Objection! Do not ‘Business Card’ My Number

BY MARK ANTHONY N. MANUEL

I. Introduction

II. Background

III. Why Sharing Someone’s Mobile Number is Not Punishable Under RA 10173

A. Sharing Someone’s Mobile Number Does Not Involve Processing of Information

B. Republic Act No. 10173 Does Not Require a Person Sharing Someone Else’s Cellphone Number to Obtain the Consent of the Latter

C. Mobile Number is Neither A Personal Information nor A Sensitive Information Under R.A. 10173

1. Mobile Number is Not A Personal Information

2. Mobile Number is Not A Sensitive Information

D. It Was Never the Intention of the Lawmakers to Include Sharing Mobile Number as Punishable Under the Data Privacy Act of 2012

1. Declaration of State Policy

2. Sponsorship Speech in the Senate

IV. Relevant Jurisprudence

V.  Remedies

A. Request for Blocking with the NTC

B. Civil Case Under Article 32(11) of the New Civil Code

VI. Conclusion

I. INTRODUCTION

The sun was fine that morning. Your soul was singing with joy as you cheerily waited for a very important message. Your cell phone rang and your heart started to pound, praying that it was a text message from your long-time crush who asked for your number the night before.

“Dug! Dug! Dug! Dug!”

But when you opened the text message all your excitement burst like bubbles upon reading, “Condo 4 sale/rent. Avail of r 20% discnt. Got ur # frm (insert name of your ‘pakialamerong kaibigan’ here). (Condominium room for rent/sale. Avail of our 20 percent discount. I got your mobile number from [insert your snoopy friend’s name here].)

You may have encountered a similar, if not exactly the same, experience once in your life – receiving unsolicited text messages from someone you don’t even know. It felt awkward, annoying or irritating, right?

You now ask: “Do I have any recourse under a specific law against the person who sent me unwelcome messages?”

It may seem at the first instance that Republic Act No. 10173 or the Data Privacy Act of 2012 will come into rescue. However, a closer look will tell us otherwise. This article will try to explain why under such law sharing the cellular number of a person to someone else, even without his consent, is not punishable.

II. BACKGROUND

Before we go on with the very meat of the issue at hand, it would be very helpful if we would discuss first the background of and the reason behind the Data Privacy Act of 2012.

The Data Privacy Act of 2012 was passed with the view of boosting investment in the local information technology-business process outsourcing (IT-BPO).[1] It intended to protect the integrity and confidentiality of personal data and is based on the standards set by the European Parliament as well as the Asia Pacific Economic Cooperation (APEC) Information Privacy Framework.[2]

In an interview with the dzMM Radio, Senator Edgardo J. Angara, the primary sponsor of the bill in Senate and the “Father of Data Privacy Act,” said that Republic Act 10173 “is just one of three Internet-related measures aimed at protecting individuals and the growing business process outsourcing (BPO) sector in the country. The other two are the Cybercrime Prevention Act of 2012 and the law creating a Department of Information and Communications Technology.”

On August 12, 2012, President Benigno S. Aquino III signed Republic Act No. 10173. It was uploaded on the same day in the Official Gazette and [became] effective as a law after 15 days.[3]

III.       WHY SHARING SOMEONE’S MOBILE NUMBER IS NOT WITHIN THE AMBIT OF R.A. 10173

We now answer the million-dollar question: “Does sharing somebody else’s mobile number constitute a violation of Republic Act 10173 or the Data Privacy Act of 2012?”

The author submits that sharing someone else’s mobile number is not a violation of Republic Act 10173 or the Data Privacy Act of 2012 for four reasons: firstly, sharing information regarding mobile phone number is not within the scope of the law as it does not involve processing of personal information; secondly, the law does not require consent of the owner of the mobile number before such number can be shared; thirdly, mobile number is neither a personal information nor a sensitive information under the Data Privacy Act of 2012; and fourthly, it was never the intention of the lawmakers to include such act as punishable under the Data Privacy Act of 2012.

          A.        Sharing Someone’s Mobile Number Does Not Involve Processing of Information

By simply reading Section 4 of RA 10173, it will already be clear and unequivocal that sharing of someone’s mobile number will not constitute a violation of the Data Privacy Act of 2012.

Section 4 of the said law specifically provides that the act applies to the “processing of all types of personal information and to any natural and juridical person involved in personal information processing.”

By no stretch of imagination that sharing mobile number will involve processing.

In defining the term, RA 10173 provides in Section 3(j) that processing “refers to any operation or any set of operations performed upon personal information, including, but not limited to, collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.”

There is no such operation or set of operations involved in the act in issue because sharing a mobile phone number is just a matter of simple communication. The Black’s Law Dictionary defines “operation” as the exertion of power.[4] In sharing a phone number, the combination of numbers will only be gathered as a whole and then communicated or shared as single information. No operation or exertion of power, much less series of operations, is needed for the said act.

