On the internet nobody knows you're a cat
In the age of industrialization, a modern era of change has come to befall upon humanity and thus, we as humans need to cope with the transition of life. In this realization the internet was born and the power to connect things to infinity and beyond can now be grasped but as a popularized fictional uncle once said “with great power comes great responsibility”. But as to what extent can we make better off in this technology. Now that the breakthrough of the century is at hand there is individual willing to exploit that technology to gain the upper hand to their fellow men. To gain an unjust and prejudicial advantage and through the epiphany of thought that a power this vast has the huge tendency to be abused the law has set forth its limitations.
Hence the Data Privacy Act of 2012 was created a policy of the state to protect the fundamental human right of privacy of communication while ensuring free flow of information to promote innovation and growth. The government realizes that with the advancement of human development, constant interaction is a fundamental aspect for its growth. Hence this policy aims that the information and communications technology and its inherent obligation that personal in information and communications systems in the government and in the private sector are secured and protected now the question becomes that is it enough to deter those who want to do misdeed to their fellow men. As to every little detail of our society some people are twisted enough to find loop holes to an otherwise clear cut law and as such we are to find how to construe this grievances.
But is it enough to safeguard ourselves to this. The World Wide Web provides a great medium of expression but has the downside of making all things even your own personal lives subjected to scrutiny. As much as I believe in the noble intent of the legislators in enacting this law, I do not believe that it has teeth as a law to safeguard the fundamental right of an individual to privacy. With the advances in information technology, privacy in personal data has become illusory. For the right price or with good connections, private information disclosed in confidence to companies or government offices can be made available to or accessed by interested parties. But on the plus the other side of the story the enactment of this law can really provide for a limit to an otherwise freely given system. And as to what extent this can do. Only the legislation can prove that part.
The constitution plays a huge part in this too knowing where and how to change to curb and preserve the rights of an individual. The provisions of the code states that: SEC 2 “the right of the people to be secure in their persons, houses, papers and effects against unreasonable searches and seizures of whatever nature and for any purpose shall be inviolable, and no search warrant or warrant of arrest shall issue except upon probable cause to be determined personally by the judge after examination and under oath or affirmation of the complainant and the witnesses he may produce and particularly describing the place to be searched and the persons or the things to be seized.” In this aspect alone we need an edgier solution.
Data privacy act of 2012
RA 10173 is based on European Council No. 45/2001 in which, it protects the fundamental rights and freedoms of naturalpersons, and in particular their right to privacy with respect to the processing of personal data and shall neither restrict nor prohibit the free flow of personal data between themselves or to recipients.
RA 10173 applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors who, although not found or established in the Philippines, use equipment that are located in the Philippines, or those who maintain an office, branch or agency in the Philippines
The Data privacy act of 2012 was made to eliminate or on the least minimize the unauthorized or the uncharted use of a person personal or private information for matter not wholly for their benefit in its declaration of policy it is stated that although the free flow of information promotes innovation and growth, it is essential that personal information in the government and private sector’s information and communications systems are secured and protected. Personal information is defined as “any information whether recorded in material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information.” It includes facts and figures about a person’s race, ethnic origin, marital status, age, colour and religious, philosophical and political affiliations. Or practically his life story.
The data privacy act of 2012 is promulgated to guide the laws as to how personal information sent through the web can be controlled and regulated , observed and followed it is what aims to make personal information still makes it personal.
Statement of the problem
The problem lies not within the boundaries of what the provisions of the law provides but on what it doesn't or to what seem to be called “gray areas “in the law. There are always loopholes and there are always people trying to bypass the system, to what we learn and to what we can understand is not entirely what it seems. More often than not we rely on the common intelligence of man as to determine the truth in things as to what is right and just but that is not always the case, We are on the age of diversification a time where one must tread deeply unto the age of technology to ever cope up with the ever changing society.
What are the “gray areas” in the law are anyway. It is what defined as to what is an uncharted territory, or where the law is silent as to how it should be construed in such instances it is what is legal and what is not.
It is in this train of thought that we come up with such notions and we try to formulate scenarios that would ask ourselves if it can still be covered by the law. Or can it still be on the odds of being unfavourable to others; is the law faulty by accident or by design?
The gray areas that can be discussed are to show how thin the line between what is morality and decency and to what is unjust and misunderstood.
Gray Areas of the Data privacy Act of 2012
In every law there are provisions that are deemed contentious and even at some point confusing as to make quite a stipulation as to how it is supposed to be understood.
A thing that can be worth mentioning in the making of the data privacy act is the creation of a separate independent body to administer the law Section 7 of the Data Privacy Act states that “To administer and implement the provisions of this Act, and to monitor and ensure compliance of the country with international standards set for data protection, there is hereby created an independent body to be known as the National Privacy Commission,
This can be a subject of discussion because there is now an independent body which will administer and monitor the compliance of the law. What does it mean? It means that there would be a commission not under the direct supervision or control by the government. The commission now having a wide discretion provided by the law. It means that the president or any other government official cannot influence the commission on what policies they wish to efficiently promulgate or use their powers in influencing the commission in order to achieve their fraudulent or evil intent.
