How to File Cyber Libel and Data Privacy Complaints Against Online Lending Apps in the Philippines

Online lending apps have become a common source of quick credit in the Philippines, but many borrowers report abusive collection practices, public shaming, harassment, unauthorized access to phone contacts, threats, and the posting or sending of defamatory statements online. These acts may give rise to several legal remedies, including complaints for cyber libel, data privacy violations, harassment-related offenses, and regulatory complaints before government agencies.

This article explains the legal framework, what evidence to preserve, where to file, and how cyber libel and data privacy complaints may be pursued against online lending apps, their officers, agents, collectors, or third-party collection agencies.

I. Common Abusive Practices by Online Lending Apps

Complaints against online lending apps in the Philippines often involve the following conduct:

  1. Accessing the borrower’s phone contacts without valid consent.
  2. Sending messages to the borrower’s relatives, friends, employer, co-workers, or social media contacts.
  3. Publicly accusing the borrower of being a scammer, thief, estafador, fraudster, or criminal.
  4. Posting the borrower’s photo, name, address, workplace, or debt details online.
  5. Creating group chats to shame the borrower.
  6. Threatening arrest, imprisonment, barangay blotter, court cases, or employer complaints.
  7. Using obscene, insulting, or degrading language.
  8. Sending fake legal documents, fake subpoenas, or fake warrants.
  9. Repeatedly calling or messaging at unreasonable hours.
  10. Misusing personal data collected through the app.
  11. Continuing to process personal data after the borrower withdraws consent or after the loan is settled.
  12. Charging hidden, excessive, or unconscionable fees.
  13. Operating without proper registration or authority.

Not all of these acts are cyber libel or data privacy violations, but many may fall under one or more Philippine laws.

II. Key Philippine Laws Involved

1. Cybercrime Prevention Act of 2012

Cyber libel is punished under the Cybercrime Prevention Act of 2012, which applies when libel is committed through a computer system or similar means, such as Facebook posts, Messenger messages, group chats, emails, websites, online reviews, or other digital platforms.

Cyber libel is based on traditional libel under the Revised Penal Code, but committed online.

2. Revised Penal Code on Libel

Libel under Philippine law generally involves a public and malicious imputation of a crime, vice, defect, act, condition, status, or circumstance that tends to dishonor, discredit, or place a person in contempt.

When the defamatory statement is made online, it may become cyber libel.

3. Data Privacy Act of 2012

The Data Privacy Act of 2012 protects personal information and sensitive personal information. Online lending apps that collect, store, use, disclose, share, or otherwise process personal data must comply with privacy principles, including transparency, legitimate purpose, proportionality, security, and respect for data subject rights.

Unauthorized access to contacts, disclosure of loan information, public shaming, harassment through contacts, or misuse of personal data may amount to a data privacy violation.

4. Lending Company Regulation Act and SEC Rules

Online lending companies are generally regulated by the Securities and Exchange Commission if they are lending companies, financing companies, or operators of lending platforms. The SEC has issued rules and enforcement actions against abusive online lending practices, including unfair debt collection, unauthorized disclosure of borrower information, and misleading or abusive conduct.

5. Other Possible Laws

Depending on the facts, the following may also apply:

  • Unjust vexation under the Revised Penal Code.
  • Grave threats, if there are serious threats of harm.
  • Light threats or other light threats, depending on the language used.
  • Alarm and scandal, if conduct causes public disturbance.
  • Slander or oral defamation, if defamatory statements are spoken.
  • Intriguing against honor, for indirect attacks on reputation.
  • Estafa-related issues, if the app or collector uses deceitful methods.
  • Consumer protection rules, where unfair, deceptive, or unconscionable acts are involved.

Part One: Cyber Libel Against Online Lending Apps

III. What Is Cyber Libel?

Cyber libel is libel committed through a computer system or online platform.

In the online lending context, cyber libel may occur when a lending app, its collector, agent, employee, or third-party collection agency posts, sends, or publishes defamatory statements about a borrower online.

Examples include:

  • “Si Juan ay scammer.”
  • “Magnanakaw ito, huwag pautangin.”
  • “Estafador ito.”
  • “Wanted borrower.”
  • “Hindi nagbabayad, manloloko.”
  • “Criminal ito.”
  • “Iresponsableng tao, takbuhan ng utang.”
  • Posting the borrower’s photo with accusations of fraud or theft.
  • Sending defamatory accusations to the borrower’s employer or contacts through Messenger, Viber, SMS apps, or email.
  • Creating a Facebook post, group chat, or public warning using the borrower’s identity.

A debt collector may demand payment, but the demand must not include false, malicious, or defamatory statements.

IV. Elements of Cyber Libel

To establish cyber libel, the following elements are generally relevant:

1. There must be an imputation.

There must be a statement or accusation about the complainant. The statement may accuse the person of a crime, defect, vice, dishonorable act, or condition.

Examples:

  • Accusing the borrower of fraud.
  • Calling the borrower a scammer.
  • Saying the borrower committed estafa.
  • Saying the borrower stole money.
  • Saying the borrower is a criminal.
  • Claiming the borrower intentionally deceived the lender.

Mere rude language may not always be libel. The statement must tend to dishonor, discredit, or place the person in contempt.

2. The imputation must be defamatory.

The statement must damage or tend to damage the person’s reputation. In lending app cases, statements sent to family, friends, employers, co-workers, or social media contacts may be defamatory if they expose the borrower to shame, ridicule, or contempt.

3. The imputation must be malicious.

Malice may be presumed from a defamatory statement, but the accused may raise defenses such as truth, good motives, fair comment, privileged communication, or lack of participation.

In debt collection, malice may be inferred when a collector goes beyond lawful demand and publicly humiliates or falsely accuses the borrower.

4. There must be publication.

Publication means communication of the defamatory statement to a third person.

For cyber libel, publication can occur through:

  • Facebook posts.
  • Messenger group chats.
  • Viber groups.
  • Telegram messages.
  • Emails.
  • Online comments.
  • Public posts.
  • Text or chat messages sent to third parties.
  • Posts in community groups.
  • Messages sent to the borrower’s employer, HR department, relatives, or contacts.

A private message sent only to the borrower may be abusive but may not satisfy publication for libel unless a third person also received or saw it.

5. The complainant must be identifiable.

The complainant must be identifiable from the statement. Identification may be by name, photo, address, workplace, phone number, screenshot, account profile, or context.

Even if the name is not fully stated, cyber libel may still be possible if others can identify the person.

6. The act must be committed through a computer system or similar means.

The defamatory statement must have been made online or through electronic means.

Examples:

  • Social media.
  • Messaging apps.
  • Email.
  • Websites.
  • Online forums.
  • Digital posters.
  • App-based notifications.
  • Group chats.

V. When a Lending App’s Conduct May Be Cyber Libel

A borrower may consider filing a cyber libel complaint when the online lending app or collector:

  1. Posts the borrower’s photo online with defamatory captions.
  2. Sends messages to contacts saying the borrower is a scammer, criminal, estafador, or thief.
  3. Creates group chats to shame the borrower.
  4. Tells the borrower’s employer that the borrower committed a crime when no criminal case exists.
  5. Publishes the borrower’s unpaid loan with insulting or defamatory accusations.
  6. Uses fake “wanted” posters.
  7. Posts edited photos, memes, or defamatory graphics.
  8. Tags the borrower in public posts accusing them of fraud.
  9. Sends defamatory statements to barangay officials, co-workers, clients, or business partners.
  10. Sends false accusations through email or online platforms.

The fact that a borrower has an unpaid loan does not automatically authorize the lender or collector to publicly shame, defame, threaten, or misuse personal information.

VI. Cyber Libel vs. Harassment vs. Data Privacy Violation

These legal remedies often overlap, but they are distinct.

Cyber libel

Focuses on defamatory statements that damage reputation and are communicated to third parties online.

Example: A collector posts on Facebook that the borrower is a scammer.

Data privacy violation

Focuses on unlawful collection, use, disclosure, storage, or processing of personal data.

Example: The app accesses the borrower’s contact list and sends debt messages to all contacts without valid consent.

Harassment or threats

Focuses on repeated abusive conduct, intimidation, or threats.

Example: A collector repeatedly calls the borrower and threatens physical harm or arrest.

A single incident may support several complaints at once.

VII. Who May Be Held Liable for Cyber Libel?

Possible respondents include:

  1. The individual collector who sent or posted the defamatory statement.
  2. The supervisor or manager who directed the act.
  3. The lending company, depending on participation, authorization, or corporate responsibility.
  4. The third-party collection agency.
  5. Officers or employees who participated in or approved the defamatory campaign.
  6. Persons who created, shared, reposted, or circulated the defamatory content, depending on the facts.

A corporation itself may face regulatory and civil consequences, while criminal liability generally attaches to natural persons who committed, authorized, or participated in the act. Officers may be named if there is a factual basis showing their involvement or responsibility.

VIII. Evidence Needed for Cyber Libel

Evidence is crucial. Preserve everything before filing.

1. Screenshots

Take clear screenshots showing:

  • The defamatory post or message.
  • The date and time.
  • The sender’s account name, phone number, or profile.
  • The platform used.
  • The recipients or group members, if visible.
  • The borrower’s identification in the message.
  • The URL, if it is a public post.
  • The full conversation thread for context.

Do not rely only on cropped screenshots. Keep full-page screenshots where possible.

2. Screen recordings

Record the screen while opening the post, profile, group chat, or message thread. This helps show that the screenshots were not fabricated.

3. URLs and links

Save links to Facebook posts, profiles, pages, comments, websites, or online documents.

4. Witnesses

Ask recipients of the defamatory messages to preserve their own screenshots. They may later execute affidavits.

Useful witnesses include:

  • Family members.
  • Friends.
  • Co-workers.
  • Employers.
  • HR personnel.
  • Clients.
  • Group chat members.
  • Barangay officials who received messages.

5. Device records

Keep the phone, SIM card, email account, and app account used to receive the messages. Avoid deleting conversations.

6. App records

Save:

  • Name of the lending app.
  • App screenshots.
  • Loan agreement.
  • Payment history.
  • Privacy policy.
  • Permissions requested by the app.
  • Collection messages.
  • Contact numbers used by collectors.
  • Company name stated in the app.
  • SEC registration details, if shown.
  • Terms and conditions.

7. Notarized affidavits

Prepare affidavits from:

  • The borrower.
  • Recipients of defamatory messages.
  • Any person who saw the post.
  • Any person whose reputation or employment relationship was affected.

8. Barangay blotter or incident report

A blotter is not always required for cyber libel, but it may help document the incident.

9. NBI or PNP cybercrime documentation

The NBI Cybercrime Division or PNP Anti-Cybercrime Group may help document the online evidence.

IX. Where to File a Cyber Libel Complaint

A cyber libel complaint may generally be filed with the proper prosecutorial authority, often through law enforcement cybercrime units or directly with the prosecutor.

Common options include:

1. National Bureau of Investigation Cybercrime Division

The complainant may report cyber libel and online harassment to the NBI Cybercrime Division or regional NBI offices.

The NBI may assist in:

  • Evaluating screenshots and digital evidence.
  • Tracing online accounts or numbers, where legally possible.
  • Preparing documentation.
  • Referring the matter for prosecution.

2. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group may receive complaints involving online threats, cyber libel, harassment, identity misuse, and related cyber offenses.

3. Office of the City or Provincial Prosecutor

A complainant may file a criminal complaint-affidavit directly with the prosecutor’s office having jurisdiction.

The prosecutor will conduct preliminary investigation and determine probable cause.

4. Courts, after prosecutor action

If the prosecutor finds probable cause, the case may proceed to court through the filing of an information.

X. Venue and Jurisdiction for Cyber Libel

Venue can be a technical issue in cyber libel cases. Generally, the complaint should be filed where the offended party resides, where the defamatory article was first published, or where the offense or any of its essential elements occurred, subject to applicable procedural rules and jurisprudence.

For online posts, questions may arise regarding where the publication occurred. A lawyer can help determine proper venue based on the complainant’s residence, where the post was accessed, where the respondent resides, and where the reputational harm occurred.

XI. Prescription Period for Cyber Libel

The prescriptive period for cyber libel has been treated as longer than ordinary libel because cyber libel is punished under the Cybercrime Prevention Act. However, prescription can be complex and may depend on the applicable interpretation at the time of filing.

A complainant should file as soon as possible. Delay can create problems with evidence, account tracing, witness availability, and prescription.

XII. Possible Defenses in Cyber Libel Cases

Respondents may raise defenses such as:

  1. The statement was true.
  2. The statement was not defamatory.
  3. The complainant was not identifiable.
  4. There was no publication to a third person.
  5. The accused did not create, send, or authorize the message.
  6. The account was fake, hacked, or not controlled by the accused.
  7. The statement was privileged communication.
  8. The statement was fair comment or opinion.
  9. There was no malice.
  10. The evidence was altered, incomplete, or unreliable.

For this reason, evidence must be complete, authentic, and properly preserved.

Part Two: Data Privacy Complaints Against Online Lending Apps

XIII. What Is a Data Privacy Complaint?

A data privacy complaint is a complaint for violation of rights under the Data Privacy Act, its rules, and issuances of the National Privacy Commission.

In online lending app cases, the most common data privacy issues involve:

  • Unauthorized access to contact lists.
  • Unauthorized disclosure of debt information.
  • Harassment of third-party contacts.
  • Use of personal data beyond what is necessary for the loan.
  • Collection of excessive personal information.
  • Failure to provide a clear privacy notice.
  • Sharing data with collectors or third parties without proper basis.
  • Processing data after withdrawal of consent or after the purpose has ended.
  • Failure to secure borrower information.
  • Public posting of borrower data.
  • Use of borrower photos, IDs, workplace, contacts, or social media information for shaming.

XIV. Personal Information and Sensitive Personal Information

Personal information

Personal information includes information from which an individual can be identified, such as:

  • Name.
  • Address.
  • Phone number.
  • Email address.
  • Photo.
  • Employer.
  • Workplace.
  • Social media account.
  • Contact list.
  • Device information.
  • Location data.
  • Loan account details, if linked to a person.

Sensitive personal information

Sensitive personal information may include more protected categories, such as:

  • Government-issued ID numbers.
  • Health information.
  • Financial information in certain contexts.
  • Information issued by government agencies.
  • Tax identification numbers.
  • Social security numbers.
  • PhilHealth, GSIS, or similar identifiers.
  • Information about marital status, age, or other protected classifications, depending on use.

Lending apps often collect both personal and sensitive personal information.

XV. Data Privacy Principles Applicable to Online Lending Apps

1. Transparency

The borrower must be informed about what data is collected, why it is collected, how it will be used, who will receive it, how long it will be kept, and what rights the borrower has.

A vague privacy policy buried in the app may not be enough if the processing is excessive, misleading, or unclear.

2. Legitimate purpose

Personal data must be processed for a lawful and clearly declared purpose. Collecting data for loan evaluation or account servicing may be legitimate, but using contacts for public shaming or harassment is not.

3. Proportionality

Only data that is adequate, relevant, suitable, necessary, and not excessive should be collected.

For example, accessing an entire phone contact list may be disproportionate if the lender only needs limited emergency contact information.

4. Security

The lending app must protect personal data against unauthorized access, disclosure, misuse, loss, or damage.

5. Accountability

The company must be accountable for its own employees, agents, service providers, and third-party collectors who process borrower data on its behalf.

XVI. Rights of Borrowers as Data Subjects

Borrowers are data subjects under the Data Privacy Act. They have rights including:

  1. Right to be informed.
  2. Right to access personal data.
  3. Right to object to processing.
  4. Right to erasure or blocking.
  5. Right to rectification.
  6. Right to damages.
  7. Right to data portability, where applicable.
  8. Right to file a complaint before the National Privacy Commission.

A borrower may ask the lending app what personal data it has, where it obtained the data, who received it, why it was processed, and whether it has been shared with collection agencies.

XVII. When an Online Lending App May Violate Data Privacy Law

A data privacy complaint may be appropriate when the app or collector:

  1. Accessed the borrower’s phone contacts without valid consent.
  2. Used contact information for debt shaming.
  3. Sent loan details to the borrower’s contacts.
  4. Disclosed the borrower’s debt to an employer or relatives.
  5. Posted the borrower’s name, photo, ID, or loan details online.
  6. Collected unnecessary information from the borrower’s phone.
  7. Required excessive app permissions.
  8. Failed to provide a clear privacy notice.
  9. Used misleading consent forms.
  10. Shared personal data with unknown third parties.
  11. Failed to secure borrower data.
  12. Refused to respond to a legitimate data subject request.
  13. Continued processing after withdrawal of consent, where no other lawful basis applies.
  14. Used personal data for threats, humiliation, or intimidation.
  15. Sent messages to people who were not parties to the loan.
  16. Collected or used personal data of third-party contacts without their consent.

Importantly, the borrower’s unpaid obligation does not automatically justify abusive or excessive processing of personal data.

XVIII. Consent Is Not Always a Valid Defense

Many lending apps rely on app permissions or terms and conditions to justify access to contacts and personal information. However, consent must generally be informed, specific, freely given, and limited to a legitimate purpose.

A borrower may argue that consent was invalid or insufficient if:

  • The app forced access to the entire contact list.
  • The privacy policy was vague or hidden.
  • The borrower was not clearly informed that contacts would be messaged.
  • The app used the data for harassment or public shaming.
  • The processing was excessive.
  • The purpose was not legitimate.
  • The borrower could not reasonably refuse without losing access to the service.
  • Third-party contacts never consented to the use of their data.

Even when a borrower agreed to provide emergency contacts, that does not automatically authorize the lender to harass those contacts or disclose the borrower’s debt to them.

XIX. Evidence Needed for a Data Privacy Complaint

For a strong data privacy complaint, gather the following:

1. Screenshots of app permissions

Capture the app permissions requested, such as:

  • Contacts.
  • Camera.
  • Storage.
  • Location.
  • SMS.
  • Phone.
  • Microphone.
  • Photos.
  • Device ID.

2. Privacy policy and terms

Save copies of:

  • Privacy policy.
  • Terms and conditions.
  • Loan agreement.
  • Collection policy.
  • Data sharing consent.
  • App store listing.
  • In-app notices.

Take screenshots and download copies if available.

3. Messages sent to contacts

Ask your contacts to send screenshots of messages they received. These are often the strongest evidence.

The screenshots should show:

  • Sender name or number.
  • Date and time.
  • Message content.
  • Recipient name or number.
  • Any attached photos or files.

4. Proof that recipients are your contacts

Where relevant, show that the recipients were taken from your contact list, such as relatives, co-workers, or friends who were never listed as references.

5. Evidence of disclosure

Collect proof that the app disclosed:

  • Your loan.
  • Your name.
  • Your phone number.
  • Your address.
  • Your photo.
  • Your employer.
  • Your ID.
  • Your debt status.
  • Your alleged default.

6. Demand letters and collection messages

Preserve all collection messages, especially those showing threats, insults, or disclosure of personal data.

7. App identity

Identify the app and company through:

  • App name.
  • Developer name.
  • Company name.
  • SEC registration number.
  • Certificate of Authority number, if any.
  • Office address.
  • Website.
  • Email address.
  • Phone numbers.
  • App store page.
  • Screenshots of the app dashboard.

8. Data subject requests

Before or during a complaint, a borrower may send a written request asking the app to:

  • Identify all personal data collected.
  • State the source of the data.
  • Explain the purpose of processing.
  • Identify all third parties who received the data.
  • Stop contacting third parties.
  • Delete unlawfully obtained data.
  • Correct inaccurate data.
  • Provide the name and contact details of its Data Protection Officer.

Keep proof of sending and receipt.

XX. Where to File a Data Privacy Complaint

National Privacy Commission

Data privacy complaints are filed with the National Privacy Commission.

The NPC handles complaints involving violations of the Data Privacy Act, including unauthorized processing, unlawful disclosure, failure to protect personal data, and violations of data subject rights.

The NPC may require mediation, investigation, submission of position papers, compliance orders, or other proceedings depending on the complaint.

XXI. What to Include in a Data Privacy Complaint

A complaint should generally include:

  1. Full name, address, contact details of the complainant.
  2. Name of the online lending app.
  3. Name of the company operating the app, if known.
  4. Names of collectors, agents, or officers, if known.
  5. Description of the loan transaction.
  6. Dates of the abusive acts.
  7. Personal data collected.
  8. How the app obtained the data.
  9. How the data was misused.
  10. Names or descriptions of third parties who received the data.
  11. Screenshots and documentary evidence.
  12. Data subject requests sent, if any.
  13. Harm suffered, such as humiliation, anxiety, job-related damage, reputational harm, or harassment.
  14. Reliefs requested.

XXII. Possible Reliefs in a Data Privacy Complaint

A complainant may ask the NPC for appropriate relief, such as:

  1. Order the lending app to stop unlawful processing.
  2. Order deletion or blocking of unlawfully processed data.
  3. Order correction of inaccurate information.
  4. Order the company to stop contacting third parties.
  5. Order disclosure of data recipients.
  6. Order the company to explain its data processing practices.
  7. Recommend prosecution, where warranted.
  8. Impose administrative fines or penalties, where applicable.
  9. Award damages, where legally proper and supported.
  10. Direct compliance with the Data Privacy Act.

Part Three: Regulatory Complaints Against Online Lending Apps

XXIII. SEC Complaints

Aside from cyber libel and data privacy complaints, borrowers may file a complaint with the Securities and Exchange Commission against abusive online lending apps, lending companies, financing companies, and collection agencies.

The SEC may act on issues involving:

  • Unauthorized lending operations.
  • Lack of certificate of authority.
  • Abusive collection practices.
  • Threatening or humiliating borrowers.
  • False representations.
  • Misleading loan terms.
  • Failure to disclose interest, penalties, or charges.
  • Use of unfair debt collection methods.
  • Violation of SEC rules on financing and lending companies.
  • Use of unregistered or suspended online lending platforms.

An SEC complaint is regulatory in nature. It may not replace a criminal complaint, but it can support broader accountability.

XXIV. Evidence for SEC Complaints

Prepare:

  1. App name and screenshots.
  2. Company name and registration details.
  3. Loan agreement.
  4. Disclosure statement.
  5. Payment records.
  6. Screenshots of interest, fees, penalties, and due dates.
  7. Collection messages.
  8. Proof of threats or harassment.
  9. Proof of contact shaming.
  10. Screenshots from app stores.
  11. Website or social media pages.
  12. Names and numbers of collectors.

Part Four: Practical Filing Strategy

XXV. Which Complaint Should Be Filed First?

There is no single answer. The best approach depends on the facts.

File a cyber libel complaint when:

  • There are defamatory statements.
  • Statements were sent to third parties.
  • The borrower was identifiable.
  • The statements were made online or electronically.
  • Reputation was damaged.

File a data privacy complaint when:

  • The app accessed or used contacts.
  • Personal data was disclosed.
  • Loan information was sent to third parties.
  • The app used excessive permissions.
  • The borrower’s personal data was posted or shared.
  • The app ignored data subject rights.

File an SEC complaint when:

  • The app is abusive, unregistered, misleading, or uses unfair collection practices.
  • There are excessive or hidden charges.
  • The company appears to violate lending regulations.
  • The app continues operating despite abusive practices.

File police or NBI complaints when:

  • There are threats.
  • There is cyber libel.
  • There is identity misuse.
  • There is online harassment.
  • Fake legal documents or impersonation are involved.

Often, a borrower may file multiple complaints because each agency addresses different issues.

XXVI. Step-by-Step Guide to Filing Cyber Libel and Data Privacy Complaints

Step 1: Stop deleting evidence

Do not delete messages, call logs, app notifications, emails, group chats, or screenshots. Preserve the original source.

Step 2: Take screenshots and screen recordings

Capture all abusive messages, posts, and disclosures. Include dates, sender details, group names, URLs, and full context.

Step 3: Ask recipients to preserve evidence

If your contacts received messages, ask them to save and screenshot everything. Their evidence may be more important than yours because it proves disclosure to third parties.

Step 4: Identify the app and company

Check:

  • App name.
  • App developer.
  • Company name.
  • Website.
  • Email address.
  • SEC registration.
  • Loan agreement.
  • Disclosure statement.
  • Privacy policy.
  • App store page.

Step 5: Prepare a timeline

Create a chronological timeline:

  • Date loan was taken.
  • Amount borrowed.
  • Amount received.
  • Due date.
  • Payments made.
  • First collection message.
  • First threat.
  • First disclosure to contacts.
  • First defamatory post or message.
  • Any employer contact.
  • Any public post.
  • Any app response.

Step 6: Prepare a complaint-affidavit

For cyber libel or criminal complaints, prepare a sworn complaint-affidavit describing:

  • Who you are.
  • Who the respondents are.
  • What happened.
  • What defamatory statements were made.
  • Where and when they were made.
  • Who saw or received them.
  • Why the statements are false or defamatory.
  • How you were damaged.
  • What evidence supports your complaint.

Step 7: Prepare witness affidavits

Ask affected contacts to execute affidavits stating:

  • They know you.
  • They received the message.
  • Who sent it.
  • When it was received.
  • What the message said.
  • How they identified you.
  • How the message affected their view of you.

Step 8: File with the proper agency

Depending on the complaint:

  • Cyber libel: NBI Cybercrime Division, PNP Anti-Cybercrime Group, or prosecutor’s office.
  • Data privacy: National Privacy Commission.
  • Abusive lending practices: Securities and Exchange Commission.
  • Threats or harassment: police, NBI, PNP ACG, or prosecutor’s office.

Step 9: Keep proof of filing

Keep stamped receiving copies, reference numbers, email confirmations, and acknowledgment receipts.

Step 10: Continue documenting new incidents

If harassment continues after filing, document each new act and submit supplemental evidence.

Part Five: Draft Complaint Structure

XXVII. Sample Structure for a Cyber Libel Complaint-Affidavit

A cyber libel complaint-affidavit may follow this structure:

1. Caption

State the office where the complaint is filed, the complainant’s name, and the respondents’ names.

2. Personal circumstances

Identify the complainant and respondents.

3. Statement of facts

Narrate the facts in chronological order.

4. Loan background

State the loan app used, loan amount, date of loan, due date, payments made, and collection events.

5. Defamatory statements

Quote or describe the exact defamatory statements.

6. Publication

Explain who received or saw the messages or posts.

7. Identification

Explain how the complainant was identified.

8. Malice and falsity

Explain why the statements were false, malicious, excessive, or made to shame the complainant.

9. Damage

Explain reputational harm, emotional distress, employment consequences, family conflict, business damage, or public humiliation.

10. Evidence

Attach screenshots, URLs, witness affidavits, app records, and other documents.

11. Prayer

Request investigation and filing of appropriate charges.

12. Verification and jurat

The affidavit must be signed and sworn before a notary public or authorized officer.

XXVIII. Sample Structure for an NPC Data Privacy Complaint

A data privacy complaint may include:

1. Complainant information

Name, address, email, contact number.

2. Respondent information

Name of online lending app, company, officers, collectors, email addresses, and office address, if known.

3. Facts of the case

Narrate how the app collected and used personal data.

4. Personal data involved

List the personal data misused, such as name, photo, contacts, employer, address, phone number, loan information, ID, and debt details.

5. Privacy violations

Explain:

  • Unauthorized access.
  • Unauthorized disclosure.
  • Excessive collection.
  • Processing without legitimate purpose.
  • Processing beyond consent.
  • Failure to protect personal data.
  • Harassment of third-party contacts.
  • Refusal to act on data subject rights.

6. Evidence

Attach screenshots, privacy policy, app permissions, messages to contacts, and data subject requests.

7. Reliefs requested

Ask for investigation, deletion or blocking of data, cessation of unlawful processing, sanctions, damages where proper, and other reliefs.

Part Six: Important Legal Issues

XXIX. Is Nonpayment of a Loan a Crime?

In general, failure to pay a loan is a civil obligation, not automatically a crime. A lender may pursue lawful collection or civil remedies, but it cannot automatically threaten imprisonment merely because a borrower failed to pay.

However, criminal liability may arise in separate situations involving fraud, deceit, falsified documents, or other criminal acts. Collectors should not falsely claim that every unpaid loan is estafa or a criminal case.

Threatening arrest or imprisonment without legal basis may support a complaint for harassment, threats, unfair collection practices, or other legal action.

XXX. Can a Lending App Contact References?

A lending app may contact legitimate references for lawful and limited purposes if the borrower validly provided them and if the processing complies with data privacy principles.

However, contacting references is different from:

  • Disclosing the borrower’s debt to unrelated persons.
  • Harassing contacts.
  • Threatening contacts.
  • Publishing loan details.
  • Shaming the borrower.
  • Sending defamatory statements.
  • Contacting everyone in the borrower’s phone book.

Even if a borrower listed one or two references, that does not authorize access to the entire phone contact list or mass messaging.

XXXI. Can a Lending App Access the Borrower’s Contact List?

Access to contacts must comply with the Data Privacy Act. A lending app should not collect excessive personal data. Accessing an entire contact list may be questioned as disproportionate, especially if the contacts are later used for collection harassment.

App permission does not automatically equal valid consent for all uses. The purpose must be clear, legitimate, and proportionate.

XXXII. Can a Lending App Post a Borrower’s Photo Online?

Posting a borrower’s photo online to collect a debt may violate privacy and may also be defamatory depending on the caption and context.

If the post identifies the borrower as a scammer, fraudster, criminal, or dishonest person, cyber libel may also apply.

XXXIII. Can a Lending App Message the Borrower’s Employer?

A lending app should be careful in contacting employers. Disclosure of a borrower’s loan or alleged default to an employer may violate data privacy principles unless there is a lawful basis and the disclosure is necessary and proportionate.

If the collector falsely accuses the borrower of a crime or misconduct, the act may also support cyber libel or other complaints.

XXXIV. Can a Lending App Threaten Barangay or Police Action?

A lender may use lawful legal remedies, but it should not make false threats. Statements such as “ipapakulong ka namin ngayon,” “may warrant ka na,” or “pupulutin ka ng pulis” may be abusive if false or baseless.

If fake warrants, fake subpoenas, fake legal notices, or impersonation of authorities are used, additional criminal or regulatory issues may arise.

XXXV. Can a Borrower Be Sued for Cyber Libel for Posting About the Lending App?

Yes, a borrower may also face cyber libel risk if the borrower posts defamatory accusations online against the lending app, its officers, or collectors.

Borrowers should avoid posting unverified accusations such as:

  • “Scammer itong company.”
  • “Magnanakaw sila.”
  • “Estafador ang owner.”
  • “Criminal itong collector.”

Safer approaches include factual, documented statements, formal complaints, and reports to government agencies. Complaints filed with proper authorities are generally safer than public shaming posts.

Part Seven: Remedies and Possible Outcomes

XXXVI. Possible Outcomes of a Cyber Libel Complaint

A cyber libel complaint may result in:

  1. Dismissal for lack of probable cause.
  2. Requirement to submit additional evidence.
  3. Issuance of subpoenas during preliminary investigation.
  4. Filing of criminal information in court.
  5. Settlement or desistance, where legally allowed and appropriate.
  6. Court proceedings.
  7. Criminal penalties if convicted.
  8. Civil damages if awarded.

Cyber libel is a serious criminal complaint. Evidence and legal theory must be carefully prepared.

XXXVII. Possible Outcomes of an NPC Complaint

An NPC complaint may result in:

  1. Mediation.
  2. Investigation.
  3. Compliance order.
  4. Order to stop processing data.
  5. Order to delete, block, or correct data.
  6. Finding of privacy violation.
  7. Administrative fines or penalties.
  8. Recommendation for prosecution.
  9. Award or recognition of damages, depending on procedure and proof.
  10. Dismissal if evidence is insufficient.

XXXVIII. Possible Outcomes of an SEC Complaint

An SEC complaint may result in:

  1. Warning.
  2. Investigation.
  3. Suspension or revocation of authority.
  4. Penalties.
  5. Takedown or enforcement against abusive lending apps.
  6. Referral to other agencies.
  7. Issuance of advisories or public warnings.

Part Eight: Practical Tips for Borrowers

XXXIX. Do Not Engage in Emotional Exchanges

Respond calmly. Avoid threats, insults, or defamatory counter-posts. Anything you say may also become evidence.

XL. Send a Written Cease-and-Desist or Data Privacy Request

A borrower may send a written request demanding that the lending app:

  • Stop contacting third parties.
  • Stop disclosing personal data.
  • Stop defamatory statements.
  • Delete unlawfully obtained contact data.
  • Provide a copy of personal data processed.
  • Identify all third-party recipients.
  • Preserve records for investigation.

XLI. Pay Only Through Verified Channels

If paying, use official payment channels and keep receipts. Do not send money to personal accounts unless clearly authorized and documented.

XLII. Verify the Legitimacy of the Lending Company

Check whether the company is properly registered and authorized. Some apps use different brand names from their registered corporate names.

XLIII. Do Not Delete the App Immediately Without Preserving Evidence

Deleting the app may remove useful evidence such as loan details, terms, payment schedules, and in-app messages. Preserve screenshots first.

XLIV. Protect Your Accounts

Change passwords if the app accessed sensitive information. Review app permissions. Remove permissions that are not necessary. Consider replacing compromised numbers if harassment is severe.

XLV. Inform Your Contacts

Tell contacts not to engage with collectors and to preserve evidence. They may reply once asking the sender to stop contacting them, but they should avoid arguments.

Part Nine: Draft Cease-and-Desist and Data Privacy Request

XLVI. Sample Demand Letter

Subject: Demand to Cease Harassment, Defamatory Statements, and Unauthorized Processing of Personal Data

To whom it may concern:

I am writing regarding your collection activities in connection with an alleged loan account under my name.

I demand that you immediately cease and desist from:

  1. Contacting my relatives, friends, employer, co-workers, and other third parties regarding my alleged loan;
  2. Disclosing my personal information, loan details, photographs, address, employer, or contact details to third parties;
  3. Posting or sending defamatory, threatening, insulting, or humiliating statements about me;
  4. Accessing, using, storing, or sharing personal data taken from my phone contacts or device without lawful basis;
  5. Threatening arrest, imprisonment, public shaming, or employer action without legal basis.

Pursuant to my rights as a data subject under the Data Privacy Act, I request that you provide the following:

  1. A copy or description of all personal data you collected about me;
  2. The source of such personal data;
  3. The specific purpose for processing such data;
  4. The names or categories of third parties to whom my data was disclosed;
  5. The legal basis for accessing and using my contact list or third-party contacts;
  6. The name and contact details of your Data Protection Officer;
  7. Confirmation that you have stopped processing and disclosing my personal data for unlawful collection activities.

Please preserve all records, call logs, messages, account notes, collection instructions, agent identities, and data sharing records related to my account, as these may be used in complaints before the National Privacy Commission, Securities and Exchange Commission, law enforcement agencies, and the prosecutor’s office.

Nothing in this letter should be considered a waiver of my rights, claims, defenses, or remedies under Philippine law.

Sincerely,

[Name] [Contact details] [Date]

Part Ten: Checklist Before Filing

XLVII. Cyber Libel Checklist

Before filing cyber libel, confirm:

  • There is a defamatory statement.
  • The statement identifies you.
  • The statement was communicated to a third person.
  • The statement was made online or electronically.
  • You have screenshots or recordings.
  • You have witnesses or recipients.
  • You know or can identify the sender, app, company, or collector.
  • You can explain why the statement is false, malicious, or defamatory.
  • You can show harm to reputation.

XLVIII. Data Privacy Checklist

Before filing with the NPC, confirm:

  • Personal data was collected, used, shared, or disclosed.
  • The processing was unauthorized, excessive, or unlawful.
  • Your contacts or third parties were messaged.
  • Your loan details or identity were disclosed.
  • The app accessed data beyond what was necessary.
  • You saved the privacy policy and app permissions.
  • You preserved messages from third-party recipients.
  • You can identify the app or company.
  • You can describe the harm caused.

XLIX. SEC Complaint Checklist

Before filing with the SEC, prepare:

  • App name.
  • Company name.
  • Screenshots from the app store.
  • Loan documents.
  • Disclosure statement.
  • Interest and fee details.
  • Collection messages.
  • Proof of harassment.
  • Proof of unauthorized contact with third parties.
  • Payment receipts.
  • Collector phone numbers or profiles.

Part Eleven: Common Mistakes to Avoid

L. Filing Without Enough Evidence

Screenshots must show context, dates, sender identity, and recipients. A cropped insult without proof of sender or publication may be weak.

LI. Deleting Messages

Deleted conversations may be difficult to recover. Preserve originals.

LII. Publicly Posting Accusations Against the App

Public posts may expose the borrower to countersuits. Use formal complaints instead.

LIII. Naming Too Many Respondents Without Basis

Only name persons or entities with factual connection to the acts. Unsupported accusations can weaken the complaint.

LIV. Ignoring the Company Behind the App

The app name may differ from the corporate name. Identify the operator, developer, financing company, lending company, or collection agency.

LV. Waiting Too Long

Delay can affect evidence, prescription, account tracing, and witness cooperation.

LVI. Treating Every Insult as Cyber Libel

Not every rude or offensive statement is cyber libel. The statement must meet legal elements.

LVII. Treating Every App Permission as Illegal

Not all app permissions are unlawful. The issue is whether collection and use of data were transparent, legitimate, proportionate, secure, and lawful.

Part Twelve: Legal and Practical Conclusion

Online lending apps may pursue lawful collection of unpaid loans, but they cannot use cyber shaming, defamatory accusations, threats, or unlawful processing of personal data as collection tools. In the Philippine context, borrowers have several remedies: a cyber libel complaint for defamatory online publications, a data privacy complaint before the National Privacy Commission for misuse or unauthorized disclosure of personal data, and a regulatory complaint before the Securities and Exchange Commission for abusive lending and collection practices.

The strongest complaints are built on complete evidence: screenshots, screen recordings, witness affidavits, app records, privacy policies, loan documents, proof of messages sent to contacts, and a clear timeline. A borrower should distinguish between reputational injury, privacy violations, threats, and unfair lending practices because each issue may fall under a different agency or legal remedy.

A debt may be collected through lawful means. It does not give a lending app, collector, or collection agency the right to destroy a borrower’s reputation, expose private information, harass contacts, or misuse personal data.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login