Will RA10173 provide sufficient mechanism for the introduction of the national ID system in the Philippines without constitutional issues as provided for in the case of Ople vs. Torres?
In times of war, information is like gold. It can enable a country or a party to whether engage either in attack or in a defensive position. It can boost the morale of your comrades to further ignite the will that lives inside them, or it can destroy even the tiniest hope they preciously protect. It can develop the country which can help millions of people but it can also be the same thing that destroys them. In the advent of RA 10173 personal information can now be gathered, enabling a national privacy commission to collect and use our personal information. We are not at war but our personal information is at risk, so are you willing to give the gold that you have?
The case of Ople versus Torres provides for three constitutional issues: First, there is usurpation of legislative power by the president of the Philippines; second, there is usurpation of the public funds which by law congress may only appropriate, and third is that the Administrative order issued was in violation of the bill of rights. The first and second issues are moot and academic by reason of the issuance of RA10173. It leaves us with only one but is the most important among the issues.
Sec. 3(1) of the bill of rights under the 1987 Constitution provides that, the privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise as prescribed by law. A simple yet very important right of every person.
The thing that caught my attention was sec. 4 of R.A. 10173. The act applies to all types of personal information. Though subject to certain exceptions like information of an official or employee of the government , his business, salary, those with service contracts with the government, licensing, journalistic and other pertinent laws relating to banking. Some say to take it in its literal meaning and some say take it in its technical meaning. What does technical meaning mean? To provide only information that the law asks for? If that is the case then that is not all, why would someone give more than he is asked for?
It is admirable that journalists and their sources are given protection under R.A. 10172. At least this right has been preserved by the legislators. Personal information relating to journalistic, artistic, literary or research purposes are exceptions to the application of said law.
An independent body which shall be known as the national privacy commission shall be established in order to carry out the objectives of R.A.10173. The commission has many functions as laid down in the law. The only thing that is not clear about the commission is how they would protect the information that may come into their possession. Serial keys, code generators, jail breaks and others these are some programs that professional hackers and programmers can do. I personally am not that much a computer literate but if those programmers can hack or make ways to counter even those big companies in the field of technology then what security does each Filipino possess in order to protect their rights when a national ID system will be effective.
The 1987 Constitution provides that under article three section one that, no person shall be deprived of life, liberty, or property without due process of law, nor shall any person be denied the equal protection of the laws.
R.A. 10173 provides that the national privacy commission can issue cease and desist orders, temporary as well as permanent bans when it affects national security and public interest. Well that is just and right national security and public interest are of vital importance.
What if private individuals are requesting for due process? Do we follow the due process in administrative proceedings or the due process as provided for by the rules of court? What provisional remedies can the private individual avail of and in how many days should the person be entitled to question the use of his personal information by others?
In the case of Ople versus Torres, what was questioned was the issuance of an administrative order issued by the president of the republic of the Philippines. In relation to the given topic, RA 10173 is a law passed by the legislative branch of the government. Now, to conform to the grant of due process it is right to follow the rules of court, but the rules are silent when it comes to the new law which is RA10173.
The law provides that, the liberty of abode and of changing the same within the limits prescribed by law shall not be impaired except upon lawful order of the court. Neither shall the right to travel be impaired except in the interest of national security, public safety, or public health as may be provided by law. Since modern technology enables us and even the government to track us, either using the global positioning system or though internet service providers or even through mobile phones, to locate wherever the person is at a particular place and time is highly notable. This basic freedom to travel and to change our abode can be at risk. Through the use of a national ID system and modern technology the government may know wherever we are. I’m not saying that this is bad but each one of us wants to have a safe place to stay in where no one can bother us.
The right of the people, including those employed in the public and private sectors, to form unions, associations, or societies for purposes not contrary to law shall not be abridged, as laid down by law is also one of the topics of the constitutionality of R.A 10173. For example, an employee of a private corporation or company registered in the national ID system, and while in said employment or as a condition before hiring when there is an established union is to, join a union. Since the employer has a right because the private individual is under an employment contract with the employer, the latter has the right to access his ID as a condition to continue hiring him. We must admit that most employers do not favor employees joining unions, the national ID system may work unfairly or discriminately on the part of the lowly employee.
A constitutional grant is that no person shall be compelled to be a witness against himself. Not all explanations or reasons can be stored in the national ID system. Some data or information may be a result of certain circumstances. And since R.A. 10173 provides that in criminal, administrative or tax liabilities of the private individual the rights of the data subject will not apply. There is ambiguity as to the applicability of the latter law.
Are we really that confident that no person will misuse the information we might give or are we too careless that we allow such information to be used by the government?
We have the principle of accountability as provided for by R.A. 10173 wherein each personal information controller is responsible for personal information under its custody. The personal information controller may also hire third parties to process the information of the data subject. This is a good provision, it mandates the data controller to stay accountable for the information he is keeping.
Another good provision of R.A. 10173 when it comes to the national ID system is that it provides that the heirs and assigns may invoke the rights of the data subject in case of incapacity or death. This may be useful when it comes to receiving pensions or differentials. Only one query, must it be written or verbal authorization may suffice?
