We
have come a long way in information and technology in this new era and it has
become a pivotal part of human interaction, information dissemination and
economic growth. Our world now revolves with a different kind of evolution. An
evolution a hundred times faster than the evolution of living matters on our
planet---it is the evolution of technology.
Technology
comes with almost every facet of life and how we live with it. It goes
hand-and-hand with information, economy, science, business, news and many many
more. If in the 1980s, information and technology through the use of the internet
is a new concept in which very few were willing to accept, in this new era, the
internet has become the quintessential form of communication and a medium for
growth and development. It has made our world smaller and every information is now
readily available through a click of a button. For most, this is an advantage
because of the efficiency and convenience of getting what needs to be known
anytime, all the time, and most importantly, it serves as a window to a lot more
possible innovations people only dreamt of in the early days. Because of the
internet and the ever-evolving technology, the future may be bright and
promising.
However,
with the growth of technology and the internet now a mainstream of
communication, there are also grey areas and downfall that result from its readiness.
It became readily available to everyone who wants it without initial regulation
and limitations. As we learn to live and thrive with it, we also learned the ugly
backlash it can cause. The sad part it, as issues and legal matters are raised
and addressed, resolutions are provided but the long term damage has already
been done.
The
Republic Act 10173 or the Data Privacy Act is one of the initiatives and
resolutions made to address the said issues. This act aims to protect
individuals and their personal information in information and communications
systems in the government and the private sector, creating for the purpose a
national privacy commission and for other purposes. The goal of this act is to
secure and protect personal information so that in the event such information will
be acquired, it will be in a way that will not violate any human right such as
privacy.
The
main concept behind the Republic Act 10173 is to protect the fundamental human
right to privacy while ensuring free flow of information to promote innovation
and growth. As all laws are, growth and development are encouraged but there
should always be a limit.
Yes,
there are grey areas in the Data Privacy Act. Some of them might have been actual
situations that have already happened without our knowledge. In my line of
work, I can also apply RA 10173 and think of relevant grey areas that I have
already encountered.
I
work as a full time recruiter in an international US-based BPO in Makati. Part
of our job is to interview and hire applicants qualified to do the job that our
clients require. On a daily basis, I interview about 20-30 candidates and most
of them are referrals or endorsements from vendors and headhunters. One of the schemes
that Sourcing and Marketing have come up with is the referral program and the
predatory project where we “source” potential hires by asking for names and contact
numbers from the ones we were able to hire. Based on historical data, most of
the passers would “refer” about 2-3 of their friends for our recruitment
process. Perhaps they feel that they are compelled to provide these information
as a consolation for the job offer extended to them or they feel that it is a
requirement in the recruitment process. Either way, sourcing gets it way by getting
theses leads and we, in turn, call these leads and invite them for a 1-day
recruitment process with the promise of an instant job, provided they pass the
assessments and interviews.
90%
of the leads I contact would turn out not interested or unreachable. 10% in a
good day, would be converted to trainees in a week or two. In a business and
recruitment standpoint, the more leads, the higher possibility of hiring people
for our training programs. There is always that fine line that maybe, just
maybe we can consolidate more and deliver more. Ultimately, to meet our targets,
serve our clients and make them happy. That’s what business is all about as
long as we are not breaking any law or violating any right.
However,
in a randomly-referred-person standpoint, it is annoying, unsolicited and at
most, a waste of time. If I were to put myself into the shoes of that person,
considering I’m not looking for a job or not interested in pursuing other
career paths, I might feel a bit irritated if my number would randomly be given
to headhunters or recruitment firms, consistently inviting for me to apply for
a job. I wonder, am I violating this person’s right if I call and invite him or
her without that person knowing how I got the contact details? Or even if I
disclose how I got the contact numbers, say from their friends, would that be
ok and these people won’t mind? Or they would mind and might get upset because
they didn’t want their numbers given to random people to begin with? The
bottomline is, am I violating the RA 10173 or Data Privacy Act?
For
me, this situation is very similar to receiving unsolicited commercial
communications through email, online, text or any means, known commonly as “spam”.
It’s the same as receiving an ad about a medicine or health supplement that
would make people feel better or a discount to resort or spa. The only difference
is, it is an unsolicited offer of employment. The recipient may like it or
might not like it. The reader may take advantage of it or might not. Can that
recipient complain that he doesn’t want those ads or spam just as much as he doesn’t
want receiving calls from headhunters? Can that person complain that his right
to privacy was violated?
In
the case of Jose Jesus Disini Jr., Et al. VS The Secretary of Justice,
regarding the Cybercrime Act, the Court declared several provisions of the RA
10175 (Cybercrime Act) as unconstitutional either wholly or contextually. One
of these provisions is Sec 4 (c) (3) or Unsolicited Commercial Communications,
where the Court ruled that “unsolicited
commercial communications, also known as spam is entitled to protection under
freedom of expression.”
The
prohibition of the transmission of unsolicited ads or spam would deny the
person the right to read his emails, even unsolicited commercial ads that are sent
to him. The Court further explained that “Commercial
speech is a separate category of speech which is not accorded the same level of
protection as that given to other constitutionally guaranteed forms of
expression but is nonetheless entitled to protection. The State cannot rob him
of this right without violating the constitutionally guaranteed freedom of
expression.” Hence, unsolicited advertisements are considered legitimate
forms of expression.
This
is the reason why sourcing potential leads or candidates has been one of the effective
tools in the recruitment industry. The easiest way to generate a pool of applicants
with the same quality is by getting referrals from the ones we have already
hired. This strategy has always been used and will be used moving forward as
the Court itself has already declared that it is allowed.
This
holds the same as consolidating a database of applicants who have applied in
our company since 2000 and inviting them again through text or call. If this
database is to be used by a different recruitment firm, the same jurisprudence
will still apply. These names and contact numbers were acquired either through
previous applications or referrals from friends and relatives. I believe how we
do it in our company requires somehow a consent, either from the applicant
himself or herself through previous applications or from their friends or
relatives.
Another
grey area in RA 10173 is the use of personal information of an individual in literary
or artistic works. A perfect example is an unauthorized biography, stated by
our professor in Technology and the Law, Atty. Berne Guerrero. Another example
that I can think of is using the personal information of artists or celebrities
in blogs or articles, whether true or not.
Artists
and celebrities are private citizens unlike public officers or employees of government
institutions that relate to the positions of functions of the individuals are exempted
from the provisions of RA 10173, specifically Sec 4 (a) (1-4). Because of their
line of work, they are forced to be under the limelight of entertainment and fame
but unfortunately, to criticism and ridicule as well. They are considered
public figures even if they don’t serve the government merely because of their
exposure to the public. Their profession sometimes requires sacrificing at some
point, their right to privacy the extent of their personal lives and family. Like
what most would say, it is a price that comes with fame and fortune.
With
the technology that we have today where a video taken seconds ago can reach different
countries and continents in a matter of minutes, privacy is a rare commodity.
And to these celebrities and artists, their personal information such as mobile
number, address, family relatives, pictures, etc. are equivalent to money for
some people because they can actually earn a living buy getting these
information and using them in articles and blogs or tabloids. This is why they
are more vulnerable to public criticism because their personal information is
something the public would be interested to read or see.
It
is indeed a violation of their privacy which is why these artists and
celebrities are extra careful in keeping their private lives private, and as
much as possible share very little to the public. In the US, celebrities are
more aggressive in fighting for their right to privacy. Recently, Halle Berry spearheaded
a proposal to create a bill to fight off paparazzis from harassing and taking
pictures of celebrities’ children just to sell to tabloids and magazines. This
has become the plea of most of the celebrities in the US because their children
are being put to risk for the so called “money shot” from paparazzis. These
money shots can even cost hundreds or thousands depending on who the
celebrities are and how controversial the scoop is. It is an ugly side of show business.
Entertainment sources like TMZ and ET are examples of these papparazi-driven
shows. The bill has been approved and now observed as a law in some states in the
US.
Here
in the Philippines, it’s a totally different story though. Although the media
is not that aggressive and dangerous when covering stories about celebrities,
celebrities are still wary of sharing their personal information online. Through
the use of social media sites and with their consent, they can post updates
about themselves on Twitter or Facebook for their fans and followers.
Another
example of a grey area is acquiring contact numbers from private individuals from
raffles, mall activities or other events
that require getting their contact details. If these contact details were used
for personal purposes or for means of earning money, then it is a violation of
the Data Privacy Act.
If
the purpose of writing down personal information like contact details for a
game of chance or raffle and would end up being used by a mall employee to
start a conversation with the intention of getting to know the individual on a
personal level, then it violates the right to privacy of RA 10173. Even if the
individual gave the consent to indicate personal details, if it was used other
than the purpose it was given for, it is a violation.
Filling
up forms online can also be tricky as it is considered a vast universe of data
exchanges. A person may believe that he is filling up a form for a specific
purpose but would end up being used for different schemes online. This is why putting
vital financial information online can be risky and might lead to loss because
the internet is still not a safe place to secure these critical information. Fraud
has been the recent concern in shopping malls in the US because of identity or
credit card fraud. Some of the credit cards were used for unauthorized
purchases and it led to huge company and retail losses.
At
this time, people may think that because of the Information Techonology
industry and the improvement in safety and security in online transactions, it
is already safe to disclose private information. But the sad reality is, it
will never be safe because thieves and criminals will always find a way to beat
the technology and earn money the easy way. We cannot be complacent with the
technology and the promise of secure transaction if we are required to give
away our bank account or credit card number or cellphone number. We always have
to be on our toes and think ahead to ensure that we are not going to be the
next victims.
It
is good that our legislators are starting to tap the unexplored world of
internet surfing and the impact of online transactions on a personal level.
They are starting to restrict and regulate some matters that are basically
lawless and unlimited before. Everybody is free to do and say whatever they
want, whenever they want. Freedom is good but up to an extent. When freedom is
overused, then there is still chaos.. even on the internet. They can only do so
much in protecting each and every one’s right. We also have to do our part to
protect our own.
The
best takeaway from this, is to be very careful in giving out personal
information in any form. If we are asked for our personal numbers for a mall
raffle, I suggest give out an email address instead. Or a landline number
instead of a mobile number. Anything that will help us regulate and minimize
being susceptible to privacy violations and unsolicited ads.
I
try my best not to give out my mobile number if it not really needed especially
if I know that it can be accessed by other people. I also try to restrict my
activities online by using fewer social media accounts online and my making
sure they are all on private setting and cannot be accessed by anybody.
It
also helps if we learn how to customize privacy settings and keep everything intact.
At the end of the day, it is for our own protection. Learning not to be all too
trusting and cautious of what people’s intentions are will also avoid falling
into traps of people waiting to take advantage of the weak and the ignorant.
The
Data Privacy Act is there as a guide for all of us consumers. It is our
obligation to know our law and follow it. Securing and protecting our personal
information also start with us if we are mindful and we apply it in our
day-to-day lives. Not just to ourselves of course but to help out others not to
be victims. It is very easy to be lured by the temptations online, thinking
that no one is watching or it is safe to put everything out on the internet.
But sooner or later, technology is going to catch up and bite us before we know
it. We have to serve the public as well by informing them and educating them so
they can also protect themselves and their loved ones.