Introduction:
“Once you’ve lost your privacy, you realize you’ve lost an
extremely valuable thing”
- Billy Graham
“So long as the laws remain such as they are today, employ some
discretion: loud opinion forces us to do so; but in privacy and silence let us
compensate ourselves for the cruel chastity we are obliged to display in
public.”
- Marquis de Sade
In today’s fast pacing
world, data integrates into our lives without being noticed. Privacy,
a fundamental though not absolute is human right which underpins human dignity and
other key values such as freedom of association and freedom of speech. It has
become one of the most important human rights issues of the modern age. We need a law to ensure that
our rapidly growing and changing data is protected. The clamor for creating
that specific law started in the recent economic boom of BPO business. it is a
tool in promotion of E-commerce. Maybe the intention of the government is to
improve the system but it just so happened that it went the other way around.
They over looked the deprivation of rights as a result of passing RA 10173 and
RA 10175 into a law. It made a negative impact especially with the imposed
penalties for every offense.
Statement of the Problem:
This research includes an examination of the RA 10173 and RA 10175
and its significant implication to the rights of an individual under Philippine
Laws; specifically, it will seek to answer the following questions:
1. What is RA 10173?
2. What is RA 10175?
3. What are the advantages of Data Privacy Act?
4. What are the rights violated in implementing RA 10173 and how
will the government respond to address such deprivation?
5. What are the advantages of Cyber Crime Law?
6. What are the rights violated in implementing RA 10175 and how
will the government respond to address such deprivation?
Presentation, Analysis and Interpretation of Data
Data, Analysis and interpretations
will be presented to provide answers to the questions on this study.
Problem 1: What is RA 10173?
Data Privacy Act of 2012 is an
act protecting individual information in information and communications systems
in the government and the private sector, creating for this purpose a national
privacy commission, and for other purposes enable to protect the fundamental human right of
privacy, of communication while ensuring free flow of information to promote
innovation and growth. The State recognizes the vital role of information and
communications technology in nation-building and its inherent obligation to
ensure that personal information in information and communications systems in
the government and in the private sector are secured and protected. It applies
to the processing of all types of personal information and to any natural and
juridical person involved in personal information processing including those
personal information controllers and processors who, although not found or
established in the Philippines, use equipment that are located in the
Philippines, or those who maintain an office, branch or agency in the
Philippines.
Problem 2: What is RA 10175?
Cyber crime
prevention act of 2012 is an act defining cyber crime, providing for
prevention, investigation, suppression and the imposition of penalties
therefore and for other purposes. The National Bureau of Investigation (NBI)
and the Philippine National Police (PNP) shall be responsible
for efficient and effective law enforcement of the provisions of this Act.
The NBI and PNP shall organize a cyber crime unit or center manned
by special investigators to exclusively handle cases involving
violations of this Act.
Problem 3: What are the advantages of Data
Privacy Act?
The newly approved Data Privacy Act benefits Information
Technology and Business Process Outsourcing industry by making it in line with
international standards of privacy. It also protects publishers, editors or
duly accredited reporters of any newspaper, magazine or periodical of general
circulation protection from being compelled to reveal the source of any news
report or information appearing in said publication which was related in any
confidence to such publisher, editor, or reporter.
Another good thing about data privacy
Act, Under the personal information must be
fairly and lawfully processed, Processed for specified purposes, Adequate,
relevant and not excessive, Accurate, and where necessary, kept up to date, not
kept for longer than is necessary, processed in line with the rights of the
individual and Kept secure. In that way, the new law in personal information
and it will prevent fraud and personal information theft. It helps preserve people's personal
information. The new law states:
"The
State recognizes the vital role of information and communications technology
(ICT) in nation-building and its inherent obligation to ensure that personal
information in information and communications systems in the government and in
the private sector are secured and protected." Along with the new law is
the creation of the National Privacy Commission, which will administer and
implement the Act as well as ensure the country complies with international
standards for data protection.BPO industry, will
bring in projected revenues of US$25 billion by 2016. It will also increase job
openings from about 1 million to 4 million positions in the next four years
which was supported by Angara in that way, we can say that it will not only
secure our personal information, it will also open job opportunities in the
country. Who are we to refuse such opportunity?
Lawful access, confidentiality obligation and security are just
few of the obligations imposed by Guideline 8 and to be followed by BPO as
well. The Lawful access rule says, "access to personal data in an
information or communications system shall only be authorized in favor of the
individual or entity having a legal right to the possession or the use of the
file and solely for the authorized purpose. It shall not be made
available to any person or party without the consent of the individual or
entity in lawful possession, or in the absence of court order." This
is a very useful customer protection rule that indirectly prohibits selling
personal data to no-authorized parties and when outside the data collection
purpose.
Section
7 Guideline 8 establishes the confidentiality principle. Under this
principle, any person who gets access to personal data in an information or
communication system, pursuant to powers conferred under E-commerce law, ‘shall
not convey or share the same with any other person.' This confidentiality
rule will have an important impact in the Philippines' Medical Transcription
BPO market. Fortunately it happens to be that Philippines is a major
player in offshore Medical Transcription services and confidentiality is
paramount in the medical field.
Guideline 8, section 8, addresses the issue of Security of Data. In Philippines, data controllers must implement organizational and technical means to assure protection of personal data from destruction, alteration or disclosure. If data controllers use the services of data processors, the first one must assure data processors follow the organizational and technical protection means established by the company and data controllers must provide data processors with specific instructions on processing personal data. This security rule also imposes data processors and those data controller's employees a confidentiality duty even after the employment is terminated. (INTERNET LAW - Data Protection Law in Philippines’ Business Process Outsourcing Industry)
The general rule is that access to personal data
in information and communications system shall only be authorized in favor of
the individual or entity having a legal right to the possession or the use of
the file and solely for the authorized purposes. Personal data shall not be
made available to any person or party without the consent of the individual or
entity in lawful possession, or in the absence of court order. Personal data is
defined as any information relating to an identified or identifiable natural
person. The intention of the Law speaks of an extension of sec. 3
of Art III of the constitution that states the privacy of communication
and correspondence shall be violable except upon lawful; order of the court or
when public safety and order requires prescribed by law. Encryption protects
electronic messages from unauthorized access and use which is particularly
important for secure Internet and email use. Increased use of encryption
technologies has prompted the Government to enact controversial legislation
allowing access to electronic data protected by encryption
Problem 4: What are the rights violated in implementing RA 10173
and how will the government
ART III Sec 7.Bill of Rights of the Constitution
The right
of the people to information on matters of public concern shall be recognized.
Access to official records and documents and papers pertaining to official
acts, transactions or decisions as well as to government research data used as
a basis for policy development, shall be afforded the citizen, subject to such
limitations provided by law.
ART III Sec 19. (1) Bill of Rights of the Constitution
Excessive
fines shall not be imposed, nor cruel, degrading or inhuman punishment
inflicted. This is in conflict with RA 10173 sections:
SEC. 25. Unauthorized Processing of Personal Information
and Sensitive Personal Information. – (a) The unauthorized processing
of personal information shall be penalized by imprisonment ranging from one (1)
year to three (3) years and a fine of not less than Five hundred thousand pesos
(Php500,000.00) but not more than Two million pesos (Php2,000,000.00) shall be
imposed on persons who process personal information without the consent of the
data subject, or without being authorized under this Act or any existing law.
(b) The
unauthorized processing of personal sensitive information shall be penalized by
imprisonment ranging from three (3) years to six (6) years and a fine of not
less than Five hundred thousand pesos (Php500,000.00) but not more than Four
million pesos (Php4,000,000.00) shall be imposed on persons who process
personal information without the consent of the data subject, or without being
authorized under this Act or any existing law.
SEC. 26. Accessing Personal Information and Sensitive
Personal Information Due to Negligence. – (a) Accessing personal
information due to negligence shall be penalized by imprisonment ranging from
one (1) year to three (3) years and a fine of not less than Five hundred
thousand pesos (Php500,000.00) but not more than Two million pesos
(Php2,000,000.00) shall be imposed on persons who, due to negligence, provided
access to personal information without being authorized under this Act or any
existing law.
(b)
Accessing sensitive personal information due to negligence shall be penalized
by imprisonment ranging from three (3) years to six (6) years and a fine of not
less than Five hundred thousand pesos (Php500,000.00) but not more than Four million
pesos (Php4,000,000.00) shall be imposed on persons who, due to negligence,
provided access to personal information without being authorized under this Act
or any existing law.
SEC. 27. Improper Disposal of Personal Information and
Sensitive Personal Information. – (a) The improper disposal of
personal information shall be penalized by imprisonment ranging from six (6)
months to two (2) years and a fine of not less than One hundred thousand pesos
(Php100,000.00) but not more than Five hundred thousand pesos (Php500,000.00)
shall be imposed on persons who knowingly or negligently dispose, discard or
abandon the personal information of an individual in an area accessible to the
public or has otherwise placed the personal information of an individual in its
container for trash collection.
b) The
improper disposal of sensitive personal information shall be penalized by
imprisonment ranging from one (1) year to three (3) years and a fine of not
less than One hundred thousand pesos (Php100,000.00) but not more than One
million pesos (Php1,000,000.00) shall be imposed on persons who knowingly or
negligently dispose, discard or abandon the personal information of an
individual in an area accessible to the public or has otherwise placed the
personal information of an individual in its container for trash collection.
SEC. 28. Processing of Personal Information and
Sensitive Personal Information for Unauthorized Purposes. – The
processing of personal information for unauthorized purposes shall be penalized
by imprisonment ranging from one (1) year and six (6) months to five (5) years
and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not
more than One million pesos (Php1,000,000.00) shall be imposed on persons
processing personal information for purposes not authorized by the data
subject, or otherwise authorized under this Act or under existing laws.
The processing of sensitive personal information for
unauthorized purposes shall be penalized by imprisonment ranging from two (2)
years to seven (7) years and a fine of not less than Five hundred thousand
pesos (Php500,000.00) but not more than Two million pesos (Php2,000,000.00)
shall be imposed on persons processing sensitive personal information for
purposes not authorized by the data subject, or otherwise authorized under this
Act or under existing laws.
SEC. 29. Unauthorized Access or Intentional Breach.
– The penalty of imprisonment ranging from one (1) year to three (3)
years and a fine of not less than Five hundred thousand pesos (Php500,000.00)
but not more than Two million pesos (Php2,000,000.00) shall be imposed on
persons who knowingly and unlawfully, or violating data confidentiality and
security data systems, breaks in any way into any system where personal and
sensitive personal information is stored.
SEC. 30. Concealment of Security Breaches Involving
Sensitive Personal Information. – The penalty of imprisonment of one
(1) year and six (6) months to five (5) years and a fine of not less than Five
hundred thousand pesos (Php500,000.00) but not more than One million pesos
(Php1,000,000.00) shall be imposed on persons who, after having knowledge of a
security breach and of the obligation to notify the Commission pursuant to
Section 20(f), intentionally or by omission conceals the fact of such security
breach.
SEC. 31. Malicious Disclosure. – Any personal
information controller or personal information processor or any of its
officials, employees or agents, who, with malice or in bad faith, discloses
unwarranted or false information relative to any personal information or
personal sensitive information obtained by him or her, shall be subject to
imprisonment ranging from one (1) year and six (6) months to five (5) years and
a fine of not less than Five hundred thousand pesos (Php500,000.00) but not
more than One million pesos (Php1,000,000.00).
SEC. 32. Unauthorized Disclosure. – (a) Any
personal information controller or personal information processor or any of its
officials, employees or agents, who discloses to a third party personal
information not covered by the immediately preceding section without the
consent of the data subject, shall he subject to imprisonment ranging from one
(1) year to three (3) years and a fine of not less than Five hundred thousand
pesos (Php500,000.00) but not more than One million pesos (Php1,000,000.00).
(b) Any
personal information controller or personal information processor or any of its
officials, employees or agents, who discloses to a third party sensitive
personal information not covered by the immediately preceding section without
the consent of the data subject, shall be subject to imprisonment ranging from
three (3) years to five (5) years and a fine of not less than Five hundred
thousand pesos (Php500,000.00) but not more than Two million pesos
(Php2,000,000.00).
SEC. 33. Combination or Series of Acts. – Any
combination or series of acts as defined in Sections 25 to 32 shall make the
person subject to imprisonment ranging from three (3) years to six (6) years
and a fine of not less than One million pesos (Php1,000,000.00) but not more
than Five million pesos (Php5,000,000.00).
While it is true that we adhere in the Latin principle
DURA LEX SED LEX or the law may be harsh but still it is the law, in my view
the penalties that have been imposed is too much. It violates the right of the
people not to be imposed with excessive fines. As we can observed, the fines
range between php500,000 to 4,000,000. Though the intention of the law is to
protect sensitive information, the penalties are too high that an ordinary man
may not afford to comply.
Sec 3(a) Commission shall
refer to the National Privacy Commission created by virtue of this Act.
The
administration and implementation of the provisions of this act aim to create
National privacy Commission however, it would also create overlapping of power
Problem 5: What are the advantages of Cyber Crime
Law?
While it is true that there are so many protests in the passage
of cyber crime Law which infact lead to suspension due to certain rights
violation, advantages are as follows:
It punishes computer
related forgery, fraud and identity theft, crimes in the internet, offenses
against confidentiality, integrity and availability of computer data system, illegal access, illegal
interception, data interference, system interference and misuse of devices,
content related offenses on cybersex and child pornography, cyber squatting
(the user of other person domain name to profit, misled, destroy the reputation
and deprive others from registering) and offenses on libel committed through a
computer system.
