Leal, Michelle Reijina

SY 2012-2013, Second Semester


RA 10173 Data Privacy Act

Republic Act No. 10173 is an act protecting individual personal information and communications systems in the government and the private sector, creating for this purpose a national privacy commission and for other purposes.

Section 2 provides that it is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. Why? Communication is one of the basic things we do every minute, every hour. It is a means of relating to other persons in order to perform an act or achieve something. In communicating, there are a number of issues or topics being tackled and most of the time preferred to be only between two people or two parties because of the confidentiality and security purposes. Privacy is further guarded through our constitution because the foundation of which would lead to positive results such as innovation and growth not only individually but also for the whole nation.

Privacy is an important, but the illusive concept in law. The most significant aspects of the law are: the procedures to be followed in the collection, processing and handling of personal information; the rights of data subjects; and the creation of a National Privacy Commission.

In our today’s world in information technology, privacy on personal information has become misleading since with the right connections and good price, those information may be given or accessed without proper consent and justification.

The said act would greatly affect us in so many ways since nowadays, personal information are given in creating emails or social networks which if it falls in the wrong hands would lead to one’s destruction of his reputation. However, the act provides limitations into the details of obtaining such personal information and how one could ensure his protection and privacy.

SEC. 11. General Data Privacy Principles. – The processing of personal information shall be allowed, subject to compliance with the requirements of this Act and other laws allowing disclosure of information to the public and adherence to the principles of transparency, legitimate purpose and proportionality.

Personal information must, be:

(a) Collected for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection, and later processed in a way compatible with such declared, specified and legitimate purposes only;

(b) Processed fairly and lawfully;

(c) Accurate, relevant and, where necessary for purposes for which it is to be used the processing of personal information, kept up to date; inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted;

(d) Adequate and not excessive in relation to the purposes for which they are collected and processed;

(e) Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law; and

(f) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed: Provided, That personal information collected for other purposes may lie processed for historical, statistical or scientific purposes, and in cases laid down in law may be stored for longer periods: Provided, further, That adequate safeguards are guaranteed by said laws authorizing their processing.

The personal information controller must ensure implementation of personal information processing principles set out herein.

This section shows that the act sets its boundaries by ascertaining the purposes, specifications and periods to avoid any abuse of access and authority over one’s information. This should be guarded at all times so that one could really maximize the advantages of this act and still performing its role for the development of information technology system otherwise it may curtail one’s growth.

Moreover, there has been a number of advantages which the new act should impact both the government and the private sector. The new Data Privacy law is expected to strengthen the country’s booming Information Technology-Business Process Outsourcing (IT-BPO) industry, as it makes Philippine legislation in line with international data privacy standards. The measure will allow the industry to expand in other segments such as healthcare and HR outsourcing.

The country’s IT-BPO industry generated $11 billion in revenues in 2011 and employed approximately 640,000 direct employees. Probably, with the data security provisions in the recently signed Data Privacy Act will have a significant impact on the country’s outsourcing industry, which in turn helps more potential clients and partners. It puts in place measures to protect and preserve the integrity, security and confidentiality of personal data collected by government and private entities in their operations.

From a technical perspective it will encourage companies in our sector to strengthen existing security protocols and further deter any attempts at data theft. More likely, this is the best practice in the IT-BPO industry that will ensure that the Philippines remains competitive and in fact leads breakthrough initiatives for the industry.

Another advantage would be that the new law penalizes the unauthorized disclosure of personal information. It protects journalists and publishers, as they will not be compelled to reveal the source of a news report.

It provides for the creation of a National Privacy Commission that will monitor and ensure compliance of the country with international standards for data protection. The commission will implement the law, receive complaints, issue cease-and-desist orders, compel entities to abide by its orders and monitor compliance, and enforce policies that balance the right of the private person to privacy.

The passage of RA 10173 is expected to boost investment in the fast-growing information technology and business process outsourcing (IT-BPO) industries. Hailing its enactment, the Business Processing Association of the Philippines said the new law brings the Philippines to international standards of privacy protection as much of IT-BPO work involves confidential personal and company information of local and foreign clients.

Also, The Data Privacy Act provides penalties against those in government who release information of a personal nature. Unauthorized processing of personal data shall be imprisoned for one year to three years and a fine of not less than P 500,000 but not more than P 2 million. The P2 million penalties will be slapped against persons who get personal data without consent.

