Complaint Against Online Lending App Harassment Philippines

A Philippine legal guide to rights, violations, evidence, and where to file complaints

1) The problem in context: when “collection” becomes illegal harassment

Online lending apps (often operating as SEC-registered lending companies or financing companies, or sometimes illegally without registration) may pursue unpaid loans through collection. Collection is allowed. Harassment is not.

In the Philippine setting, “online lending harassment” commonly includes any of the following:

  • Threats (e.g., “warrant,” “arrest,” “police will visit,” “we will file a case tomorrow”) used to intimidate rather than lawfully demand payment
  • Public shaming (posting your name/photo online; calling you a “scammer”; broadcasting your debt to others)
  • Contacting third parties (friends, relatives, coworkers, employer) to pressure you to pay
  • Doxxing (sharing your personal details, ID photos, address, workplace)
  • Abusive language and repeated contact (insults, profanity, calls/texts at unreasonable hours, relentless spam)
  • Misrepresentation (pretending to be from a government agency, a law office, or law enforcement)
  • Using app permissions as leverage (accessing your contacts/photos and then messaging them)

These practices create multiple possible violations—administrative (regulatory), criminal, and civil.

2) Know the regulator first: why SEC registration matters

Most legitimate online lending apps are tied to entities regulated by the Securities and Exchange Commission (SEC), typically as:

  • Lending companies (generally governed by Republic Act No. 9474, the Lending Company Regulation Act of 2007), and/or
  • Financing companies (generally governed by Republic Act No. 8556, the Financing Company Act of 1998)

If an app or its operator is not registered/authorized, reporting it to the SEC becomes even more important because it may be operating illegally (separate from harassment).

Key point: SEC rules and circulars have repeatedly emphasized that unfair debt collection practices—including harassment, threats, public shaming, and contacting unrelated third parties—are prohibited for SEC-supervised lending/financing companies and their collection agents.

3) The main legal bases you can use (Philippine framework)

A. Administrative / regulatory violations (SEC; plus consumer protection standards)

A complaint to the SEC is often the most direct route against online lending harassment because the SEC can impose sanctions affecting the company’s authority to operate (including penalties and possible revocation/suspension), and can order compliance with fair collection standards.

In addition, the Financial Products and Services Consumer Protection Act (Republic Act No. 11765) sets consumer protection principles (fair treatment, protection from abusive conduct, clear disclosures, data protection norms) implemented by financial regulators within their jurisdiction (including the SEC for SEC-supervised entities). While your complaint may be anchored on specific abusive collection acts, RA 11765 supports the broader consumer protection frame.

What this means in practice: even if a borrower actually owes money, the lender/collector can still be liable administratively for prohibited collection tactics.

B. Data Privacy Act: when harassment is powered by your contact list and personal data

The Data Privacy Act of 2012 (RA 10173) is central to many online lending harassment cases because a frequent tactic is:

  1. the app collects personal data (often including contacts, photos, device information), then
  2. uses or discloses that data to shame or pressure payment.

Potential Data Privacy Act issues include:

  • Invalid or non-compliant “consent” (consent must be informed, freely given, specific; it can’t be buried in confusing terms and used beyond necessity)
  • Processing beyond purpose (data gathered “for loan evaluation” used for harassment and public shaming)
  • Unauthorized disclosure (messaging your contacts about your debt; posting your information)
  • Excessive data collection (collecting more data than necessary for a loan)
  • Failure to implement safeguards (risk of leaks, misuse, access by collectors without proper controls)

You can complain to the National Privacy Commission (NPC) for unlawful processing and disclosure, and you may pursue civil damages and/or criminal liability under RA 10173 depending on facts.

Important note: If your friends/relatives/coworkers were contacted, they are also data subjects whose data (their phone numbers, identities, relationship to you) may have been processed/disclosed improperly—meaning they can be complainants too.

C. Revised Penal Code (criminal): threats, coercion, defamation, and related offenses

Harassing collection behavior can cross into criminal conduct under the Revised Penal Code, depending on what was said/done:

  • Grave Threats / Light Threats / Other Threats – threats of harm, exposure, or wrongful acts used to intimidate
  • Grave Coercion / Light Coercion – forcing you to do something (pay immediately, give money) through intimidation beyond lawful means
  • Unjust Vexation – persistent, irritating conduct without justification (often used for harassment patterns)
  • Slander/Libel – calling you a “scammer,” “criminal,” etc., to third parties; accusing you of wrongdoing beyond the fact of debt
  • Estafa-related angles are less common against collectors but may arise if there are fraudulent representations on either side; harassment cases usually focus on threats/coercion/defamation/privacy

D. Cybercrime Prevention Act: when the harassment is done through ICT

When threats/defamation/other crimes are committed through texts, social media, messaging apps, or online posts, RA 10175 (Cybercrime Prevention Act) may apply.

