Joya, Danica Janine

SY 2012-2013, Second Semester

R.A. 10173 – Data Privacy Act of 2012

The Republic Act No. 10175 created a widespread scene when it was passed into law. It was said to take away a person’s freedom of expression or of speech. However, most people are not aware that another law has been passed prior to the passage of Republic Act No. 10175. This law is the Republic Act No. 10173 or the Data Privacy Act of 2012. Republic Act No. 10173 may not be as “harsh” as Republic Act No. 10175; however, I believe that it shall not be disregarded.


Considering that this law will benefit the IT and BPO industry in our country, how, in any way, may it affect a person, whether private or public? How will this law affect me? Personally, I do not understand fully its provisions, thus, I do not know if it will, in any way, affect me. I will try to point out points which is, for me, is quite vague, if not ambiguous.


Section 4 of this Act talks about its scope, it provides that,

This Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines xxx

As viewed from the above-mentioned provision, it can be gleaned that it applies also to personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines. But what if the perpetrators are those not found in the Philippines neither uses equipment that are located in the country and do not maintain an office, branch or agency in the Philippines? Are they exempted even though they are processing personal information of a Filipino citizen? Section 6 might answer my inquiries, I hope.

SEC. 6. Extraterritorial Application. – This Act applies to an act done or practice engaged in and outside of the Philippines by an entity if:

(a) The act, practice or processing relates to personal information about a Philippine citizen or a resident;

(b) The entity has a link with the Philippines, and the entity is processing personal information in the Philippines or even if the processing is outside the Philippines as long as it is about Philippine citizens or residents such as, but not limited to, the following:

(1) A contract is entered in the Philippines;

(2) A juridical entity unincorporated in the Philippines but has central management and control in the country; and

(3) An entity that has a branch, agency, office or subsidiary in the Philippines and the parent or affiliate of the Philippine entity has access to personal information; and

(c) The entity has other links in the Philippines such as, but not limited to:

(1) The entity carries on business in the Philippines; and

(2) The personal information was collected or held by an entity in the Philippines.

In view of Section 6 of this Act, it applies only to entities that has link or, in any other way, has connection with our country, the Philippines. So, for example, when an entity that has no link in the Philippines processes personal information about me, a Filipino citizen, I will have no recourse? Err.. then how about my right to privacy?


The law enumerates six (6) conditions at least one of which shall be met in order for a personal information processing is considered as lawfully made. One of these conditions is the consent of the data subject.

SEC. 3. Definition of Terms. – Whenever used in this Act, the following terms shall have the respective meanings hereafter set forth:


(c) Data subject refers to an individual whose personal information is processed. xxx

SEC. 12. Criteria for Lawful Processing of Personal Information. – The processing of personal information shall be permitted only if not otherwise prohibited by law, and when at least one of the following conditions exists:

(a) The data subject has given his or her consent. xxx

It is clear and ambiguous that consent of the data subject is enough for a personal information processor to lawfully obtained processing of personal information. However, there are questions in my mind regarding this condition. If X asks for Y’s consent to process information A, B, and C and Y gave her consent then, X may start processing Y’s information. But what if X also processed information D wherein Y did not gave consent to X to process it, hide it to Y; will it constitute a violation of this law?

SEC. 17. Transmissibility of Rights of the Data Subject. – The lawful heirs and assigns of the data subject may invoke the rights of the data subject for, which he or she is an heir or assignee at any time after the death of the data subject or when the data subject is incapacitated or incapable of exercising the rights as enumerated in the immediately preceding section.

The law also provides that the rights of the data subject are transmissible to his or her lawful heirs or assigns. But what if X processed personal information of Y and Y’s heir, Z, was unaware whether Y gave his consent to X then Y died. Later on Z asks X to stop processing Y’s information as Y did not give his consent. However, X alleges that Y did give his consent verbally. How may the parties, X or Z, prove or disprove their allegations?

The law is silent whether consent must be written in order to be valid or verbal consent will suffice.


This law is provides for penalties for the violators, hence, it makes this law a special penal law. If a person’s right to privacy was violated by virtue of this law and all the necessary pieces of evidence are electronic evidence, then how can that person support his allegation?

In Rustan Ang vs CA (G.R. No. 182835, April 20, 2010), Justice Abad said that ”xxx the rules he cites do not apply to the present criminal action. The Rules on Electronic Evidence applies only to civil actions, quasi-judicial proceedings, and administrative proceedings.”


Negligence has been defined as failure to exercise the care that a reasonably prudent person would exercise in like circumstances

SEC. 26. Accessing Personal Information and Sensitive Personal Information Due to Negligence. – (a) Accessing personal information due to negligence shall be penalized by imprisonment xxx and a fine xxx shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.

(b) Accessing sensitive personal information due to negligence shall be penalized by imprisonment xxx and a fine xxx shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.

In view of the provision above, accessing personal information and sensitive personal information negligently is punishable by imprisonment and fine under this law.

This might not affect long-time internet, computer or smartphones user; however, it might have serious effects on newbie users as they might have lesser knowledge with the how’s and what’s of the internet, computer or smartphones.


In sum, I can say that the law is good. However, it needs to address some points which may be vague to others especially to those persons who are not well versed with the language of the law.

Personally, this law might not affect me as I consider myself “anti-social”, but this law might affect persons close to me – my family, relatives and friends.

Freedom and Responsibility

The use of information and communication technology (ICT) and of the Internet has brought about a sea of change in the lives of ordinary Filipinos. – Sen. Miriam Defensor Santiago

The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite (TCP/IP) to serve billions of users worldwide. It is a network of networks that consists of millions of private, public, academic, business, and government networks, of local to global scope, that are linked by a broad array of electronic, wireless and optical networking technologies. The Internet carries an extensive range of information resources and services, such as the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to support email.

