The rise of Online Lending Applications (OLAs) in the Philippines has brought convenience to the unbanked, but it has also birthed a pervasive form of systemic harassment known as "contact list debt shaming." A frequent complaint involves individuals who never signed a loan agreement—nor consented to be a character reference—being relentlessly hounded by OLA collection agents.

In the Philippine legal landscape, these actions are not just unethical; they are actionable violations of privacy, cybercrime, and lending regulation laws.

1. The Violation: Accessing the Contact List

Most OLAs require users to grant permission to access their phone's contact list as a condition for loan approval. While the borrower may have clicked "Allow," this consent does not extend to the contacts themselves. Under the Data Privacy Act of 2012 (Republic Act No. 10173), processing personal information requires the "free, prior, and informed consent" of the data subject. Using a third party's phone number to harass them regarding a debt they do not owe is an unauthorized processing of personal data and a violation of the principle of purpose limitation.

2. Prohibited Collection Practices

The Securities and Exchange Commission (SEC), through Memorandum Circular No. 18 (Series of 2019), explicitly prohibits "unfair debt collection practices." For third parties not involved in the loan, the following are illegal:

• Contacting persons in the borrower's contact list who were not named as guarantors or co-makers.
• Threatening or insulting third parties to pressure the borrower.
• Disclosing the borrower's name and debt to their contacts, which constitutes "debt shaming."

3. Key Legal Avenues for Redress

If you are a victim of harassment by an OLA despite not being a party to the loan, you can pursue the following legal actions:

A. Administrative Complaint (SEC)

The SEC is the primary regulator of lending companies. If an OLA is registered, the SEC can impose fines, suspend, or revoke their Certificate of Authority (CA).

• Action: File a formal complaint with the SEC Corporate Governance and Finance Department.
• Grounds: Violation of SEC MC No. 18 regarding unfair collection practices.

B. Privacy Complaint (National Privacy Commission)

The NPC handles violations of the Data Privacy Act.

• Action: File a "Sua Sponte" investigation request or a formal complaint for Unauthorized Processing and Malicious Disclosure.
• Outcome: The NPC can order the OLA to cease processing your data and recommend criminal prosecution of the company's officers.

C. Criminal Charges (Cybercrime Prevention Act)

If the harassment involves threats, libelous statements, or persistent "trolling," it may fall under Republic Act No. 10175.

• Charge: Cyber-Libel (if they post your details online) or Unjust Vexation (under the Revised Penal Code, which can be elevated by the Cybercrime Act).
• Enforcement: Report to the PNP Anti-Cybercrime Group (PNP-ACG) or the NBI Cybercrime Division.

4. Summary of Relevant Laws

5. Recommended Evidence Gathering

To build a successful case, the following documentation is critical:

1. Screenshots: Capture text messages, Viber/WhatsApp chats, and social media posts. Ensure the sender's number or handle is visible.
2. Call Logs: Keep a record of the frequency and timing of the calls.
3. App Information: Identify the exact name of the OLA and, if possible, its registered corporate name (found in the "About" section or SEC registry).
4. Affidavits: A sworn statement detailing that you never consented to be a reference or guarantor.

Conclusion

Third-party harassment by lending apps is a clear breach of Philippine privacy and fair-lending standards. While these apps often operate under the guise of "automated systems," the law holds the corporate officers of these lending companies civilly and criminally liable for the conduct of their collection agents and the algorithms they employ.