The right of the people to be left alone, as stated in the provisions of the law in the 1987 Philippine Constitution, specifically under the Bill of Rights, is the most valuable right guaranteed by the State to its citizens. This right is concisely defined as the right of a person to be free from undesired publicity or disclosure and the right to live without unwarranted interference by the public in matters with which the public is not necessarily concerned.
Generally, matters relating to information and whereabouts of a person, are protected by the State, and any access thereto should not be allowed except upon justifiable purposes or circumstances as may be determined by law. For instance, personal informations of Juan Dela Cruz, such as his full name, home address, contact number, and other related matters involving his being, are all recorded in the data system of different governmental agencies, for different purposes. Any access thereto by any person other than Juan Dela Cruz or any unauthorized access by the latter, is violative to the protection given by the State to its citizens. Such right to privacy creates a space to separate the private and public life of an individual. However, as technology develops, people tend to go overboard with the very thin line between one’s private and public life.
Technological developments in computer usages had been a huge threat to the guarantee of privacy given by the State. Most people, nowadays, are computer-users, but not all of them are responsible computer-users. With this, a tug-of-war between privacy and techonology had arisen in which the State is expected to resolve.
The focus of this paper is to present the advantages and disadvantages of Computer Technology in relation to the National Idetification Reference System, as decided by the Supreme Court, in the case of Ople v Torres (GR No. 127685, July 1998), in relation, futher, to Republic Act No. 10173 (Data Privacy Act of 2012). Futhermore, to clearly lay down the pros and cons of the same, a modern sociological theoretical approach would be used as a method to understand the issues better.
Hence, the main subject of this paper is the modernization of the data gathering and storing of the informations pertaining to the identification of an individual in the governmental agencies of the State.
OPLE vs TORRES[i], the Landmark Case
Law students are all expected to know by heart the facts and issues invovled in this case because it plays a very important role in the application of the law in relation to the Separation of Powers of the State and the Bill of Rights. There are two major issues which were ruled out by the Supreme Court through Justice Puno, one, was the usurpation of the power of Congress to legislate and the other one was the right to privacy.
The then President Fidel V. Ramos issued Administrative Order 308 on December 12, 1996 entitled as, “Adoption of a National Computerized Identification Reference System.” It was intented to facilitate the business transactions with basic services and social security providers and other governmental instrumentalities in a more convient manner, of the nationals of the Philippines, whether Filipino citizens or foreign residents. It requires a computerized system to efficietly identify persons seeking basic services on social security and reduce fraudulent transactions and misrepresentations. Such order requires also the collection and gathering of personal information of the citizens from the population reference number generated in the National Statistics Office.
Senator Blas Ople, in this petition, questioned the validity of the said Administrative Order by raising the issue on the legislative nature of the said order, by contesting that such is unconstitutional. Thus, for it to be valid, the Congress, through its inherent power to legislate, should be the one to make the law, not the President, whose power is only to execute the law. Futhermore, he argued that the appropriation of funds for the implementation of the same, should come from the Congress, not through the order of the President that such fund must be generated from the different agencies of the government, since there are alloted funds to its branches and sub-agencies thereof. Hence, in the above instances, the plaintiff, Senator Ople, would want to declare the unconstitutionality of the said administrative order.
Assuming arguendo that such law is constitutional for such act of legislation is a valid exercise of the quasi-legislative power of the President, would the same decision be rendered by the Supreme Court?
The Supreme Court held, still it cannot pass as an administrative legislation because clearly it goes beyond the right to privacy, which if implemented, will put people’s right to privacy in apparent danger and harm. No safeguards to the protection of privacy were guaranteed, and therefore, it cannot pass a valid legislation.
The possibility of inappropriate usages of the data to be gathered are very wide open to the public. In pursuance with the said administrative order, an individual is required to present his personal reference number each and every time he transacts with a government agency in order to benefit from the basic services and securities thereof. Such transactions with the government agency will necessarily be recorded, whether it be in a computer system or in a documentary file of the agency, and later on be open in the hands of another person, who can access the same, with or without the authority of the person concerning the personal information. The personal file of an individual may include his transactions for loan transactions, especially with the Social Security System and the Government Service Insurance System. This may also be used in the assessment of the taxes, assets and liabilities of an individual in the Bureau of Internal Revenue. Or in any matters, involving the transaction of an individual which are required to be recorded in the government. For instance, Juan Dela Cruz, a governement employee, would want to avail the benefits from the Government Service Insurance System, with the use of the National Computerized Identification Card, he can now transact his business through the presentation of the card and the personal reference number. For instance, further, he now wants to transact with the National Statistics Office, for purposes of changing his status from single to being married, and with the Bureau of Internal Revenue, for the declaration of his dependents, he can now use the computerized identfication card, and the same would be encoded or recorded thereof. Any matters recorded thereof, can now be accessed by the other agencies of the government, since it is a computer generated scheme, it is now accessible to any person who is an employee thereof. The more frequent such transaction is used, the more it is open to misusage. The stored data pertaining to Juan Dela Cruz, can be used, without his knowledge against him. The data may be gathered for useful government purposes but the presence of this would be a clear invitation to some fraudulent transaction and an incitement that some of the authorities, or other persons who has or thus, who can access with the data system.
