Tiongson, Eileen

SY 2012-2013, Second Semester


A Law Protecting Personal Information of Individuals

President Benigno C. Aquino recently signed into law the Data Privacy Act of 2012 (Republic Act 10173). It is an act protecting individual personal information in Information and Communication System in the Government and Private Sector, creating for this purpose a National Privacy Commission and for other purposes.

Personal information is defined as “any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.” (Sec. 3 par. g)

In its Declaration of Policy it states that “It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.”(Sec. 2)

Who Will Benefit From the Act

The Act is seen to be an important first step for the country’s Information Technology (IT) and Business Process Outsourcing (BPO) industry by making it in line with International Standards of Privacy protection. (http://pia.gov.ph/news/index.php?article=1781346143986)

However, a private individual like me may also be benefit from this Act. In this digital age, most of us can’t help but to share our personal information. Be it on social networking sites or other official transactions. Passing of the Act gives us a bit of security and peace of mind over the information that we share particularly on the web.

HOW?

The law requires information collectors, holders and processors to follow strict rules on transparency, legitimacy and proportionality in the conduct of their activities (Sec. 11).

Section 11 specifically states that the information must be:

“(e) Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law;

(f) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed xxx”

Online contests are becoming a lot easier these days. There are contests which mechanics only includes posting/sharing a link on your social networking sites, sharing a photo or video of yourself or even posting a short comment/review. To qualify as an entry one needs to supply his/her basic information. It seems that with the enactment of RA 10173, one may have a feeling of having the information that he/she has provided will be kept secured.

Section 12 of the Act only permits processing of such information if not prohibited by law and when at least one of the following conditions exists:

(a) The data subject has given his or her consent;

(b) The processing of personal information is necessary and is related to the fulfilment of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract;

(c) The processing is necessary for compliance with a legal obligation to which the personal information controller is subject;

(d) The processing is necessary to protect vitally important interests of the data subject, including life and health;

(e) The processing is necessary in order to respond to national emergency, to comply with the requirements of public order and safety, or to fulfill functions of public authority which necessarily includes the processing of personal data for the fulfillment of its mandate; or

(f) The processing is necessary for the purposes of the legitimate interests pursued by the personal information controller or by a third party or parties to whom the data is disclosed, except where such interests are overridden by fundamental rights and freedoms of the data subject which require protection under the Philippine Constitution.

Hence, as in my previous example, if I decided to join a contest and voluntary gave my information mere sharing of these personal information WITHOUT MY CONSENT and the can already become a ground for criminal action.

RA 10173 may also be seen as a protection for an individual from having the information that he/she had provided to be used against him/her. The Bill of Rights in our 1987 Constitution assures the privacy of communication and correspondence.

Article III. Section 3.

xxx (2) Any evidence obtained in violation of this or the preceding section shall be inadmissible for any purpose in any proceeding.

The Data Privacy Act of 2012 if implemented judiciously will provide protection to every person. It can even penalize the perpetrators even if they are not in the country (Section 4 & 5 of RA 10173).


Is the Magna Carta for Philippine Internet Freedom (Senate Bill 3327) a better law than The Cybercrime Prevention Act of 2012 (Republic Act No. 10175)?

Digital Age. Status: It’s Complicated.

The use of computers and the world wide web revolutionized the society in making life easier. One must not underestimate the impact of a single mouse click or even a tap on the screen (Welcome to the touchscreen age!) may make. However, in spite of the advantages offered by using this technology, there are disadvantages that must not be ignored.

A good example is the use of social media. A lot of us find social media helpful and advantageous. We use it to get in touch with our family and friends. We may be separated from them by physical distance but through the technology we are able to be updated on the current news about them and vice versa. Information dissemination became very easy. A single tweet, Facebook status and other post on different social media channels may reach a long way and several ethical consequences. Among these are the spread of misinformation that may be perceived as fact, the risk of identity theft and cyber-bullying.

The Controversial Anti-Cybercrime Law.