On the other hand, the Data Privacy Act, Teodoro said, has an impact on the media. If a journalist writes about the private life of a politician even if the details have something to do with the performance of his or her duties, the journalist could be penalized. Teorodo feared that the law might be used against journalists covering the upcoming elections. Teodoro said the passage of these laws “may open the floodgates to other forms of restrictions to press freedom and other civil liberties.”

Lastly, regards to public interest, earlier there had been concerns that the measure will go against the right of the public to information and privacy. But Angara said the framers of the Data Privacy Act had gone to great lengths to ensure that will not happen. “We refined the measure further so that it cannot be used to curtail the flow of information that may be of public interest, without infringing on an individual’s right to privacy,” Angara said.

“No less than our Constitution upholds press freedom and the media’s function of responsible reporting,” Angara said as he dispelled the impression that the measure will threaten the freedom of the media in the country.

The Data Privacy Act, however is just one of three-inter-related measures proposed by the Senate Commmission on Science and Technology (COMSTE) to usher in an IT revolution in the country.

Truly, there may be different perspectives on this act but I think it is yet to be identified and proven the effect of this act because it is too early to determine its true advantages and disadvantages since it just have been approved. The burden lies with the application and implementation where it would be more of the government’s responsibility of disseminating and explaining the real purpose and intent of such act in order to really affect growth and promote innovation for the purpose of nation building.

Hence, the question remains how does this act truly impact my situation as of this time? I would say that this act would be an advantage on my part. Communication is a big part of my job and privacy, security and integrity is often required. My responsibility in my work concerns with the operations and it would be beneficial on my part to fully understand and analyze the data or information especially the requirements of my work especially with the procedures to be followed in the collection, processing and handling of personal information. Also, to be aware of the limitations the government or any of its officer in requiring the giving of personal information and to strengthen one of the fundamental policies of the state specifically with right of privacy and communication.


Sources:

http://business.inquirer.net/tag/republic-act-10173

New data privacy law to boost IT-BPO industry; http://breaking-newztrends.blogspot.com/2012/08/new-data-privacy-law-to-boost-it-bpo.html

http://www.mb.com.ph/articles/371471/data-privacy-act-2012

Data privacy act to strengthen security protocols; http://agora.ph/recent.php?id=771

http://bulatlat.com/main/2012/09/28/martial-law%E2%80%99s-legacy-of-stifling-the-press-persists/

http://gulfnews.com/news/world/philippines/aquino-signs-law-protecting-confidentiality-of-private-information-1.1065440


Is Magna Carta for Internet Freedom better than Cybercrime Act?

Republic Act No. 10175 or “Cybercrime Prevention Act of 2012″ is a controversial law that made thousands of Filipinos mad. The law was created to protect the citizens from things that are happening in the cyber world. Some computer-related crimes like hacking, child pornography, and even online libel are viral in the internet. The law has a good purpose that will help the victims of such crimes. Since there are no implemented laws that can punish the people from cybercrimes, the government needs to do something. That is the reason why they created the law. Even though it has a good intention, there are still things that made the Filipinos mad. And that is, violating the freedom of speech. It is very important to the Filipino citizens to express their feelings and opinions. It is also under our constitution. Privacy is also vital to the citizens. Of course, nobody wants to invade their privacy. In RA 10175, provision on collection of data is connotes immediately a violation where in fact it lacks proper information and understanding.

Senator Miriam Defensor Santiago has consistently pursuing the Senate Bill No. 3327 also known as the Magna Carta for Philippine Internet Freedom, Cybercrime Prevention and Law Enforcement, Cyber defense and National Cyber security. There has been an urgency and need to create of another law which will really protect the rights and freedom of Filipinos in cyberspace and defining and penalizing cybercrimes, after all software designers, IT specialists, academics, bloggers, engineers, lawyers, and human rights advocates already approached her office with a draft of the MCPIF. It is stated that freedom of speech is important and a right of each Filipino that must not be deprived. The general purpose of which she has said in one of the articles of the senate website, “‘While it is important to crackdown on criminal activities on the internet, protecting constitutional rights like free expression, privacy, and due process should hold a higher place in crafting laws,’ she said.” [1]

In the same manner, in the long run it would be beneficial for the country and to its users because according to statistics, the global offshore services market is growing at a healthy albeit slower pace, and will more than double by 2016. Companies now regard outsourcing far more as a means to reduce costs for business operations. Overall, the outlook for Asia/Pacific’s BPO market remains positive with the Philippines aiming for 10% of the total BPO market or about US$25 billion. [2]

The bill also stated that the internet must be an open network, so it means that everyone can access the internet and only the private network can restrict or limit the interaction in the internet. It has a lot of other statements such as Promotion of network neutrality, Promotion of universal access to the Internet, Right to privileged access to devices, Right to freedom of speech and expression on the Internet, Protection of the freedom to innovate and create without permission, Right to privacy data, and Right to security data are among others. In conclusion, it stated that we can do anything in the cyber world but if the State thinks that it is against the law, then that’s the time that someone will be punished.

