SY 2012-2013, Second Semester
- How does Republic Act 10173 affect me? Is there benefit or flaw in the law?
- RA 10175 and the Magna Carta for Philippine Internet Freedom
As I sit in front of the computer trying to figure out how I would answer these questions, I assessed myself, am I pro to this new law? The title helped me sort out my confusion – “An Act Protecting Individual Personal Information In Information and Communications System in the Government and the Private Sector, Creating For This Purpose A National Privacy Commission, And For Other Purposes.”
Honestly, I asked myself, “What the heck is this?!” “What does it REALLY do?”
It might be a wonder to many why this sound out of this world to me, well, for everybody’s information, I am not a computer GENIUS… yes, I am literate as it is noticeable I am able to type, and send this blog. But it does not follow that I understand everything that I do NOT do – obviously, I don’t do it because I do not intend to, and I don’t want to commit mistakes. Like the use of facebook, twitter, blog or however else any modern person of this era will want to communicate and reach out to many souls as easily as sending their messages without having to do it the old fashioned way… such as : letter-writing (as in like IN THE TESTATOR”S OWN HANDWRITING!), notice messaging via any post office, LBC, JRS or even the FedEx. Well I do that still. Am still in the Jurassic era, if that is how it is called nowadays. I prefer to commit less mistakes- with that, it is less headache. If modernity through technology will complicate my already complicated life, then I prefer to live in the Jurassic era where things are a little slower but less risk. HOWEVER, am now putting my opinion on a blog-seems like I have no choice. But, I understand why I need to be tech literate- as this not only refer to tech geniuses but in the profession that I intend to be a part of a few years from now. I must understand how it works- you know this techy thingy majigs!
First question : How does the law affect me intimately?
The law says, xxx to protect the fundamental human right of privacy xxx
First, can this law protect me from invasion of my privacy? This law will be tested only when the harm is done already… and my privacy has already been violated.
Second, this law came about when there was already breach of this so-called privacy.
What it only does is that it serves as a warning to those who are in possession of any personal information about an individual. Just like any other law, it gives warning only, not a full-proof protection of what it seems to impart to the netizens.
Before anything else, it is important to know how and where our personal information go as we send them. It is a worldwide web out there!
I have watched a movie where a person’s personal information was used by another individual pretending to be her and the very ones who caused this trouble are the ones in the government! It may be JUST A MOVIE, but come to think of it, it can be anybody else’s reality once our information has landed onto the hands of the crooks. It is not sci fi, it is a fact!
On the question, “how does it affect me intimately?” it scares me because I know there is nothing in this world, not even a law, can protect me 100%. But, I reserve some respect to this law- 50% max that at least, when my privacy has been violated, there is a basis for my cause of action. It will somehow give me the relief needed by a netizen knowing that I am not totally abandoned in my quest for privacy, even just a little.
One look at the language of the law, it seems encompassing, full-proof.. that any violation regarding my privacy, the National Privacy Commission is there to seal my wound. But as I read it again, just like our courts, it is just there to help a little, impose a big fine upon those guilty as we say – IF PROVEN. What if not? Then we leak our own wounds.
Second question : Is there benefit or flaw in the law?
Section 4 of the topic law provides,
Scope- “This Act applies to the processing of all types of personal information and to any juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines, subject to the immediately succeeding paragraph: Provided, That the requirements of Section 5 are complied with.”
However, there are exceptions, meaning, there are circumstances that this law does not afford protection to. Reading those that are not included from protection of this Act, I find it justifiable, rightly excluded , and fair enough as there are many in our jurisdiction who take refuge in our own laws to circumvent the spirit of it and take it to their side and escape penalty in broad daylight. An example of this is the Secrecy of Bank Deposits Act which, as divulged through the media in many events, are taken as shield by those seated in power. But this RA 10173 will somehow tame the abuse of Secrecy of Bank Deposit Act.
Section 16 – Rights of the Data Subject –
When I read the contents of this particular section, it does not cover all that can be given as a right to one data subject. When an information is asked, the system does not accept what is entered into if the data subject omits some information he or she would want to skip – simply, for fear of violation or breach of privacy. So, the right to skip, omit for purposes of protection is not respected.
(f)Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.
Under normal circumstances, this does not have any tooth in regard any damages filed by a data subject. More often than not, this leak or unauthorized use of personal information usually goes ignored and hard to prove as to who the culprit really is. And Filipinos as we are, we often let it go as any suit will only take our precious time, moreover, costly.