Moreover, the enumeration of examples of activities involving processing also proves the point that giving somebody else’s cellphone number is not a punishable act under R.A. 10173. These operations entail two or more information as indicated by the word “data,” which is a plural noun. This just means that cellular phone number, which involves only a single datum, will not be admitted within the definition provided for by law.

Although a cellphone number comprises a combination of numerals, such number is considered as a single datum because the numerals comprising it are ordinarily taken together as a whole. Each numeral cannot stand on its own as a single datum to communicate a meaning.

          B.         R.A. 10173 Does Not Require a Person Sharing Someone Else’s Cellphone Number to Obtain the Consent of the Latter

While in the issue at hand the owner of the cellphone number did not give his or her consent that his or her number be communicated to a third person, there still no violation of R.A. 10173 as such consent is not necessary. Consent is required only if what to be shared will be collected and processed.

Section 3(b) of RA 10173 provides that “consent of the data subject refers to any freely given, specific, informed indication of will, whereby the data subject agrees to the collection and processing of personal information about and/or relating to him or her. [emphasis supplied]

Since the law does not give the definition of collection, a rule in Statutory Construction provides that it must be taken in its ordinary meaning. The ordinary meaning of collection is “the process of gathering together.[5]” As explained above, a cellular phone number is just a single datum. This is because the numerals comprising it are necessary taken together as a single number in order for it to convey an idea. Thus, no gathering together of data is involved in such act.

Granting for the sake of argument that sharing someone’s mobile phone number is an act of collection, such act will not still amount to violation of RA 10173.

RA 10173 provides that the consent of the data subject required in the law pertains to the “collection and processing” of personal information.

The word “and” in statutory construction implies conjunction, joinder or union.[6] It is evident then that consent of the data subject will only be required if the personal information taken will be both collected and processed. As indicated above, sharing a mobile number cannot be construed as “processing.”

 

          C. Mobile Number is Neither A Personal Information nor A Sensitive Information Under R.A. 10173

The Data Privacy Act of 2012 penalizes the following:

(1) Unauthorized Processing of Personal Information and Sensitive Personal Information (Section 25);

(2) Accessing Personal Information and Sensitive Personal Information Due to Negligence (Section 26);

(3) Improper Disposal of Personal Information and Sensitive Personal Information (Section 27);

(4) Processing of Personal Information and Sensitive Personal Information for Unauthorized Purposes (Section 28);

(5) Unauthorized Access or Intentional Breach (Section 29);

(6) Concealment of Security Breaches Involving Sensitive Personal Information (Section 30);

(7) Malicious Disclosure (Section 31);

(8) Unauthorized Disclosure (Section 32); and

(9) any Combination or Series of said acts (Section 33).

It is apparent from the foregoing punishable acts that what are forbidden under Republic Act 10173 are violations against “personal information” and/or “sensitive information.”

Let us examine how the said law defines the two terms.

          1. Mobile Number is Not A Personal Information

Under Section 3(g), personal information is defined as “any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.”

Without any analysis, it may appear that the definition admits mobile number as a personal information. However, a closer look at the definition will tell us the contrary. The said definition provides that for the information to be considered “personal information” under the Data Privacy Act of 2013 it is necessary that the information is being held by an “entity.” Entity is an organization that has an identity separate from those of its members. [7] The author submits that the entity referred to by law is either the government or private sector that processes and collects personal information. Under Section 2 of R.A. 10173, it is provided that in enacting the law “…the state recognizes…its obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.” In any case, as mentioned above, the information referred to by Republic Act 10173 are those that are being processed and collected.

          2. Mobile Number is Not A Sensitive Information

R.A. 10173 provides that “sensitive Information” may refer to personal information regarding an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations; an individual’s health, education, genetic or sexual life of a person; those issued by government agencies peculiar to an individual; and specifically established by an executive order or an act of Congress to be kept classified.[8] A mobile number does not fit any of these enumerations. As succinctly explained by the Supreme Court, through Justice Florenz Regalado, in Centeno vs. Pornillos (G.R. 113092 09/01/1994), “what the law does not include, it excludes.”

Furthermore, Senator Edgardo J. Angara, the proponent of the Data Privacy Act in the Philippines and the author of the Senate Bill that became RA 10173, said that the said law is supposed to target individuals and organizations that leak “sensitive private information” in breach of a person’s right to privacy. [9] [Quotation marks supplied]

When Angara was asked what type of sensitive information is covered by this law, he said this includes medical information or privileged communication between lawyer and client; intellectual property outsourced on record to a BPO, and other information such as the individual’s “race, ethnic origin, color and religious, philosophical or political affiliations.[10]

It is obvious that sharing someone’s mobile number is not within the sensitive information contemplated by RA 10173 as explained by Senator Angara.

