on the weight of the felony.
Cyber bullying involves libelous acts, cyber intimidation and moral torture by the use of internet through social networks and sites will be punishable and considered as crime. As I watched GMA news propaganda, I was astonished on how they managed to inform us on how to use internet properly. “Think before you Click” is an example that we must analyze every statement that we are about to post including the pictures and videos that may or may not be acceptable in the views of others specially it may not only be viewed by few but rather be viewed by everyone. Since the internet is universal, it is also a good thing to create guidelines in using internet as to the rights involved.

Since we are no longer living in Stone Age, almost everyone has access over the internet and most of us use online in our daily transactions. The Law protects online businesses from online fraud and any similar acts. Trade and industry will not only be easy but also set a safe option in putting up a business.
We cannot deny the fact that in spite of technological advances, our country remains unsatisfactory as to technical knowledge. There are some instances wherein Government websites were being hacked which resulted to impairment of activities in the government. The law punishes hackers, computer related forgery and online theft.
The increasing sophistication of information technology with its capacity to collect, analyze and disseminate information on individuals has introduced a sense of urgency to the demand for legislation. Computers linked together by high speed networks with advanced processing systems can create comprehensive dossiers on any person without the need for a single central computer system. New technologies developed by the defense industry are spreading into law enforcement, civilian agencies, and private companies.

Concern over privacy violations is now greater than at any time in recent history. Uniformly, populations throughout the world express fears about encroachment on privacy, prompting an unprecedented number of nations to pass laws which specifically protect the privacy of their citizens. Human rights groups are concerned that much of this technology is being exported to developing countries which lack adequate protections. Currently, there are few barriers to the trade in surveillance technologies. It is now common wisdom that the power, capacity and speed of information technology are accelerating rapidly. The extent of privacy invasion or certainly the potential to invade privacy increases rapidly.

Problem 6: What are the rights violated in implementing RA 10175 and how will the government respond to address such deprivation?

Though for some RA 10175 relates to e-martial law, crap, junk, cyber-martial law and dictatorial law, we can’t hide the fact that this law also has good effect on us, either for facebook or twitter users, bloggers, journalists, which in the first place have been badly affected by this law. But the thing is that only part of the law is not good, it is no other than the “sotto law” or what I just describe in the first phrases of this paragraph, the internet libel which directly put to grave our freedom of speech. Some congressmen and senators said that they overlooked the said law. It mistakenly signed and approved the law without taking into consideration the possible implication that would result to deprivation of rights of an individual. The violated right: Sec 4. No law shall be passed abridging the freedom of speech, of expression, or the press or right of the people to assemble and petition the redress of grievances.

It is in conflict with RA 10175 because comments and posts which may not be acceptable to others may lead us to jail. The law aims to make us responsible internet users. The only bad thing in the law is that, portion of it is inconsonant with Bill of rights in the constitution. If we cannot live with that kind of law, might as well proposed for revision.

Conclusion:

Though many of us were against with two laws, we have no choice but leave the benefit of the doubt that it also benefits us. The laws will maintain guidelines to be followed in responsible using of internet and sharing of sensitive information, peace for all internet users, minimize the cases of online accounts from being hacked, and uphold the copyright or ownership of software developers or any online and computer content on their time and blood invested crafts. Also on top of which is to put a stop the cybersex and cyber prostitution. It’s not that am very much against with the two laws, though despite of disadvantages it has also advantages, but we should let our government know that they have the power but we certainly have the rights. They should’ve thought over all possible consequences of anything before signing it into act. A single mistake will destroy not only their reputation for doing reckless authority misuse but also lead Filipino to possible deprivation of rights. Quoted from spokesmen Alex Deita, “Prior to the enactment of the new law, how many cybercriminals are enjoying their freedom to escape liability and punishment because there is no law covering their felonious acts?” However, as to my view, how many rights were deprive in passing the two laws? Thus, our law makers must be cautious in enactment of laws and check possible loop holes and assure whether the law will really address our present dilemma on a particular situation.


Sources:

http://gb-sb.blogspot.com/2012/08/what-is-ra-10173-or-data-privacy-act-of.html

http://www.yourrights.org.uk/yourrights/privacy/data-protection/index.shtml

http://home.earthlink.net/~davidlperry/edata.htm Personal Privacy and Electronic Data Transfers

http://altechzone.blogspot.com/2012/10/advantages-of-ra-10175-philippines-anti.html

http://news.ph.msn.com/regional/philippine-court-blocks-cybercrime-law


TECH&LAW: SB 3327 and RA 10175

Introduction:

“An unconstitutional act is not a law; it confers no rights; it imposes no duties; it affords no protection; it creates no office; it is in legal contemplation, as inoperative as though it had never been passed.”

-Norton v. Shelby County, 118 US 425 (1885)

We can’t deny the fact that we have a weak cyber law deterring cyber crimes. The main purpose of creating it is to punish cyber violators but it didn’t work that way. President Benigno Aquino III signed into law Republic Act 10175, the Anti-Cybercrime Law. The said law sought to give government more teeth against computer-related crimes like hacking, child pornography, and even online libel. But many groups protested what they called its high potential to restrain free speech. Following protests that saw hacker groups briefly attacking government websites, the Supreme Court issued a 120-day TRO against the law. It became the reason for the birth of SB 3327. A group of concerned citizens primarily composed of software designers, IT specialists, academics, bloggers, engineers, lawyers, human rights advocates—approached her office with a draft of the Magna Carta Philippine Internet Freedom. The group formulated the MCPIF through discussions in an open Facebook group, email, Google Hangout teleconferences, and social media channels like Twitter. In cyber world, freedom is not absolute. As cyber user, we must be cautious with our actions and expressions. Though a law was passed to safeguarded cyber activities, it must be necessary that the law must not contrary with our laws. It must not be a tool in depriving someone’s right. Constitution is the supreme law of the land. Everyone must adhere.

