Tolentino, Karen

SY 2012-2013, Second Semester


Have We Become Technology Lab Rats ? A Look at RA 10173 ( The Data Privacy Act of 2012 )

“ I have to e-mail my boss and request for a paper shredder”, this was the very first thing that came to my mind when I first heard about the Data Privacy Act of 2012. I got worried that my work in HR would get me into trouble simply because my “hand shredder “ is not designed to be as reliable as its machine counterpart I felt the weight of responsibility placed upon my shoulders as a professional. A person’s application papers may not have as many pages as an autobiography but I knew it was enough to tell someone’s life story. For a moment, I had to play a scene in my mind. What if I don’t tear the documents of applicants properly after they leave my active file folder and these end up being pieced back together and misused. Will I be responsible for it ? Perhaps my fear is much like those of the Facebook fanatics who feared that hitting the like button would put them in jail as a violation of the Anti Cybercrime Law. Such fear that prompted most Facebook users to remove their profile pictures and replace the same with a black page , as if weeping and mourning for the death of their right to freedom of expression. To calm myself down, I went ahead and read some more. Maybe, just maybe, by understanding the law better, I’d discover that as great a responsibility as it is, I am meant to be more of a defender or advocate of the right to privacy instead of being on the other side of the coin.

RA 10173 or the Data Privacy Act of 2012 which was signed by President Aquino on August 15, 2012 is intended to protect individual personal information and communication systems in the government and the private sector. It is one of those laws which was seemingly given proper attention having been introduced only in 2011. The law requires both public and private institutions to comply with international data security standards while providing safeguards to protect press freedom. It stipulates under its Declaration of Policy that it is the policy of the State to protect the fundamental human right to privacy of communication while insuring free flow of information to promote innovation and growth. But why is respect for “privacy” such a sensitive issue to begin with ? Is this goal even achievable ?

According to Wikipedia, privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. Wikipedia lists down various reasons individuals may object to the seeking of personal information affecting religion, sexual orientation, political affiliations, or personal activities. These reasons include avoidance of discrimination, personal embarrassment, or damage to professional reputations. To some, protection of one’s private information means protecting themselves from the harsh realities of today’s world, from virtual prying eyes, from the unknown enemy distanced by land or sea but kept close by the click of the mouse, from institutions designed to make life easier and transactions faster but end up doing more than what is required of them, by making profit out of the information provided to them in confidence for instance. Considering the rapid growth of technology and just how easily the majority of the world’s population is able to keep up with the changes, is there any surefire program that can for once make us feel safe and secure ? Or is it automatic that by living in this generation and time, we have unconsciously consented to become technology’s lab rats ?This tug of war between proper use and abuse of information is what the law on Data Privacy aims to address.

Though encompassing and wide in scope, I believe the Data Privacy Act of 2012 is one of the bold moves of our government to protect investments in the country particularly that which currently serves as the bread and butter of most of our citizens, the BPO industry . As published in the website of the British Philippine Outsourcing Council, the offshore call center industry started in the Philippines in 1999 when cyber city set up a facility for outsourcing in Clark, Pampanga. The research results posted on the website further provides proof of just how large the industry has become citing results from the SGV Audit BPO Industry Edition where revenues are projected to have reached $12.2 billion in 2010. With the Philippines believed by many to be the home of language sponges who only require a month or two to assimilate a foreign accent coupled with the industriousness of the Filipinos and the cheaper salary compared to other countries, business process outsourcing in the country shoot up like mushrooms. If investors require proof that the Philippines can secure confidential information required by industries in their operations , then our government is committed to doing just that. In my personal point of view, this paved the way for the contemplation of some of the provisions of RA 10173.

Section 4 of RA 10173 stipulates that the Act applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors, who, although not found or established in the Philippines, use equipment that are located in the Philippines , or those who maintain an office, branch or agency in the Philippines. The intention of the law is very noble and given proper implementation, I don’t see why it should not work , especially with the creation of the National Privacy Commission which will administer and implement the provisions of the Act as well as monitor our country’s compliance with International Standards set for data protection as stipulated in Sec. 4 of the law

The general rule is not without exceptions though. These exceptions include personal information processed for journalistic, artistic and literary purposes; personal information originally collected from residents of foreign jurisdictions in accordance with the laws of those foreign jurisdictions; information necessary for banks and financial institutions under the jurisdiction of the independent central monetary authority or BSP to comply with the Anti- Money Laundering Act; information necessary to carry out the functions of public authority and information about any individual who is or was an officer or employee of a government institution that relates to the position or function of the individual.

The exclusion of journalists may prove to be a double edged sword. The role of journalists in the Philippines is very crucial. We love hearing the news and at times even, when we feel that the units of government who are supposed to assist us are just plain and simple incompetent or perhaps unworthy of trust , we run to the media. The media seemingly has the power to turn things around, to make mere news of the day into a trending topic worldwide. While it is proper for the law to protect journalists and their sources by not compelling them to reveal the source of a report which strengthens freedom of speech and expression, these privileges given to the media are also subject to abuse. Nowadays, there is barely an item in the news which is not sensationalized.

If journalists cannot be compelled to reveal their sources and if in a sense, they consider and encourage everyone to be vigilant and be “patrollers ng bayan” so to speak, where will people who fall victims to these irresponsible broadcasting seek relief after the world has judged them. There is a saying that goes, “ there are things one will never be able to undo, and one of them is the stone after the throw “. It appears to me that since media seem to be all knowing and people believe them to be credible, the likes of the lady in the amalayer incident and similar incidents are left with no choice but to shield themselves from public ridicule, just because people were able to access information in excess of what was necessary.

Juan dela Cruz faced with a new law to follow may wonder what’s in it for him and ultimately weigh if the benefits of the law outweighs the rights that must be limited or regulated. In an article dated August 30, 2012 posted by Tempo newspaper online, the Business Process Outsourcing Industry is said to have hailed the passage of the bill as it will bring the Philippines to international standard of privacy protection as much as work in said industry is said to involve confidential company information of local and foreign clients. If this law ends up beneficial to Juan’s source of livelihood, it will end up to be more beneficial to him.

Chapter IV which covers Section 16 of the law lists the rights of the data subject. Among these are to be informed whether personal information has been processed, to be furnished with such information before entry into the processing system, purpose and scope of the information processing, recipients to whom they may be disclosed as well as methods utilized for automated access, contact details of controller, period of storage and the existence of access and correction rights.

The aim of the Data Privacy Act of 2012 is responsible use of information. It is worthy to note that it does not prohibit the collection and processing of personal information. What the law requires as listed in Section 11 is the collection of information for legitimate purposes , its fair and lawful processing, the need for it to be adequate and not excessive, its retention for the purposes for which the data was obtained and for it to be kept in form to permit identification of data subject for no longer than is necessary for the purposes for which data were collected and processed.

We have seen it in movies time and again, waking up not knowing who you are and retracing everything and later finding out that some agency has tracked you down, decided to experiment on you and decided to erase everything you know about yourself and the world. Is there a possibility of this happening in real life ? Maybe. But I know for sure that with measures such as RA 10173, we can somehow rest our minds knowing entities are compelled to protect our personal information, that we are given the right to have access to these information and that in case they fail to observe what is required of them, they can end up in jail.

The progress of a nation is shaped by many factors. Among these factors however, willingness of its citizens and its enforcement agencies to be accountable plays a major part. Whether or not RA 10173 elevates the Philippines to International Standards remains to be seen. The law is relatively new and I feel that the authorities meant to enforce it must be given enough time to implement the same.

Having gained a better understanding of the Data Privacy Act of 2012, I don’t need a paper shredder after all.


Sources :

[1] http://www.gov.ph/2012/08/15/republic-act-no-10173/

[2] http://en.wikipedia.org/wiki/Privacy

[3] http://www.tempo.com.ph/2012/08/data-privacy-act-of-2012/

[4] http://www.bpoc.uk.com/research.html


An Elusive Quest for Freedom ( MCPIF vs RA 10175)

It seems common among Filipinos who do not know much about howlaws operateto be overwhelmed by how other people devoid of necessary expertise interpret them. In recent years, whenever a law is passed or introduced, it is mostly objected to through a variety of reactions magnified and sensationalized by media through informal polls. Freedom or “Kalayaan” is such a weighty word for us. Our history tells us that our heroes have fought for it , screamed about it at the top of their lungs and lives have been lost to protect it . If one needs to be reminded, one only needs to think about the atrocities of martial law and he will more likely be convinced. Needless to say, we, as a nation highly value our freedom and would retaliate at anything which we feel will suppress it. Be that as it may, gone are the days of horse riding and sword bearing Filipinos who will fight to the last drop of blood. As strong as the idea of freedom remains, the changing times and the rapid change in technology have changed our perspective on freedom and what we deem as proper means to fight for it.

Although most of us may wish for freedom to be without restrictions, that is not how the world operates. With liberty comes power and as a famous movie line goes, “ with great power comes great responsibility”. Freedom coupled with power may prove to be a curse rather than a gift if unregulated. The role of government is to make people conform to acceptance standards which will not only prove rewarding to the community through attainment of peace and order but to the individual as well who will learn to be responsible for his actions.

In modern times where technology is part of our everyday lives, where cell phones are as important as keys to one’s house or car and where most things become convenient and available by one click of the mouse, we are all the more reminded to be vigilant in our dealings. True enough that we gain friends from across the miles without having to set foot in their countries, or experience different cultures, learn new things through the aid of technology, we should not, however, discount the fact that criminal minds no longer just lurk in unlit streets in the middle of the night. Crooks now thrive in the world wide web and attack any time of the day, especially so if there are no laws to protect us. Online crime may be in the form of abusive online behaviour, identity theft, sexual predation and spamming among others.

In the Philippines, a law dubbed as RA 10175 or the Cyber Protection Act of 2012 was passed to address these concerns. However, the passage of the law provoked an outcry for major changes. Those opposing it found most of its provisions to be unconstitutional. With a previous nightmare called martial law, RA 10175 was seen by many as the electronic counterpart, giving it an informal title of e-martial law.

In certain occasions, when somebody complains that a law has no teeth or that it simply is not humane, elders often react by saying “ go be a Congressman or a Senator and amend the law or make a better one”. Though technically, these two houses still hold the power to come up with laws that matter, I was surprised to find out that the ordinary Juan played a huge part in what is now Senate Bill #3327 or the Magna Carta for Philippine Internet Freedom (MCPIF) and that it was not a product of the genius of the feisty Senator Miriam Defensor-Santiago. My research added another word in my vocabulary; that word is “ crowd sourcing”.

According to Wikipedia,[1] Crowdsourcing , a term coined by Jeff Howe in his article entitled “ The Rise of Crowdsourcing” published in Wired Magazine in June 2006, is a process that involves outsourcing tasks to a distributed group of people, to an undefined public rather than a specific body. It highlights collective intelligence as a possible source of coming up with solutions to a problem. The term is said to be a portmanteau of the words “crowd” and “outsourcing “. The senate bill which is the subject of this paper began when so called netizens grouped themselves for a common purpose, that being the drafting of the MCPIF and made an open call for people to contribute. This call caught the attention of technology loving individuals from all walks of life such as IT Specialists, bloggers, engineers , members of the academe and human rights advocates. [2] The movement started in Twitter until the Facebook group Democracy.net.ph was eventually launched. If passed, the Magna Carta for Philippine Internet Freedom ( MCPIF ) is the first legislation drafted through online crowdsourcing. In apress release dated November 30, 2012 posted on the website of the Philippine Senate, [3] it was noted that Senator Santiago said she was approached by a group of netizens with a draft of the MCPIF.

The Magna Carta for Internet Freedom dubbed as “ Anti Cybercrime Law 2.0’aims to address the flaws of RA 10175 or the “Cybercrime Protection Act of 2012 ” byreplacing the same. The latter which remains under a 120 day temporary restraining order (TRO) due to supposed unconstitutionality of some of its provisions became asource of concern to most citizens.The MCPIF operated under four key principles; rights, governance, development and security. Section 2 of the bill declares the policy of the state with regards to the role ofInformation and Communication Technology ( ICT) in nation building. In summary , the state reaffirms its commitment to the people in crafting and regulating laws governing the use of the internet, recognizing the culture created by such devices and networks, recognizing the role of technology on economic growth and the development of human capital, recognizing how the internet affects peace and order and law enforcement while also recognizing the potential of the internet to become a theatre of war and the vital role ICT plays in the flourishing and development of an information society.

By seeking to replace the earlier law with the intention of providing a solution to what seems to be appear as vagueness and overbreath of RA 10175, is it automatic that SB 3327 is the better cybercrime law ?

The supposed clash between RA 10175 and Senate Bill 3327seems to revolve around constitutional provisions on Freedom of Expression, Right to Privacy and Double Jeopardy.

Freedom of expression as enshrined in [4] Chapter 6 Section IV of the 1987 Constitution states that

Section 4. No law shall be passed abridging the freedom of speech, of expression, or of the press, or the right of the people peaceably to assemble and petition the government for the redress of their grievances.

In an article posted on the website of [5] Amnesty International , a movement campaigning to end abuses in human rights, Isabelle Arradon, its Deputy Director believes that the cybercrime law rolls back protection for free speech in the Philippines because under said law, a peaceful posting on the internet could result in a prison sentence. MCPIF aims to address this by upholding freedom of expression and deletion of the takedown clause in RA 10175.

In RA 10175, Atty. Harry Roque, a known human rights advocate and a professor of Constitutional law at the University of the Philippines (UP) , explains that [6] “libel committed on Twitter, Facebook, blogs, and other online content was made a more serious crime compared to printed libel “. He added thata person found guilty of libelous comments on the internet may be convicted up to 12 years in prison without possibility of parole, as against the penalty for printed libel in the Revised Penal Code (RPC)which is six (6) months and one (1) day to four (4) years and two (2) months.

In the very same article, Atty. James Mark Ridon, president and general counsel of Kabataan Partylist, saw how flawed RA 10175 was. According to him, Sec 4(c)4, while mentioning libel in relation to Art. 355 of the RPC provides no penalty to be imposed on such offense paving the way for the basic rule in criminal law that no crime can be committed nor punishment imposed without a pre-existing penal law.

On the other hand, the Magna Carta for Philippine Internet Freedom ( MCPIF ) is said to uphold freedom of expression by defining the exceptions to libel. Under the act, there shall be no internet libel without malice or intent to injure. It maintains that internet libel must explicitly and positively identify the person who is the subject of the expression. Should the law be passed, citizens can safely protest against the government and its public officials, criticize politicians and candidates just as the EPAL movement of Juana Change is doing, criticize NGOs, associations and religious groups or companies for bad service. A facebook fanatic no longer holds any responsibility for a PM later made public by someone else.These, according to the act, do not constitute libel. Furthermore, the law treats libel as a civil liability, not a criminal act.

The takedown clause of RA 10175 is deemed by many to be dangerous. As stipulated in Section 19, the DOJ shall issue an order to restrict or block access to such computer data if found to be prima facie in violation of the provisions of RA 10175. This, for many is a violation ofdue process. In MCPIF however, no such restriction exists. In response to the call to protect due process, MCPIF prohibits censorship of content without an order from the court. [7] Section 8 (4) specifically provide that there shall be no compulsion or restriction to access of information on the internet except upon order following a special proceeding before the RTC of competent jurisdiction; provided further that the clear and present danger test is met, the material is unprotected expression under community standards and that the uploading or publication of such information constitutes a criminal offense punishable under Sec. 6 of the Act.

Another constitutional right said to be protected under MCPIF is the right to privacy. RA 10175 permits warrantless collection of traffic data which is believed by some professors of the UP System to [8] devalue the rights of the accused as stipulated by Sec. 2 of the Bill of Rights which reads

” The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures of whatever nature shall be inviolable, and no search warrant shall issue except upon probable cause to be determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized.”

Sec. 10 of MCPIF provides protection by stipulating that agencies and instrumentalities maintaining data shall ensure appropriate level of privacy. Privacy is also protected through the requirement to secure warrants , obligate notification and limit seizure to data thereby excluding seizure of physical property. Under the act, information may not be accessed without the owner’s knowledge, penalty shall be provided for transmittal through the internet of private data or public networks and service providers, telecommunications and other companies cannot submit one’s private information without his knowledge and without a court order issued after due notice and hearing.

What appears to be another point of confusion and argument is the subject of double jeopardy which is allowed in RA 10175 through prosecution of offenses committed against its provisions and those committed against the RPC and special laws even if such result from a single act or omission (Sec. 7). The protection related to double jeopardy in MCPIF can be seen in Sec. 40 (2) of the bill which stipulates that a prosecution under this act shall bar any further prosecution as a violation of the Revised Penal Code (RPC) and other special laws.. This stipulation however, is not without exceptions. The act provides for four exceptions namely :

if the act was performed through the use of a device, equipment or physical plant connected to the internet or to telecommunications networks, or in connivance with a third party with access to the same

if the violation could not have been performed throughthe use of said device, equipment or physical plant connected to the internet or to telecommunications networks, or the said third party with access to the same

if the act involves the transmission of data through the internet or telecommunications networks, or

if the act is part of a series of or combination with other unlawful acts , these acts being performed without the use of a device , equipment or physical plant connected to the Internet or to telecommunications networks, or in connivance with a third party with access to the same.

The Magna Carta for Internet Freedom aims to claim its place as the better cybecrime law by providing Filipinos the opportunity to keep up with the challenge of the ever changing and fast paced technology which brings about personal and economic growth , relief and assistance during emergencies which shake our nation to the very core as well as mere enjoyment of the effects of progress while promoting and upholding rights guaranteed by the constitution and prosecuting offenders who threaten proper enjoyment of the right to freedom of expression and privacy.

It further encourages the right to create though its provision concerned with copyright protection. Under MCPIF, a content published over the internet shall enjoy copyright protection as well as computer programs and software applications. Hopefully people will be more aware of the effect and repercussions of acts like plagiarism which does not seem to be a big deal to most individuals. The act stipulates that plagarism or what we Filipinos humorously now call “Sottcopy” or non attribution of content, constitutes infringement of intellectual property rights.

The introduction of the Magna Carta for Philippine Internet Freedom ( MCPIF ) does not render RA 10175 inutile. It merely hopes to providethe nation a more carefully studied law which is constitutionally grounded. To say that is a better law compared to RA 10175 is premature at this point. While it may appear promising on paper, whether a law is effective remains to be seen once it is already implemented.

I am one with the nation in its effort to make this nation great again, not just in terms of peace and order but also in terms ofprotection for industries of the modern times which puts food on our tables.

The more we find ways and means to support industries dependent on Information and Communication Technology ( ICT ) , the internet and modern technology, the more we entice investors to come to the Philippines . This in turn results to creation of jobs for Pinoys and lesser need to seek employment in a foreign land added to the much welcome economic growth everyone desires. The efforts of government and concerned citizens , if fully realized will elevate us into a self sufficient nation, able to keep up with the changing times while also capable of protecting our citizens from crimes and irregularities brought about by technology.

Technology has evolved and with this evolution came the challenge for people to keep up with the times. What used to be luxury is now necessity. What used to be yesterday’s super gadget is literally today’s second rate gadget and perhaps tomorrow’s forgotten friend. We work, ,live and breathe technology and such has a power nobody can discount.

Hopefully, with laws geared towards strengthening the capacity of the Filipino to reach for greater heights through ICT, time will come when we will find another kind of freedom, that which removes the wall which has confined us to being known as a third world country. Until then, I am keeping my fingers crossed.


Endnotes

[1] Crowdsourcing : http://en.wikipedia.org/wiki/Crowdsourcing

[2] https://www.facebook.com/groups/Democracy.Net.PH/

[3] MAGNA CARTA FOR INTERNET FREEDOM TO REPLACE ANTI-CYBERCRIME LAW : http://www.senate.gov.ph/press_release/2012/1130_santiago1.asp

[4] http://lawphilreviewer.wordpress.com/2011/05/13/constitutional-law-chapter-vi-freedom-of-speech-press-expression-etc/

[5] Philippines: ‘Cybercrime’ law threatens free speech and must be reviewed : https://www.amnesty.org/en/news/philippines-cybercrime-law-threatens-freedom-expression-and-must-be-reviewed-2012-10-04

[6] Lawsuit poised against Republic Act 10175: http://www.abs-cbnnews.com/-depth/09/19/12/internet-libel-may-lead-12-years-prison

[7]MAGNA CARTA FOR PHILIPPINE INTERNET FREEDOM : http://www.scribd.com/doc/114984484/Magna-Carta-for-Philippine-Internet-Freedom

[8] AKMA UP on Cybercrime Law: It ain’t over yet : http://www.bukluran.org/2012/10/10/akma-up-on-cybercrime-law-it-aint-over-yet/

Advertisements
1 comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: