Legality of 5% Overdue Fee and Privacy Violations by Online Lending App Philippines

Online lending apps have made credit fast and accessible—but they have also raised two recurring legal questions in the Philippines: (1) whether a 5% overdue fee is lawful, and (2) whether common app practices (contact scraping, public shaming, harassment, overbroad permissions) violate privacy and related laws. This article explains the governing legal framework, how Philippine regulators and courts typically analyze these issues, and the remedies available.

1) Which Philippine laws regulate online lending apps?

Online lending apps in the Philippines usually fall under SEC supervision (not BSP), because many are structured as:

  • Lending companies regulated under the Lending Company Regulation Act of 2007 (R.A. 9474); or
  • Financing companies regulated under the Financing Company Act of 1998 (R.A. 8556); or
  • Entities operating “online lending platforms” as a channel for lending/collections (still typically within SEC jurisdiction if not a bank).

Key legal pillars that commonly apply:

A. Contract and obligations law (Civil Code of the Philippines)

  • Freedom of contract exists, but terms must not be contrary to law, morals, good customs, public order, or public policy (Civil Code principles).
  • Courts can reduce excessive penalties and strike down unconscionable charges (more below).

B. Truth in Lending Act (R.A. 3765)

  • Requires clear disclosure of the true cost of credit (interest, fees, charges, finance charges, effective/annualized rates, etc., depending on implementing rules).
  • The practical focus is whether the borrower was given meaningful, readable, and timely disclosures before being bound.

C. Data Privacy Act of 2012 (R.A. 10173) and NPC rules/guidance

  • Regulates how lenders collect, use, store, and share personal data.
  • Online lending apps are typically Personal Information Controllers (PICs) (and sometimes also engage processors).

D. Consumer and conduct regulation (including abusive collection)

  • Financial Products and Services Consumer Protection Act (R.A. 11765) strengthens “fair treatment” standards and allows financial regulators (including SEC for its covered entities) to penalize abusive practices.
  • SEC licensing/registration rules and enforcement actions can also target abusive lending and collection behavior.

E. Criminal/civil laws triggered by harassment or public shaming

Depending on behavior, these may apply:

  • Revised Penal Code (Act No. 3815): threats, coercion, grave slander/defamation, unjust vexation (fact-specific), etc.
  • Cybercrime Prevention Act of 2012 (R.A. 10175): if acts are committed through ICT (e.g., cyber libel).
  • Civil Code provisions on damages and privacy (including the general doctrine against “abuse of rights” and actionable invasions of privacy).

2) Understanding “5% overdue fee”: what exactly is it?

“5% overdue fee” can mean very different things legally depending on how it’s computed and presented:

  • 5% one-time fee on the missed installment (e.g., missed ₱5,000 payment → ₱250 penalty once)
  • 5% per month on overdue amount
  • 5% per cut-off/period (weekly/biweekly)
  • 5% per day (often catastrophic in effect)
  • 5% on total outstanding principal (not just the missed installment)
  • A “fee” that is actually interest disguised as a penalty (or stacked on top of high interest and other fees)

This classification matters because Philippine law evaluates (a) disclosure and consent, (b) reasonableness, and (c) whether the total charge structure becomes unconscionable or contrary to public policy.

3) Is a 5% overdue fee legal in the Philippines?

A. There is no single universal “cap,” but courts and regulators police excess

The Philippines’ old usury law regime is effectively relaxed in general lending (interest ceilings were largely lifted historically), but that does not mean lenders can impose any rate or penalty without limits. Philippine courts have repeatedly used Civil Code doctrines to curb iniquitous or unconscionable interest and penalties.

B. Three core legal tests typically decide enforceability

1) Was it properly disclosed and agreed to?

A penalty/overdue fee is most defensible when:

  • It appears clearly in the loan contract/terms presented before acceptance;
  • It is not hidden in tiny print or buried behind multiple screens with no meaningful notice;
  • The borrower’s acceptance is traceable (clickwrap/checkbox plus access to the terms and a record).

Under R.A. 3765 (Truth in Lending), hidden or confusing charges can expose the lender to liability—especially when marketing highlights a “low” interest rate while the real cost is driven by penalties and fees.

2) Is the fee a valid “penal clause,” or is it an abusive charge?

Philippine contract law recognizes penal clauses (liquidated damages for breach such as late payment). But the Civil Code empowers courts to reduce penalties when they are iniquitous or unconscionable or when there has been partial performance (a common reality with installment loans).

Practical implications:

  • A reasonable one-time penalty may be upheld.
  • A recurring 5% charge that quickly snowballs—especially when added on top of high interest, processing fees, “service fees,” and compounding—becomes vulnerable to reduction or invalidation.

3) Does the total effective cost become unconscionable?

Courts look beyond labels. Even if a lender calls something a “fee,” a court may treat it as part of the real credit cost, especially if:

  • It is unavoidable in practice,
  • It is disproportionate to the breach,
  • It functions like additional interest,
  • It is paired with oppressive collection tactics.

Stacking is where legal risk spikes:

  • interest + “service fee” + “processing fee” + “late fee” + “penalty interest” + compounding This can produce an effective annualized cost that appears predatory, even if each component is defended separately.

C. Civil Code provisions commonly used to challenge excessive overdue fees

While outcomes are fact-specific, these doctrines frequently matter:

  • Penal clauses may be reduced if unconscionable (Civil Code doctrine on penal clauses).
  • Interest must be expressly stipulated in writing to be due as interest (Civil Code principle on interest); lenders may try to label charges as “fees,” but courts may still assess them as part of finance charge.
  • Abuse of rights and liability for acts contrary to morals/good customs/public policy can support damages claims when combined with harassment or shaming tactics.

D. What about “5%” specifically—when is it most risky?

The higher the frequency and base, the harder it is to defend:

  • Most defensible: 5% one-time penalty on the missed installment, clearly disclosed, no compounding, reasonable overall pricing.
  • Risky: 5% per month (or per cut-off) plus high interest and multiple fees.
  • Highly vulnerable: 5% per day, or 5% applied to total outstanding principal repeatedly, especially with compounding.

4) Privacy violations by online lending apps: what’s illegal?

The Data Privacy Act (R.A. 10173) is the main statute. Many common “collection” practices also trigger civil/criminal exposure.

A. Core Data Privacy Act principles that matter most

Online lenders must comply with:

  • Transparency: borrowers must be clearly informed what data is collected, why, how it’s used, who it’s shared with, and how long it’s kept.
  • Legitimate purpose: data processing must be tied to declared, lawful objectives (e.g., underwriting, servicing, collections within lawful bounds).
  • Proportionality / data minimization: collect only what is necessary for the stated purpose.
  • Security: protect data from unauthorized access, leaks, and misuse.
  • Data subject rights: access, correction, objection (in some cases), erasure/blocking (where applicable), data portability (where applicable), and the right to be informed.

B. Common app behaviors that can violate the law

1) Overbroad permissions (contacts, SMS, photos, storage, location)

If an app requires full contact access when it’s not necessary to evaluate credit or service the loan, that raises proportionality issues.

A frequent red flag is “take it or leave it” consent bundled into loan approval where:

  • The borrower cannot realistically refuse the permission and still access the service; and
  • The permission is far broader than needed.

Consent under Philippine privacy law must be freely given, specific, informed, and evidenced. “Forced consent” can be challenged as not valid consent—especially if there are no reasonable alternatives and the scope is excessive.

2) Contacting the borrower’s friends/family/co-workers

Using scraped contacts to shame or pressure payment often violates:

  • Purpose limitation and proportionality under R.A. 10173, and may constitute unlawful disclosure.
  • Potential civil wrongs (invasion of privacy, damages).
  • Potential criminal exposure if communications are threatening or defamatory.

3) Posting personal data publicly (“shaming,” “wanted,” “delinquent lists”)

Public disclosure of a borrower’s identity, debt status, photos, or personal details to pressure payment is high-risk:

  • It can be unauthorized disclosure under privacy principles.
  • It can trigger defamation/libel or cyber libel (if online), depending on content and intent.
  • It can support civil damages claims.

4) Harassing messages/calls, threats, or impersonation

Even if a debt is valid, collection must remain lawful. Conduct may trigger:

  • Revised Penal Code: threats, coercion, unjust vexation (depending on facts), grave slander/defamation.
  • R.A. 10175 (Cybercrime): if done through ICT and meets elements of cyber libel or related offenses.
  • Privacy law issues if personal data is used as the tool of harassment or disclosed to third parties.

5) Sharing data with third-party collectors without proper safeguards

Sharing borrower data with collection agencies requires:

  • A lawful basis and proper notice,
  • Appropriate contracts/controls (processor agreements where applicable),
  • Security measures and accountability.

If a third-party collector misuses data, the lending entity can still face accountability as the PIC depending on the arrangement and controls.

