Article III of the Constitution of the Philippinescontains the Bill of Rights. Section 1 of the Bill of Rights states that the "Congress shall give highest priority to the enactment of measures that protect and enhance the right of all the people to human dignity."[2047] Section 2 states that "the right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures of whatever nature and for any purpose shall be inviolable, and no search warrant or warrant of arrest shall issue except upon probable cause to be determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized."[2048] Section 3(1) states that the "privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law."[2049] It further states that "any evidence obtained in violation of this or the preceding section shall be inadmissible for any purpose in any proceeding." Section 7 states that "the right of the people to information on matters of public concern shall be recognized. Access to official records, and to documents and papers pertaining to official acts, transactions, or decisions, as well as to government research data used as basis for policy development, shall be afforded the citizen, subject to such limitations as may be provided by law."[2050]
The Supreme Court ruled in July 1998 that Administrative Order No. 308, the Adoption of a National Computerized Identification Reference System, introduced by former President Ramos in 1996, was unconstitutional. The Court found the order, would "put our people's right to privacy in clear and present danger... No one will refuse to get this identity card for no one can avoid dealing with government. It is thus clear as daylight that without the ID, a citizen will have difficulty exercising his rights and enjoying his privileges." While stating that all laws invasive of privacy would be subject to "strict scrutiny," the Court also was careful to note that, "the right to privacy does not bar all incursions to privacy."[2051] Then-president Joseph Estrada reiterated his support for the use of a national identification system in August 1998, stating that only criminals are against a national ID.[2052] Justice Secretary Serafin Cuevas authorized the National Statistics Office (NSO) to proceed to use the population reference number (PRN) for the Civil Registry System-Information Technology Project (CRS-ITP) on August 14, claiming that it is not covered by the decision.[2053]
More recent attempts to revive the controversial national ID[2054] have focused less on the security issues and more on administrative convenience in integrating government services.[2055] Proponents insist that the ID will be strictly voluntary, and will thus be constitutional.[2056]
Although there is currently no general data protection law, the Information Technology and E-Commerce Council (ITECC) has recently proposed a data privacy law.[2057] This law is expected to adhere to EU standards of data privacy, despite the difficulty of negotiating the differences between the policies of the EU and the US, one of Philippines' largest trading partners.[2058] The proposed privacy law may also address some of the privacy concerns inherent in a national ID system.[2059]
Despite the lack of a current data protection law, there is a recognized right of privacy in civil law.[2060] The Civil Code of the Philippines states that "[e]very person shall respect the dignity, personality, privacy, and peace of mind of his neighbors and other persons," and punishes acts that violate privacy by private citizens, public officers, or employees of private companies.[2061]
Article 26 of the Civil Codestates that "every person shall respect the dignity, personality, privacy and peace of mind of his neighbors and other persons. The following and similar acts, though they may not constitute a criminal offense, shall produce a cause of action for damages, prevention and other relief: (1) Prying into the privacy of another's residence; (2) Meddling with or disturbing the private life or family relations of another; (3) Intriguing to cause another to be alienated from his friends; (4) Vexing or humiliating another on account of his religious beliefs, lowly station in life, place of birth, physical defect, or other personal condition."[2062] Article 32(11) of the Civil Code states that "any public officer or employee, or any private individual, who directly or indirectly obstructs, defeats, violates or in any manner impedes or impairs the privacy of communication and correspondence shall be liable to the latter for damages."[2063]
The Philippines has only one law on data transfer, Presidential Decree No. 1718 entitled Providing For Incentives In The Pursuit of Economic Development Programs By Restricting The Use of Documents and Information Vital To The National Interest in Certain Proceedings and Processes. While the law was passed in 1980, it lacks force because rules and regulations have not been issued to allow enforcement. Broadly, P.D. 1718 prohibits the export of all documents and information from the Philippines to other countries that may adversely affect the interests of Philippine corporations, individuals, or government agencies. P.D. 1718 contains exceptions for exportation of information that are a matter of form, in connection with business transactions or negotiations that require them, in compliance with international agreements, or made pursuant to authority granted by the designated representative of the President.[2064]
