Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Chapter: 

I. Legal framework

Constitutional privacy framework

Article 3 of the 1987 Philippine Constitution stipulates the country's Bill of Rights. The following sections related to privacy are contained in the Constitution:

Section 2. 

The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures of whatever nature and for any purpose shall be inviolable, and no search warrant or warrant of arrest shall issue except upon probable cause to be determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized.

Section 3.

(1) The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.

(2) Any evidence obtained in violation of this or the preceding section shall be inadmissible for any purpose in any proceeding.

Criminal law

Search and seizure: The Revised Penal Code1 criminalises the unlawful entry, search or seizure by any public officer or employee (Art. 128), and imposes the penalty of prision correccional2 in its minimum period to such act. Prision correccional in its medium and maximum periods when such acts occur at night-time, or where papers or effects are not returned immediately after a search. When a proper search is conducted in the absence of the relevant individual, a member of their family or two witnesses residing in the same locality, the Code imposes a penalty of arresto mayor in its medium and maximum periods (Art. 130). The malicious acquisition and use of search warrants is also criminalized in the Code, which imposes a penalty of arresto mayor in its maximum period to prision correccional in its minimum period and a fine not exceeding PHP1,000 (Art. 129).

Falsification of documents: The Revised Penal Code creates a number of offences related to the falsification of documents by private individuals, and the use of falsified documents. The penalty of prision correccional in its medium and maximum periods and a fine of not more than PHP5,000 is applicable to such crimes, which encompass acts of falsification of public or official documents or commercial documents (Art. 172) or wireless, cable, telegraph and telephone messages (Art. 173). The falsification of medical certificates, certificates of merit or services and the like is also addressed by the Revised Penal Code, which imposes the penalties of arresto mayor in its maximum period to prision correccional in its minimum period and a fine not exceeding PHP1,000 on any physician or surgeon who, in connection with the practice of his profession, issues a false certificate; or any public officer who issues a false certificate of merit of service, good conduct or similar circumstances (Art. 174). The penalty of arresto mayor shall be imposed upon any private person who commits a similar offence, and upon anyone who knowingly uses falsified certificates (Art. 175)

Discovery and revelation of secrets: Any public officer who reveals any secret known by him by reason of his official capacity, or who wrongfully delivers papers or copies of papers of which he may have charge and which should not be published, is liable under Art. 229 of the Revised Penal Code.If the revelation of such secrets or the delivery of such papers causes serious damage to the public interest, the public officer is liable for the penalties of prision correccional in its medium and maximum periods, perpetual special disqualification and a fine not exceeding PHP2,000. Otherwise, the penalties of prision correccional in its minimum period, temporary special disqualification and a fine not exceeding PHP50 will be imposed. If a public officer, to whom the secrets of any private individual have become known by reason of his office, reveals such secrets, they are liable for penalties of arresto mayor and a fine not exceeding PHP1,000 (Art. 230). Any private individual who, in order to discover the secrets of another, seize his papers or letters and reveals the contents thereof, is liable for a penalty of prision correccional in its minimum and medium periods and a fine not exceeding PHP500. If the secrets are acquired but not reveled, the penalty is arresto mayor and a fine not exceeding PHP500 (Art. 290). However, this provision is not applicable to parents, guardians, or persons entrusted with the custody of minors with respect to the papers or letters of the children or minors placed under their care or custody, nor to access to the papers or letters of spouses by each other. Art. 291 of the Revised Penalty Code applies to managers, employees or servants who, in their capacity, learn the secrets of their employers, principals or masters and reveal such secrets. In such a case, a penalty of arresto mayor and a fine not exceeding PHP500 is applicable. Where such secrets amount to industrial secrets, the penalty of prision correccional in its minimum and medium periods and a fine not exceeding PHP500 applies (Art. 292).

Trespass: Trespass is governed by Articles 280 and 281 of the Revised Penal Code. Trespass is punishable by penalties of arresto mayor and a fine not exceeding PHP1,000 (Art. 280). If the offense is committed by means of violence or intimidation, the penalty is prision correccional in its medium and maximum periods and a fine not exceeding 1,000 pesos.