Hence, the Supreme Court ruled out the lack of appropriate safeguard to the protection of the information that will be gathered from the public as one of the reasons for the declaration of its unconstitutionality.
DATA PRIVACY ACT of 2012, the Subsequent Law
It was on August 12, 2012, when the Republic Act 10173, also known as, “The Data Privacy Act of 2012,” was signed by the President Benigno Aquino. This act ensures that private data and personal informations of the citizens are given safeguard and security. To wit, It is the policy of the State to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.[ii] The scope of this protection extends not only to natural persons, but also made to apply to juridical persons. Therefore, with the execution of the same, people now have peace of mind, pertaining to the privacy of their personal information in the data system of our government. The National Privacy Commission, through its Commissioner, must ensure that the process whereby such personal informations were gathered, is properly administered and implemented. Thus, this body should monitor that such process of gathering and storing of data should properly be made in accordance with the law. Over all, such act, is complete in itself since the lawmakers provided guidelines and parameters with regard to the implementation of the same, and the limitations thereof. Moreover, penalties for the violation of the same, was laid down. Hence, confidentiality of the personal informaton are guaranteed and secured, leaving no doubt as to the interpretation of the law.
IMPACT TO THE FILIPINOS, the Pros and Cons
With the issuance of the RA 10173, would it be proper to pursue now the National Computerized Identification Reference System?
Let us first look at the advantages that would be brought upon if the National Computerized Identification System be implemented. Ofcourse, convenient business transaction for whatever purpose in the government would be experienced by the public. People do not need to spend hours or sometimes more than a day when they go to the government agency offices for different personal purposes. Another thing is that, there would be a systematic procedure on the governmental needs of the public. With the advancement of the technological methologies, the public will definitely benefit. For instance, Juan Dela Cruz in the above-mentioned facts, he has to allot a day, or even more just to file an application for the change of his status and the declaration of his dependents in the NSO, GSIS or BIR, because of the not so effective procedure and slow process of recording the same. Likewise, if for instance, Pedro Santos, who freshly graduated at a known univeristy, wishes to apply in a well-established company in the Metropolitan, the latter requires him to submit his NBI clearance, he would then go to the NBI office to file for the application of the clearance. Ideally, he has to form his line from the first step down to the last. It would take him approximately 5 hours to finish, depending on what time he would start. But through the advances of technology, if the National Computerized Idetification System be implemented, the time alloted for such application would be lessen, and Pedro now can maximize the remaining hours of his day to some other productive activity.
One great advantage if such Identification System be in implementation, is the decrease of the crime rate of the Philippines. How is this related? Definitely, people who would violate the law of whatever nature, whether criminal, adminitrative or civil omissions, would be hesitant to commit the same if they know from the start that they would be searched easily and be under the authority of the peace-makers, without undue delay. However, this advantage does not carry with it without any limitations. Such search and usage of the personal information of an individual must be in accorandance with the law. It should not go beyond the privacy guaranteed by the State.
Fact, Computers are very useful to the needs of the humankind. As wikipedia defines it, it is a general purpose device that can be programmed to carry out a finite set of arithmetic or logical operations. [iii] Thus, it has affected the daily lives of human being. In terms of work, education, business, communication, data storages, etc,. People, nowadays, tend to become dependent on the use of technology specifically computer devices. With this advancement, it necessarily carries with it the advantages of such development, but it definitely carries with it more, the disadvantages of the same.
However, as we always say, life is not perfect, so as with the law. Although a law is complete in itself, it does not necessarily carries with it that such is not imperfect.
We lay down now its disadvanatages. First, some people are not convinced with the privacy issue of the RA 10173, since it is a law, which is always open for different interpretation. But for me, I do not see any ambuiguity in the interpretation of the same. The law-makers provided the parameters when they legislated the same, specifying Sec. 16[iv], which is the right of the data provider.
The fear of the people to their right to privacy, is the primary purpose of RA 10173 to be resolved. Although, the latter did not provide for a specific technicalities with regard to the National Computerized Identification Reference System, such law and Administrative Order 308, can now be jointly interpreted and be made to apply together. If the same would be done, with the implementation of the subsequent law which is the RA 10173, the Administrative Order 308, can now pass a valid law.
