WILL
REPUBLIC ACT NO. 10173 PROVIDE SUFFICIENT MECHANISM FOR THE INTRODUCTION OF THE
NATIONAL ID SYSTEM IN THE PHILIPPINES WITHOUT CONSTITUTIONAL ISSUES PROVIDED
FOR IN THE CASE OF OPLE vs. TORRES?
INTRODUCTION
Running
a government is no easy task. Law enforcement, service delivery and social
security benefits availment entail voluminous documents that have compelled
states to devise tools that simplify and manage these tasks. One mechanism is
the establishment of the national identification (ID) system.
A
lot of issues and concerns relative to the implementation of an ID system makes
it a contentious measure. Some reject the idea arguing that in our today’s
world in information technology, privacy on personal information has become
misleading since with the right connections and good price, those information
may be given or accessed without proper consent and justification to which it may
serve purpose other than its original intent.
In
broad terms, a national identification (ID) system is a mechanism used by
governments to assist government agencies in identifying and verifying the
identities of citizens who are availing of government services or making public
transactions.
The
government must be adequately equipped and organized in implementing an ID
system, taking into consideration the cost, policy and legal environment so as
to protect the citizens that it wants to serve.
In
1996, President Fidel Ramos issued Administrative Order No. 308, entitled
“Adoption of a National Computerized Identification Reference System,” the
pertinent portions of which reads:
ADOPTION OF A NATIONAL
COMPUTERIZED IDENTIFICATION REFERENCE SYSTEM
WHEREAS,
there is a need to provide Filipino citizens and foreign residents with the
facility to conveniently transact business with basic service and social
security providers and other government instrumentalities;
WHEREAS,
this will require a computerized system to properly and efficiently identify
persons seeking basic services on social security and reduce, if not totally
eradicate, fraudulent transactions and misrepresentations;
WHEREAS,
a concerted and collaborative effort among the various basic services and
social security providing agencies and other government instrumentalities is
required to achieve such a system;
NOW,
THEREFORE, I, FIDEL V. RAMOS, President of the Republic of the Philippines, by
virtue of the powers vested in me by law, do hereby direct the following:
SECTION
1. Establishment of a National Computerized Identification Reference System. A
decentralized Identification Reference System among the key basic services and
social security providers is hereby established.
xxx
SEC.
4. Linkage Among Agencies. The Population Reference Number (PRN) generated by
the NSO shall serve as the common reference number to establish a linkage among
concerned agencies. The IACC Secretariat shall coordinate with the different
Social Security and Services Agencies to establish the standards in the use of
Biometrics Technology and in computer application designs of their respective
systems.
A.O.
308 involves a subject that is not appropriate to be covered by an
administrative order and usurps the power of Congress to legislate.
With
the advent of RA 10173 or also known as the Data Privacy Act, the purpose of
the Legislative in passing this law is to protect the fundamental human right
of privacy, of communication while ensuring free flow of information to promote
innovation and growth. The State recognizes the vital role of information and
communications technology in nation-building and its inherent obligation to
ensure that personal information in information and communications systems in
the government and in the private sector are secured and protected. The law
penalizes the unauthorized disclosure of personal information. It protects
journalists and publishers, as they will not be compelled to reveal the source
of a news report.
Excluded
in the scope of RA 10173 are, among others, personal information processed for
journalistic, artistic, literary or research purposes, information about
government officials and other civil servants, information necessary for banks
and financial institutions as part of anti-money laundering efforts, and
personal data processed by central monetary authorities and law enforcement and
regulatory agencies.
DISCUSSION
Does Administrative Order No. 308
violate the right to privacy?
Administrative
Order No. 308 is so vague. The vagueness, the over breadth of Administrative
Order No. 308 which if implemented will put our people's right to privacy in
clear and present danger. There are no vital safeguards. Administrative Order
No. 308 should also raise our antennas for a further look will show that it
does not state whether encoding of data is limited to biological information
alone for identification purposes. In fact, the Solicitor General claims that
the adoption of the Identification Reference System will contribute to the
"generation of population data for development planning." This is an
admission that the Population Reference Number (PRN) will not be used solely
for identification but for the generation of other data with remote relation to
the avowed purposes of Administrative Order No. 308. Clearly, the
indefiniteness of Administrative Order No. 308 can give the government the
roving authority to store and retrieve information for a purpose other than the
identification of the individual through his PRN .The potential for misuse of
the data to be gathered under Administrative Order No. 308 cannot be
underplayed as the dissenters do. Pursuant to said administrative order, an
individual must present his PRN everytime he deals with a government agency to
avail of basic services and security. His transactions with the government
agency will necessarily be recorded -- whether it be in the computer or in the documentary
file of the agency. The individual's file may include his transactions for loan
availments, income tax returns, statement of assets and liabilities,
reimbursements for medication, hospitalization, etc. The more frequent the use
of the PRN, the better the chance of building a huge and formidable information
base through the electronic linkage of the files. The data may be gathered for
gainful and useful government purposes; but the existence of this vast
reservoir of personal information constitutes a covert invitation to misuse, a
temptation that may be too great for some of our authorities to resist.