Section 21 Principle of Accountability –
(b) The personal information controller shall designate an individual or individuals who are accountable for the organization’s compliance with this Act. The identity of the individual(s) so designated shall be made known to any data subject upon request.
The above section is not yet tried. Say on jobstreet.com, it is system generated. All it does is get an information of data subject. It cannot even be asked. It is a one-way trip to Ohio where I GIVE DATA, IT RECEIVES DATA, AND I JUST WAIT WHAT HAPPENS NEXT.
Section 25- Unauthorized Processing of Personal Information and Sensitive Personal Information- (a) The unauthorized processing of personal information shall be penalized by imprisonment ranging from one (1) year to tree (3) years and a fine of not less than Five Hundred Thousand Pesos (500,000) but not more than Two Million Pesos (2,000,000) shall be imposed on persons who process personal information without the consent of the data subject, with or without being authorized under this Act or any existing law; (b) The unauthorized processing of personal sensitive information shall be penalized by imprisonment ranging from three (3) years to six (6) years and a fine not less than Five Hundred Thousand Pesos (500,000) but not more than Four Million Pesos (4,000,000) shall be imposed on persons who process personal information without the consent of the data subject, or without being authorized under this Act or any existing law.
Oftentimes, when a law has been passed, we look into the scope- we see to it we are not subject to it, and if we are, we take precautions. Next thing we look upon is the penalty. Section 25 is securing that this law will be implemented properly basing on the imposition of fines which are quite high as compared with other laws. What I do not read from any of the penalty provisions is the penalty in case of insolvency of the data or personal information controller.
Section 26 – Accessing Personal Information and Sensitive Personal Information Due to Negligence – (a) accessing personal information due to negligence shall be penalized by imprisonment ranging from one (1) year to three (3) years and a fine of not less than Five hundred thousand pesos (500,000) but not more than two million pesos(2,000,000) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law; (b) Accessing sensitive personal information due to negligence shall be penalized by imprisonment ranging from three (3) years to six (6) years and a fine not less than Five Hundred Thousand Pesos (500,000) but not more than Four Million Pesos (4,000,000) shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law.
What I understand on this provision is that, say, I, an ordinary netizen, negligently accessed a personal information. Does this mean, any person? Like you and I? who, due to negligence, provided access to personal information? How will that happen? Educate me. Like when I tinker on my computer and upon doing such, I get an access code without really knowing and understanding it, and suddenly, wallahh! There appears the personal or sensitive information of another. I think this must be cleared- the language of the law is ”ACCESSING personal information” and “PROVIDED information xxx,”
which must be negligently done. There is no clear comportment as to how negligence is to be made so as to be held liable under this provision. Negligence must be accompanied by the intention and the surrounding circumstances that go about the so-called negligence. It does not come straight and alone, more often, it is not what we judge it is.
Have I understood PRIVACY the way this law would want me to?
What does PRIVACY mean? – a state of being apart from the company or observation of others; freedom from undesirable intrusions; esp. avoidance of publicity.
Article III BILL OF RIGHTS 1987 CONSTITUTION
Sec.3 (1) The privacy of communication and correspondence shall be inviolable xxx.
Based on the penalties imposed and the functions of the National Privacy Commission, what I understand is that my right to privacy of any information sub-qualified into personal and sensitive information is as valuable as my own life that it is safeguarded like a precious gem.
Like any law, there are pros and cons for its enactment. There are advantages and disadvantages of Republic Act 10173, and as quoted from other sources, are as follows:
“The Advantages of this Act is that it aims to protect the individuals in personal information. the effects of this in our country’s e-Commerce security infrastructure, especially on the e-entrepreneurs. It helps the entrepreneurs in terms of their privacy when talking about the their business. On the other hand, R.A no. 10173 helps to prevent the theft of intellectual property and the privacy of each individuals.
The disadvantages of this act is that it minimizes the Information and Communications System generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer system or other similar device by or which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document.” 
“Benedict Hernandez, Director of the Business Processing Association of the Philippines (BPAP) and President of the Contact Center Association of the Philippines (CCAP), said the local BPO sector must and will abide by the new law’s provisions. It is also predicted to attract more investors as it is set to reinforce protection of private data.
In an interview, Hernandez also highlighted several uses and benefits of the law to the outsourcing industry and other sectors as well. He added that private information should be handled with outmost confidentiality.
Moreover, he said having reinforced data privacy processes will help pave the way for better business practices in companies and more opportunities in attracting potential investors. He reiterated that BPAP will strive to work with the government in implementing and establishing the provisions of the Data Privacy Law.”