The Cybercrime Prevention Act of 2012 (Republic Act No. 10175) was passed into law last September 12, 2012. The law aims to provide punishment for certain cybercrime offenses (Section 4, RA 10175). However, the law was not accepted widely. Many find the law flawed and unconstitutional. The law is said to violate the rights guaranteed by the 1987 Constitution such as the freedom of expression, due process, equal protection of the law, double jeopardy and prohibition on illegal seizure.

Some even put the blame to a certain Senator who prior to the enactment of the law suffered cyber-bullying. Due to the flood of protests against the law, a temporary restraining order (TRO) was issued by the Supreme Court on October 9, 2012 against the Cybercrime Prevention Act or Republic Act 10175. The TRO suspends the law in its entirety for a period of 120 days.

An Upgraded Anti-Cybercrime Law?

On November 12, 2012, Senator Miriam Defensor-Santiago filed the Magna Carta for Philippine Internet Freedom (Senate Bill 3327) and seeks to replace the controversial Cybercrime Prevention Act (RA 10175). According to the Lady Senator, Senate Bill 3327 addressed the deficiencies of RA 10175 and would protect the rights and freedoms of netizens while defining and penalizing cybercrimes.

Is Senate Bill 3327 better than RA 10175?

Section 3 (Definition of Terms) of Senate Bill 3327 provides a more detailed and specific definition of the terms relating to such Cybercrime offenses. It specifically states that, whenever possible, the definition of terms relating to cybercrime shall be adopted from those established by the International Telecommunications Union (ITU), the Internet Engineering Task Force (IETF), the World Wide Web Consortium (WWWC), and the Internet Corporation for Assigned Numbers and Names (ICANN), and other international and transnational agencies governing the development, use, and standardization of information and communications technology and the Internet. Unlike the vague definitions provided Section 3 (Definition of Terms) of RA 10175, the definition of terms provided by Senate Bill 3327 is more specific and clearly states that it follows the international standard definition used.

Also, the Senate Bill 3327 discussed the most questioned provision of RA 10175, which is classifying online libel as a criminal act (Section 4 par.4, RA 10175). The libel provision provided in RA 10175 (Section 6) seems to be encompassing as it embraces the definition provided in Article 355 of the Revised Penal Code with the only qualification that it be committed online. Senate Bill 3327 defined Internet Libel as “a public and malicious expression tending to cause the dishonor, discredit, or contempt of a natural or juridical person, or to blacken the memory of one who is dead, made on the Internet or on public networks.”(Section 33, A.1) It specifically requires malice to be present (A.2) and requires that the subject can be clearly identifies (A.3). Looking back, at all-encompassing definition provided in RA 10175, blind items usually used to discuss certain social personalities and/or political figures as a form of entertainment may be embraced. Furthermore, Senate Bill 3327, Section 33, A.4 assures the freedom of speech by providing expression of protest, dissatisfaction, true report made in good faith as well as expression intended to remain private between certain persons be exempted to constitute as online libel. This provision ensures protection to netizens particularly personal bloggers who use the internet as a platform to vent their feelings and opinions.

RA 1175 also provided an all-encompassing definition of Child Pornography. Section 4 (c)(2) provided the definition of Child Pornography given Section 4 (j) of RA 9775 (Anti-Child Pornography Act of 2009). The only qualification provided is the access any form of child pornography THROUGH A COMPUTER SYSTEM. Through the words used in RA 1175, it can be interpreted that as long as one clicked, posted or sent a video containing child pornography materials without any prior knowledge of its content may be held liable. Viruses and spam links are common these days. Some of it automatically posts contents on your social networking sites or sends private messages to your personal contacts. In case these spam links and viruses contained what should qualify as child pornography. The person who opened may be held liable under RA 10175. The owner of the an email address, social networking site or personal website may also be liable if he/she happened to be a victim of spam contents/viruses containing materials defined as child pornography. On the otherhand, Senate Bill 3327 seeks to amend Sections 4 (e) and (f) of the Anti-Child Pornography Act of 2009 (RA 9775). Section 33, C.2(e) and C.5 of Senate Bill 3327 requires prior knowledge and intention of the person in posting/publishing child pornography materials in the internet.