Senate Bill No. 3327 differs from Republic Act No. 10175 on the following provisions:

1) Issues on Libel. – Libel in RA No. 10175 as indicated in Section 4(4), Section 6 and Section 8 are penalized under the Revised Penal Code although it provides for a one degree higher penalty where in SB 3327, libel is clearly defined in Section 33 specifically classified as Internet libel where it treats such as a civil liability rather than a criminal act as stated in Chapter 8 (Penalties) of said bill. Civil liability is better on one side because it brings to the bottom line of whether the offended person will be compensated for the damage/s done on his part, on the other hand, leaving behind the criminal liability would be detrimental on the long run since it would not benefit the general public in instilling the discipline so as to avoid the same happening again. I think it would be better if there would be a combination of both the criminal and civil aspect so as to benefit not only the general public but also the offended person as well.

2) Right against Illegal Searches and Seizures. – As provided in the 1987 Constitution, Article III Section 2, ‘The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures of whatever nature and for any purpose shall be inviolable, and no search warrant or warrant of arrest shall issue except upon probable cause to be determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized.’[3]

RA 10175 allows the warrantless real-time collection of traffic data as provided in Section 12 of said act. This is with due cause and with certain limitations. I would not agree that this violates the Constitution because the latter provides for the general rule however, exceptions are allowed in certain situations provided they are specifically stated so as not to violate such right. Traffic data refer only to the communication’s origin, destination, route, time, date, size, duration, or type of underlying service, but not content, nor identities. All other data to be collected or seized or disclosed will require a court warrant. Moreover, before obtaining the court warrant there would still be a need of showing basis for such approval and grant, hence, there is certain guideline which cannot be attributed to violating the right against illegal search and seizure. On the other hand, the MCPIF, provides for specific guidelines as seen in Section 28 of said bill in illegal and arbitrary seizure as well as other provisions on obtaining or collection any data or information privacy and security of data, protection of intellectual property, notification and providing stricter penalties to further protect the data.

3) Issues on Right to privacy. In the MCPIF, the role of government agencies and law enforcement agencies are ascertained and are given responsibility in its implementation as provided in Chapter IX of said law. Furthermore, section 27 provides for violation of data security like hacking, cracking, phishing and violating another act – Data Privacy Act. On the other hand, the criticism on the ‘takedown’ clause has been misunderstood in the sense that Section 19 of RA 10175 starts with the phrase, ‘When a computer data is prima facie found to be in violation of the provisions of this Act…’ [4] which shows that intrusion to privacy is not the main target but rather the protection of data and all other persons and things affected. When we speak of ‘prima facie’, it is without a doubt and found to be with basis and supported with evidence that such person has violated this Act, hence, leaves the DOJ no choice but to issue an order to restrict or block access to such computer data. Never will it occur when such accusations be found to be baseless and unfounded, only then will it lead to violation to right of privacy. The opinion on this Section which is without due process of law is weak in the sense that it entails a strong proof to really show that such violate said due process of law and no reasonable grounds to accuse and/or arrest depending on the gravity of the situation. In the same way, what MCPIF is adding to this issue specifically having court proceedings in cases where websites or networks are to be taken down and necessary court orders are supportive of RA 10175 in order also to ensure that the respective agencies would not abuse the authority given to them but to use it for the purpose/s it has been assigned thereto.

4) Issues on Double Jeopardy. Double jeopardy is defined as “A second prosecution for the same offense after acquittal or conviction or multiple punishments for same offense. The evil sought to be avoided by prohibiting double jeopardy is double trial and double conviction, not necessarily double punishment.” [5]