Bank records are protected by the Bank Secrecy Act[2065] and the Secrecy of Bank Deposits Act.[2066] The Act provides that deposits with banks or banking institutions are confidential and may not be examined, inquired, or looked into absent "exceptional circumstances." Those circumstances include: the written permission of the depositor, cases of impeachment, court orders in cases of bribery or dereliction of duty of public officials, cases where the money deposited or invested is the subject matter of litigation, and cases covered by the Anti-Graft and Corrupt Practices Act.[2067]
The Anti-Money Laundering Act of 2001 also allows exceptions to the Bank Secrecy Act and the Secrecy of Bank Deposits Act.[2068] Section 9(c) of the Act requires banks, insurance companies, financial institutions, and "other entities administering or otherwise dealing in currency, commodities, or financial derivatives"[2069] to report to the Anti-Money Laundering Council of the Bangko Sentral ng Pilipinas all transactions (including series or combinations of transactions) in excess of PP four million (~USD 75,000).[2070] The institution does not have to report the transaction if it involves a "properly identified client and the amount is commensurate with the business or financial capacity of the client; or those with an underlying legal or trade obligation, purpose, origin, or economic justification."[2071] The Act does provide neither explicit definitions of a "properly identified client," nor a method for determining values commensurate with a particular financial capacity. Those who are compelled to report covered transactions to the AMLC are also prohibited from communicating that they have made such a report to anyone.[2072] Those who do communicate or publish the existence of a report or any information connected with one are criminally liable.[2073]
In May 2000, the ILOVEYOU e-mail virus was traced to a hacker in the Philippines, focusing international attention on the country's cyberlaw regime.[2074] Lacking specific laws on hacking and cybercrime, prosecutors were only able to gain a warrant under the Access Devices Regulation Act of 1998,[2075] a law intended to punish credit card fraud that outlaws the use of unauthorized access devices to obtain goods or services broadly.[2076]
On the heels of the virus attack, in May, The Electronic Commerce Act of 2000was signed into law.[2077] Section 33 of the Act mandates a minimum fine of PP100,000 (~USD1900) and a prison term of six months to three years for unlawful and unauthorized access to computer systems. Section 31 provides that only individuals with legal right of possession shall be granted access to electronic files or electronic keys. Section 32 imposes an obligation of confidentiality on persons receiving electronic data, keys, messages, or other information not to convey it to any other person.[2078]
In June of 2001 the Philippine National Bureau of Investigation announced their intention to bring the first formal hacking and piracy charges under the Electronic Commerce Act. The charges involve two former employees of a business school who allegedly broke into the school's computer system and stole an undisclosed amount of proprietary digital material.[2079]
While restrictions on search and seizure within private homes are generally respected, searches without warrants do occur. In August of 2000, the Philippine National Police conducted random searches of person for illegal firearms at checkpoints in Manila that their own government characterized as in violation of citizen's privacy rights.[2080] More recently, Communist organizations have complained of a "pattern of surveillance" of their activities.[2081] Members of the Bayan Muna political party have reported that offices and a clinic catering to their members were ransacked.[2082] The United Church of Christ of the Philippines has also reported the ransacking of their human rights, peace, and interfaith offices in what many consider to be acts of political intimidation.[2083]
The Act to Prohibit and Penalize Wire Tapping and Other Related Violations of the Privacy of Communication and for Other Purposes[2084] contains a notwithstanding clause that supersedes all inconsistent statutes.[2085] Section 1 states that all parties to a communication must give permission for a recorded wiretap or intercept and makes it illegal to knowingly possess any recording made in prohibition of this law, unless it is evidence for a trial, civil or criminal.[2086] Section 2 assesses liability for any person who contributes to the actions described in § 1.[2087] Section 3 provides certain exceptions to the conditions found in §§ 1-2 but adopts stringent criteria for wiretap warrants, including the identity of the wiretap target; who may execute the warrant; reasonable grounds that a crime has been, is or will be committed; and, a reasonable belief that the evidence obtained via the wiretap will aid in a conviction or prevention of a crime.[2088] Further, predicate offences - or offences for which a court may authorize a wiretap - are limited to several particularly onerous severity.[2089] Section 4 states that any communication obtained in violation of this Act shall not be admissible as evidence in any court.
Despite the legal prohibitions on wiretapping, illegal wiretaps appear to be a continuing problem. In August 1997, the Philippine Congress investigated the admissions of telephone company officials who said that they had conducted illegal wiretaps. The Philippine National Police also conducted an internal investigation of electioneering and illegal wiretaps in May 1998.[2090] Reports of illegal wiretaps continued into April of 1999, when the National Bureau of Investigation and the Ombudsman investigatedreports that police had tapped up to 3,000 telephone lines including those of top government officials, politicians, religious leaders, businessmen andjournalists.[2091] 2001 saw the investigation of former members of the defunct Presidential Anti-Organized Crime Task Force, again for illegal wiretaps.[2092]
Section 5 of the Rape Victim Assistance and Protection Act of 1998, stipulates that "any stage of the investigation, prosecution and trial of a complaint for rape, the police officer, the prosecutor, the court and its officers, as well as the parties to the complaint shall recognize the right to privacy of the offended party and the accused." It further states that a police officer, prosecutor or court may order a closed-door investigation, prosecution or trial and that the name and personal circumstances of the offended party and/or the accused, or any other information tending to establish their identities, and such circumstances or information on the complaint shall not be disclosed to the public.[2093] Section 3 provides for the establishment of a rape crisis center in every province and city "for the purpose of: ensuring the privacy and safety of rape victims."[2094]
Section 8 of the Proposed Rule on Juveniles in Conflict with the Law stipulates that "the right of the juvenile to privacy shall be protected at all times. All measures necessary to promote this right shall be taken, including the exclusion of the media."[2095] Section 9 of the Rule, dealing with the fingerprinting and photographing of a juvenile, states "while under investigation, no juvenile in conflict with law shall be fingerprinted or photographed in a humiliating and degrading manner." and stipulates procedural guidelines such as separate storage of fingerprint files from adult files; restricted access by prior authority of the Family Court; and automatic destruction if no charges are laid or when the juvenile reaches the age of majority (21):[2096] Section 26(k) of the Ruleconfers a duty on the Family Court to respect the privacy of minors during all stages of the proceedings.[2097]
The Local Government Code of the Philippines[2098] provides all barangay[2099] "proceedings for settlement shall be public and informal provided that the... chairman... may upon request of a party, exclude the public from the proceedings in the interest of privacy, decency, or public morals."[2100]
Section 14 of Alien Social Integration Act of 1995[2101] provides that "information submitted by an alien applicant pursuant to this Act, shall be used only for the purpose of determining the veracity of the factual statements by the applicant or for enforcing the penalties prescribed by this Act."[2102]
The use of biometric technologies has been rising in the Philippines. Since March of 1996, dozens of companies and government agencies have been adopted fingerscan technologies in applications ranging from time management and payroll systems to security access control. Many companies use the technology primarily to reduce fraudulent time card punching.[2103] Banks use the technology to reduce fraudulent transactions and to promote security. Additionally, GTE and IriScan Inc. introduced iris-scan technology in 1998 to ensure the security of online transactions. Other uses of biometric technology in the Philippines include the dispensation of health care and social services; privacy systems for database and records protection; travel security systems with passport, ticket, and baggage verification; business, residence, and vehicle security with access and operator authentication; processing and circulation control in the corrections or prison environment; and portable systems for on-scene recognition of individuals for use in law enforcement.[2104] National ID proposals also typically include fingerprints as part of the information available on the ID card.[2105]
In July of 2001 the Philippines' Civil Service Commission released a resolution requiring all government officials an employee to refrain from sending indecent messages. The resolution took effect on August 5, 2001 and bans public officials from sending sexist jokes, pornographic pictures and lewd letters or mails through electronic means including mobile phones, fax machines and e-mails. Individuals who feel sexually harassed may report cases directly to the Civil Service Commission. The resolution is a follow-up to a proposal by the Commission on Elections and the National Telecommunications Commission to monitor, track and prosecute senders of "politically motivated text messages."[2106]
The Code of Conduct and Ethical Standards for Public Officials and Employees[2107] mandates the disclosure of public transactions and guarantees access to official information, records or documents. Agencies must act on a request within 15 working days from receipt of the request. Complaints against public officials and employees who fail to act on request can be filed with the Civil Service Commission or the Office of the Ombudsman.