C. “But the borrower consented” is not a universal defense

Apps often rely on “consent” in clickwrap terms. That defense weakens when:

  • Consent was not specific (blanket permissions);
  • Disclosures were unclear, buried, or misleading;
  • Data collected exceeded what was necessary; or
  • Data was used for a materially different purpose (e.g., public shaming) than disclosed.

5) Abusive debt collection: where privacy and consumer protection intersect

Even when lenders can lawfully collect, methods matter. In the Philippine setting, abusive collection often involves:

  • Threats of arrest for ordinary civil debt (generally improper—nonpayment of debt is typically not a crime by itself, though fraud-related conduct can be).
  • Contacting employers/friends to embarrass the borrower.
  • Posting “delinquent” materials online.
  • Repeated harassment.

These practices can violate:

  • Data Privacy Act principles,
  • Consumer protection norms under R.A. 11765 (fair treatment and prohibition of abusive conduct in financial services),
  • Civil Code tort principles and damages,
  • Penal laws depending on severity and content.

6) Practical remedies and enforcement options in the Philippines

A. Regulatory complaints

  1. SEC (for unregistered/abusive lending platforms or lending/financing companies under SEC supervision)
  • Issues include: operating without authority, unfair/abusive collection, misleading disclosures, noncompliant loan terms presentation.
  1. National Privacy Commission (NPC)
  • For: unauthorized collection of data, overbroad permissions, unlawful disclosure, harassment involving personal data, posting/sharing borrower information, data breaches, failure to honor data subject rights.

B. Civil actions

Depending on facts and amounts:

  • Action to reduce unconscionable penalties/charges (invoking Civil Code doctrines on penal clauses and equity).
  • Damages for privacy invasion, harassment, and reputational harm (Civil Code principles on abuse of rights and actionable privacy intrusions).
  • Injunction/TRO may be sought in appropriate cases to stop ongoing harmful disclosures or harassment (subject to procedural requirements).

C. Criminal complaints (fact-dependent)

Possible when evidence supports elements of offenses such as:

  • Threats/coercion,
  • Defamation/cyber libel,
  • Other ICT-related offenses under R.A. 10175.

7) Evidence that matters (especially for privacy and fee disputes)

For fee legality and disclosure issues:

  • Screenshots of advertised rates vs. actual charges
  • Full loan schedule, statement of account, and any “truth in lending” disclosures shown in-app
  • Terms & conditions presented at acceptance (including timestamps and versions if possible)
  • Proof of how the “5% overdue fee” is computed (base amount, frequency, compounding)

For privacy/harassment:

  • Screenshots of app permission requests and settings
  • Call logs, SMS, chat messages, email headers
  • Screenshots of social media posts or messages sent to third parties
  • Witness statements from contacted friends/family/employers
  • Evidence of data shared (names, phone numbers, photos, account identifiers)

8) Key takeaways on the two issues

On the 5% overdue fee

A “5% overdue fee” is not automatically illegal—but it becomes legally vulnerable when it is unclear, undisclosed, repeatedly applied, compounded, imposed on an excessive base, or stacked with other charges to produce an oppressive total cost. Philippine courts can reduce penalties deemed unconscionable, and poor disclosure can trigger liability under Truth in Lending standards.

On privacy violations

Many aggressive collection tactics used by online lending apps—especially contact scraping, third-party shaming, and public disclosure of borrower data—run directly into the Data Privacy Act and can also expose the actor to civil damages and criminal complaints, depending on the content and method of harassment.

9) Compliance snapshot (what lawful operation generally requires)

In Philippine practice, a legally safer online lending operation typically shows these traits:

  • Proper SEC authority/registration where required;
  • Plain-language, prominent disclosure of all interest, fees, penalties, and effective cost of credit before acceptance;
  • Penalties that are reasonable, non-oppressive, and not designed to explode the debt;
  • Data collection limited to what is necessary; no broad contact scraping as a default;
  • Collections that are firm but not harassing, and that do not disclose borrower data to unrelated third parties.

10) Conclusion

In the Philippines, the legality of a 5% overdue fee depends less on the number “5%” in isolation and more on how it is disclosed, computed, and combined with other charges—and whether it crosses the line into an unconscionable penal scheme under Civil Code principles and disclosure duties under R.A. 3765. Privacy abuses by online lending apps are governed primarily by the Data Privacy Act (R.A. 10173), and the common “shaming” and contact-harvesting playbook can create serious regulatory, civil, and criminal exposure even when the underlying debt is valid.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login