Republic Act 10173 (DATA PRIVACY ACT): A MECHANISM TOWARDS A

SUCCESSFUL ESTABLISHMENT OF A NATIONAL IDENTIFICATION

SYSTEM IN THE PHILIPPINES

INTRODUCTION

“I believe that any violation of privacy is nothing good”, thus said Lech Walesa, former President
of Poland, Nobel Peace Prize winner, and human rights activist. To him, and to other civil libertarians,
privacy in all of its aspects is an absolute right which no one may justifiably intrude into, not least by the
government itself or by its agents. The possible rationale for this supposition is that this right to privacy
is a constitutionally-enshrined and protected right which is recognized the world over. Therefore, to
violate such constitutional concept is incongruous to what free society is all about.

With the fast-paced and ever changing world however, it is no longer that easy to assert the
concept of a fully free society without acceding to some allowable state restrictions on privacy rights.
Germane to the concept of privacy of information or data privacy, or the right to personal privacy is the
concept of national security. It is within this backdrop that I attempt to discuss the significance, or the
lack of it, of the national identification system in relation to the Republic Act No. 10173 or the Data
Privacy Act.

THE PRESENT THREAT TO PHILIPPINE SECURITY

The Philippines is home to a chopsuey of acronym-based groups, a number of whom are

composed of self-styled freedom fighters. There are those that espouse communist or socialist agenda;
there are those radical fundamentalist groups; those who advocate secession or independence from the
seat government’s power; those who sponsor extremist ideologies and those who are simply, well,
political groups led by vicious warlords. Of these are the diverse arms-carrying groups, led by these
political, socialist, or religious ideologues. Most often than not, these groups abdicate peace by weapons
that injure, maim, or kill innocent civilians. Moreover, most of the time, authorities remain clueless as to
the identity of the perpetrators. Even with the vast network of intelligence equipment to help the security
forces, still, few or none at all ever comes to being solved. These groups, sad to say, are just there,
always waiting for the right time to perpetrate another misdeed.

Among these groups are the so-called Muslim fighters in the South divided into the Moro
National Liberation Front (MNLF), the Moro Islamic Liberation Front (MILF), the dreaded Abu Sayyaf
Group (ASG) and the New People’s Army (NPA). Just lately though, the Moro Islamic Liberation Front
inked a peace covenant with the government which paved the way towards a lasting peace in Mindanao,
or at least in the areas where they have a strong presence. Others still, are just plain criminal elements, or
terror groups, or just manifest transgressors of law, peace and security of the nation. Even then, these
groups still do not constitute the entire security threat pie alone.

With the rapid advancement in the technological sphere, and because of the seeming effortless
acquisition of new technology, which are in abundance commercially, and likewise in the thriving black
market, enterprising people with motives for gain or terror became easily the newest kids on the crime
block. This new class of security threat had already caught the attention of law enforcement and security
forces in most parts of the world. These so-called cybercrime groups have now reached our country’s
shores. Even our very own Philippine National Police (PNP) admits that the country has now become a
“haven for transnational organized crime syndicates involved in cyber pornography, cybersex dens, illegal
online gambling, credit card fraud, and identity theft due to weak laws against cyber crimes
xxx”(Philippine Daily Inquirer, 2011). These threats need to be addressed through a law or laws intended
to insulate innocent and law-abiding citizens from criminal gangs involved in cybercrimes and identity
thieves and by the same token pursue, ferret out and prosecute the latter, if so warranted.

Surely, this cannot be ignored as they have far-reaching implications with respect to the safety
and security of the nation as well as with the Philippine economy eventually. These gangs can be tracked,
tailed, subjected to surveillance and ultimately unmasked through a law that has teeth but at the same time
tailored according to constitutional precepts to make it palatable to the people at large. Apparently, it is
on this pretext that Administrative Order (A.O.) No. 308, otherwise known as “Adoption of a National
Computerized Identification Reference System” had been foisted upon the people that it prompted no less
than a sitting Senator of the Republic to question the same, and won his case, in the Court.

NATIONAL IDENTIFICATION SYSTEM

In 1996, President Fidel V. Ramos issued Administrative Order (A.O.) No. 308. This
administrative issuance aims to facilitate transactions of basic government services in all government
offices and instrumentalities through a computerized system. Alongside its primary goal, this order is
aimed to reduce bureaucratic red tape, fraudulent transactions, and peripherally, arrest the tide of
corruption in government institutions. At the very least, perhaps.

Ideally, A.O. No. 308 was intended to rationalize the diverse field of government agencies
providing essential services to the general public. The said order however never realized its potential as it
was thumbed down by the Supreme Court in its 1998 ruling in the case of Blas F. Ople v. Ruben Torres,
et. al. (G.R. No. 127685 July 23, 1998). The Court, speaking through former Chief Justice Reynato Puno,
declared Administrative Order No. 308 null and void for being unconstitutional as it violates the right to
privacy. According to the Court, the said AO No. 308 “does not tell us in clear and categorical terms
how these information gathered shall be handled. It does not provide who shall control and access the
data, under what circumstances and for what purpose. These factors are essential to safeguard the
privacy and guaranty the integrity of the information.”

The proposed National Computerized Identification Reference System could have been a good
law were it not for these apprehensions by some parties including the Court. These apprehensions may
still be assuaged though by refining the questioned provisions or through another law that could better
explain the same.

But, first things first. Before we could proceed any further, it is indispensable that we discuss, or
at least try to, some of the merits or demerits, the pros as well as the cons, the good side and the bad, the
advantages or disadvantages of the National ID system. By this, we may be able to recognize the possible
beauty of the system, more so if it be guaranteed by a fool-proof law.

Proponents of the system see in the law a tool for easy access by any individual transacting
business with or availing of the services of government offices and instrumentalities. There they
appreciate a mechanism to consolidate all available data from every government office into one super-
data infrastructure on a national level. The end result would be that of efficiency in government
transactions. Opponents of the system have a different look however. They see an unlimited potential for
abuse or misuse of the system as will prevent, say, identity theft resulting in fraud or fraudulent
transactions. Foremost of these raised fears is the issue of invasion of privacy. Free societies and
democratic institutions want unbridled and unrestrained rights. They often see State agents getting hold
of various information about them as prying into the privacy of their lives. And they simply do not like
living under constant fear of unwarranted intrusion into their private lives. For one reason or another,
these people do not trust the State with much of the data or information that the vast powers of the State
may get their hands into. This is the kind of threat to privacy that the Court has taken into great
consideration in Ople v. Torres. Such threat, the Court declares, “comes from the executive branch of
government which by issuing A.O. No. 308 pressures the people to surrender their privacy by giving
information about themselves on the pretext that it will facilitate delivery of basic services. Given the
record-keeping power of the computer, only the indifferent fail to perceive the danger that A.O. No. 308
gives the government the power to compile a devastating dossier against unsuspecting citizens”. But, is
this really the case? Is this fear unfounded? Or, is it more apparent than real? If so, how will the
government refine the system to preclude abuse or misuse? Will it bring more harm than its perceived
good? Alternatively, will it render truth to what the American essayist and cyber libertarian political
activist John Perry Barlow has once said that, “[R]elying on the government to protect your privacy is
like asking a peeping tom to install your window blinds”.

SUFFICIENT MECHANISM TOWARDS A NATIONAL ID SYSTEM

The government’s setback in the declaration by the Court of the unconstitutionality of

Administrative Order No. 308 prompted some legislators to file various bills in both Houses of Congress
touching on the revival of the national identification system. These bills however are still pending in
either House. In August 15, 2012, Republic Act 10173 or the Data Privacy Act of 2012 was approved
into law. It created a National Privacy Commission composed of experts in the field of information
technology and data privacy, to monitor the strict implementation of the provisions of the law in
accordance with international standards on data protection and privacy.

The meat of the said law is the processing of personal information and sensitive personal
information and the congruent rights of the person called the data subject. Thus, there are the rules on
access and the possibility of subsequent disclosure to authorized persons only, and key principles on their
storage or retention either for scientific, historical, and statistical purposes have been carefully laid out.

The law states in Section 2 thereof, thus, “[T]he State recognizes the vital role of information and
communications technology in nation-building and its inherent obligation to ensure that personal
information in information and communications systems in the government and in the private sector are
secured and protected”. This policy direction gives, in itself, an assurance of protection to persons whose
information or data are gathered or processed for lawful use.

Along this line, the law has set parameters under which the processing of personal information is
to be made as well as on how must the personal information controller or processor, as defined in the law,
must operate with the end in view of facilitating government services sans any modicum of abuse and
without sacrificing the policy objectives of the said law. First of these is that no information should be
processed absent any consent by the data subject. Another is that subject to some recognized exceptions,
the law prohibits the processing of sensitive personal information and privileged information.
Parenthetically, exclusionary rule applies rendering inadmissible any evidence gathered on privileged
information.

The law likewise spells out the rights of the data subject which include, inter alia, informing a
person whether a personal information pertaining to him shall be, is being, or has been processed as well
as the methods utilized for automated access if allowed by the data subject. Clearly, the data subject is
given much freedom to exercise his rights under the said law like the right to have reasonable access to
every data or information and their attendant circumstances as to rule out any iota of doubt on the
processes with which his personal information is/are being handled. Needless to say, a data subject may
even demand that his personal information which are found to be false or are being used for fraudulent
purposes be removed from the personal information controller’s filing system. On this note, the provision
on the transmissibility of the rights of the data subject to his lawful heirs and assigns in case of his death
or incapacity bears much significance as it entitles the latter an unrestricted privilege to demand the same
rights as if it were the data subject himself still enforcing the said rights. This way, no party in interest
could claim a denial of his or his predecessor’s rights under the Data Privacy Law.

Of equal importance also is the provision on the subcontracting the processing of personal
information to a third party under Section 14 thereof, viz. the personal information controller ensures
proper safeguards to maintain the confidentiality of the processed information. Evidently, liability falls
with the controller. This requirement diminishes any or all excuses and finger pointing on the part of the
responsible persons on account of the subcontracting the processing of personal information should
questions of accountability arise in the process.

DATA PRIVACY LAW: A SECURITY PERSPECTIVE

It is submitted that the concept of privacy must be understood in the context of what it might
mean to the concept of efficiency and security of government services. This being said, the appropriate
question would be: what must be the general consideration for the right of privacy to concede to some
other rights? What must the citizens of this country contribute to a great extent so that the security of the
entire nation is not compromised?

The concept of security, within a national security perspective, is best brought to the minds of the
citizenry that security and safety is both the responsibility of the State and its people. Thus, in exchange
for safety and security in their homes or in their places of work, the citizenry should be able and willing to
surrender a certain degree of personal privacy. An individual’s basic right to privacy is not absolute. It
must be subject to some exigencies, more particularly where the interest of national security demands
some sacrifice on the part of all stakeholders therein. It is not claimed herein that the right to privacy
occupies a lower position in the hierarchy of constitutional rights. It is maintained nonetheless that this
right should allow another right to temporarily overtake it with the end in view of cushioning any
negative impact to the country’s economic and political maturity.

Indeed, it takes two to tango. While arguably it is the government’s responsibility to protect its
own citizens and even those aliens who set foot in the country, it is likewise in the best interest of the
general welfare that the people should do their share towards that goal by being not so squeamish with
regard to their privacy. For after all, no government survives without an active citizenry, who equally
shares the responsibility in fulfilling a secure and safe locality.

The people should fully put its trust in their government. After all, if people with not-so-good
intentions can attack or compromise the privacy of any individual, why can’t freedom-loving people
allow the State or state agents to perform a mandated task with a little interference from themselves. If in
any case, the performance of such task is clothed with legality or made in furtherance of a larger but
lawful objective, why not entrust the same to them? If we had nothing to hide ourselves, then we should
not fear the government’s watchful eye. If we commit no transgression against the government and our
fellowmen, then we are assured that our privacy is not being violated even as we sleep.

It is quite disturbing that we always find fault in everything that the government does and find a
weakness in every law that it implements. Indeed, it amazes me no end To NOT allow the government
some elbow room within which to execute its authority and utilize all available resources within
constitutional bounds and in the end we cry for the government’s help when it is our turn to become
victims of injustice caused by our overzealousness to protect our personal privacy.

CONCLUSION

Notwithstanding any opposition, it is respectfully submitted that now is the time to pursue more
vigorously, not only the adoption, but also the full implementation of a national identification reference
system as envisioned under the abovementioned administrative order in view of the ever present and
persistent threat to the safety and security of the citizens in particular and the politico-economic stability
in general. This may sound to be security paranoia at its best, but I hasten to say that in the current
scheme of things, I’d rather that the government or its agents would pry into my not-so private personal
data, than those criminal gangs eager to pounce and make a very quick cash on unsuspecting prey like a
dyed-in-the-wool civil libertarian but whose intransigence or obstinacy renders him fair game to ill-
motivated individuals or groups.

Taken in its entirety, I believe that the foregoing considerations relatively provide a sufficient
mechanism towards the introduction of a national identification system. These provisions of the Data
Privacy Act afforded the much-needed shot in the arm of the floundering campaign to establish finally an
ID system akin to a one-stop-shop.

This might not be a panacea, or the cure-all sort of law, but at least we should try it. And really,
that time is now.

REFERENCES:
1. http://en.wikipedia.org/wiki/Lech_Wa%C5%82%C4%99sa. Accessed May 02, 2013.
2.http://globalnation.inquirer.net/16203/philippines-now-haven-for-transnational-cyber-crime-
groups%E2%80%94police. Last accessed May 3, 2013.
3. http://en.wikipedia.org/wiki/John_Perry_Barlow. Accessed May 3, 2013.
4. http://www.chanrobles.com/administrativeorders/administrativeorderno308.html#.UYbzvRcwqUQ .
Last accessed May 3, 2013.
5. http://www.gov.ph/2012/08/15/republic-act-no-10173/. Last accessed May 3, 2013.
6. http://www.lawphil.net/judjuris/juri1998/jul1998/gr_127685_1998.html

DISCLAIMER:

The contents of this blog are only the opinions of this writer and are not intended in any way to
serve as a legal advice.

Pros & Cons of National ID Cards

By Contributing Writer ; Updated June 11, 2018

A national identification card would be used to prove one's identity to

government officials. The idea of using national identification cards resurfaced
after the Sept. 11, 2001, attacks in the United States and the revelations t hat
some of the hijackers had false identification.
Pro: Immigration Control

An obvious argument for national identification cards is that it will help border
agents and other federal officers more quickly determine the immigration status
of individuals. If one is unable to produce a valid card, it could mean that the
person did not enter the country legally. The card would include information
about the person, such as height, weight and eye color, as well as other
aspects to make it harder to forge.

Pro: Easier Identification

Today, many retailers ask for photo identification when making purchases with
a credit or debit card. While many people use a driver’s license, a national ID
card will also let those without driver’s licenses prove their identity more easily
and without hassle. This easier form of identification could also be used in
airports and other facilities that require a form of state -issued identification. An
easier form of identification can also reduce the wait time at airports.

Con: Feasibility

In many countries, it is not feasible to implement a program that would issue

national identification cards to its citizens, permanent residents and legal
immigrants. In order to be able to distribute the national identification cards,
staff would need to be trained and maintained. It would also be difficult to
ensure that the majority of the population would register for a national
identification card. Some, such as the homeless, might have trouble proving
their identities in order to receive a card be cause of a lack of Social Security
numbers or birth certificates.

Con: Redundancy

Because most people already have forms of state -issued identification through
driver’s licenses, requiring everyone to obtain and carry another national
identification card would be redundant. It would also seem silly because the
costs that a national identification card would incur greatly outweigh the benefit
of having two identification cards. There is no point in having a separate
national identity card when the state driver’s license system is already in place.

Con: Possible Invasion of Privacy

National identification cards can be used to track an individual. In order for the
national identification card to be usable by the government, a national
database containing personal information would have to be created. This
database could be considered an invasion of privacy. However, if the
government chooses not to create this database, then it will be too easy for
individuals to commit fraud by having multiple cards with differ ent identities.