          D.        It Was Never the Intention of the Lawmakers to Include Sharing Mobile Number as Punishable Under the Data Privacy Act of 2012

Well-settled is the rule in Statutory Construction that in interpreting the provision of law, the intention of the lawmakers must be given great weight.

Although no specific provision of RA 10173 provides for the ultimate intention of the Congress in enacting the Data Privacy Act of 2012, such intention may be gleaned from (a) the Declaration of Policy of the said law; and (2) the sponsorship speech of the primary sponsor of the Senate Bill that became RA 1073.

A. State Policy

Under Section 2 of RA 10173, it is declared that “[t]he State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.”

A plain reading of the abovementioned provision tells us that what is sought to be secured and protected are the information stored by either the government or by any private sector. There is no mention that single information stored by an individual for personal purpose is also sought to be protected or secured.

It cannot even be argued that personal information like personal mobile number falls under “private sector” as a sector is comprised of a sociological, economic or political subdivision of society, and not a single individual.[11]

B. Sponsorship Speech of the Senate Bill that Became RA 10173

In his sponsorship speech, Senator Edgardo J. Angara, said the Philippines needs a legislative framework aligned with international standards to safeguard information stored in the ICT systems of both the government and private sector[12].

He added, and I quote, that “transitioning toward an ICT-based economy demands that we legislate the very policy that will boost our information security systems and processes. The Data Privacy Act will enable our IT-BPO industry to maximize its potential which is presently hindered by several constraints including our lack of privacy controls.[13]

From the abovementioned passages in the sponsorship speech of Senator Angara, it can be gathered that the intent of the bill he introduced in Senate, which later became Republic Act 10173, is to safeguard information and communication systems in the country. It is clear then that a simple sharing of phone number is not within the arms length  of the said law. Including such petty violation is tantamount to stretching the law too much to the point of exaggeration.

IV. RELEVANT JURISPRUDENCE

Because the Data Privacy Act of 2012 is considerably “young” as legislation, there is no case decided by the Supreme Court that squarely falls within the issue at hand. Nonetheless, the author finds that the cases cited below are somehow relevant to the case at bar.

In the landmark case of Ople vs. Torres[14], the late Senator Blas F. Ople questioned the constitutionality of the Administrative Order No. 308 entitled “Adoption of a National Computerized Identification Reference System” issued by then President Fidel V. Ramos on the ground, among others, that it impermissibly intrudes on Filipino citizenry’s protected zone of privacy. The High Court invalidated the said administrative order, ruling that the right to privacy needs stronger barriers against further intrusion. In this case, the Supreme Court borrowed Coley’s idea that the “essence of privacy is the right to be let alone.” The Court also cited in Ople the 1968 case of Morfe v. Mutuc (22 SCRA 424) where It adopted a ruling that there is a constitutional right to privacy.

A victim of unsolicited text messages may think that he may find refuge with the ruling in Ople and the Constitutional provision that “the privacy of communication and correspondence shall be inviolable[15]” However, in the case of People vs. Andre Marti[16], it was held that the Bill of Rights, which includes the provision on privacy of communication and correspondence, is not meant to be invoked against acts of private individuals.

V. REMEDIES

While the act of sharing of cellular number does not constitute a crime under RA 10173, any person who feels that his right is violated by any person who sends him text messages without his consent is not left without recourse. He may file a request before the National Telecommunication Commission (NTC) to block the number of the person texting him or file a civil case on the ground of violation of Article 32 (11) of the Civil Code.

          A. Request for Blocking with the NTC

A request for blocking may be done by visiting the National Telecommunication Commission (NTC) One Stop Public Assistance Center or by downloading a Request Form at http://www.ntc.gov.ph/publicassistance_requestforunblocking.php and completing the required information and sending the same to NTC.  The form suits reports on unnecessary activities sent to mobile phones and may also serve as a request for blocking specified mobile numbers. However, the form must be subscribed and sworn before an administering officer to be valid. [17]

The author also tried to call his mobile phone service provider (Globe Customer Service) to inquire if they could block a number from sending him text messages. The customer service representative (CSR) who answered his called said that they could not do so.  The CSR advised that the incident must be reported to the NTC.

          B. Civil Case Under Article 32(11) of the New Civil Code

The principle that the Bill of Rights applies only to actions taken by state officials does not necessary mean that a private individual cannot violate the liberty of another.[18] Violation of the Bill of Rights (including the right to privacy) by a private person against any person is actionable under Article 32 of the New Civil Code (NCC).

