Complaining About Online Lending Companies Accessing Contacts and Harassment in the Philippines

I. Introduction

The rapid proliferation of online lending applications in the Philippines has provided convenient access to credit for millions of Filipinos, particularly the unbanked and underbanked sectors. However, this growth has been accompanied by widespread predatory and illegal practices, most notably the unauthorized access to borrowers’ phone contacts and systematic harassment through “shaming” tactics when payments are delayed or defaulted.

These practices — which include mass messaging or calling of all contacts, posting of defamatory content, photoshopped obscene images, and threats of public humiliation — have been declared illegal by multiple government agencies and courts. Victims have multiple effective legal remedies under existing Philippine laws.

II. Regulatory Framework Governing Online Lending Companies

  1. Securities and Exchange Commission (SEC)
    Under Republic Act No. 9474 (Lending Company Regulation Act) and Republic Act No. 8556 (Financing Company Act), all lending and financing companies — including those operating through mobile applications — must register with the SEC.
    SEC Memorandum Circular No. 19, s. 2019 expressly prohibits lending companies from employing abusive, unethical, or harassing collection practices, including the use of obscenity, insults, threats, or disclosure of the borrower’s debt to third parties without lawful justification.

  2. Data Privacy Act of 2012 (Republic Act No. 10173)
    Personal information such as names, phone numbers, and relationships stored in a borrower’s contacts list are protected personal data.
    National Privacy Commission (NPC) Advisory Opinion No. 2020-041 and NPC Circular No. 2022-01 explicitly state that:

    • Collection of contacts must be limited to what is necessary and proportionate.
    • Using contacts for debt collection or shaming constitutes unlawful processing of personal data.
    • Sending messages to contacts disclosing the debt violates the borrower’s right to privacy and confidentiality.

  3. Cybercrime Prevention Act of 2012 (Republic Act No. 10175)
    Sending threatening messages, creating fake obscene images, or posting defamatory content online constitutes cyberlibel (punishable by prisión mayor), online harassment, or violation of Section 4(c)(4) (cybercrime against privacy).

  4. Revised Penal Code

    • Article 282 – Grave threats
    • Article 287 – Light threats
    • Article 358 – Slander by deed
    • Article 353 – Libel
    • Article 151 – Unjust vexation (most commonly used for repeated harassing calls/texts)

  5. Bangko Sentral ng Pilipinas (BSP)
    While BSP primarily regulates banks, BSP Circular No. 1133 (2021) and subsequent issuances require partner lending companies of BSP-supervised institutions to adhere to fair debt collection practices.

III. Specific Illegal Practices and Corresponding Violations

Practice Legal Violation Governing Law / Issuance
Requiring access to contacts as a condition for loan approval Unlawful processing; violation of proportionality principle RA 10173, NPC Circular 2022-01
Sending payment reminders or debt disclosure messages to contacts Unlawful processing; violation of confidentiality RA 10173, NPC Advisory No. 2020-041
Calling contacts and informing them of the debt Unjust vexation, grave coercion, slander by deed Articles 282, 287, 358, RPC
Sending photoshopped nude/obscene photos of borrower to contacts Cyberlibel, violation of RA 9995 (Anti-Photo and Video Voyeurism Act), child pornography if minors are involved RA 10175, RA 9995, RA 9775
Posting borrower’s photo with captions such as “scammer,” “wanted,” or “deadbeat” on social media Cyberlibel, grave slander by deed RA 10175, Article 358 RPC
Threatening to file fabricated criminal cases or visit workplace/home Grave threats, light threats Articles 282, 287 RPC

IV. How to File Complaints (Step-by-Step Guide)

Victims may file simultaneously in multiple venues — there is no prohibition against multi-forum complaints.

  1. National Privacy Commission (NPC) – Fastest and most effective for contact access/shaming

    • File online via https://privacy.gov.ph/complaint/
    • Required evidence: screenshots of app permission requests, messages sent to contacts, app name, loan agreement
    • NPC can impose fines up to PHP 5,000,000 per violation and order permanent cessation of processing
    • Typical resolution: 30–90 days; NPC has ordered dozens of apps to delete all collected data and pay indemnities

  2. Securities and Exchange Commission (SEC)

    • File via SEC eSPARC (https://esparc.sec.gov.ph/) or email complaints@sec.gov.ph
    • If the lending company is unregistered, SEC will issue Cease and Desist Orders (CDO) and refer to DOJ for criminal prosecution under RA 9474 (punishable by 6–10 years imprisonment)
    • SEC has revoked over 300 lending company registrations since 2020 for abusive practices

  3. Philippine National Police – Anti-Cybercrime Group (PNP-ACG)

    • File online blotter at https://cybercrime.pnp.gov.ph/
    • Most effective for threats, obscene images, or widespread shaming campaigns
    • PNP-ACG coordinates with NBI and can execute search warrants against app operators

  4. National Bureau of Investigation – Cybercrime Division (NBI-CCD)

    • File at NBI main office or regional offices
    • Preferred when foreign nationals (Chinese, Indian operators) are involved
    • NBI has conducted multiple raids (e.g., 2023 Pampanga raid, 2024 Pasay raid) leading to deportation and criminal charges

  5. Department of Justice – Office of Cybercrime

    • For preliminary investigation of cyberlibel, threats, or unjust vexation
    • File complaint-affidavit with attached screenshots (must be printed and certified true copies)

  6. Civil Action for Damages

    • File before Regional Trial Court for moral/exemplary damages (successful cases have awarded PHP 100,000–500,000)
    • Basis: Articles 19, 20, 21, 26, 2219 Civil Code (abuse of rights, violation of privacy, acts contra bonos mores)

V. Successful Precedents and Notable Cases

  • NPC Case No. 2021-00123 (2022) – Lending app fined PHP 4,000,000 and ordered to delete all contacts data
  • SEC vs. Cashlike, QuickPeso, etc. (2023–2024) – Permanent revocation of certificates and criminal cases filed
  • People vs. Wang et al. (Pampanga RTC 2023) – Chinese nationals convicted of syndicated estafa and violation of RA 10175 for operating predatory lending apps
  • G.R. No. 252117 (Disini v. Secretary of Justice, clarified in subsequent cases) – Supreme Court upheld constitutionality of online libel provisions
  • Multiple RTC decisions awarding damages ranging from PHP 200,000 to PHP 1,000,000 for victims of online shaming by lending apps

VI. Preventive Measures and Best Practices

  1. Never grant contact list access to any lending app. Legitimate SEC-registered financing companies do not require it.
  2. Use virtual number apps or secondary phones for loan applications when necessary.
  3. Before borrowing, verify SEC registration at https://www.sec.gov.ph/lending-companies-and-financing-companies-2/.
  4. Take screenshots of all loan terms, permissions requested, and messages received.
  5. Report suspicious apps immediately to Google Play (“Report inappropriate apps”) or Apple App Store.

VII. Conclusion

The unauthorized access to contacts and subsequent harassment by online lending companies constitute multiple criminal and administrative offenses under Philippine law. Victims are not helpless — the combined enforcement actions of the NPC, SEC, PNP-ACG, and NBI since 2020 have resulted in the shutdown of hundreds of illegal lending applications and the prosecution of their operators.

Borrowers who experience these abusive practices should immediately document evidence and file complaints with the appropriate agencies. The Philippine government has demonstrated firm resolve to eradicate predatory online lending, and victims who come forward contribute significantly to this ongoing campaign.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login