Libel: Although the Constitutional protections related to privacy do not connect the right to privacy with the protection of reputation and honour, statutory provisions in the Revised Penal Code articulate a number of crimes in this respect. Libel is defined as public and malicious imputation of a crime, or of a vice or defect, real or imaginary, or any act, omission, condition, status, or circumstance tending to cause the dishonor, discredit, or contempt of a natural or juridical person, or to blacken the memory of one who is dead (Art. 353). The legislation stipulates that every defamatory imputation is presumed to be malicious, even if it be true, if no good intention and justifiable motive for making it is shown (Art. 354). There are two exceptions to this principle, namely (1) A private communication made by any person to another in the performance of any legal, moral or social duty; and (2) A fair and true report, made in good faith, without any comments or remarks, of any judicial, legislative or other official proceedings which are not of confidential nature, or of any statement, report or speech delivered in said proceedings, or of any other act performed by public officers in the exercise of their functions. Libel committed by means of writing or other similar means is punishable by a penalty of prision correccional in its minimum and medium periods or a fine ranging from PHP200 to 6,000, or both, in addition to any civil action which may be brought by the offended party (Art. 355). Threats to commit libel attract a penalty of arresto mayor or a fine from PHP200 to 2,000, or both.

Slander: Oral defamation (slander) is criminalized by Art. 258 of the Revised Penal Code. It is punishable by a penalty of arresto menor or a fine not exceeding PHP200, where it is of a serious and insulting nature, it is punishable by a penalty of arresto mayor in its maximum period to prision correccional in its minimum period. Where slander is committed by deed, it is punishable by the penalty of arresto mayor in its maximum period to prision correccional in its minimum period or a fine ranging from PHP200 to 1,000 (Art. 359). If said act is not of a serious nature, the penalty shall be arresto menor or a fine not exceeding PHP200. 

Publication of defamatory statements: Any person who publishes, exhibits, or causes the publication or exhibition of any defamation in writing or by similar means is liable under the law (Art. 360). The author or editor of a book or pamphlet, or the editor or business manager of a daily newspaper, magazine or serial publication, is responsible for the defamations contained therein to the same extent as if he were the author thereof. Furthermore, any reporter, editor or manager or a newspaper, daily or magazine, who publishes facts connected with the private life of another and offensive to the honor, virtue and reputation of said person, even though said publication be made in connection with or under the pretext that it is necessary in the narration of any judicial or administrative proceedings wherein such facts have been mentioned, is liable for punishment of the penalty of arresto mayor or a fine of from PHP20 to 2,000, or both (Art. 357).

Voyeurism and pornography: The Anti-Photo and Video Voyeurism Act of 2009 (RA No. 9775)3 prohibits the act of photo or video voyeurism, as well as the publication, broadcasting, sharing, exhibition, and distribution of photos or videos resulting from this illegal act. The Anti-Child Pornography Act of 2009 (RA No. 9775)4 law protects children from abuse and exploitation from being used in pornographic performances and being coerced to engage in pornography through whatever means. The law also ensures the confidentiality of the identity of any child involved in child pornographyduring investigation, prosecution, or trial, and provides mandatory services for victims such as emergency shelter, counselling, free legal, medical, and psychological services, and educational assistance. Any person who produces, distributes, or publishes such material or commits other related acts would also be subject to penalties. Internet service providers and Internet content hosts may be held liable.5 Penalties include fines ranging between PHP50,000 and PHP5,000,000 and reclusion perpetua as the gravest penalty. Currently awaiting parliamentary assent, the Anti-Obscenity and Pornography Bill of 20086 criminalises the publication, broadcast, and exhibition of pornographic materials through all means, including online means, for the protection of morality.