MODERNIZATION THEORY, a Sociological Approach
There are many known professors who defined Modernization, even persons who are well-known in our history, discussed the concept of the same. But what is really Modernization? With the use of my own understanding and choices of words, it pertains to the process of sociological changes, which transformed society into modern society that we have today. With this modernization, people tend to lose their tradition and culture and increase their individuality. Trends of such modernization includes urbaniztion, bureaucracy and development in technology. With vast of changes, people learn the process of adaptation with the flow of changes and development.
The question now follows, “Are Filipinos now ready for the developmental changes brought about by technology in the data system of their personal informations in the proposed Computerized Identification System in year 1996, in light with the subsequent law of RA 10173?”
Ideally, in order to achieve prosperity in this country, we should be ready, and we should learn to adapt from changes. Cause without these changes, there would be no development. The government should allot funds in the implementation of this national identification system, instead of doing the obvious dirty politics. However, in reality, we are not really ready. Maybe sooner or later, but not yet, now. There are so many other issues that the government is very keen to resolved, but sometimes they tend to forget the minor needs of the people. Obviously, this systematic data system is one of the least priorties of our government to be taken into solutions. They would always say that education is their priority, or job employment for the poor, and such other matters which I consider very cliche. But if only, the law-makers would see the need of this systematic identification system, they would realize that if this be pursued, crime preventions and systematic data system would finally be resolved. The idea of this law is already in their hands, it is just a matter of implementing and appropriate funding of the same.
One of the problems I personally see with most of the Filipinos, is their ability to speak without thinking whether what they speak is right. Ofcourse, public opinion would always be one of the basis of our law-makers in the process of making the law.
Data Privacy Act of 2012 is consistent with the protection given by State, as recognized in the Bill of Rights, as to the right of the people to be left alone. Although there is no specific provision in the Constitution and other laws, the same gives us the guarantee that the State recognizes and respects the individuality of its citizens. Although it was ruled by the Supreme Court, that Administrative Order 308 was unconstitutional because of its encroachment to the privacy issue of the public, the same is over-ruled because of the latter law signed by President Aquino, which primarily aims to protect the privacy of the people.
The hanging question, however, is that, up to what extent should the government must ought to know about its individual citizens? If, for instances, the law be implemented, it should clearly state the parameters and guidelines on how to get the details and personal informations of an individual including what to require to be disclosed.
[i] (GR No. 127685, July 1998), Justice Puno
[ii] Republic Act 10173, Data Privacy Act of 2012, Sec. 2, Official Gazatte of the Philippines
[iv] SEC. 16. Rights of the Data Subject. – The data subject is entitled to:
(a) Be informed whether personal information pertaining to him or her shall be, are being or have been processed;
(b) Be furnished the information indicated hereunder before the entry of his or her personal information into the processing system of the personal information controller, or at the next practical opportunity:
(1) Description of the personal information to be entered into the system;
(2) Purposes for which they are being or are to be processed;
(3) Scope and method of the personal information processing;
(4) The recipients or classes of recipients to whom they are or may be disclosed;
(5) Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized;
(6) The identity and contact details of the personal information controller or its representative;
(7) The period for which the information will be stored; and
(8) The existence of their rights, i.e., to access, correction, as well as the right to lodge a complaint before the Commission.
Any information supplied or declaration made to the data subject on these matters shall not be amended without prior notification of data subject: Provided, That the notification under subsection (b) shall not apply should the personal information be needed pursuant to asubpoena or when the collection and processing are for obvious purposes, including when it is necessary for the performance of or in relation to a contract or service or when necessary or desirable in the context of an employer-employee relationship, between the collector and the data subject, or when the information is being collected and processed as a result of legal obligation;
(c) Reasonable access to, upon demand, the following:
(1) Contents of his or her personal information that were processed;
(2) Sources from which personal information were obtained;
(3) Names and addresses of recipients of the personal information;
(4) Manner by which such data were processed;
(5) Reasons for the disclosure of the personal information to recipients;
(6) Information on automated processes where the data will or likely to be made as the sole basis for any decision significantly affecting or will affect the data subject;
(7) Date when his or her personal information concerning the data subject were last accessed and modified; and
(8) The designation, or name or identity and address of the personal information controller;
(d) Dispute the inaccuracy or error in the personal information and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal information have been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by recipients thereof: Provided, That the third parties who have previously received such processed personal information shall he informed of its inaccuracy and its rectification upon reasonable request of the data subject;
(e) Suspend, withdraw or order the blocking, removal or destruction of his or her personal information from the personal information controller’s filing system upon discovery and substantial proof that the personal information are incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes or are no longer necessary for the purposes for which they were collected. In this case, the personal information controller may notify third parties who have previously received such processed personal information; and
(f) Be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information.