Data privacy violations and online shaming by lending apps legal remedies

The rise of Financial Technology (FinTech) in the Philippines has democratized access to credit through Online Lending Platforms (OLPs). However, this convenience has been overshadowed by a pervasive pattern of abuse: online shaming and unauthorized data processing. Aggressive collection agents often use the personal data harvested from a borrower's phone—contacts, photos, and social media—to coerce payment through public humiliation and harassment.

Under Philippine law, these practices are not just unethical; they are illegal.

I. Statutory Violations

Lending apps that engage in harassment typically violate three primary sets of laws and regulations:

1. Data Privacy Act of 2012 (Republic Act No. 10173)

The most common violation occurs when apps access a borrower’s contact list or gallery without a legitimate purpose related to the loan.

  • Unauthorized Processing: Accessing data beyond what is necessary to determine creditworthiness.
  • Processing for Illegitimate Purposes: Using contact lists to "inform" friends and family of a borrower’s debt (shaming) is a direct violation of the principle of purpose limitation.
  • Malicious Disclosure: Disclosing sensitive personal information with intent to cause harm or prestige.

2. SEC Memorandum Circular No. 18 (Series of 2019)

The Securities and Exchange Commission (SEC) issued specific guidelines on Prohibited Acts in the Collection of Debts. These include:

  • The use of threats or profane language.
  • Online Shaming: Posting the borrower's name or photo on social media as a delinquent debtor.
  • Contacting persons in the borrower’s contact list who are not co-makers or guarantors.
  • Misrepresenting oneself as a lawyer, court official, or police officer.

3. Cybercrime Prevention Act of 2012 (Republic Act No. 10175)

Harassment often escalates into criminal territory:

  • Cyber-Libel: Public and malicious imputation of a crime, vice, or defect, transmitted via the internet.
  • Unjust Vexation: Broadly applied to conduct that annoys, irritates, or vexes the victim without physical harm.

II. Administrative and Civil Remedies

Victims have several avenues to hold these entities accountable and stop the harassment.

1. The National Privacy Commission (NPC)

The NPC is the primary body for data privacy complaints.

  • Cease and Desist Orders: The NPC can order an app to stop processing data or even shut down its operations (as seen in the "Ban" of numerous OLPs).
  • Administrative Fines: Substantial penalties for data breaches and privacy violations.
  • Procedure: File a formal complaint supported by screenshots of the harvested data usage and harassment messages.

2. The Securities and Exchange Commission (SEC)

If the lending app is a registered corporation, the SEC’s Corporate Governance and Finance Department handles violations of debt collection ethics.

  • Revocation of Certificate of Authority: The SEC can permanently ban an OLP from operating in the Philippines.
  • Formal Complaint: Victims should provide the app name, the company behind it (found in the "About" section), and evidence of the prohibited collection practices.

III. Criminal and Civil Actions

For more severe cases involving defamation or threats, judicial intervention is necessary.

1. Filing for Cyber-Libel

If an agent posts your photo on Facebook labeling you a "scammer" or "thief," you can file a criminal complaint for Cyber-Libel at the Department of Justice (DOJ) or with the PNP Anti-Cybercrime Group (ACG).

2. Civil Damages (Civil Code of the Philippines)

Under Article 26 of the Civil Code, "Every person shall respect the dignity, personality, privacy and peace of mind of his neighbors and other persons." Victims can sue for:

  • Moral Damages: For mental anguish and social humiliation.
  • Exemplary Damages: To set an example so the app does not repeat the behavior.

IV. Practical Steps for Victims

If you are currently being shamed or harassed, follow these steps to build your legal case:

  1. Document Everything: Take screenshots of all threatening texts, social media posts, and the app’s permissions settings. Do not delete the conversation threads.
  2. Verify Registration: Check the SEC website to see if the OLP is a registered Lending Company or Financing Company. Many "predatory" apps operate without a license.
  3. Request Data Erasure: Under the DPA, you have the Right to Erasure. Send a formal demand to the app’s Data Protection Officer (DPO) to delete your contact list and non-essential data.
  4. Report to Platforms: Report the app to the Google Play Store or Apple App Store for "Malicious Functionality" to aid in getting the app delisted.

V. Jurisprudence and Outlook

The Philippine government has taken an increasingly aggressive stance against "bombing" (sending mass texts to contacts) and "shaming." The NPC’s Circular on the Processing of Personal Data by Lending Companies strictly prohibits the harvesting of contact lists and GPS data for debt collection. Legal remedies in the Philippines are robust, but they require the victim to transition from a defensive posture to an offensive legal strategy by utilizing the regulatory power of the SEC and NPC.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login