MANILA, OCTOBER 15, 2012 – The Internet and Mobile Marketing Association of the Philippines (IMMAP) initiated a roundtable discussion with the Advertising Board of the Philippines and its member associations last Friday, October 12, concerning the implications of the cyber law to the industry.
IMMAP sought the help of technology law expert Atty Jose Jesus Disini Jr to shed the light on Cybercrime Prevention and Data Privacy laws.
Cybercrime Prevention Act
The definitions and provisions of the Cyber Prevention Act is patterned largely after the Budapest Convention, the council of Europe’s cybercrime treaty, to which the Philippines is not yet a party.
The Department of Justice has been encouraging the country’s accession to the Budapest Convention, which is good as it will allow cooperation from other parties in investigations.
The cyber law criminalizes, among others, spam, computer-related identity theft, cyber-squatting and the focal point of the controversy: libel.
"What is one man’s joke is another man’s libel."
If one would look at it closely, says Atty Disini, the provision on libel does not say much but only refers the reader to the Revised Penal Code. However, it does step up the penalty if libel is committed through ICT.
Data Privacy Act
Privacy is defined as one’s ability to control the flow of information about oneself.
There are two ways privacy is regulated globally: the European Union Data Protection Directive (implemented in Europe, Australia, Hong Kong) and the APEC Privacy Framework (followed by the US).
In the EU directive, privacy is considered a right that belongs to the individual. Only with "unambiguous" consent of the data subject can the data be given or passed on to others. On the other hand, the APEC Privacy Framework states that so long as the data is used for some legitimate non-harmful purpose, there is no need to acquire consent from the data subject.
The Data Privacy Act of 2012 is a merger of both, which Atty Disini finds "strange" since the two are incompatible. "That’s the reason why this is such a badly worded law; it doesn’t seem to know which way it wants to go."
Atty Disini cited some loopholes with the Data Privacy Act, one of which is a clause on Section 11, which states that personal information must be collected for "specified and legitimate purposes". How will the National Privacy Commission define what is legitimate?
"From a philosophical standpoint, how can you say that you’re protecting privacy and at the same time tell us what privacy is?"
He also believes that RA 10173 repudiates the Freedom of Information Act, as it states that personal information issued by government agencies becomes sensitive. He says government agencies can use it as an excuse to withhold information.
Despite getting zero press, Atty Disini believes the impact of the Data Privacy Act – signed a month before the controversial cyber law – is "just as great as the impact of 10175".
Course of action
"Be at the forefront of naming who the privacy commissioner should be."
Atty Disini believes "the most reasonable way to go", for the advertising and marketing industry, is to closely engage the NPC on the IRRs. Concerning the cybercrime law, Philippine Daily Inquirer’s John Nery suggests to use the four-month period of the TRO to engage the senators and the congressmen to amend the law.
Atty Disini is a graduate of the UP College of Law, placing 7th in the Bar Examinations. He obtained a degree in Masters of Law from Harvard Law School in 2004.