Senate Bill 3327 also provides greater protection against illegal searches and seizures which is guaranteed under Section 2, Article III of the 1987 Constitution. Section 19 of RA 10175 authorizes the Department of Justice to issue an order to restrict access to computer data which is found to be prima facie in violation of the Cybercrime Prevention Act of 2012. Senator Miriam Defensor-Santiago calls such provision as “take-down clause” and claims that it is a dangerous provision wherein the government through its’ acknowledged agency may cause a certain website blocked or restricted without due process of law.

The said provision is not included in Senate Bill 3327 as it is considered a violation of a right guaranteed by the Constitution.

Under Section 28 of Senate Bill 3327, a final ruling from the courts, issued following due notice and hearing should first be obtained before any person may seize data, information, or contents of a device, storage medium, network equipment, or physical plant, or seize any device, storage medium, network equipment, or physical plant connected to the Internet or to telecommunications networks of another, or to gain possession or control of the intellectual property published on the Internet or on public networks of another.

Unlike RA 10175, Senate Bill 3327 (Section 29) includes a stricter and detailed law against copyright infringement. Senate Bill 3327 assures the greater availability of free information on the internet and protection to property rights by providing a specific definition of online piracy. File sharing is one aspect that makes access to internet useful. Senate Bill 3327 fills what RA 10175 fails to provide, regulating the internet to ensure protection of intellectual property rights without violating individual freedoms to data access.

Another defect of RA 10175are Section 6 and Section 7 which many considers as a violation of the constitutional right against double jeopardy. A person charged under RA 10175 for online libel may still be charged the Revised Penal Code for libel even a single act was only committed.

Conclusion

While RA 10175 seems to be a promising law, a closer look at its provisions shows certain flaws which are tantamount to violations of certain rights guaranteed by the 1987 Constitution such as due process, equal protection of the law, double jeopardy and prohibition on illegal seizure. I agree that certain rights may be regulated for the greater protection of the society however, RA 10175 seems to be an all-encompassing law. Many of the terms provided in the said law are vague and susceptible to various interpretations. Although the advocates of RA 10175 claims that these “holes” may be filled up by its Implementing Rules and Regulations I believe that the Magna Carta for Philippine Internet Freedom (Senate Bill 3327) filed by Senator Miriam Santiago would be a better law.

Yes, we need a strong law to crack down cybercrimes. We need it to prevent our country to be used by some as their hub for cyber-crimes. Our country is currently experiencing economic growth because of Information and Communications Technology (ICT) and we want to keep it up. Senate Bill 3327 provided solutions to the unconstitutional provisions of RA 10175. The bill also provide a detailed definition of what constitute a certain cybercrime act as oppose to the vague definitions on RA 10175.

As of this writing, RA 10175 is under a temporary restraining order (TRO). No one can tell that will be its fate. The Congress may still amend or repeal it. The Supreme Court may extend the TRO, uphold RA 10175, or junk the whole/part of the law.

Sources:

1987 Philippine Constitution

Republic Act No. 10175 – AN ACT DEFINING CYBERCRIME, PROVIDING FOR THE PREVENTION, INVESTIGATION, SUPPRESSION AND THE IMPOSITION OF PENALTIES THEREFOR AND FOR OTHER PURPOSES

Senate Bill 3327- AN ACT ESTABLISHING A MAGNA CARTA FOR PHILIPPINE INTERNET FREEDOM, CYBERCRIME PREVENTION AND LAW ENFORCEMENT, CYBERDEFENSE AND NATIONAL CYBERSECURITY

Republic Act No. 9775- AN ACT DEFINING THE CRIME OF CHILD PORNOGRAPHY, PRESCRIBING PENALTIES THEREFOR AND FOR OTHER PURPOSES

http://www.philstar.com/headlines/2012/12/01/877657/miriam-files-cyber-bill-ver-20

http://www.senate.gov.ph/press_release/2012/1006_santiago1.asp

1 comment

Leave a comment