MCPIF provides for respective penalties in Chapter VIII of said act, Applicability of the Revised Penal Code, Penalties For Specific Violations of The Magna Carta for Philippine Internet Freedom, Penalties for Violations of the Magna Carta for Philippine Internet Freedom Affecting Critical Networks and Infrastructure, Penalties for Other Violations of The Magna Carta for Philippine Internet freedom, Penalties for Violations of The Magna Carta for Philippine Internet Freedom Committed by a Public Official or Employee and Liability Under the Data Privacy Act, the Intellectual Property Code, the Optical Media Act, the Anti-Child Pornography Act of2009, the Revised Penal Code, and Other Laws. As said by Senator Santiago, SB 3327 prohibits double jeopardy while R.A. 10175 allows double jeopardy through prosecution of offenses committed against its provisions and prosecution of offenses committed against the Revised Penal Code and special laws, even though the offenses are from a single act. I would not agree with this opinion where in fact as provided in Section 5 of SB 3327, “Nomenclature notwithstanding, the provisions of Book I of the Revised Penal Code shall apply suppletorily to the provisions of this Act, whenever applicable. The provisions of special laws shall apply as provided for by this Act”. This shows that the said bill may also lead to double jeopardy where in fact does not. In the same way that RA 10175 does not automatically result to double jeopardy.

5) Competent Authorities. RA 10175 provides in Sections 24, 25 and 26 the creation of a Cybercrime Investigation and Coordinating Center (CICC) for policy coordination among concerned agencies and for the formulation and enforcement of the national cybersecurity plan while in S.B. No 3327 a proposed Department of Information and Communications Technology (DICT) is introduced , the creation of which is currently pending before Congress which the MCPIF prepares the proposed DICT, law enforcement agencies, and the military with provisions for handling cybercrimes. Examples of which are provided in Section 47 of the bill provides amendments to the AFP Modernization Act and Section 48, on mandating the Philippine National Police and the National Bureau of Investigation to combat cyberterrorism. On this part, there is no conflict but rather RA 10175 is further developed by SB 3327 in order to ensure protection against cybercrimes and the like. If both laws are reconciled, it would gear towards growth and responsibility to the authorities as well as ensure protection on the users. After all, more manpower working for the same purpose would lead to faster and efficient results which would lead to the country’s growth.

6) ICT for national development. SB 3327 provides for areas of improvement and opportunities for development in the field of Information Computer Technology through constant updating and upgrading of advances in information technology, such as those involving consumer welfare and copyright laws. In this way, there will always be an opportunity to know and gain a deeper understanding on the different areas of the ICT in order to know how to handle and attend to the issues and concerns of the general public.

7) Crowdsourcing. Crowdsourcing is an online process of getting work done by tapping people on the Internet who volunteer their talent and skills. If this will be passed, this concept shall be introduced to different department and agencies. One of those has already started which is the Philhealth system. The Philippine Health Insurance Corporation (PhilHealth) launches the first of its ‘Crowdsourcing for Health’ initiatives using GoogleMaps which encourages the online crowd to help map all health facilities in the Philippines. [6] In this way, it would be easier and more convenient for the public to locate the health facilities and to be able to maximize the assistance and services offered by Philhealth.

In summary, there are certain differences between Republic Act No. 10175 and Senate Bill No. 3347 which are on issues on libel, right against illegal searches and seizures, issues on right to privacy, issues on double jeopardy, competent authorities, Information Computer Technology for national development, crowd sourcing. In my opinion, the Senate Bill proposed by Senator Miriam Defensor Santiago is better and an improved law regarding cyber crime because the bill is generally balanced and an improved version of the RA 10175. It provides specific details on each section giving no opportunity for the agencies assigned to the enforcement and implementation to take advantage of their position and authority given to them. Moreover, the Senate Bill introduces new concepts which are still related with cybercrime and in the long run would benefit the general public. It values the rights of the citizens and protects the citizens from being a victim of cyber crime. However, the laws and other concepts introduced by RA 10175 should not be cast aside but rather should also be taken and incorporated with the new Senate Bill in order that the in the end, the citizens will be well informed of the realities on cybercrime, would understand their rights and obligations, would participate and be involved with the development and would support and obey the authorities implementing such and finally, to contribute to the economic growth and the future of information technology in the country.


Endnotes

[1] November 30, 2012 .Magna Carta for Internet Freedom to Replace Anti-Cybercrime Law. http://www.senate.gov.ph/press_release/2012/1130_santiago1.asp

[2] http://www.boi.gov.ph/pdf/industryprofiles/IT%20and%20BPO/IT%20and%20BPO.pdf

[3] http://www.chanrobles.com/article3.htm

[4] http://www.senate.gov.ph/lisdata/1446312119!.pdf

[5] http://legal-dictionary.thefreedictionary.com/double+jeopardy

[6] 14 March 2012. PhilHealth introduces ‘Crowdsourcing for Health’ Initiatives. http://www.pia.gov.ph/news/index.php?article=1781331709149

Advertisements
1 comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: