Technology had made a lot of difference, effects, and influence on the society nowadays. Such has a big impact on today’s generation. It made things changed, improved our lives, makes our living more comfortable, and provides us accessibility. These changes, improvement, and accessibility, however, also made our life public when it comes to identity matter. Documents, data, and other matters relating to information may be easily had by means of those mechanisms.
Today, it is easily possible for us to have information about other people, to perceive clearly about other’s identity, and to have knowledge regarding someone’s whereabouts. The technology provided all of these means of admission. Just one click in the internet and you can know some or certain information you desired to have concerning other person. With all these circumstances, I can utter articulately that technology can be considered as a threat to individual’s informational privacy. Most of the crimes today were accomplished through the usage of modern technologies. These reasons probably triggered some of our lawmakers to enact statutes relating to the protection of every individual’s privacy.
Generally, privacy is one of the most violated rights when it comes to matters involving technology. Oftentimes a simple act of one person may constitute a violation of any laws. Other people are not knowledgeable enough to determine if their acts constitute a violation of the laws laid here in the Philippines. Perhaps, those were the reasons why some of the laws passed were implicated regarding that matter. However, as an individual being protected by law against any unscrupulous persons and intruders, we also have the obligation not to merely become a reliant on the protection provided by our law. We must do proper safeguards and take precautions as regards to our act in placing information to different sites and other situations that might probably requires us to disclose such.
An individual has the right to be secured in all aspects regarding his personal information. This includes his address, contact number, bank/credit accounts and other information deemed personal to him. On one’s point of view, giving the contact number of someone you knew to other person who desired to have a communication with the former is of no importance as the giver may think that it is only for general purposes and not whatsoever. But if the person who desired to have the number of another has different purpose, which is unlawful, then there lays the question whether such act constitutes a violation of an individual’s right to privacy.
The individual’s right to privacy has been protected under some of our laws such as the Bill of Rights, Civil Code, and other special laws. The Bill of Rights, Section 3 (1) states that “the privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise as prescribed by law. Moreover, the Civil Code under Section 26 also provides safeguard to privacy which states that “every person shall respect the dignity, personality and privacy and peace of mind of his neighbours and other persons”.
One of the laws involving privacy in relation to information is Republic Act No. 10173. Before going any further, allow me to define its meaning, its purpose, its intention, its scope and inapplicability for better understanding of the said law. “An Act Protecting Individual Personal Information in Information and Communications Systems in the Government and the Private Sector, creating for this purpose a National Privacy Commission, and for other purposes” which is otherwise known as the Data Privacy Act of 2012 covers protection of fundamental human right of privacy of communication while ensuring free flow of information to promote innovation and growth. The law was made applicable to the government and to the private sector in relation to individual’s personal information and communications systems. An individual protected under R.A No. 10173 is called the data subject which refers to “an individual whose personal information is processed”. Such individual is protected in his personal information which the law defines as “any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably ascertained by the entity holding the information, or when put together with the other information would directly and certainly identify an individual.” For clarification, processing refers to “any operation or any set of operations performed upon personal information including but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. Personal information protection entangled in this law might be violated if personal information controller and personal information processor do such acts not within the scope of their authority, those acts not intended for them to do, and furthermore, those not authorized by the law. Contrary to those acts only authorized of them to do will be subject to penalties provided for by the said law. Again, for better understanding, personal information controller and personal information processor are defined under the law, to wit: personal information controller refers to a person or organization who controls the collection, holding, processing, or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or behalf; Personal information processor, however, refers to any natural or juridical person qualified as such under the Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.
Considering that the law applies to all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain on office, branch or agency in the Philippines, the law, however, stated exclusions as to its applicability. To state a few, the said law does not apply to, (a) information about any individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual including: the fact that the individual is or was an officer or employee of the government institution; the title, business, address and office telephone number of the individual; the classification, salary range and responsibilities of the position held by the individual; and the name of the individual on a document prepared by the individual in the course of employment with the government; (b) information about an individual who is or was performing service under contract for a government institution that relates to the services performed, including the terms of the contract, and the name of the individual given in the course of the performance of those services; (c) information relating to any discretionary benefit of a financial nature including the name of the individual and the exact nature of the benefits; (d) personal information processed for journalists, artistic, literary or research purposes; (e) information necessary in order to carry out functions of public authority; and (f) information necessary for banks and other financial institutions. Now that the terminologies employed in the law were clearly defined, we could easily determine if a certain act is violative against individual’s right to informational privacy.
Guided with the question of “Is the act of a person, A, disclosing the mobile number of B, to a third person, without B’s consent, considered a violation of RA 10173?”, I will conclude in the negative considering the premises and the applicability laid down by the law. None of the foregoing terminologies and application covers the given situation neither the individual who discloses the information is among those qualified personal information processor and personal information controller. It is common practice here in our country that when we want to know some information regarding someone, we would just search his/her in facebook, twitter, google, and other sites that may provide us such information. Others who have common friends would simply ask information about someone. These are the usual ways that most of us bring about just to have the information we desired. I have never heard of anything which a person did these acts that were prosecuted. If such simple act would be considered as contrary to law, may be most of the citizen here in our country will be prosecuted. Of course except those people committing these acts which have unlawful purposes. These notions is somewhat supported by one case, i.e., Ople v. Torres (354 Phil. 948), “where the Supreme Court ruled that the privacy does not bar all intrusions into individual privacy. The right is not intended to stifle scientific and technological advancements that enhance public service and the common good. It merely requires that the law be narrowly focused and a compelling interest justifies such intrusion. Intrusions into the right must be accompanied by proper safeguards and well-defined standards to prevent unconstitutional invasions. Any law or order that invades individual privacy will be subjected by the Court to strict security”. Under the said decision, although the law shields the individual’s right to privacy, it does not hamper the right of others nor does it prevent the utilization of the personal information to public service or some scientific and technological advancement especially if it be for a lawful intention.
The Data Privacy Act specifically provides prohibited acts that may be subjected to penalties provided also under the said law. It is true that the disclosure of personal information of an individual without the latter’s consent may be violative of his/her right to privacy under the Data Privacy Act but that would only happen when it is committed by persons specified by the law such as personal information controller and personal information processor. It is, indeed, the purpose of the said law to secure and/or protect individual’s personal information but this applies only to those personal information being processed to any operation or any set of operations including the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data. The obligation of securing the personal information and the exercised of technical measures intended for the protection of personal information against any disclosure is imposed only by the said law to those qualified personal information processor and controller and not to any individual who may know or obtain such personal information. Except those employees, agents or representatives of a personal information controller who are involved in the processing of personal information are required by the said law to operate and hold personal information under strict confidentiality if the personal information are not intended for public disclosure which such obligation shall continue even after leaving the public service, transfer to another position or upon termination of employment or contractual relations. Conclusively, an individual not included on those aforementioned will not be held liable under the Data Privacy Act if he/she discloses the personal information of another individual for a lawful purpose. Such person may violate other laws protecting the right to privacy but not under the said law. What the law includes, the law excludes. Therefore, in determining the existence of a violation, you must rely only what the law provides. No more, no less.
Technologies have made intrusion and accessibility in gathering personal information more facile. Needless to say, the observable influence of technology nowadays has made our life complicated too with regard to safeguarding our seclusion.
Numerous cases were decided in relation to individual’s informational privacy but none of those exactly purports this kind of situation. But we should bear in mind that sometimes a simple act that we do not think would encroach other’s rights are oftentimes lead us to unexpected consequence.
The right to privacy may be considered as one of the most important right that an individual may be granted. Without this right, our personal information would become an open book available to every person’s access, harm, destruction, improper usage and other malevolent acts that an individual person is possible and capable to do.
The 1987 Philippine Constitution
Bill of Rights
Ople v. Torres (354 Phil. 948)
The Data Privacy Act of 2012