Cyber sex, a modern style of prostitution will now be considered
as a crime and punishable. It will prevent citizens specially youth from poor
sector from engaging and performing indecent acts using modern devices. Victims
will be saved and Cyber sex operators will be imprisoned depending on the
weight of the felony.
Cyber bullying involves libelous acts, cyber intimidation and
moral torture by the use of internet through social networks and sites will be
punishable and considered as crime. As I watched GMA news propaganda, I was
astonished on how they managed to inform us on how to use internet properly.
“Think before you Click” is an example that we must analyze every statement
that we are about to post including the pictures and videos that may or may not
be acceptable in the views of others specially it may not only be viewed by few
but rather be viewed by everyone. Since the internet is universal, it is also a
good thing to create guidelines in using internet as to the rights involved.
Since we are no longer living in Stone Age, almost everyone has
access over the internet and most of us use online in our daily transactions.
The Law protects online businesses from online fraud and any similar acts.
Trade and industry will not only be easy but also set a safe option in putting
up a business.
We cannot deny the fact that in spite of technological advances,
our country remains unsatisfactory as to technical knowledge. There are some
instances wherein Government websites were being hacked which resulted to
impairment of activities in the government. The law punishes hackers, computer
related forgery and online theft.
The increasing sophistication of information technology with its
capacity to collect, analyze and disseminate information on individuals has
introduced a sense of urgency to the demand for legislation. Computers linked
together by high speed networks with advanced processing systems can create
comprehensive dossiers on any person without the need for a single central
computer system. New technologies developed by the defense industry are
spreading into law enforcement, civilian agencies, and private companies.
Concern over privacy violations is now greater than at any time in
recent history. Uniformly,
populations throughout the world express fears about encroachment on privacy,
prompting an unprecedented number of nations to pass laws which specifically
protect the privacy of their citizens. Human rights groups are concerned that
much of this technology is being exported to developing countries which lack
adequate protections. Currently, there are few barriers to the trade in
surveillance technologies. It is now common wisdom that the power, capacity and
speed of information technology are accelerating rapidly. The extent of privacy
invasion or certainly the potential to invade privacy increases rapidly.
Problem 6: What are the rights violated in implementing
RA 10175 and how will the government respond to address such deprivation?
Though for some RA 10175 relates to e-martial law, crap, junk,
cyber-martial law and dictatorial law, we can’t hide the fact that this law
also has good effect on us, either for facebook or twitter users, bloggers,
journalists, which in the first place have been badly affected by this law. But
the thing is that only part
of the law is not good, it is no
other than the “sotto law” or what I just describe in the first phrases of this
paragraph, the internet libel which directly put to grave our
freedom of speech. Some congressmen
and senators said that they overlooked the said law. It mistakenly signed and
approved the law without taking into consideration the possible implication
that would result to deprivation of rights of an individual. The violated
right: Sec 4. No law shall be passed abridging the freedom of speech, of
expression, or the press or right of the people to assemble and petition the
redress of grievances.
It is in conflict with RA 10175 because comments and posts which
may not be acceptable to others may lead us to jail. The law aims to make us
responsible internet users. The only bad thing in the law is that, portion of
it is inconsonant with Bill of rights in the constitution. If we cannot live
with that kind of law, might as well proposed for revision.
Conclusion:
Though many of us
were against with two laws, we have no choice but leave the benefit of the
doubt that it also benefits us. The laws will maintain guidelines to be
followed in responsible using of internet and sharing of sensitive information,
peace for all internet users, minimize the cases of online accounts from being
hacked, and uphold the copyright or ownership of software developers or any
online and computer content on their time and blood invested crafts. Also on
top of which is to put a stop the cybersex and cyber prostitution. It’s not that am very much against
with the two laws, though despite of disadvantages it has also advantages, but
we should let our government know that they have the power but we certainly
have the rights. They
should’ve thought over all possible consequences of anything before signing it
into act. A single mistake will destroy not only their reputation for doing
reckless authority misuse but also lead Filipino to possible deprivation of
rights. Quoted from spokesmen Alex Deita, “Prior to the enactment of the
new law, how many cybercriminals are enjoying their freedom to escape liability
and punishment because there is no law covering their felonious acts?” However,
as to my view, how many rights were deprive in passing the two laws? Thus, our
law makers must be cautious in enactment of laws and check possible loop holes
and assure whether the law will really address our present dilemma on a
particular situation.
References:
Electronic:
http://home.earthlink.net/~davidlperry/edata.htm Personal
Privacy and Electronic Data Transfers
No comments:
Post a Comment