Monday, May 6, 2013


TOPIC: Will RA 10173 provide sufficient mechanism to the introduction of a National ID System in the Philippines without the constitutional issues that has arisen in Ople vs Torres?
By: Darius Francis M. Paduada

Privacy is an everyday word which everybody knows. But if you ask someone what it is, no one knows. Everybody loves their privacy. Some are a little over serious about it. A very private emotional individual is an introvert. While a person very private about his properties has signs “No trespassing Private Property” placed on all corners. I can talk about privacy and its being a right guaranteed by the Constitution all day and yet there are still a lot of private things left unsaid. To make matters easier, what is privacy?

The Constitution

            Privacy is a constitutional right guaranteed by the fundamental Article III The Bill of Rights. Clearly, it is an important and essential human right.  

Section 3. 1. The privacy of communication and correspondence shall be inviolable except upon lawful order of the court, or when public safety or order requires otherwise, as prescribed by law.       

            I presented Sections 2 and 3 (1) together because I think their difference will lay the ground for any further discussions to be presented. Section 2 states a more traditional definition of our privacy act. Privacy is the right to be secured in the convenience of our homes and persons. In the case of Ople vs Torres, the main issue is the validity of AO 308. On the hand, Republic Act 10173 is known as the Data Privacy Act. The question is, what right to privacy is AO 308 and RA 10173 regulating or some may say “infringing”.

            At first glance the obvious answer is Sec. 3(1). Personal communications, data, and an ID system are means of communication. A simple entry on a personal note when transacting with government agencies is not only a matter of communication and filing up of entries. It entails openness about your person and trusting the authorities of the responsibility of protecting and respecting that symbol of your person. 

            If you agree with the above-stated statement then, you are incorrect. Data privacy and a National Identification System squarely encounter Sec. 2 and our right to be secured in our persons. Information and data we enter or the processor gather are not mere words. These are very personal matters relating to our own person. And everyone is entitled to the freedom of whether to disclose it or not. It would like to emphasized that Sec. 2 will be the provision contemplated all throughout this paper.

OPLE Vs. TORRES

            The Supreme Court’s ruling on this case is not about the illegality of a proposed national ID system but more on the separation of powers between the executive and legislative branches of the government.
            Generally there are two (2) grounds on which Ople assails Administrative Order No. 308, 1. It is a usurpation of the power of Congress to legislate and 2. It impermissibly intrudes on the right to privacy of citizens. Since the Supreme Court explained the invalidity of the said Order based on the first ground, I will try to explain it as provided by the privacy concept.

            If we summarize AO 308, the “whereas clause” will surely give us a heads-up.

PURPOSE: there is a need to provide Filipino citizens and foreign residents with the facility to conveniently transact business with basic service and social security providers and other government instrumentalities;

MEANS: this will require a computerized system to properly and efficiently identify persons seeking basic services on social security and reduce, if not totally eradicate fraudulent transactions and misrepresentations;

IDEAL: a concerted and collaborative effort among the various basic services and social security providing agencies and other government instrumentalities is required to achieve such a system

The Reasonable Connection Test in Constitutional law will state that the purpose of AO 308, assuming that it is a valid law, is reasonable. Transacting with the government is stressful. This is today’s reality. Aside from the different cards needed for each single agency, the transaction is vulnerable to red tape. So, the convenience that the supposed ID System affords is very reasonable. However, we can tell that with regard to the means to be used. This correctly pointed by the Supreme Court “that assuming, that A.O. No. 308 need not be the subject of a law, still it cannot pass constitutional muster as an administrative legislation because facially it violates the right to privacy”.

The reason is because of Section 4.  This provides for a Population Reference Number (PRN) as a "common reference number to establish a linkage among concerned agencies" through the use of "Biometrics Technology" and "computer application designs."

Although the use of biometrics is acceptable today as observed in COMELEC registrations, it cannot be a requirement for availing government services nor biometrics be synonymous with a national ID. Obviously the aforesaid Administrative Order is not for the Nationalized Identification System. It is not a laminated universal card. It is an adoption of a National Computerized Identification Reference System. It is a national collection of computerized data. We have a huge problem here.

AO. No. 308 was issued by President Fidel V. Ramos On December 12, 1996. So it is basically more than 16 years have passed. During the making of this article I come across a proposed bill that will somehow learn from the mistakes of AO 308.

There is proposed law requiring all Filipinos to secure individual identification cards. It has been approved on second reading by the House of Representatives already. House Bill 6895 or "Filipino Identification System Act" the will require all Filipinos here and abroad to secure non-transferable IDs from at the Local Civil Registrars Office of the town or city they live.

The ID, will bear the photo, name, birth date, date of issue, signature of the owner, individual serial number issued by the National Statistics Office (NSO), and biometric data of the cardholder. At least the “new” system explains the details and is not limited to computer data collection.

RA 10173

PURPOSE: protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected.

SCOPE: applies to the processing of all types of personal information and to any natural and juridical person involved in personal information processing including those personal information controllers and processors

Argument: Is the new act leading to National ID system which was declared unconstitutional in the case of Ople vs Torres?

The Data Privacy Act of 2012 was approved August 15, 2012 and to fully understand the Act, let’s discuss first some of the principles and definition imbedded in the Act itself.

The Act referred as “data” the individual whose personal information is being processed in an Information and Communication System. The System is for generating, sending, receiving, storing or otherwise processing electronic data messages or electronic documents and includes the computer system or other similar device by or which data is recorded, transmitted or stored and any procedure related to the recording, transmission or storage of electronic data, electronic message, or electronic document.

The Act also have extraterritorial application where it mentioned applicability of the law to an act done or practice engaged in and outside of the Philippines by an entity if:
(a) The act, practice or processing relates to personal information about a Philippine citizen or a resident;
(b) The entity has a link with the Philippines, and the entity is processing personal information in the Philippines or even if the processing is outside the Philippines as long as it is about Philippine citizens or residents.

The notable principles declared in the Act are:
·        
Processing of information shall be allowed but subject to the compliance with requirements of the Act as well as other laws allowing disclosure of information to the public.
·         Personal information shall be collected for specified and legitimate purposes determined and declared before, or as soon as reasonably practicable after collection, and later processed in a way compatible with such declared, specified and legitimate purposes only;
·         Processed fairly and lawfully;
·         Accurate, relevant and, where necessary for purposes for which it is to be used the processing of personal information, kept up to date; inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing restricted;
·         
Adequate and not excessive in relation to the purposes for which they are collected and processed

The Act however, allows of sensitive information and privileged information in some instances, such as when the individual or data gave his consent, the processing was provided for by existing laws and regulations, processing is necessary to protect the life and health of the data subject or another person, processing is necessary to achieve the lawful and noncommercial objectives of public organizations and their associations and processing is necessary for purposes of medical treatment.

Thus, from the Act itself this will allow the Government or the commission to have ready access on personal information of the citizens of the Philippines even without the consent of the individual as long as it falls under the other exemptions.

Although the Data is entitled of certain rights such as being informed whether personal information pertaining to him, the process of informing the Data is I think would be troublesome as the duration of sending the information would be a question.

A question of confidentiality and privacy of the individual would also arise for the Commission would have ready access to such information and made available to the Government as well as data security as against the advancing technology.

Given, the present situation in our Country, the misapplication of such data is not impossible.

Individual safety and sanctuary may be affected by and trespassed as the confidential personal data of the individual may be accessed by the Commission and could be used against him. Thereby affecting his right from self incrimination.


Conclusion
No. The RA 10173 does not provide sufficient mechanism to the introduction of a National ID System in the Philippines without the constitutional issues that has arisen in Ople vs Torres. It may somehow lay a ground for a data compilation but it does not give a framework for a identification system. I think that RA 10173 is more application on the personal information a computer user will input on the internet. The name, email and account in general must be protected in the internet just like its disclosure on an application to the SSS or GSIS.

When thinking about Facebook, a dilemma will occur when the user dies. Who owns the account and all the information, pictures, and messages? Mark Zuckerburg or the user? Well in a sense RA 10173 is helpful because it is very clear that even data subject has transmissibility rights. The lawful heirs or assignee would have that right.

RA 10173 is more than a National ID System. And honestly I cannot really find any mechanism that it introduces an ID system.