Article 32 (11) of the NCC provides:

Art. 32. Any public officer or employee, or any private individual, who directly or indirectly obstructs, defeats, violates or in any manner impedes or impairs any of the following rights and liberties of another person shall be liable to the latter for damages:

     xxx

     xxx

     xxx

 (11)  The privacy of communication and correspondence;

     xxx

In any of the cases referred to in this article, whether or not the defendant’s act or omission constitutes a criminal offense, the aggrieved party has a right to commence an entirely separate and distinct civil action for damages, and for other relief. Such civil action shall proceed independently of any criminal prosecution (if the latter be instituted), and mat be proved by a preponderance of evidence.

The indemnity shall include moral damages. Exemplary damages may also be adjudicated.

The responsibility herein set forth is not demandable from a judge unless his act or omission constitutes a violation of the Penal Code or other penal statute.

[Emphasis supplied]

Thus, a person sending unsolicited text messages without the consent of the owner of the mobile phone number is liable for damages under the said provision of law.

VI. CONCLUSION

In a country where phones are seen as status symbols and where mobile phones are already considered part and parcel of one’s body just like souls and spirits, a cellphone number is not a petty issue. Unfortunately, there is still no concrete legislation that protects a mobile phone subscriber from intruders and spammers who send unsolicited text messages without his consent. Even the enactment of Republic Act 10173 or the Data Privacy Act is not an answer to the said problem because sharing of mobile number is not a violation punished by the said law.

Those who are victims of unwanted SMS messages may only pray that the lawmakers will be enlightened so that they would propose and enact a law that would stop unsolicited text messages from hunting them. Until that glorious time comes, they could only post, tweet or text people who may have their phone numbers: “Objection! Do not ‘Business Card’ My Number!”

(Disclaimer: This article is written for academic purposes only. The views expressed by the author are that of a non-lawyer. They should not be treated as legal advise or legal opinion.)

ENDNOTES


[1] Data Privacy Act Approved, Press Freedom Protected, Senate of the Philippines Press Release, 9 June 2012, http://www.senate.gov.ph/press_release/2012/0609_angara1.asp

[2] BPAP Expects President Aquino To Sign Data Privacy Act Soon, Manila Bulletin Online, 13 August 2012, http://www.mb.com.ph/articles/363256/bpap-expects-president-aquino-to-sign-data-privacy-act-soon

[3] Sarmiento, Christine Joy, Philippine Information Agency, Data privacy act signed into law, described as keystone for ICT sector, 24 August 2012, http://www.pia.gov.ph/news/index.php?article=2101345796739

[4] ‘Operation,’ Black’s Law Dictionary, Second Edition. See also Little Rock v. Parish, 3G Ark. 100, and Fleming Oil Co. v. South Peun Oil Co., 37 W. Va. 053, 17 S. E. 203

[5] ‘Collection,’ Merriam-Webster Dictionary

[6] Solanda Enterprises v. Court of Appeals and Luis Manlutac, G.R. No. 123479, 14 April 1999, Third Division, Panganiban (J) http://www.lawphil.net/judjuris/juri1999/apr1999/gr_123479_1999.html

[7] ‘Entity,’ Merriam-Webster Dictionary

[8] Section 3 (l), RA 10173. Specifically, it states that:

(l) Sensitive personal information refers to personal information:

(1) About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;

(2) About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;

(3) Issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or cm-rent health records, licenses or its denials, suspension or revocation, and tax returns; and

(4) Specifically established by an executive order or an act of Congress to be kept classified.

[9] Dizon, David, Angara: Data Privacy Act targets leaks, ABS-CBN News Online,02 June 2012, http://www.abs-cbnnews.com/nation/06/01/12/angara-data-privacy-act-targets-leaks

[10] Dizon, supra

[11] ‘Sector,’ Merriam-Webster Dictionary

[12] Angara, Edgardo, Upholding Data Privacy, Sponsorship Speech delivered at the Philippine Senate, 21 September, 2011, available at http://edangara.com/upholding-data-privacy

[13] Angara, supra

[14] Ople vs. Torres, G.R. No. 127685, July 23, 1998; En Banc, Puno (J), http://www.lawphil.net/judjuris/juri1998/jul1998/gr_127685_1998.html

[15] Section 3(1), Article III, 1987 Constitution

[16] People vs. Andre Marti, G.R. No. 81561, January 18, 1991; Third Division, Bidin (J)

http://www.lawphil.net/judjuris/juri1991/jan1991/gr_81561_1991.html

[18] Bernas, Joaquin, SJ, The 1987 Constitution of the Republic of the Philippines: A Commentary, 2009 Edition, Rex Publishing, pg. 230

Advertisements

One thought on “Objection! Do not ‘Business Card’ My Number

  1. Pingback: Students’ Take: Contacts viz RA 10173 | Berne Guerrero

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s