“While the disadvantage of RA 10173 poses an equally if not more than alarming penalties not only for the long-time netizens but moreso for those who are newbies in using the internet or any kind of information technology media. Ordinary Filipinos, especially those who are computer illiterate, those with no access to, or seldom use the computer or any device that have the capabilities to store and transfer sensitive personal information may be prosecuted in courts of the Philippines due to improper handling of information or negligence.
“What alarms me the most are the penalty clauses stating that anyone can be penalized by imprisonment and will be fined in gargantuan proportions for accessing personal information of another individual or entity. Even if she/he did not mean to”. 
With all these presented – my preference for the old route, my need for what new techs offer just to be able to dance well with the fast paced life we have right now, it can be well said that this Republic Act 10173 is a balancer of the inevitable and its remedy.
 The Penguin English Dictionary, 2d Edition p.1108; Sec.3 Article 3 Bill of Rights; Lainemejos.wordpress.com, visited dec.1,2012
 Kristinepetagra.wordpress.com visited dec1,2012
An Act Defining Cybercrime, Providing for the Prevention , Investigation, Suppression and Imposition of Penalties Therefore And For Other Purposes [ Republic Act 10175]; as against
An Act Establishing a Magna Carta for Philippines Internet Freedom, Cybercrime Prevention & Law Enforcement, Cyberdefenses & National Cybersecurity [SBN 3327]
First, it must be clarified that, before I continue on with my blog, I am inclined to dwell on neither side. My view is from a standpoint where people see it in black and white, unclouded by personal desires. Just plain and simple knowledge of the use of the internet.
I have read a running commentary on the Anti-Cybercrime Law, and they are not pointless to be ignored. Some articulate of their fight for their online rights before they may even be peddled, regulated, and scheduled away. It must be understood that the exercise of power in our physical world is rather a dangerous act as it entails more of what we can do rather than what we cannot do.
I have always believed that freedom comes with great responsibility. We are to be held accountable for what we say in print as well as online without really being suppressed of our so-called freedom. The barrier clouding our mentality to ever psych out the need to demarcate liberty from self-rule has to be deleted. In other countries such as China, “self-discipline” on the use of the internet is being rewarded, although it blocks content very directly, so does Iran; Russia does not directly block websites, as they simply introduce order to place the weight on the internet site themselves. However, not all regulations are applicable to all kinds of people. Those of what Russia, China and Iran implement may not be useful to our kind of people. But the common denominator of the aforementioned countries and the Philippines is that citizens ó government. It takes two to tango. We must admit, we tend to abuse the little power that we are granted, therefore, a little help from our government to tame us a bit will not hurt. I love freedom much as anyone else here on earth! So I must not be misquoted for saying that we need “a little help from the government.”
The internet, for all its good purpose, should help the good guys rather than the bad guys. But, for some reason or another, the bad guys tend to monopolize such good use and convert it to their glory, the ratiocination for the effectuation of the now questionable RA 10175 and its maybe replacement SBN 3327. It is somehow forgotten that the legitimate purpose of technology is to better our continuance here on earth and not to maneuver or enthrall us human beings. The government and technology work for the people and not the other way around.
It can be regarded that we are such in a sullen state because we cannot school ourselves that we need to be reproved by some law or laws. Discipline emanates from the person within and not from the castigation our government saddle upon our people.
What motivate people to do things? Perhaps, the urge to let their feelings flow through; the moment of emptiness that they so want to be filled with just anything. There is nothing wrong about going through any of these, in fact, these blogs, twitter or any social media effects, are one of the great geniuses of our time – where people come together, comment about anything; there is expansion of brilliant ideas; there is collective intelligence so to speak. The best part of all these is, it is for free! The positive side of blogging is that we have the citizen journalism where there is no need for formal training to be one. However, again, if there is positive side, there is always the dark side. Some say, it is very easy to fall in love with the internet. Really? When I heard this, I could hardly fathom if there is indeed any depth into that statement. Another is, the paradox of collective intelligence. The more ties we construct, the thornier it gets, the harder it is to be individualistic. Oh yeah!
President Noynoy Aquino III signed the Anti Cybercrime Law or RA 10175 on the 12th of September 2012, however, the Supreme Court discharged a Temporary Restraining Order for 120 days from the 9th of October to grant our Congress an opportunity to come about a substitute step.