Statement of the problem:

1. What is Senate Bill No. 3327?

2. What is RA 10175?

3. What is the purpose of creating S.B 3327?

4. What is the difference between RA 10175 and SB 3327?

Presentation and Conclusion:

What is Senate Bill No. 3327?

It known as the Magna Carta for Philippine Internet Freedom (MCPIF), aims to protect the rights and freedoms of Filipino citizens, while acting on cybercrimes.

What is RA 10175?

President Benigno Aquino III signed into law Republic Act 10175, the Anti-Cybercrime Law. The said law sought to give government more teeth against computer-related crimes like hacking, child pornography, and even online libel. Cyber crime prevention act of 2012 is an act defining cyber crime, providing for prevention, investigation, suppression and the imposition of penalties therefore and for other purposes. The National Bureau of Investigation (NBI) and the Philippine National Police (PNP) shall be responsible for efficient and effective law enforcement of the provisions of this Act. The NBI and PNP shall organize a cyber crime unit or center manned by special investigators to exclusively handle cases involving violations of this Act.

What is the purpose of creating S.B 3327?

Our country needs a more effective cyberlaw because information and communications technology (ICT) and the Internet are drivers of economic growth. It will protect the rights and freedoms of Filipinos in cyberspace, while defining and penalizing cybercrimes.

State policy:

The state reaffirms its recognition of the vital role of communication and information in nation-building, as stated in Article II, sec 24 of the constitution.

The State recognizes, ensures and guarantees:

The fundamental right of every Filipino to connect to a free and open Internet access;

The transparent and participatory process of making Internet policy; The right to meritocracy where age, sex, race, position and qualification are deemed irrelevant, and skill is the ultimate determinant of acceptance; Art, beauty, and culture can be created on devices, and on the Internet; An education that promotes computers, devices, the Internet and technology to pursue life, liberty and happiness, and The fundamental right of each person to:

Free expression on the Internet; Universal access to reasonably fast and affordable networks;

The freedom to connect, to communicate, to write, to read, to watch, to speak, to listen, to learn, to create; The freedom to create and innovate without permission, and ensures the right of every Filipino to reasonable access to such creation and innovation, and the commitment to guarantee that such creators and innovators and inventors are not punished for their users’ action and,

To protect, preserve and defend the Filipino’s right to privacy, and to do the same for their ability to control how their data, and devices are used.

The state affirms that all the rights guaranteed by Article III shall apply to the Filipino people in their use, development, innovation and invention of information and communications technology and the internet.

What is the difference between RA 10175 and SB 3327?

SBN 3327 differs from R.A. 10175 in that it guarantees the right against illegal searches and seizures. R.A. 10175 violates the right to privacy and the Constitutional guarantee against illegal search and seizure through allowing the warrantless real-time collection of traffic data. MCPIF ensures due process by providing strict guidelines for any collection of any data, including the securing of warrants, obligating notification, and limiting seizure to data and excluding physical property. It mandates government agencies to provide security for the data they collect from citizens to ensure their right to privacy. “The dangerous ‘takedown’ clause of R.A. 10175, where the government may have a website or network blocked or restricted without due process of law, is absent in the MCPIF. The MCPIF also prohibits double jeopardy. R.A. 10175 allows double jeopardy through prosecution of offenses committed against its provisions and prosecution of offenses committed against the Revised Penal Code and special laws, even though the offenses are from a single act.

Conclusion:

Thus, while it is important to crack down on criminal activities on the internet, protecting constitutional rights like free expression, privacy, and due process should hold a higher place in crafting laws. If passed into law, SBN 3327 will be the first law to be created through “crowdsourcing,” an online process of getting work done by tapping people on the Internet who volunteer their talent and skills. It provides for court proceedings in cases where websites or networks are to be taken down, and prohibits censorship of content without a court order. It seeks to clarify the mandate and organization of the proposed Department of Information and Communications Technology (DICT), the creation of which is currently pending before Congress. Every Filipino deserves to connect to a free and open Internet access;

The transparent and participatory process of making Internet policy; The right to meritocracy where age, sex, race, position and qualification are deemed irrelevant, and skill is the ultimate determinant of acceptance; Art, beauty, and culture can be created on devices, and on the Internet; An education that promotes computers, devices, the Internet and technology to pursue life, liberty and happiness (state policy). At the end of the day, lawmakers must draft a bill which will not take away the rights that we suppose to enjoy. And as to the Filipino cyber users, we must be cautious with our speech, actions and expressions in or out of cyber world. If that would be possible, passing such laws won’t be necessary. I will not let anyone even a vague law to infringe my rights.


References:

http://www.gmanetwork.com/news/story/284606/scitech/technology/malacanang-open-to-proposed-anti-cybercrime-bill-v-2-0

http://www.journal.com.ph/index.php/news/top-stories/40353-miriam-pushes-better-cybercrime-law

Advertisements
1 comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: