Debt Collection Harassment by Online Lending Apps: How to File a DPA and NTC Complaint (Philippines)

Debt Collection Harassment by Online Lending Apps in the Philippines: How to File a DPA and NTC Complaint

This article explains, in practical and legal terms, how to respond to abusive collection tactics by online lending apps (OLAs) in the Philippines, with a focus on filing complaints under the Data Privacy Act of 2012 (DPA) and with the National Telecommunications Commission (NTC). It also notes when to involve the Securities and Exchange Commission (SEC), Bangko Sentral ng Pilipinas (BSP), law enforcement, and your telco.

1) The Problem: What “Harassment” Looks Like in OLA Collections

Common abusive practices include:

  • “Shaming” tactics: messaging or calling your family, boss, coworkers, and contacts; group chats tagging you as a “scammer”; posting your photo/details online.
  • Threats and intimidation: threats of arrest, criminal cases for “estafa” without basis, physical harm, doxxing.
  • Excessive or odd-hour calls: robocalls or collectors calling dozens of times per day, including late at night/early morning.
  • Use of your phone’s contact list or gallery harvested by the app without clear, freely given, and specific consent.
  • Misleading representations: pretending to be a government agent, a lawyer, or law enforcement when they are not.

These practices can violate the Data Privacy Act of 2012 (RA 10173) (e.g., unlawful or excessive processing and disclosure of personal data), SEC rules on unfair debt collection (for registered lending/financing companies), and even telecom rules and cybercrime laws when threats, extortion, or obscene content are involved.

2) Quick Decision Map: Where to Complain

Scenario Main Forum(s) Why
App scraped your contacts, sent “shame texts” to them, or disclosed your debt to others National Privacy Commission (NPC) under the DPA Unlawful processing/disclosure; breach of data subject rights
Endless spam/harassing calls or texts from specific numbers; spoofed numbers NTC and your telco (Globe/Smart/DITO, etc.) NTC can order telcos to investigate and block numbers; telcos can provide remedies
The collector or app is a lending/financing company using unfair tactics SEC (Enforcement and Investor Protection); NPC (if personal data abuse) SEC prohibits unfair collection; may suspend/revoke OLA operations
Threats of bodily harm, stalking, extortion, non-consensual sharing of images, identity theft PNP / NBI Cybercrime Potential criminal offenses (grave threats, unlawful use of personal data, cyber harassment)
The lender is a bank/e-money issuer BSP Consumer Assistance Mechanism; NPC if privacy issues BSP-supervised entities follow market conduct standards

In many cases, you will file more than one complaint (e.g., NPC and NTC, possibly SEC). You may file complaints even if you still owe money—harassment and illegal processing of data are separate issues.

3) Core Laws and Principles (Plain Language)

  • Data Privacy Act (RA 10173)

    • You have rights to be informed, object, access, erasure/blocking, damages, data portability, and to file a complaint.
    • Processing must be lawful, transparent, and proportional. Apps cannot collect contact lists “just in case” and then use them to shame you.
    • Disclosing your debt to third parties (your boss, your relatives, random contacts) is typically unlawful unless you gave valid, specific consent or there is another lawful basis under the DPA.
    • Personal information controllers/processors must implement security measures and are accountable for those they hire (e.g., third-party collectors).

  • SEC rules on Unfair Debt Collection (for lending/financing companies)

    • Prohibit threats, obscenities, public shaming, contacting people unrelated to the loan except those expressly named (e.g., guarantor/co-maker), misrepresentation (posing as lawyers/officers), and excessive or odd-hour calls.

  • Telecom and SIM-related controls

    • Persistent harassment through particular numbers or spoofed lines can be addressed via NTC and your telco (investigation, number blocking).

  • Criminal laws may apply when there are threats, extortion, obscene images, stalking, or identity theft.

4) Evidence You Should Gather (Before You File)

  1. Screenshots of messages/chats (include sender numbers, timestamps, group names).
  2. Call logs/recordings (if legally obtained; in the PH, recording your own calls is generally allowed, but avoid intercepting third-party communications).
  3. App permissions pages and screenshots (e.g., evidence the app requested contact access).
  4. Copies of consent/terms you accepted (if available).
  5. List of affected contacts and brief notes of what they received.
  6. Your valid ID and contact details for complaints.
  7. Proof of lender identity: app name, company name in app store listing, SEC registration (if known), email headers if available.
  8. Any payments made and statements (to show context; not required for harassment claims).

Keep originals and provide redacted versions for filing. Preserve metadata (dates, numbers) where possible.

5) How to File a Data Privacy Act Complaint (NPC)

Who may file: You (the data subject) or your authorized representative.

When to file: As soon as practicable after the incident. You normally don’t need to “exhaust internal remedies” with the app when harassment or disclosure is ongoing or urgent.

What to include:

  • Complainant information (name, address, email/phone).
  • Respondent information (company/app name; if unknown, describe the app and any contact info used).
  • Narrative of facts (chronological; what was collected, how used/disclosed, who received shame messages, dates).
  • DPA violations alleged (e.g., unlawful processing, unauthorized disclosure, failure of transparency/proportionality, failure of security measures, violation of data subject rights).
  • Reliefs requested: stop further processing and disclosure; order deletion/blocking; require security/organizational measures; administrative penalties; coordination with SEC/NTC as needed.
  • Annexes: screenshots, call logs, contact list samples, proof that third parties were contacted, app permission screenshots, any correspondence with the lender/collector.

Filing format: A signed Complaint-Affidavit (see template below), with Annexes properly labeled and referenced (Annex “A”, “B”, etc.). Attach a copy of your valid ID. If filing through a representative, include a Special Power of Attorney (SPA) and the representative’s ID.

What happens next (typical flow):

  1. Docketing and preliminary assessment (completeness, jurisdiction).
  2. Notice to Respondent; possible mediation or compliance orders.
  3. Fact-finding and evaluation of evidence.
  4. Resolutions/Orders: may include compliance directives (cease and desist from shame messaging, deletion of unlawfully obtained data), and administrative fines per applicable NPC circulars.
  5. Appeal: Orders are generally appealable under administrative rules; consult counsel as needed.

6) How to File an NTC Complaint (Calls/SMS Harassment)

Goal: Stop the calls/texts and identify/disable abusers’ numbers.

Who to file against: Unknown or known numbers used by collectors; also advise your telco to block/report.

What to include:

  • Your details and valid ID.
  • Numbers used to call/text you and your contacts; dates/times; volume of calls; any spoofing indications.
  • Screenshots of messages (unaltered), call logs, and recordings (if available).
  • Whether the sender uses different numbers or VoIP; any pattern (e.g., same message from many SIMs).
  • A statement that this is harassing and abusive debt collection linked to an OLA.

Reliefs to request:

  • Investigation and blocking of the numbers/short codes.
  • Orders to the telcos to take down/disable abusive sources and to report outcomes.
  • Coordination with other agencies (NPC for privacy violations; SEC for unfair collection; law enforcement for threats).

Parallel step: File a service request with your telco including the same evidence for possible number blocking and trace. Keep the ticket/reference number and attach it to your NTC filing.

7) Complementary Actions with Other Authorities

  • SEC (for lending/financing companies): Report unfair debt collection practices and abusive OLAs. Provide app name, company details, and your evidence pack. SEC can investigate, suspend or revoke OLA operations, and issue advisories.
  • BSP (for banks/e-money issuers): Use the financial consumer assistance process.
  • PNP/NBI Cybercrime: File a criminal complaint when there are threats, extortion, identity theft, obscene/defamatory content, or stalking. Bring the same evidence pack.
  • DTI/DOJ may be relevant in certain unfair trade or criminal contexts.

8) Practical Tips (Do’s and Don’ts)

Do

  • Document everything immediately; keep an evidence timeline.
  • Tell your contacts (briefly) that their details may have been scraped; ask them to keep any messages as evidence.
  • Revoke app permissions (contacts, storage, SMS) and uninstall abusive apps after evidence capture.
  • Use strong phone security: PIN/biometric lock, app permission hygiene, OS/app updates.
  • Pay only through official channels if you will settle—keep receipts. Harassment is unlawful even if you owe money.

Don’t

  • Don’t send the collector your full contact list or photos.
  • Don’t pay through personal accounts of collectors.
  • Don’t engage in heated exchanges; keep replies factual or stop responding (you can note “all communications in writing only”).
  • Don’t post unredacted evidence publicly—avoid doxxing yourself or innocent contacts.

9) Templates You Can Use

Replace bracketed text with your details. Keep annex labels consistent (Annex “A”, “B”, etc.). Sign all sworn statements before a notary public or through electronic notarization where available.

9.1 Complaint–Affidavit (Data Privacy Act – NPC)

COMPLAINT–AFFIDAVIT
I, [Full Name], Filipino, of legal age, with address at [Address], after having been duly sworn, state:

1. Parties. I am the Complainant. The Respondent is [Company/App Name], with known contact/address [if known; otherwise, “unknown; entity operating the app ‘[App]’ available on [platform]”].

2. Facts. On [date], I installed the Respondent’s app and was required to grant permissions to [contacts/storage/SMS]. On [dates], Respondent and/or its agents accessed my contacts and sent messages to my [family/friends/co-workers], disclosing that I allegedly owe a debt and using insulting/defamatory language. Annex “A” are screenshots of the messages; Annex “B” are call logs; Annex “C” shows app permissions.

3. Violations. Respondent unlawfully processed and disclosed my personal data (and my contacts’ personal data) without valid lawful basis, in violation of the Data Privacy Act of 2012 and its IRR, including the principles of transparency, legitimate purpose, and proportionality, and my rights as a data subject (to be informed, to object, to erasure/blocking, etc.).

4. Harm. I suffered anxiety, reputational harm, and intrusion into my and my contacts’ privacy. Annex “D” is a list of affected contacts and what they received.

5. Reliefs. I respectfully pray that the NPC:
   a) Order Respondent to cease and desist from further unlawful processing and disclosure;
   b) Direct deletion/blocking of unlawfully obtained data (including my contact list);
   c) Require appropriate organizational, technical, and security measures;
   d) Impose administrative penalties as warranted; and
   e) Coordinate with the SEC/NTC and law enforcement, as appropriate.

6. Attachments. Photocopy of my government ID is Annex “E.” Other relevant documents are Annexes “F,” “G,” etc.

Affiant further says nothing.

[Signature]
[Full Name]
Complainant

SUBSCRIBED AND SWORN to before me this [date] at [place], affiant exhibiting [ID Type, No., Date/Place of Issue].

9.2 NTC Complaint (Calls/SMS Harassment)

NTC COMPLAINT – HARASSING CALLS/SMS FROM ONLINE LENDING APP

Complainant: [Full Name], [Address], [Mobile No., Email]
Respondents: [If known: Collector Name/Number(s) and App/Company]; otherwise “Unknown caller(s) linked to [App Name]”

Summary:
Since [date], I have received [#] harassing calls and [#] messages from the following numbers: [list numbers]. Screenshots and call logs are attached as Annexes “A” and “B.” Messages contain threats and shaming related to an alleged debt.

Requests:
1) Investigate and block the above numbers/short codes and any related numbers found to be used for harassment;
2) Direct my telco [Globe/Smart/DITO] to take measures against these sources and provide a report; and
3) Coordinate with the NPC/SEC and law enforcement for any privacy or criminal violations.

Attachments:
Annex “A” – Screenshots; Annex “B” – Call logs; Annex “C” – My valid ID; Annex “D” – Telco ticket/reference no. [if any].

[Signature]
[Full Name]
[Date]

9.3 Contact Notice to Your Relatives/Employer (Optional)

Hi [Name], you may receive messages or calls from numbers claiming I owe money to [App]. They obtained numbers from my phone without proper consent and are using harassment/shaming tactics. Please ignore, do not engage, and, if possible, keep screenshots for evidence. Thank you.

10) Frequently Asked Questions

Q1: I really borrowed money. Can I still complain? Yes. Debt does not excuse harassment or privacy violations. You may settle the loan and separately pursue complaints for illegal collection practices and privacy breaches.

Q2: The app won’t tell me the company’s real name. You can still file with NPC/NTC using the app name, download page, and contact details shown in messages. Agencies can compel information from platforms and telcos.

Q3: Do I need a lawyer? Not required to file, but legal advice is useful for complex cases (e.g., large damages claim, multiple victims, corporate defendants).

Q4: Can I claim damages? Yes. The DPA allows actions for damages. You may bring a civil action separately from administrative complaints. Keep records of harm (e.g., HR memos, mental health consults, financial losses).

Q5: What if collectors threaten to sue me for “estafa”? Legitimate lenders file proper civil actions, not threats via mass texts to your contacts. Threatening criminal action to coerce payment—especially with public shaming—often violates SEC unfair collection rules and may constitute unlawful harassment.

Q6: Should I keep paying during the complaint? If the debt is valid and you intend to settle, pay through official channels and keep receipts. Filing a complaint does not automatically suspend your obligation unless a court/agency issues a specific order.

11) Document Checklist (Print This)

  • Signed Complaint–Affidavit (NPC) with clear timeline
  • NTC complaint form/letter
  • Valid ID (clear copy)
  • Screenshots (messages to you and your contacts)
  • Call logs/recordings (with dates/times)
  • List of numbers used; any short codes
  • App permissions screenshots and terms/consent (if available)
  • Telco ticket number and response (if any)
  • Annex index (A, B, C…) and redacted versions for privacy

12) Final Notes

  • Filing with both the NPC and NTC is often the most effective way to stop harassment and address the privacy and telecom angles simultaneously.
  • Consider SEC (or BSP) escalation depending on who operates the app.
  • For threats or obscene/defamatory material, include PNP/NBI.
  • Keep everything organized and dated. The clearer your narrative and annexes, the faster agencies can act.

You can adapt the templates above to your case, attach your evidence, and proceed with filing.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login