The
Supreme Court in striking down Administrative Order No. 308, it emphasized that
it is not fundamentally against the use of computers to accumulate, store,
process, retrieve and transmit data to improve our bureaucracy. The Supreme
Court also emphasized that the right to privacy does not bar all intrusions
into the right to individual privacy. This right merely requires that the law
be narrowly focused and a compelling interest justify such intrusions.
Intrusions into the right must be accompanied by proper safeguards and
well-defined standards to prevent unconstitutional invasions.
The
right to privacy is a constitutional right, granted recognition independently
of its identification with liberty. It is recognized and protected in several
provisions of our Constitution, specifically in Sections 1, 2, 3 (1), 6, 8 and
17 of the Bill of Rights. Areas of privacy are also recognized and protected in
our laws, including certain provisions of the Civil Code and the Revised Penal
Code, as well as in special laws (e.g., Anti-Wiretapping Law, the Secrecy of
Bank Deposit Act and the Intellectual Property Code).
The
right to privacy is a fundamental right guaranteed by the Constitution.
Thefore, it is the burden of government to show that Administrative Order No.
308 is justified by some compelling state interest and that it is narrowly
drawn.
A.O.
308 is rested on two considerations:
(1)
the need to provide our citizens and foreigners with the facility to
conveniently transact business with basic service and social security providers
and other government instrumentalities; and
(2)
the need to reduce, if not totally eradicate, fraudulent transactions and
misrepresentations by persons seeking basic services.
While
it is debatable whether these interests are compelling enough to warrant the
issuance of A.O. 308, it is not arguable that the broadness, the vagueness, the
overbreadth of Administrative Order No. 308, if implemented, will put our
people’s right to privacy in clear and present danger.
Administrative
Order No. 308 falls short of assuring that personal information which will be
gathered about our people will only be processed for unequivocally specified
purposes. The lack of proper safeguards in this regard of Administrative Order
No. 308 may interfere with the individual’s liberty of abode and travel by
enabling authorities to track down his movement; it may also enable
unscrupulous persons to access confidential information and circumvent the
right against self-incrimination; it may pave the way for “fishing expeditions”
by government authorities and evade the right against unreasonable searches and
seizures. The possibilities of abuse and misuse of the PRN, biometrics and
computer technology are accentuated when we consider that the individual lacks
control over what can be read or placed on his ID, much less verify the
correctness of the data encoded. They threaten the very abuses that the Bill of
Rights seeks to prevent.
In
addition, as stated in Section 11 and 12 of Republic Act 10173 (R.A. 10173) or
also known as Data Privacy Act of 2012, there can be no gathering of
information if there is non-adherence without following the guidelines of
processing personal information as therein enumerated. Herein below are the
aforementioned rules set forth accordingly:
SEC.
11. General Data Privacy Principles. – The processing of personal information
shall be allowed, subject to compliance with the requirements of this Act and
other laws allowing disclosure of information to the public and adherence to
the principles of transparency, legitimate purpose and proportionality.
Personal
information must, be:
(a)
Collected for specified and legitimate purposes determined and declared before,
or as soon as reasonably practicable after collection, and later processed in a
way compatible with such declared, specified and legitimate purposes only;
(b)
Processed fairly and lawfully;
(c)
Accurate, relevant and, where necessary for purposes for which it is to be used
the processing of personal information, kept up to date; inaccurate or
incomplete data must be rectified, supplemented, destroyed or their further
processing restricted;
(d)
Adequate and not excessive in relation to the purposes for which they are
collected and processed;
(e)
Retained only for as long as necessary for the fulfillment of the purposes for
which the data was obtained or for the establishment, exercise or defense of
legal claims, or for legitimate business purposes, or as provided by law; and
(f)
Kept in a form which permits identification of data subjects for no longer than
is necessary for the purposes for which the data were collected and processed:
Provided, That personal information collected for other purposes may lie
processed for historical, statistical or scientific purposes, and in cases laid
down in law may be stored for longer periods: Provided, further, That adequate
safeguards are guaranteed by said laws authorizing their processing.
The
personal information controller must ensure implementation of personal
information processing principles set out herein.
SEC.
12. Criteria for Lawful Processing of Personal Information. – The processing of
personal information shall be permitted only if not otherwise prohibited by
law, and when at least one of the following conditions exists:
(a)
The data subject has given his or her consent;
(b)
The processing of personal information is necessary and is related to the
fulfillment of a contract with the data subject or in order to take steps at
the request of the data subject prior to entering into a contract;
(c)
The processing is necessary for compliance with a legal obligation to which the
personal information controller is subject;
(d)
The processing is necessary to protect vitally important interests of the data
subject, including life and health;
(e)
The processing is necessary in order to respond to national emergency, to comply
with the requirements of public order and safety, or to fulfill functions of
public authority which necessarily includes the processing of personal data for
the fulfillment of its mandate; or
(f)
The processing is necessary for the purposes of the legitimate interests
pursued by the personal information controller or by a third party or parties
to whom the data is disclosed, except where such interests are overridden by
fundamental rights and freedoms of the data subject which require protection
under the Philippine Constitution.
Under
Administrative Order No. 308, the National ID system has no definite legitimate
purpose of collecting the information and the usage of the said information
does not state the accuracy, relevancy and necessity for which purpose it will
be use.
Moreover,
in Administrative Order No. 308 if given access to the public without the
security to prevent any emergence and infraction to the public of the
information, it will cause greater problem for an individual’s right to privacy.
Thus, in order for the National ID System to augment, adequate safeguards which
will protect the information and safely process the personal information of a
person must be guaranteed.
On
the above case cited, the issue was the implementation of Administrative Order
No. 308, and as the court have stated on this case, won’t the government misuse
the data that they have acquired? They may have included a confidentiality
clause on the new RA 10173, but there is also this underlying fear that the
data that they have filtered to a person may be used against them. On the
quoted case, the Supreme Court stressed that, the right to privacy is one of
the most threatened rights of a man living in a mass society, and the threats
may come from various sources, one on which is the government. It is like
opening our personal information to the government, or as how most would say
it, we are stark naked in the eyes of the government.
VERDICT
Truly,
there may be different perspectives on this issue, but I think it is yet to be
identified and proven the effect of this act because it is too early to
determine its true advantages and disadvantages. The burden lies with the application and
implementation where it would be more of the government’s responsibility of disseminating
and explaining the real purpose and intent of such act in order to really
affect growth and promote innovation for the purpose of nation building.
How
then does this act truly impact my situation as of this time? This query
continues to linger in my mind. At any rate, we should always be mindful of the
fact that in every transaction, security and integrity is often required.
Every
life should be basically private. It is only the works of man that some lives lose
their sense of privacy. Just like the public officials whose life is imbued
with public interest. But still, public figures as they are, there should be
part of their lives that should be treated with privacy. Everything has
limitations. One should always respect the privacy of others.
END
NOTES:
Sources
G.R.
No. 127685 July 23, 1998
BLAS
F. OPLE, petitioner vs. RUBEN D. TORRES, ALEXANDER AGUIRRE, HECTOR VILLANUEVA,
CIELITO HABITO, ROBERT BARBERS, CARMENCITA REODICA, CESAR SARINO, RENATO
VALENCIA, TOMAS P. AFRICA, HEAD OF THE NATIONAL COMPUTER CENTER and CHAIRMAN OF
THE COMMISSION ON AUDIT, respondents. The Lawphil Project. http://www.lawphil.net/judjuris/juri1998/jul1998/gr_127685_1998.html (accessed May 1, 2013)
REPUBLIC
ACT NO. 10173: AN ACT PROTECTING INDIVIDUAL PERSONAL INFORMATION IN INFORMATION
AND COMMUNICATIONS SYSTEMS IN THE GOVERNMENT AND THE PRIVATE SECTOR, CREATING
FOR THIS PURPOSE A NATIONAL PRIVACY COMMISSION, AND FOR OTHER PURPOSES; The
Lawphil Project. http://www.lawphil.net/statutes/repacts/ra2012/ra_10173_2012.html (accessed May 1, 2013)
http://business.inquirer.net/79534/data-privacy-act-of-2012
(accessed May 1, 2013)
http://ph.news.yahoo.com/data-privacy-act-2012-102336873.html
(accessed May 1, 2013)
Disclaimer:
The content of this blog is intended for informational purposes only. It is not
intended to solicit business or to provide legal advice. Laws differ by
jurisdiction, and the information on this blog may not apply to every reader.
Your use of the blog does not create an attorney-client relationship between
you and the blogger.