Cybercrime

Until 2012, the Electronic Commerce Act (Republic Act No. 8792, s. 2000)7 was the primary Filipino legislation pertaining to online privacy. Section 31 of the Act provides that access to an electronic file, or an electronic signature of an electronic data message or electronic document shall only be authorized and enforced in favor of the individual or entity having a legal right to the possession or the use of the plain text, electronic signature or file and solely for the authorized purposes. The electronic key for identity or integrity shall not be made available to any person or party without the consent of the individual or entity in lawful possession of that electronic key. Unauthorized access into or interference in a computer system/server or information and communication system, including the introduction of computer viruses and the like, is punishable by a minimum fine of PHP100,000 and a maximum commensurate to the damage incurred and a mandatory imprisonment of six months to three years.

Piracy or the unauthorized copying, reproduction, dissemination, distribution, importation, use, or broadcasting of protected material, electronic signature or copyrighted works in a manner that infringes intellectual property rights is punishable by a minimum fine of PHP100,000 and a maximum commensurate to the damage incurred and a mandatory imprisonment of six months to three years.

On September 12, 2012, the Cybercrime Prevention Act of 2012 (RA No. 10175)8 came into force. The Act creates a number of offences, including (Section 4):

  1. Offenses against the confidentiality, integrity and availability of computer data and systems, including illegal access, illegal interception, data interference, system interference, misuse of devices, and cyber-squatting;
  2. Computer-related offenses such as computer-related forgery, computer-related fraud, computer-related identity theft; and
  3. Content-related Offenses, including cybersex, child pornography, unsolicited commercial communications, and libel.

Aiding or abetting the commission of cybercrime and attempt in the commission of cybercrime is also included as other offenses under Section 5. In addition, the Act stipulates that all crimes defined and penalized by the Revised Penal Code, if committed by, through and with the use of information and communications technologies, are covered by the Cybercrime Prevention Act, and the penalty for such crimes is degree higher than that provided for by the Revised Penal Code (Section 6).

The punishments contained the Act include the imprisonment of prision mayor and fines of between PHP100,000 and PHP500,00 (Section 7). The Act provides for corporate liability (Section 9) and imposes double penalties for Acts committed by a corporate actor up to a maximum of PHP10,000,000.

The Act declares that the National Bureau of Investigation (NBI) and the Philippine National Police (PNP) are responsible for the efficient and effective law enforcement of the provisions of the Act. The NBI and the PNP are mandated to organize a cybercrime unit or center manned by special investigators to exclusively handle cases involving violations of the Act (Section 10).

To ensure that the technical nature of cybercrime and its prevention is given focus, law enforcement authorities are required under the Act to submit timely and regular reports including pre-operation, post-operation and investigation results and such other documents as may be required to the Department of Justice for review and monitoring (Section 11).

Real-Time Collection of Traffic Data: Law enforcement authorities, are authorized by the Act to collect or record by technical or electronic means traffic data in real-time associated with specified communications transmitted by means of a computer system. Under the Act, traffic data refer only to the communication s origin, destination, route, time, date, size, duration, or type of underlying service, but not content, nor identities. All other data to be collected or seized or disclosed will require a court warrant. Service providers are required to cooperate and assist law enforcement authorities in the collection or recording of traffic data.

The court warrant required under this section shall only be issued or granted upon written application and the examination under oath or affirmation of the applicant and any witnesses he may produce sufficiently demonstrating (Section 12):

  1. That there are reasonable grounds to believe that any of the crimes enumerated in the Act have been committed, are being committed or are about to be committed;
  2. That there are reasonable grounds to believe that evidence will be obtained essential to the conviction of any person for, or to the solution or prevention of, such crimes; and
  3. That there are no other means readily available for obtaining such evidence.

Preservation of Computer Data: In accordance with the Act, the integrity of traffic data and subscriber information relating to communication services provided by a service provider must now be preserved for a minimum period of six months from the date of the transaction. Content data must be similarly preserved for six months from the date of receipt of the order from law enforcement authorities requiring its preservation. Law enforcement authorities may order a one-time extension for another six months (Section 13).

Disclosure of Computer Data: Law enforcement authorities, upon securing a court warrant, may issue an order requiring any person or service provider to disclose or submit subscriber s information, traffic data or relevant data in his/its possession or control within seventy-two hours from receipt of the order in relation to a valid complaint officially docketed and assigned for investigation, provided the disclosure is necessary and relevant for the purpose of investigation (Section 14).

Search, Seizure and Examination of Computer Data: Where a search and seizure warrant is properly issued, the law enforcement authorities likewise have the power to conduct interception, as defined in this Act, and the power:

  • To secure a computer system or a computer data storage medium;
  • To make and retain a copy of those computer data secured;
  • To maintain the integrity of the relevant stored computer data;
  • To conduct forensic analysis or examination of the computer data storage medium; and
  • To render inaccessible or remove those computer data in the accessed computer or computer and communications network.

Law enforcement authorities may order any person who has knowledge about the functioning of the computer system and the measures to protect and preserve the computer data therein to provide, as is reasonable, the necessary information, to enable the undertaking of the search, seizure and examination.

Law enforcement authorities may request for an extension of time to complete the examination of the computer data storage medium but in no case for a period longer than 30 days from date of approval by the court (Section 15).

Custody of Computer Data: The Act prescribes that all computer data, including content and traffic data, examined under a proper warrant must be deposited with the court in a sealed package, accompanied by an affidavit of the law enforcement authority, within 48 hours of the expiration of the warrant. The package is not to be opened, or the recordings replayed, or used in evidence, or then contents revealed, except upon order of the court, which shall not be granted except upon motion, with due notice and opportunity to be heard to the person or persons whose conversation or communications have been recorded (Section 16).

Destruction of Computer Data: Upon expiration of the periods as provided in Sections 13 and 15, service providers and law enforcement authorities must immediately and completely destroy the computer data subject of a preservation and examination (Section 17).

Exclusionary Rule: Any evidence procured without a valid warrant or beyond the authority of a warrant is inadmissible for any proceeding before any court or tribunal (Section 18).

Restricting or Blocking Access to Computer Data: When a computer data is prima facie found to be in violation of the provisions of this Act, the Department of Justice can issue an order to restrict or block access to such computer data (Section19).

Competent Authorities: The Act establishes an Office of Cybercrime within the Department of Justice designated as the central authority in all matters related to international mutual assistance and extradition (Section 23). The Act also establishes a Cybercrime Investigation and Coordinating Center, under the administrative supervision of the Office of the President, for policy coordination among concerned agencies and for the formulation and enforcement of the national cyber security plan (Section 24).

Reaction to the legislation: Following the enactment of the law, petitions were immediately filed requesting the Supreme Court to issue temporary restraining orders to several government agencies from implementing several provisions of the law which were seen as unconstitutional.

Problematic provisions cited by the party list Alab ng Mamamahayag (ALAM) are:

  • Section 4c, which penalizes online libel defining it as an act  committed through a computer system or any other similar means which may be devised in the future ; and
  • Section 12, which makes it illegal  to collect or record by technical or electronic means traffic data in real-time associated with specified communications transmitted by means of a computer system ; and Section 20, which enumerates the penalties for violating the law.9

Critics have argued that the law creates a  chilling effect on the public , violating media freedom and giving too much power to the Department of Justice.10 ALAM argues that the 1987 Constitution states that no law shall be passed to limit the freedom of expression, speech and press and that it was  stupid  for those who crafted the law to consider unsolicited advertisement, defined as the transmission of commercial electronic communication with the use of computer system which seek to advertise, sell, or offer for sale products and services, as cybercrime.11

Journalist organizations have launched a campaign to stop the implementation of the implementation. Aside from the chilling effect caused by the law, there is the added concern of higher degrees of punishment imposed by the Act.12

The petitioners challenged the government to prove that the Cybercrime Law would not violate peoples' "most fundamental right" under Section 1, Article III of the 1987 Philippine Constitution, by passing the "substantive due process test" and the "equal protection challenge .13

The Philippine National Police Criminal Investigation and Detection Group (CIDG), one of the government agencies tasked with implementing the Cybercrime Law, said that itwill need further clarification on the Law before they can begin to implement it. CIDG Director Samuel Pagdilao Jr. welcomed the new Law but added that the implementing rules and regulation of the Law must be detailed and clarified.14 The Director assured that Section 12 of the Law shall only be exercised if there is an existing complaint or if there is strong evidence to warrant gathering of traffic data relating to acts such as hacking or terrorism.15Further, the CIDG shall only monitor the IP address and not the content passing through it.16

Another group filed a petition asking the Supreme Court to issue a temporary restraining order against government agencies from implementing the following provisions17:

  • Section 4 (c)[4],which criminalizes libel, not only on the internet, but also on "any other similar means which may be devised in the future";
  • Section 6, which raises by one degree higher the penalties provided for by the Revised Penal Code for all crimes committed through and with the use of information and communications;
  • Section 7, which provides that apart from prosecution under the assailed law, any person charged for the alleged offense covered will not be spared from violations of the Revised Penal Code and other special laws;
  • Section 12, which authorizes law enforcement authorities to "collect or record by technical or electronic means" communications transmitted through a computer system; and
  • Section 19, whichauthorizes the DOJ to block access to computer data when such data "is prima facie found to be in violation of the provisions of this Act."

They reasoned that real time data collection of traffic data violates the right to privacy and the right against unreasonable searches and seizure, while stressing that the questioned provisions of the law "inter-operate with each other to create a 'chilling effect'" upon constitutional freedoms.18

On October 9, 2012, the Supreme Court of the Philippines issued a temporary restraining order (TRO) covering a period of 120 days. At the same time, it ordered the Solicitor General to comment within ten days on the petitions filed against the law. The court also set the case for oral argument on January 15, 2013.

Civil law

The Civil Code of the Philippines (Republic Act No. 386, s. 1949)19 governs the application of civil actions. Chapter 2 of the Code regulates human relations, and mandates that  every person shall respect the dignity, personality, privacy and peace of mind of his neighbors and other persons  (Art. 26).

The following and similar acts give rise to an action for damages, prevention and other relief (Art. 26):

  1. Prying into the privacy of another's residence;
  2. Meddling with or disturbing the private life or family relations of another;
  3. Intriguing to cause another to be alienated from his friends; and
  4. Vexing or humiliating another on account of his religious beliefs, lowly station in life, place of birth, physical defect, or other personal condition.

Anyone who directly or indirectly obstructs, defeats, violates or in any manner impedes or impairs any of the following rights and liberties of another person is liable for damages under the law (Art. 32):

  1. The right to be secure in one's person, house, papers, and effects against unreasonable searches and seizures;
  2. The liberty of abode and of changing the same; and
  3. The privacy of communication and correspondence.

Data protection: The Data Privacy Act of 2012 (Republic Act 10173)20 preserves the citizen's right of privacy of communication while ensuring the free flow of information and recognizing the role of information and communications technology in nation-building and its obligation to ensure that personal information in information and communications systems in government and private sector are secured and protected.

The Act covers the processing of personal information and those involved in processing said information. It does not amend or repeal the provisions of Republic Act 5321 that exempts the publisher, editor or reporter of any publication from revealing the source of published news or information obtained in confidence. The Act is primarily designed to address the privacy concerns raised by the Business Process Outsourcing (BPO). The BPO industry is seen to benefit most from the enactment of the law which, by increasing the data protection standards in the Philippines, is projected to allow for an increase in BPO revenue, from US$9 billion in 2011 to US$25 billion by 2016, and an expansion of industry employment to four million in the same time period.22

Prior to being signed into law, media groups appealed against Section 30 of the Senate version of the bill (SB 296523) where, in case of a breach in confidentiality of information results in it being published by the media, the responsible reporter, writer, president, publisher, manager and editor-in-chief shall be held liable. The Economic Journalists Association of the Philippines saw the provisions as a tool that can be used to harass media and suppress its guaranteed freedom.24 Other groups have maintained that the restrictive position would have a chilling effect on journalists.25 Despite the absence of the provision in the RA 10173, the law is worded vaguely that it could apply to almost anything online, not just the personal medical information being handled by BPOs.26

The Law also provides for a National Privacy Commission to monitor and ensure the country s compliance with international data protection standards.

Guidelines for the Protection of Personal Data in Information and Telecommunication System in the Private Sector: In 2006, the Department of Trade and Industry adopted the Administrative Order No. 8 (s. 2006) Guidelines for the Protection of Personal Data in Information and Telecommunication System in the Private Sector. 27The objective of the Order is to encourage and provide support to private entities to adopt personal data protection policies, and provide rules for data protection certifiers in Philippines.

General principles for the protection of personal data in the Order require that personal data be:

  • Collected for specified and legitimate purposes determined before collecting the personal data and processed in compliance with those purposes;
  • Processed accurately, fairly, and lawfully;
  • Accurate and, when appropriate, up-to-date (inaccurate or incomplete data must be corrected, supplemented, or destroyed);
  • Identical, adequate, and according to the purposes for which it is collected and processed; and
  • Kept in a form that allows identification of the data subject, and for no longer than it is necessary for the purposes for which it was collected and processed.

Personal data can only be processed when:

  • The data subject has given his/her unambiguous consent;
  • The personal data processing is the result of the data subject contractual obligation;
  • The data processing is  vitally important' to protect the data subject, including life and health; or
  • The data controller is required to process personal data in compliance with his/her lawful obligations and only to the extent authorised by the parties.

Section 6 of the Order provides that access to personal data in an information or communications system shall only be authorised in favour of the individual or entity having a legal right to the possession or the use of the file and solely for the authorised purpose. It shall not be made available to any person or party without the consent of the individual or entity in lawful possession, or in the absence of court order.

Section 7 of the Order establishes the confidentiality principle, and Section 8 addresses the issue of security of data, requiring data controllers to implement organisational and technical means to assure protection of personal data from destruction, alteration, or disclosure.

The Order also mandates the Department of Trade and Industry to create a Privacy Complaints Office to address related issues that may surface in the implementation of the Order.

The Cybercrime Prevention Act of 2012 provides for the preservation of traffic data and subscriber information for a minimum period of six months from the date of the transaction. Content data shall be similarly preserved for six months from the date of receipt of the order from law enforcement authorities requiring its preservation. Law enforcement authorities may order a one-time extension for another six months provided that once the computer data preserved, transmitted, or stored by a service provider is required as evidence in a case, the mere act of furnishing the service provider with a copy of the transmittal document sent to the Office of the Prosecutor shall be deemed a notification to preserve the computer data until the termination of the case. The service provider shall keep confidential the computer data ordered to be preserved (Section 13).

The same Act provides that law enforcement authorities, upon securing a court warrant, must issue an order requiring any person or service provider to disclose or submit subscriber information, traffic data, or relevant data in his/its possession or control within 72 hours of receipt of an order in relation to a valid complaint, officially docketed and assigned for investigation, as long as the disclosure is necessary and relevant for the purpose of investigation (Section 14).

Writ of Habeas Data28: The Rule on the Writ of Habeas Data (2 February 2008) is a remedy available to any person whose right to privacy in life, liberty, or security is violated or threatened by an unlawful act or omission of a public official or employee, or of a private individual or entity engaged in the gathering, collecting, or storing of data or information regarding the person, family, home, and correspondence of the aggrieved party.

The petition may be filed with the Regional Trial Court where the petitioner or respondent lives, or that which has jurisdiction over the place where the data or information is gathered, collected, or stored, at the option of the petitioner. It may also be filed with the Supreme Court or Court of Appeals or the Sandigan bayan, when the action concerns public data files of government offices.

Footnotes