One of the gray areas I could find in the data privacy act is to what is stated in Section 5 which states that”. Protection Afforded to Journalists and Their Sources. – Nothing in this Act shall be construed as to have amended or repealed the provisions of Republic Act No. 53, which affords the publishers, editors or duly accredited reporters of any newspaper, magazine or periodical of general circulation protection from being compelled to reveal the source of any news report or information appearing in said publication which was related in any confidence to such publisher, editor, or reporter.
This is what I believe as a researcher can be used as a great abuse of discretion by the media men. Imagine this. A reporter trying to make a break in his career by producing libellous, false or fraudulent information which they cannot disclose the personal information of the source they can use the provisions stated in section 5 to protect themselves, like a disguise that can conceal their malicious intent as the law states media men are not compelled to reveal their source, what if they claim they got lead from a reliable source that claims to say such malicious information well in truth such source does not exist surely a journalist cannot invoke the provisions of this law.
Another thing which can or cannot be subject to debate is the mobile phone numbers each individual possess. The advancement of technology has made it possible for anyone to be in touch with someone anywhere, anytime through the use of mobile phones, a series of numbers that is specifically identifiable to you. This now poses a question whether our own mobile phone numbers can be considered as personal information in the purposes of the law. a lot of companies and even government agencies consider your mobile phone as your personal information for it is a direct line in which you can be reached and notified, your mobile phone number is something that specifically caters to you.
In this aspect we can then conclude that since mobile numbers are considered as personal information that can be used to directly or in conjunction with other data can be used to identify a specific person then said act of giving out a mobile number might be considered as a violation of the Data Privacy Act of the Philippines. However to prevent of the possibility of the law being absurd in a sense is that we should therefore qualify that not all acts of giving out a mobile number can be considered as illegal in this regard.
According to the R.A. 10173 Sec. 3 (h), a personal information controller, does not include:
- A person or organization who performs such functions as instructed by another person or organization;
- An individual who collects, holds, processes or uses personal information in connection with the individual’s personal, family or household affairs.
In this regard then it is considered that those falling under those exceptions are not considered as personal information controllers.
There are also certain acts that the Data Privacy Act would not be applicable which can be located in Section 4 entitled Scope. This mostly deals with data or information that is connected with government officials or employees in the function of their office which is understandable since these people are deemed to be in public service and their information cannot be considered as private in this regard however there is of course the phrase that it must have a relation to their function or their employment in the government. There is also a provision that those processed for journalistic, artistic, literary or research purposes are not covered in this Act.
There would be many who would be skeptical as to the implication of a mere number transfer leading to something disastrous and could be simply tagged as making a mountain out of a molehill. However I would be providing multiple scenarios that would show how something that is perceived as a molehill could lead to something immense.
How much information could we actually derive from a mere mobile number, taking into consideration the scenario it would be safe to assume that by the fact that a person asked for a person’s mobile number is that it would include their name. So how far would a person be able to go with just a name and a mobile number? Very far.
Taking into consideration our initial premise, once the third party has acquired said number without the consent of the data subject just how much could he do with said number.
Calling a telecommunications company would lead you to one of their call centers based here and normal requirement in order to initiate service would be your name and your mobile/phone number and sometimes one additional data which would be the client’s birthday.
We now have a name as well as a number; via Social Engineering techniques we could then derive the birthday easily. Approaching a common acquaintance it would be easy to say that one knows the person and that would like to place it in their calendar, or via something termed as “doxxing” which is getting bits and pieces of information via the internet (Facebook, Twitter e.g. check when people would greet them happy birthday) or other methods. And as to what people can gain in this a man can only stipulate.
In conclusion the data privacy acts still need to provide a definitive implementing rules and regulation. A plain reading of the Data Privacy act clearly shows that it is clearly trying to shows the legislature’s continuing concern to the protection of the right to privacy consistent with the continuing advancement in technology. Yet still need a definitive review to have a clear cut way in which to tread their path upon the effectiveness of it.
As stated in a case of Whalen v. Roeis ““We are not unaware of the threat to privacy implicit in the accumulation of vast amounts of personal information in computerized data banks or other massive government files. The collection of taxes, the distribution of welfare and social security benefits, the supervision of public health, the direction of our Armed Forces and the enforcement of the criminal laws all require the orderly preservation of great quantities of information, much of which is personal in character and potentially embarrassing or harmful if disclosed. The right to collect and use such data for public purposes is typically accompanied by a concomitant statutory or regulatory duty to avoid unwarranted disclosures.”