Since the internet started, it seems that it is only now that I can say that it is the golden era of the internet. Gone were the days when, while walking in streets, numerous basketball courts in every block are occupied by boys playing basketball. In this day and age now, every block are filled and occupied by numerous computer shops.

Alongside with the increase in numbers of computer shops and the exposure of Filipinos to the World Wide Web, it is undeniably that more and more crimes are being committed through the use of internet. Because of this, Philippine legislators passed laws to somewhat “regulate” the use of the internet. One of these laws is the Republic Act No. 10175 or the Cybercrime Prevention Act.

What is Republic Act No. 10175?

RA 10175 is an act defining cybercrime, providing for the prevention, investigation, suppression and the imposition of penalties therefor and for other purposes or otherwise known as the Cybercrime Prevention Act of 2012.

RA 10175 was signed into law on September 12, 2012 by Pres. Noynoy Aquino. Its purpose is to address legal issues concerning the acts made through the use of internet. However, this law enraged Filipino netizens. This law is currently on a 120-day TRO.

Filipino netizens, whether they have read RA 10175 or not, yelled out that through this law, their freedom to speech or of expression is being infringed; hence, the prayer for TRO which was approved. This cry arouse from Section 4 (c) (4) of the aforesaid law.

Section 4. Cybercrime Offenses. — The following acts constitute the offense of cybercrime punishable under this Act:

x x x x

(c) Content-related Offenses:

x x x x

(4) Libel. — The unlawful or prohibited acts of libel as defined in Article 355 of the Revised Penal Code, as amended, committed through a computer system or any other similar means which may be devised in the future.

I personally do not understand why they need to attack this provision. First and foremost, libel has been penalized and is being penalized under Article 353 of the Revised Penal Code.

Art. 353. Definition of libel. — A libel is public and malicious imputation of a crime, or of a vice or defect, real or imaginary, or any act, omission, condition, status, or circumstance tending to cause the dishonor, discredit, or contempt of a natural or juridical person, or to blacken the memory of one who is dead.

Yes, the Constitution of the Philippines guaranteed its inhabitants that we are entitled to various rights. One of these is the freedom of speech or of expression. However, such rights must be exercised without infringing the rights of the others. So in my opinion, even though it is sought to be not penalized anymore, libel is libel; a derogatory remarks made in any means is still derogatory. A wrong done no matter how it was done is still wrong.

For me, the erroneous in this law is the absence of due process as can be seen in the so-called “take down” clause of the Department of Justice, and the infringing of the right to privacy of a person.

SEC. 12. Real-Time Collection of Traffic Data. — Law enforcement authorities, with due cause, shall be authorized to collect or record by technical or electronic means traffic data in real-time associated with specified communications transmitted by means of a computer system.

x x x x

SEC. 19. Restricting or Blocking Access to Computer Data. — When a computer data is prima facie found to be in violation of the provisions of this Act, the DOJ shall issue an order to restrict or block access to such computer data.

Why is there a need for Senate Bill 3327?

Yes, the Philippines already have a law which aims to answers legal issues concerning the internet. However, because of not-so-nice welcome of the Filipino netizens, and because of its vagueness, the good Sen. Miriam Defensor Santiago introduced this Bill or otherwise known as the Magna Carta for Philippine Internet Freedom (MCPIF).

SB 3327 is proposed for the establishment of a Magna Carta for Philippine Internet Freedom, Cybercrime prevention and law enforcement, cyberdefense and National security.

Honestly, I got bored reading this bill. It is quite lengthy but while reading it, I can say that the proponent has exerted too much effort in writing this bill. Sen. Santiago thought about it, the offenses, and the penalties. The good senator also made sure that this bill will not contravene the Constitution.

Salient Features

This bill got my attention as it specifies internet rights and freedoms. It also amended various laws, such as the Law on Intellectual Property, and included, among others, mobile, internet surfing, internet data. It made the scope of the bill broader however more specific,

The bill also specified the cybercrimes punishable under this bill. However, in this bill, libel is punishable only by fine and not of imprisonment. Reading this, I remember Atty. G saying in class, “mas mabuti pang isulat mo na lang kesa sabihin mo”. (P.S. I can’t remember if that was the exact words of Atty, G.)

Another thing that caught my attention is embodied on Section 24 (C) of SB 3327, which states that:

Sec. 24. Network Sabotage –

x x x

C. Criminal negligence not presumed in unintentional network sabotage.

x x x x

The last thing that caught my attention in reading this bill is that the word “Order” is overwhelming. In my point of view, this bill supplied the lack of due process in RA 10175.


SB 3327 and RA 10175 are, although basically has the same context, two different species. I can say that Senate Bill 3327 is, if to be passed as a law, will be a better law than RA 10175. It may in some terms be harsh, however, it is settled that the law may be harsh, but it is the law (dura lex sed lex).

I think netizens, most if not all, will not take time to read this bill given a chance to be passed as a law. And despite of lack of information, they will, like what happened in RA 10175, cry out that the cyberlibel provision in this Senate Bill 3327 is foul and is unconstitutional for infringing the freedom of speech or of expression.

Article 19 of the New Civil Code.

Art. 19. Every person must, in the exercise of his rights and in the performance of his duties, act with justice, give everyone his due, and observe honesty and good faith.

The fact, in short, is that freedom, to be meaningful in an organized society must consist of an amalgam of hierarchy of freedoms and restraints. ~Samuel Hendel


Senate Bill 3327.!.pdf

Republic Act 10175.

Revised Penal Code

Civil Code of the Philippines

1 comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: