How to Report Harassment From Online Lending Apps in the Philippines

This article is practical legal guidance for borrowers and their families who are experiencing harassment or abusive collection practices from online lending apps (“OLAs”) operating in or targeting the Philippines. It summarizes applicable Philippine law, lays out concrete steps, and includes ready-to-use templates. It is not a substitute for advice from your own lawyer.

1) Executive Summary

  • Harassment is illegal even if you owe money. Philippine law prohibits unfair or abusive collection practices, doxxing, public shaming, contacting your phone contacts, threats, and similar tactics.

  • Three main avenues to report:

    1. Administrative complaints to regulators (Securities and Exchange Commission (SEC) for lending/financing companies; Bangko Sentral ng Pilipinas (BSP) for supervised banks/e-money issuers; National Privacy Commission (NPC) for data privacy abuses; National Telecommunications Commission (NTC) for spam/harassing calls/texts).
    2. Criminal complaints (e.g., grave threats, coercion, libel/cyberlibel, unjust vexation, extortion) with the PNP Anti-Cybercrime Group (ACG) or the prosecutor’s office.
    3. Civil actions for damages and injunctive relief.

  • Preserve evidence immediately: screenshots, message headers, app permissions, account details, and identities/handles used by collectors.

  • Exercise your Data Privacy Act rights to object to processing, demand deletion, and require the OLA to stop contacting third parties.

  • Debt validity ≠ license to harass: lawful debt collection must be professional, confidential, and limited to the borrower and authorized contacts.

2) What Counts as “Harassment” by OLAs?

The following conduct is commonly unlawful when used for debt collection:

  • Contacting your phone contacts (family, employer, co-workers, customers) who are not co-makers/guarantors, especially to shame or coerce payment.
  • Public shaming (group chats, social media posts, mass texts with your name/photo/ID).
  • Threats of harm, arrest, or criminal cases when no legal basis exists; extortion (e.g., “pay in one hour or we will blast your photos”).
  • Doxxing and excessive/irrelevant data processing (e.g., scraping contacts, location, gallery) without valid basis.
  • Profane/abusive language, false accusations, or misrepresentation (posing as law enforcement or a court officer).
  • Repeated calls/texts at unreasonable hours or using multiple numbers to evade blocking.
  • Unauthorized collection fees/interest beyond what is allowed by contract or law.

Note: If the person being harassed is not the borrower, the same protections apply; you may file complaints as an affected data subject or victim of harassment.

3) Legal Foundations (Philippine Context)

  • Lending Company Regulation Act (R.A. 9474) and SEC rules: Lending/financing companies must be duly registered/licensed and comply with fair collection standards (no threats, public shaming, or contacting unrelated third parties). SEC can suspend or revoke certificates and penalize unfair collection practices.
  • Data Privacy Act of 2012 (R.A. 10173): Processing personal data requires a lawful basis and must be proportional and purpose-limited. Harvesting your phone contacts or blasting messages to them is typically unlawful. You have rights to be informed, object, access, rectify, erase/block, and file a complaint.
  • Cybercrime Prevention Act (R.A. 10175): Applies to offenses committed via computer systems, including cyberlibel, unauthorized access, and facilitation of some crimes through ICT.
  • Revised Penal Code (selected): Grave/coercion (Arts. 286–287), grave threats/light threats (Arts. 282–283), libel/slander (Arts. 353–362), unjust vexation, estafa (if there is fraud), and extortion-type conduct.
  • Safe Spaces Act (R.A. 11313): Prohibits gender-based online harassment and threats.
  • Consumer protection & telecom rules: NTC regulations on unsolicited messages and abusive calling patterns; platform/app-store policies can also be invoked for takedowns.
  • Evidence law & Anti-Wiretapping Act (R.A. 4200): Do not secretly record voice calls without the consent required by law. Prefer text-based evidence (SMS, chat, email, call logs, voicemails left for you). Consult counsel before making any audio recordings.

4) Quick-Start: What To Do Today

  1. Secure your devices

    • On your phone, revoke app permissions the OLA doesn’t need (Contacts, SMS, Photos, Microphone, Location).
    • Change passwords for email and financial apps; enable multi-factor authentication.
    • If the OLA required contact access on install, document the current permission state (screenshots) before changing it.

  2. Collect and preserve evidence

    • Save screenshots of messages, caller IDs, timestamps, and full threads.
    • Export chat logs where possible; keep original files.
    • Keep copies of your loan agreement, payment records, and the app’s privacy policy/terms (if available).
    • Record the impact (missed work, reputational harm, emotional distress) for damages.

  3. Send a formal “Cease & Desist + Data Privacy” notice (template below)

    • Assert your right to object and withdraw consent; demand that the OLA stop contacting third parties and delete unlawfully collected data.

  4. Report to the right regulator(s) (see Section 5)

    • SEC (lending/financing companies & their collectors)
    • BSP (if the entity is a bank, EMI, or other BSP-supervised financial institution)
    • NPC (privacy/data-related abuses like scraping contacts, doxxing)
    • NTC (spam/harassing calls & texts; request number blocking)
    • App stores/platforms (abusive behavior, policy violations)

  5. Consider criminal and civil remedies (Sections 6–7)

    • File a report with PNP-ACG if there are threats, extortion, identity misuse, or cyber harassment.
    • Consult counsel on damages and injunctions if harassment continues.

5) Where and How to Report

A. Securities and Exchange Commission (SEC)

When to use: The collector is a lending company or financing company, or you suspect the app is unregistered/illegal lending. What to prepare:

  • Your ID; screenshots; call logs; loan contract; app details (name, developer, website, addresses used, bank accounts/GCash numbers where payments were demanded); dates and description of harassment; your cease-and-desist letter and proof it was sent. What SEC can do: Investigate unfair collection, order compliance, impose fines, suspend/revoke registration, refer for prosecution.

B. Bangko Sentral ng Pilipinas (BSP)

When to use: The entity is a BSP-supervised financial institution (e.g., bank, EMI, remittance agent, or their third-party collectors). What to prepare: Similar evidence; the entity’s corporate name; account/transaction references; dates and nature of harassment. Relief: BSP can direct supervised entities to correct practices, sanction, or require remediation.

C. National Privacy Commission (NPC)

When to use: Data privacy violations—the OLA/collector accessed your contacts, doxxed you, over-collected data, or disclosed your information to third parties without basis. What to prepare: Proof of data misuse (e.g., texts to your contacts), the app’s permissions, your privacy-rights notice to the OLA, and any response. Relief: NPC can order cease-and-desist, require deletion, levy administrative fines, and mandate corrective measures.

D. National Telecommunications Commission (NTC)

When to use: Persistent spam/harassing calls or texts from specific numbers or short codes. What to prepare: Numbers/date/time, screenshots, patterns of calling, and the relationship to the OLA. Relief: Number tracing/escalation through carriers; blocking; coordination with law enforcement.

E. Law Enforcement: PNP Anti-Cybercrime Group (ACG) / NBI Cybercrime Division

When to use: Threats, extortion, cyberlibel, identity misuse, or other crimes. What to prepare: Device with original evidence, ID, sworn statements, and the report/complaint narrative. Relief: Investigation, case build-up, and referral to prosecutors for inquest or preliminary investigation.

Tip: When unsure whether the entity is SEC- or BSP-supervised, report to both the relevant regulator and the NPC if privacy is implicated. Over-reporting to the correct agencies is better than under-reporting.

6) Criminal Remedies (for Serious Harassment)

  • Grave threats / light threats: menacing messages (“we will harm you,” “we will post your nude photos,” etc.).
  • Grave coercion: forcing you to do something (e.g., pay an unlawful charge) by intimidation.
  • Extortion (may fall under robbery/extortion or related offenses).
  • Libel/cyberlibel: false statements imputing a crime or vice published online (including mass texts and social posts).
  • Unjust vexation: persistent annoyances without lawful purpose.
  • Identity-related offenses (if they use your images/IDs to defraud others).

File a criminal complaint with the PNP-ACG/NBI or directly with the Office of the City/Provincial Prosecutor. Your lawyer can help calibrate charges to the facts.

7) Civil Remedies

  • Damages (moral, exemplary, and actual) for harassment, reputational harm, and privacy intrusion.
  • Injunctions/temporary restraining orders to stop ongoing harassment.
  • Data privacy civil actions for unauthorized processing/disclosure.
  • Small Claims may be available for certain monetary claims (procedural limits apply).

8) Using Your Data Privacy Rights (Powerful and Fast)

Send the OLA a Data Subject Rights (DSR) Notice asserting:

  • Right to be informed: Ask for the legal basis for processing and a copy of your personal data they hold.
  • Right to object / withdraw consent: Object to any processing not necessary to enforce the debt (e.g., contacting your phone contacts).
  • Right to erasure/blocking: Demand deletion/blocking of data obtained by unlawful means (contact scraping, gallery scans) and removal of disclosures already made to third parties.
  • Right to damages for violations.

Give a deadline (e.g., 5–10 business days) and state you will escalate to regulators and law enforcement if the harassment continues.

9) Evidence Guide (What Regulators and Prosecutors Like to See)

  • Chronology (date-by-date log) of calls/texts and app actions.
  • Screenshots capturing the sender/number, timestamp, and full message (avoid cropping out headers).
  • Exported chats (Messenger, Viber, WhatsApp, in-app chat) with metadata where possible.
  • Proof of third-party contact (family/co-workers who received messages should screenshot and keep originals).
  • App permissions at installation and at time of complaint (Android/iOS settings screenshots).
  • Contract & payment history; list of all fees/interest demanded.
  • Cease-and-desist/DSR notices sent and any responses.
  • Impact statements (lost income, emotional distress, reputational harm).

Avoid illegally recording private voice calls (see Anti-Wiretapping Act). If a voicemail was left for you or messages are text-based, those are generally safe to preserve.

10) Special Situations

  • You are not the borrower but are being harassed: Assert you are a non-party data subject, demand erasure of your data, and report to NPC/SEC/PNP-ACG as appropriate.
  • Borrower is a minor or vulnerable person: Harassment may implicate additional child protection and anti-violence laws; escalate quickly and involve guardians.
  • The OLA is overseas: Philippine authorities can still act if the harm is felt in the Philippines; preserve evidence and report.
  • Multiple collectors / “agencies”: Name all numbers/handles as separate respondents if needed.
  • You already paid: Include proof of payment and demand a closure letter and data deletion.

11) Step-by-Step Reporting Playbook

  1. Day 0–1

    • Revoke unnecessary permissions; back up evidence; create an incident log.
    • Send Cease & Desist + DSR notice to the OLA via all known channels (in-app, email, helpdesk).

  2. Day 2–7

    • File administrative complaints: SEC (if lending/financing), BSP (if bank/EMI), NPC (privacy), NTC (spam/harassing calls).
    • Attach your notice and evidence bundle.

  3. Ongoing / As needed

    • If threats/extortion persist, file a criminal report with PNP-ACG (bring your device and IDs).
    • Consider a civil demand letter and potential suit for damages/injunction.
    • Report the app to app stores/platforms for policy violations.

12) Practical Do’s and Don’ts

Do

  • Keep communications in writing where possible.
  • Use official names of entities (from contracts/receipts) in complaints.
  • Block abusive numbers, but keep call logs and samples as evidence.
  • Encourage harassed contacts to keep their own evidence.

Don’t

  • Don’t pay unauthorized charges or “rush penalties” demanded under threats.
  • Don’t hand over additional personal data just because a collector asks.
  • Don’t secretly record voice calls without clarity on legal consent.
  • Don’t respond with insults or counter-threats—stick to calm, documented notices.

13) Ready-to-Use Templates

A) Cease & Desist + Data Privacy Rights Notice (Borrower)

Subject: Cease & Desist; Data Privacy Rights – [Your Full Name], Loan A/C [Number]

I am exercising my rights under the Data Privacy Act. You are hereby ordered to cease all harassment and any disclosure of my personal data to third parties (including my contacts, employer, and social connections). I withdraw consent to any processing not strictly necessary for lawful collection and object to the collection and use of my phone contacts, photos, or location.

Demand is made for erasure/blocking of all unlawfully obtained data and for you to refrain from contacting any person other than me and my counsel.

Continued non-compliance will be reported to the SEC/NPC/BSP/NTC and PNP-ACG for appropriate action, including administrative fines and criminal charges.

Please confirm in writing within five (5) business days.

Name: Mobile/Email: Reference/Loan No.: Date:

B) Notice from a Non-Borrower Being Harassed

Subject: Unlawful Processing & Harassment – Cease Contacting Me

I am not a party to your loan agreement with [Borrower’s Name]. You obtained or used my data without lawful basis. Cease all contact and delete my personal data. Any further disclosure or harassment will be reported to the NPC and relevant authorities.

C) Regulator Complaint Cover Letter (SEC/BSP)

Subject: Complaint re Unfair/Abusive Debt Collection by [Company/App Name]

I am filing an administrative complaint against [Company/App Name], operating the [App Name] online lending application.

Facts: On [dates], respondents sent [number] harassing messages/calls, including [public shaming / contacting my contacts / threats]. Evidence is attached as Annexes “A–__”.

Relief Sought: Investigation, penalties for unfair collection practices, and directive to cease harassment and correct practices.

Complainant: [Name, Contact, ID] Attachments: Loan contract, screenshots, call logs, DSR notice, proof of sending.

D) NPC Complaint (Privacy Violation)

Subject: Complaint for Unlawful Processing/Disclosure – [App Name]/[Company]

Respondent accessed/used my phone contacts and disclosed my personal data to third parties to coerce payment. I never consented to this processing, which is disproportionate and unrelated to legitimate collection.

Requested Action: Order to cease processing, delete unlawfully obtained data, notify affected third parties to delete disclosures, and impose administrative fines.

14) Frequently Asked Questions

Q: I really owe money. Can they still be penalized for harassment? Yes. Legitimate debt ≠ permission to harass. Collection must remain lawful and confidential.

Q: They threatened arrest. Can they do that? No one can arrest you without legal grounds (e.g., court warrant or in-flagrante exceptions). Debt alone is a civil obligation; threats of arrest to force payment are abusive.

Q: The app demanded access to my contacts to proceed. Is that valid consent? Consent must be freely given, specific, and informed. Tying essential services to excessive data access is often invalid or disproportionate under the Data Privacy Act.

Q: Should I uninstall the app? Yes—after capturing evidence (screenshots, permissions). Uninstalling won’t erase prior violations, but it cuts off future data access.

Q: Can I record a phone call with the collector for evidence? Be cautious. The Anti-Wiretapping Act generally prohibits recording private communications without the required consent. Prefer text-based communications and consult a lawyer about recordings.

15) Final Pointers

  • Name the entity correctly (corporate name, not just the app brand).
  • Escalate in parallel (SEC/BSP + NPC + NTC + PNP-ACG) when multiple laws are implicated.
  • Follow through: after filing, monitor reference numbers and comply with requests for additional evidence.
  • Consider legal representation if harassment persists or if significant damages are involved.

16) One-Page Checklist

  • Evidence preserved (screens, logs, contracts)
  • App permissions documented then revoked
  • Cease & Desist + DSR sent
  • SEC/BSP complaint filed (as applicable)
  • NPC complaint filed (if privacy misuse)
  • NTC complaint filed (for spam/harassing calls)
  • PNP-ACG report filed (for threats/extortion/cybercrime)
  • Civil/criminal options reviewed with counsel
  • App/platform reported for policy violations

If you’d like, share redacted details (no sensitive info) and I can help tailor the regulator complaints and notices to your specific situation.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login