RA 10175 sought to scourge cybercrime offenses such as spamming, identity theft, online pornography, hacking, online libel and other similar offenses committed through the use of the internet. This law has been reviewed, ridiculed and was given a chance but its objectives were not cogent enough in terms of freedom of expression, and of speech. People who are adept to the ins and outs of the internet enunciate their mettlesome sentiment about the provisions of this law.
In this law, the Department of Justice and not the court who investigates and castigates bad elements; collection of traffic data without warrant or court order is another flaw of this law. The other problem that this law presents is the Take down clause which is not well defined as there is a take down of computer data alone and taking down of a blog is another thing. The Department of Justice must secure a court order before the take down takes effect unless there is a clear and present danger that there could be no more waiting another second. The legal field employs the terminology “clear and present danger” as a standard to allow for the constitutional right of freedom of speech and expression be curbed. Tsk! Tsk!
This law that avow to protect us Filipinos against those who do us injustice though the internet is also threatening to march away our constitutional rights of freedom of speech and of expression. Tsk! Tsk!
On the Libel clause, it imposes a higher penalty which amended the Revised Penal Code because of the harmful nature of the internet if on the hands of a debauched internet user. One statement that is considered libelous and is posted, it becomes obtainable forthwith to everyone without obstruction and charge. A complainant who is libeled need be advanced as the new agency will not be capable of monitoring all the tweets, blogs or shout-outs in all networking sites. The good thing about this law, as they claim, is that when the person who commits cybercrime is outside the Philippines, he can still be held answerable since the person libeled may still file a case against its oppressor – and can still be arrested so long as there is a warrant against that person. As skeptical as I am, I wonder if this will be implemented as smoothly as it portrays to be easy.
Why it is a summon to all internet users to overrun too much use of the net in order to project selfish desires. Amen to that!
Here comes the SBN 3327.
One of the lady senators filed a bill crafting a Magna Carta for Philippine Internet Freedom that would take a crack supplanting the recently enacted but very controversial RA10175. It was argued that RA 10175 was unconstitutional because of its over breadth and vagueness to the effect of making some internet undertaking punishable. The bill filed seems to be more extensive providing not just disallowed acts and stern chastisement but more importantly, it assures the rights and protection of our netizens. This bill promises castigating internet libel and hate speech while it engenders freedom of speech and expression on the internet. On this proposal, the lady senator vouches for citizen’s rights against illegal search and seizure through letting the warrantless real-time collection of traffic data. It also warrants due process by catering meticulous guidelines for any data collection including the securing of warrants, obligating notification and limiting seizure to data while excluding the physical property. This bill likewise commands government agencies to procure security for the data they collect from netizens to ensure their rights to privacy. Also, there is no provision for ”take down clause” (which has raised a lot of questions in RA10175), instead, it provides for court proceedings in cases where websites or networks are to be taken down. There is also a provision wherein it prohibits censorship of content without first securing a court order. Said bill bars double jeopardy. On the Cybercrime law, it does not provide blockade for double jeopardy through prosecution of offenses committed against its provisions as well as those against the Revised Penal Code, Special Laws, considering the offenses are from a single act.
This bill grooms the propounded Department of Information and Communications Technology, law enforcement agencies, as well as the military with provisions for taking care of cybercrimes. It ensures that the country has suitable defenses against cyber-attacks by terrorists, violent non-state actors and rogue or enemy nations. The Philippine National Police and the National Bureau of Investigation are likewise directed to antagonize cyber-terrorism. There is a spadework for exploiting ICT for national development by assuring that government agencies hold fast with realities and advances in information technology like the copyright and consumer welfare laws.
SBN 3327 not only aspires to pitch into the protection of but also the institution of the rights of the internet users in our country. It is worthwhile noting that this bill claims to be escorted by the proficient, qualified knowledge in the IT and legal expertise. This bill is the first to be created through “crowdsourcing.” It says that in its drafting, a group of IT Specialist, software designers, bloggers, academics, engineers, human rights advocates, and lawyers were involved. They also claim that such draft was formulated through discussions in an open facebook group, email, google hangout teleconferences and twitter. It somehow pacifies the fear growing inside of me that my utilization of the internet will not land me into detention or be inflicted of hefty fines for simply letting out my sentiments unto the government, some public officials or some circumstances that are likely to happen to vocal people like me. Its quest is to implant a sensible, fact -oriented and stable environment that defends Philippine nationals against cybercrimes and cyber-attacks. It pursues to benefit netizens as they meet threats and challenges of piloting cyberspace.
For journalists, this could be favorable because it does away with imprisonment for libel through the internet as there only arise civil liability. Moreover, malice is not a presumption in internet libel in comparison with that punishable under the Revised Penal Code wherein such is presumed with every defamatory imputation if no good intention and justifiable motive is shown. As may have been raised by critical thinkers – a reporter being sued under both the Revised Penal Code and the Magna Carta if his article in print is also posted on the net and end up with two separate crimes. But it seems that SBN 3327 has foreseen this possibility of indicting a blogger with two charges in a single act. One of the lawyers behind Magna Carta said, that no journalist who has disputatious article published online and on a print is at risk of separate indictment.
On account of libel, it treats such only as a civil liability rather than a criminal act, as can be gleaned from my view, this is a step forward in the instigation to de-criminalize libel. However, it is not congruent with the libel punishable under the Revised Penal Code. This will become subject to questions later on as what should have been done first is to harmonize the two laws.
This bill, as the proponent sees fit, is anchored on rights, governance, development, and security upon which, qualms will arise, for sure!
Despite all the fears any netizen is facing with the enactment of the RA 10175 and the possible enactment of the Magna Carta, Philippine cyberspace is still unregulated and the need for one is calling louder. Yes, there are more priorities that our lawmakers should attend to, but this may become one of them if not given publicity right now.
In a country with more than thirty million internet users, how can cybercrime law be enforced in the Philippines? The enacted law and the proposed law are good push to resist cybercrimes, but, there is an exigency to take up any ambiguity or omission in a text through which its intent may be evaded. There are internet crimes which are vaguely covered or not at all, and this dilemma, for all we know, will not only create bigger problems that an amendment or repeal or imposition of another law may be needed, AGAIN!
Bloggers are beholden to what they say, comment, post, publish or whatever a social media user does. Yes, these SMU are not journalists as they are not trained as one, but when they nab the poncho of publicizing, they should be regarded and be burdened of the duty and responsibility of a journalist. They cannot excuse themselves simply because they are not licensed journalist thus leaving them unaccountable for the mess they created. Bloggers who are not in favor of being regulated by any outside law aside from their clout to their own morality, ascertain that even absent of any defining rules, a devious blogger may still be castigated by the community of bloggers through their comments online. But of course, there is no certainty as to the reprimand that an errant blogger is to be subject to if without any clear law that all social media users should abide. I see no reason to be uncomfortable about bloggers being regulated.
As what the government claims, the information and communications technology and the internet are drivers of economic growth, thus the country is all the more in need of a really adequate, competent and efficacious cyberlaw that will put to reality such a claim. Safeguarding our nation against cyber-attacks has become one of the nation’s topmost priority. To effectuate this objective, trained operations team must ardently protect against internal and external threats. And for those consummated attacks on our cyberspace, our defense must be adequate of kicking off follow-on attacks on internal networkers. Knowledge of actual attacks that have conciliated systems engenders the cardinal armature on which to erect sufficient defenses because our government agencies tasked to supervise such condition are not unlimited in budget, and the only sensible way to conform with these requisites is to entrench a baseline of information security device and controls that may be monitored without ceasing through automated mechanisms. It shall be understood that cyber attacks milk on the vulnerable areas in a project or program to procure entrée to other enterprise facility. The government agencies will surely continue to explore interconnectivity across agencies to improve its support upon its netizens and own operations. Defenses should center on addressing the most prevalent damaging attacks transpiring nowadays as well as those that likely to occur in the future. The government agencies assigned with this job must warrant congruous controls to effectively negative any attack. In short, a multiplicity of explicit technical activities must be assumed to bring forth a more consistent defense.
Another inconsistency I have encountered is on the government’s assumption of internet security when and well in fact, it cannot even secure its websites. Cyberspace has become the soapbox of the best and the unpleasant whatever that any person can think of. It should have a been a place at an opportune time to exchange ideas and artistic expressions if not for the cyberbullies that make it such an unhealthy environment to even bother visit.
I must admit that although I support a competent, efficient and unbiased cybercrime law, I am scared of what is laid before us after any of the two (RA 10175 and the Magna Carta) is in implementation. Until they are tested, I will not breathe in relief yet, if, after I have published and told the truth online, I won’t be damned. Most of the social media users are the young people and I bet they are not cognizant about the cybercrime laws so much so about its implications. These juveniles could be charged of libel even before they would even know its meaning.
As I have earlier stated, I do not promote the law and the bill. Until it is on testing ground, and has not in any way infringed my bill of rights granted by the constitution, then I will take side and succumb to whichever has preserved my freedom of speech and expression through the internet.