Two common ways it matters:

  1. Cyber libel – defamatory posts/messages published online
  2. Section 6 – crimes under the Revised Penal Code and special laws, when committed “by, through, and with” ICT, may carry a higher penalty (one degree higher) than their offline equivalents, subject to legal interpretation and charging decisions.

E. Civil Code remedies: privacy, abuse of rights, and damages

Even if a criminal case is not pursued (or while it is pending), harassment can support a civil case for damages and injunctive relief, commonly anchored on:

  • Civil Code Article 19 (abuse of rights)
  • Civil Code Article 20 (acts contrary to law)
  • Civil Code Article 21 (acts contrary to morals, good customs, public policy)
  • Civil Code Article 26 (right to privacy; interference with private life, family relations, and reputation)

Recoverable damages may include moral damages (distress, anxiety, humiliation), exemplary damages (to deter similar conduct), and attorney’s fees in proper cases.

F. Other laws that may become relevant in specific fact patterns

  • Anti-Photo and Video Voyeurism Act (RA 9995) – if collectors threaten to share or actually share intimate images/videos
  • Safe Spaces Act (RA 11313) – if the harassment is gender-based/sexual in nature and occurs online
  • Anti-Wiretapping Act (RA 4200) – relevant to how you gather evidence: secret recording of private communications can raise legal issues

4) Who can be held liable

Harassment is often done by “agents” or third-party collectors, but liability can extend to:

  • the lending/financing company (principal)
  • collection agencies and their personnel
  • corporate officers who authorized or tolerated unlawful practices (facts matter)
  • individuals who posted/typed/sent defamatory or threatening communications

Regulators and prosecutors often look at whether the company’s processes systematically enable harassment (e.g., scripts, quotas, sharing borrower data to collector groups).

5) Where to file complaints in the Philippines (and what each one is good for)

A. SEC (Securities and Exchange Commission)

Best for: stopping abusive collection, penalizing or shutting down abusive/illegal lending companies, enforcing fair collection rules.

You typically submit:

  • a complaint letter/affidavit describing the harassment
  • proof of the company/app identity (name, app name, screenshots, numbers used, receipts, loan account details)
  • screenshots of messages/posts, call logs, contact-blast messages sent to third parties
  • sworn statements from third parties who were contacted (helpful)

Practical tip: Identify the registered corporate name behind the app if possible (apps sometimes use a brand name different from the registered entity).

B. NPC (National Privacy Commission)

Best for: misuse/disclosure of personal data, contact list harvesting, public shaming powered by your data, demands to delete/stop processing, and accountability for privacy violations.

You typically submit:

  • narrative of data collected and how it was used
  • screenshots showing third-party messages and disclosures
  • proof of app permissions requested and granted (if available)
  • evidence of postings/disclosures containing personal data

NPC complaints often focus on purpose limitation, proportionality, transparency, and whether the company had a lawful basis to process/disclose data the way it did.

C. PNP / NBI Cybercrime units (law enforcement)

Best for: quick documentation (blotter/incident report), help identifying perpetrators, and building the case for the prosecutor.

Useful when there are:

  • explicit threats
  • coordinated online shaming
  • impersonation of authorities/law firms
  • hacking/account takeovers
  • systematic harassment via multiple numbers/accounts

D. Office of the City/Provincial Prosecutor (criminal complaints)

Best for: filing criminal cases (threats, coercion, unjust vexation, libel/cyber libel, data privacy crimes).

You typically submit a Complaint-Affidavit with attachments (screenshots, printouts, certifications, witness affidavits). The prosecutor determines probable cause and may file in court.

E. Civil actions in court (injunction + damages)

Best for: court orders to stop harassment (injunction), and monetary compensation for harm.

Courts can order parties to refrain from contacting third parties, posting defamatory content, or processing/disclosing data unlawfully, depending on the evidence and legal basis.

F. Barangay conciliation (Katarungang Pambarangay) — when it applies and when it doesn’t

Barangay conciliation is generally for disputes between individuals residing in the same city/municipality and is often required before certain court actions. However, it often does not fit well for online lending harassment cases involving:

  • corporations with business addresses outside your barangay
  • multiple unknown perpetrators
  • cases needing urgent relief
  • many criminal complaints that proceed directly under prosecutorial rules

Whether it’s required is fact-specific; many victims proceed directly to regulator/prosecutor, especially where corporate entities and cyber elements are involved.

6) Evidence: what to collect (and how to preserve it)

Strong evidence makes complaints move.