As what have been provided by the law the national privacy commission shall establish a secretariat. The law requires that the members of the secretariat must have at least served for five years in the government agency that is involved in the processing of the information. The law enumerated certain offices wherein members of the secretariat may be chosen. They are the GSIS, SSS, LTO, BIR, Philhealth, DFA, DOJ, Philpost and COMELEC.
It is notable to relate R.A. 10173 with A.M. No. 08-1-16 SC or the rule on the writ of habeas data. Section 1 of the writ of habeas data provides that, it is a remedy available to any person whose right to privacy in life, liberty or security is violated or threatened by an unlawful act or omission of a public official or employee, or of a private individual or entity engaged in the gathering, collecting or storing of data or information regarding the person, family, home and correspondence of the aggrieved party.
Since R.A. 10173 applies to all kinds of personal information then the writ of habeas data is relevant in the processing of such information. One of the features of the Data Privacy Act of 2012 is that the data subject should signify his consent with respect to the information he is about to give to the data information controller. R.A. 10173 is vague when it comes to the types of personal information which should be disclosed to the information controller. How about our credit card numbers, bank account numbers or social security numbers? These account numbers are but simple things but have great impact to our lives. The knowledge of other people of these numbers is a threat to our security. Can we ask for the writ of habeas data to stop these data information controllers to take and store all of that information?
Now let us relate R.A. 10173 with the rules on electronic evidence. Rule 3 sec. 1 of the rules on electronic evidence provides that, whenever a rule of evidence refers to the term writing, document, record, instrument, memorandum or any other form of writing, such term shall be deemed to include an electronic document. Electronic evidence is the functional equivalent of paper-based documents.
Rule 1 sec. 2 of the rules on electronic evidence provides that, the rules on electronic evidence shall apply to all civil actions and proceedings, as well as quasi-judicial and administrative cases.
Now let us tackle the applicability of R.A. 10173 to the rules on electronic evidence. The former law provides for penalties which include fine and imprisonment which makes it a special penal law. Since the information we provide to personal information controller may be subject to violation, the question is whether the rules on electronic evidence will apply. We must remember that the rules on electronic evidence apply only to civil, quasi-judicial and administrative cases. That means we cannot apply the rules on electronic evidence to the data privacy act. The question is that, how do we present the information we gave to data information controllers in courts? We must remember that the informations are stored by electronic means, and these electronic means under the rules on electronic evidence are not applicable to criminal cases.
There are several computer viruses that have infiltrated and greatly affected computers. Some that I know are Trojan, worm and the I LOVE YOU virus. I have friends who are inclined in computer softwares and told me that there are a lot of viruses, some have not even been provided anti-virus softwares. I also learned that there is a virus which infiltrates the system of the computer and changes the settings of the computer. Voltages, files and programs are modified by some virus and either destroys or copies the files. Anti-virus softwares installed in our computers cure only those viruses which it recognize. That is why we need to update our anti-virus softwares to keep in touch with the latest updates.
In submitting ourselves to the national ID system, we take the risk of submitting our protected information to the national privacy commission. What if an expert in computer programming or an expert in virus making infects the main system of the national privacy commission? Do we have the security to ensure that the programs installed in the main system will not be exploited? Can they cure or repel viruses which are new and tend to infect the main system?
I am not saying that R.A. 10173 is no good. What I am saying is that today our technology is so vast that experts can make programs which modifies, alters or overwrites a certain program. We are still developing and further increasing our knowledge about computers. The purpose of the law is good but the provisions must be clear and unambiguous. To implement the national ID system today is not the proper time. We still do not have the safeguard measures to provide complete security to the people.
What has been taught to me is that the government is the organ of the state wherein the will of the people is formulated, expressed and realized. Public welfare is of primary consideration in the functions of the government. The government must promote public welfare but at the same time take in consideration the rights of the people. The Bill of rights as laid down by the 1987 Philippines constitution must be protected at all times and must not be rendered inoperative by vague or ambiguous laws.
R.A. 10173 or the data privacy act of 2012 will greatly help the different instrumentalities and agencies of the government in their functions. But what will prevail, the promotion of the national ID system or the bill of rights as granted in the Philippine constitution?
What the people need is a clear, unambiguous and solid law which will show us that if we are protected when we present or give information to the national privacy commission. There are still so many questions relating to the application of the data privacy act in connection to the national ID system. Due process, privacy, transportation and warrants are just some of the rights which are related to the national ID system.
I am a proud Filipino and will still continue to be one. Progress and developments are what I desire for the Philippines. But when it comes to the national ID system, as of now, I believe that the information and knowledge we possess in terms of computer literacy is insufficient to protect the people. As a result, I am of the opinion that the data privacy act of 2012 did not give the answers to the constitutional issues as provided for in the case of Ople versus Torres.
DISCLAIMER: This blog is not made by a lawyer. It is not intended to give advice nor establish any attorney-client relationship with any person. This is made to comply with the requirements for Technology and the law subject.