On
the internet nobody knows you're a cat
Introduction
In the
age of industrialization, a modern era of change has come to befall upon
humanity and thus, we as humans need to cope with the transition of life. In this realization the internet
was born and the power to connect things to infinity and beyond can now be
grasped but as a popularized fictional uncle once said “with great power comes
great responsibility”.
But as to what extent can we make better off in this technology. Now that the breakthrough of the
century is at hand there is individual willing to exploit that technology to
gain the upper hand to their fellow men. To gain an unjust and
prejudicial advantage and through the epiphany of thought that a power this
vast has the huge tendency to be abused the law has set forth its limitations.
Hence the
Data Privacy Act of 2012 was created a policy of the state to protect the
fundamental human right of privacy of communication while ensuring free flow of
information to promote innovation and growth. The government
realizes that with the advancement of human development, constant interaction
is a fundamental aspect for its growth. Hence this policy
aims that the information and communications technology and its inherent
obligation that personal in information and communications systems in the government and in
the private sector are secured and protected now the question becomes that is
it enough to deter those who want to do misdeed to their fellow men. As to every little detail of our
society some people are twisted enough to find loop holes to an otherwise clear
cut law and as such we are to find how to construe this grievances.
But
is it enough to safeguard ourselves to this. The World Wide Web provides a
great medium of expression but has the downside of making all things even your
own personal lives subjected to scrutiny. As much as I
believe in the noble intent of the legislators in enacting this law, I do not
believe that it has teeth as a law to safeguard the fundamental right of an
individual to privacy. With the
advances in information technology, privacy in personal data has become
illusory. For the right price or with good connections, private
information disclosed in confidence to companies or government offices can be
made available to or accessed by interested parties. But on the plus the
other side of the story the enactment of this law can really provide for a
limit to an otherwise freely given system. And as to what
extent this can do. Only the
legislation can prove that part.
The constitution plays a huge part
in this too knowing where and how to change to curb and preserve the rights of
an individual. The provisions of the code states
that: SEC 2 “the right of the people to be secure in their persons, houses,
papers and effects against unreasonable searches and seizures of whatever
nature and for any purpose shall be inviolable, and no search warrant or
warrant of arrest shall issue except upon probable cause to be determined
personally by the judge after examination and under oath or affirmation of the
complainant and the witnesses he may produce and particularly describing the
place to be searched and the persons or the things to be seized.” In this aspect alone we need an edgier solution.
Data privacy act of 2012
RA
10173 is based on European Council No. 45/2001 in which, it protects the
fundamental rights and freedoms of naturalpersons, and in particular their
right to privacy with respect to the processing of personal data and shall
neither restrict nor prohibit the free flow of personal data between themselves
or to recipients.
RA 10173 applies to the processing of all types of personal
information and to any natural and juridical person involved in personal
information processing including those personal information controllers and
processors who, although not found or established in the Philippines, use
equipment that are located in the Philippines, or those who maintain an office,
branch or agency in the Philippines
The
Data privacy act of 2012 was made to eliminate or on the least minimize the
unauthorized or the uncharted use of a person personal or private information
for matter not wholly for their benefit in its declaration of policy it is
stated that although the free flow of
information promotes innovation and growth, it is essential that personal
information in the government and private sector’s information and
communications systems are secured and protected. Personal information is defined as “any information whether
recorded in material form or not, from which the identity of an individual is
apparent or can be reasonably and directly ascertained by the entity holding
the information.” It includes
facts and figures about a person’s race, ethnic origin, marital status, age,
colour and religious, philosophical and political affiliations. Or practically his life story.
The data privacy act of 2012 is
promulgated to guide the laws as to how personal information sent through the
web can be controlled and regulated , observed and followed it is what aims to
make personal information still makes it personal.
Statement of the problem
The problem lies not within the
boundaries of what the provisions of the law provides but on what it doesn't or
to what seem to be called “gray areas
“in the law.
There are always loopholes and there are always people trying to bypass the
system, to what we learn and to what we can understand is not entirely what it
seems.
More often than not
we rely on the common intelligence of man as to determine the truth in things
as to what is right and just but that is not always the case, We are on the age
of diversification a time where one must tread deeply unto the age of
technology to ever cope up with the ever changing society.
What
are the “gray areas” in the law are anyway. It is what defined as to what is
an uncharted territory, or where the law is silent as to how it should be
construed in such instances it is what is legal and what is not.
It
is in this train of thought that we come up with such notions and we try to
formulate scenarios that would ask ourselves if it can still be covered by the
law. Or can it still be on the odds
of being unfavourable to others; is the law faulty by accident or by design?
The
gray areas that can be discussed are to show how thin the line between what is
morality and decency and to what is unjust and misunderstood.
Gray Areas of the Data privacy Act of 2012
In every law there are provisions that are deemed
contentious and even at some point confusing as to make quite a stipulation as
to how it is supposed to be understood.
A
thing that can be worth mentioning in the making of the data privacy act is the
creation of a separate independent body to administer the law Section 7 of the
Data Privacy Act states that “To administer and implement the provisions of
this Act, and to monitor and ensure compliance of the country with
international standards set for data protection, there is hereby created an independent
body to be known as the National Privacy Commission,
This
can be a subject of discussion because there is now an independent body which
will administer and monitor the compliance of the law. What does it mean? It means that there would be a commission not
under the direct supervision or control by the government. The commission now
having a wide discretion provided by the law. It means that the president or
any other government official cannot influence the commission on what policies
they wish to efficiently promulgate or use their powers in influencing the
commission in order to achieve their fraudulent or evil intent.
One
of the gray areas I could find in the data privacy act is to what is stated in
Section 5 which states that”. Protection Afforded to Journalists and Their
Sources. – Nothing
in this Act shall be construed as to have amended or repealed the provisions of
Republic Act No. 53, which affords the publishers, editors or duly accredited
reporters of any newspaper, magazine or periodical of general circulation
protection from being compelled to reveal the source of any news report or
information appearing in said publication which was related in any confidence
to such publisher, editor, or reporter.
This
is what I believe as a researcher can be used as a great abuse of discretion by
the media men. Imagine this. A reporter trying to make a break in his career by
producing libellous, false or fraudulent information which they cannot disclose
the personal information of the source they can use the provisions stated in
section 5 to protect themselves, like a disguise that can conceal their
malicious intent as the law states media men are not compelled to reveal their
source, what if they claim they got lead from a reliable source that claims to
say such malicious information well in truth such source does not exist surely
a journalist cannot invoke the provisions of this law.
Another
thing which can or cannot be subject to debate is the mobile phone numbers each
individual possess. The advancement of technology has made it possible for
anyone to be in touch with someone anywhere, anytime through the use of mobile
phones, a series of numbers that is specifically identifiable to you. This now
poses a question whether our own mobile phone numbers can be considered as
personal information in the purposes of the law. a lot of companies and even
government agencies consider your mobile phone as your personal information for
it is a direct line in which you can be reached and notified, your mobile phone
number is something that specifically caters to you.
In
this aspect we can then conclude that since mobile numbers are considered as
personal information that can be used to directly or in conjunction with other
data can be used to identify a specific person then said act of giving out a
mobile number might be considered as a violation of the Data Privacy Act of the
Philippines. However to prevent of the possibility of the law being absurd in a
sense is that we should therefore qualify that not all acts of giving out a
mobile number can be considered as illegal in this regard.
According to the R.A. 10173 Sec. 3 (h), a personal information
controller, does not include:
- A person or organization who performs such functions as instructed by another person or organization;
- An individual who collects, holds, processes or uses personal information in connection with the individual’s personal, family or household affairs.
In this regard then it is
considered that those falling under those exceptions are not considered as
personal information controllers.
There are also certain acts that
the Data Privacy Act would not be applicable which can be located in Section 4
entitled Scope. This mostly deals with data or information that is connected
with government officials or employees in the function of their office which is
understandable since these people are deemed to be in public service and their
information cannot be considered as private in this regard however there is of
course the phrase that it must have a relation to their function or their
employment in the government. There is also a provision that those processed
for journalistic, artistic, literary or research purposes are not covered in
this Act.
There
would be many who would be skeptical as to the implication of a mere number
transfer leading to something disastrous and could be simply tagged as making a
mountain out of a molehill. However I would be providing multiple scenarios
that would show how something that is perceived as a molehill could lead to something
immense.
How much information could we
actually derive from a mere mobile number, taking into consideration the
scenario it would be safe to assume that by the fact that a person asked for a
person’s mobile number is that it would include their name. So how far would a
person be able to go with just a name and a mobile number? Very far.
Taking
into consideration our initial premise, once the third party has acquired said
number without the consent of the data subject just how much could he do with said
number.
Calling a telecommunications company would lead you to one of their call
centers based here and normal requirement in order to initiate service would be
your name and your mobile/phone number and sometimes one additional data which
would be the client’s birthday.
We now have a name as well as a number; via Social Engineering techniques we
could then derive the birthday easily. Approaching a common acquaintance it
would be easy to say that one knows the person and that would like to place it
in their calendar, or via something termed as “doxxing” which is getting bits
and pieces of information via the internet (Facebook, Twitter e.g. check when
people would greet them happy birthday) or other methods. And as to what people
can gain in this a man can only stipulate.
Conclusion
In conclusion the data privacy acts
still need to provide a definitive implementing rules and regulation. A plain
reading of the Data Privacy act clearly shows that it is clearly trying to shows
the legislature’s continuing concern to the protection of the right to privacy
consistent with the continuing advancement in technology. Yet still need a definitive
review to have a clear cut way in which to tread their path upon the
effectiveness of it.
As stated in a case of Whalen v. Roeis
““We are not unaware of the threat to privacy implicit in the accumulation of
vast amounts of personal information in computerized data banks or other
massive government files. The collection of taxes, the distribution of welfare
and social security benefits, the supervision of public health, the direction
of our Armed Forces and the enforcement of the criminal laws all require the
orderly preservation of great quantities of information, much of which is
personal in character and potentially embarrassing or harmful if disclosed. The
right to collect and use such data for public purposes is typically accompanied
by a concomitant statutory or regulatory duty to avoid unwarranted
disclosures.”
SOURCES:
Walang komento:
Mag-post ng isang Komento