Essential evidence checklist

  • Screenshots of SMS, chat messages, social media messages, and posts
  • Call logs showing frequency and timing; note dates/times
  • Threat content (save the exact wording)
  • Messages sent to your contacts (ask them for screenshots)
  • Names/numbers/accounts used; links to posts; usernames
  • Loan documents: app screens, disclosures, repayment schedules, receipts, ledger screenshots
  • App permission evidence: screenshots of requested permissions; phone settings showing granted permissions
  • Timeline: a simple chronological list of events

Authentication and admissibility (practical Philippine litigation reality)

Philippine courts use the Rules on Electronic Evidence: electronic messages and printouts generally need to be authenticated (show they are what you claim they are). Practical ways include:

  • having the person who received the message execute a sworn affidavit identifying the message and explaining how it was received and saved
  • preserving original files, URLs, and device data where possible
  • printing screenshots and attaching them as annexes, with clear labels and dates

Caution about call recording

Secretly recording private calls can raise issues under RA 4200 (Anti-Wiretapping Act). Many complainants rely instead on screenshots, written messages, call logs, and third-party affidavits.

7) Building a complaint that works: what to allege (and how to frame it)

A. Core narrative (keep it structured)

  1. Who you are, the loan details (date, amount, app/company identity)
  2. What happened after payment issues (or even during regular collection)
  3. Specific harassment acts with dates/times
  4. Data privacy angle: permissions requested, contacts accessed, third parties messaged
  5. Harm caused: anxiety, reputational harm, workplace issues, family distress
  6. Relief requested: stop harassment, stop third-party contact, delete/cease processing, sanction the company/agents

B. Match facts to possible violations

  • Threats of arrest/warrants → threats/coercion, misrepresentation
  • Messaging your employer/friends → unfair collection + data privacy violations
  • Posting “scammer” lists with your photo → defamation/cyber libel + privacy
  • Repeated profane calls/texts → unjust vexation, unfair collection
  • Publishing your ID/address → privacy violations, possible threats/coercion

C. Identify respondents correctly

Where possible, name:

  • the registered company behind the app
  • known officers/representatives (if you have them)
  • collection agency (if disclosed)
  • specific accounts/numbers used (even if identities are unknown)

8) Can you complain even if you truly owe the loan?

Yes. Debt does not legalize harassment. A lender’s lawful options typically include:

  • contacting you directly in a reasonable manner
  • issuing demand letters
  • negotiating restructuring
  • filing a civil case to collect (subject to defenses like unconscionable interest, improper charges, or defective disclosures)

What they generally cannot do is punish you socially or weaponize your personal data.

9) Common lender tactics and how they are treated legally

“We will have you arrested”

Non-payment of a debt is generally not a crime by itself. Arrest threats are frequently used as intimidation and may support complaints for threats/coercion and unfair collection practices—especially if there is no actual legal basis for criminal liability.

“We will message everyone you know”

Using your contact list to pressure you is a classic data privacy and unfair collection issue.

Posting your photo/name and calling you a scammer

Potential defamation/cyber libel plus privacy violations, depending on content and publication.

Excessive interest and fees

Philippine law allows interest (the old Usury Law ceilings have long been effectively lifted), but courts can reduce unconscionable or iniquitous interest/penalties. Even so, abusive collection is still separately punishable.

10) Practical, lawful steps while complaints are being prepared

  • Preserve evidence immediately (screenshots, links, logs, witness screenshots)
  • Communicate in writing when possible (it creates a record)
  • Send a clear written demand to stop third-party contact and public posting (keep a copy)
  • Exercise data subject rights in writing (request information, object to processing, request deletion where applicable)
  • Avoid retaliatory posts that could escalate into counter-claims
  • Do not share additional sensitive data beyond what is necessary to document your complaint

11) What outcomes are realistic

Depending on the route(s) you take:

  • SEC: sanctions against the company; possible suspension/revocation; orders to stop prohibited practices
  • NPC: orders related to data processing, possible administrative penalties, and findings supporting criminal/civil actions under the Data Privacy Act
  • Criminal route: prosecution of responsible individuals and/or officers depending on evidence and charging decisions
  • Civil route: damages, injunctions, and court orders to stop harassment and remove postings

Many complainants pursue parallel actions (SEC + NPC + criminal), because each forum addresses a different dimension: business authority, privacy, and penal accountability.

12) Mini-outline template: Complaint-Affidavit (Prosecutor)

I. Parties

  • Complainant: name, address
  • Respondents: company, collectors, numbers/accounts used

II. Facts

  • Loan details
  • Harassment incidents (chronological; include dates/times)
  • Third-party disclosures and shaming incidents
  • Harm suffered

III. Violations

  • Identify possible offenses (threats/coercion/unjust vexation/cyber libel/data privacy crimes), tailored to your facts

IV. Evidence / Annexes

  • Annex “A” screenshots; “B” call logs; “C” witness affidavits; “D” loan records; etc.

V. Prayer

  • Finding of probable cause and filing of appropriate charges

Verification and jurat (notarization), as required.

13) Bottom line

Online lending harassment in the Philippines is not merely “rude collection”—it can implicate SEC regulatory violations, Data Privacy Act liability, criminal offenses (threats/coercion/defamation), cybercrime enhancements, and civil damages for privacy and abuse of rights. The strongest complaints are evidence-driven, name the correct corporate respondents, and clearly connect each harassment act to the relevant legal frameworks.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login