I. Introduction

Online lending apps have made small, short-term loans easier to obtain, especially for borrowers who cannot immediately access banks or traditional credit. But the same digital convenience has also produced a recurring legal problem: abusive collection practices. Borrowers report being bombarded with calls and messages, threatened with arrest, shamed in group chats, exposed to employers or relatives, and pressured through contact-list harvesting.

In the Philippines, a borrower’s obligation to pay a lawful debt does not give a lender or collector a license to harass, threaten, shame, deceive, or misuse personal data. The law recognizes the lender’s right to collect what is due, but collection must be done through lawful, fair, and proportionate means.

This article discusses the Philippine legal framework governing online lending app harassment, the difference between legitimate collection and illegal collection, the remedies available to borrowers and affected third persons, the government agencies that may receive complaints, and the evidence usually needed to pursue administrative, civil, criminal, and data privacy remedies.

II. The Basic Legal Principle: Debt May Be Collected, But Not Through Abuse

A loan is a civil obligation. If a borrower validly obtained money and agreed to repay it, the lender may demand payment, charge lawful interest and fees, send reminders, assign the account to a collection agency, negotiate restructuring, or file a proper civil collection case.

However, the right to collect is not absolute. A creditor may not use violence, threats, public humiliation, false representations, unauthorized disclosure of personal information, deceptive messages, or harassment of unrelated third persons. The distinction is simple:

A lawful collection demand says, in substance: “You have an unpaid obligation. Please settle or contact us to arrange payment.”

An unlawful or abusive collection act says, in substance: “Pay now or we will shame you, expose you, threaten you, contact everyone you know, falsely accuse you, or take actions that the law does not allow.”

The borrower’s default does not erase the borrower’s rights to dignity, privacy, due process, and protection from criminal or abusive conduct.

III. Main Philippine Laws and Rules Involved

A. SEC Regulation of Lending and Financing Companies

Lending companies and financing companies are regulated by the Securities and Exchange Commission. A company engaged in lending must generally be properly registered and authorized. Online lending platforms are not exempt merely because they operate through apps, websites, text messages, or social media.

SEC Memorandum Circular No. 18, Series of 2019, expressly prohibits unfair debt collection practices by financing companies, lending companies, and their third-party service providers. The circular recognizes that collection may be pursued through reasonable and legally permissible means, but it prohibits abusive, unethical, unfair, and unscrupulous collection conduct.

Unfair collection practices include, among others:

1. Use or threat of violence or other criminal means to harm the person, reputation, or property of any person;
2. Threats to take action that cannot legally be taken;
3. Use of obscenities, insults, or profane language that amounts to abuse or a criminal offense;
4. Disclosure or publication of the names and personal information of borrowers who allegedly refuse to pay;
5. Communicating or threatening to communicate false loan information;
6. False representations or deceptive means to collect a debt or obtain information about a borrower;
7. Contacting borrowers at unreasonable or inconvenient times, generally before 6:00 a.m. or after 10:00 p.m., subject to specific exceptions; and
8. Contacting persons in the borrower’s contact list other than guarantors or co-makers.

The lending or financing company remains responsible even if it uses a third-party collection service provider. It cannot avoid liability by outsourcing harassment.

B. Data Privacy Act of 2012

Online lending harassment frequently involves misuse of personal data. Many abusive collection methods depend on access to a borrower’s contact list, photos, phone records, workplace information, social media accounts, or identification documents.

Under the Data Privacy Act, personal data processing must comply with the principles of transparency, legitimate purpose, and proportionality. In practical terms, a lending app should collect and use only the personal information that is necessary and lawful for the legitimate loan purpose. Consent must not be used as a blanket excuse for excessive, deceptive, or disproportionate data processing.

Data privacy issues commonly arise when an online lending app:

1. Accesses the borrower’s phone contacts without a valid, specific, and proportionate purpose;
2. Contacts people who are not guarantors or co-makers;
3. Tells relatives, friends, co-workers, or employers about the loan;
4. Posts or threatens to post the borrower’s name, face, ID, or alleged debt on social media;
5. Creates group chats to shame the borrower;
6. Uses the borrower’s photos or personal details to make defamatory materials;
7. Continues processing data after the lawful purpose has ended; or
8. Uses deceptive interface designs to pressure users into granting permissions.

A character reference is not automatically a guarantor. A guarantor must separately consent to be bound to the loan obligation. Merely being in the borrower’s phonebook, being named as a reference, or being contacted by a collector does not make a person liable for the borrower’s debt.

C. Cybercrime Prevention Act

Where harassment is committed through information and communications technology, the Cybercrime Prevention Act may become relevant. Online shaming, defamatory posts, threats sent by chat, malicious publication of altered images, and similar acts may involve cyber-related offenses or may increase the legal consequences of offenses committed through digital means.

For example, a defamatory Facebook post, group chat message, or public online accusation that falsely portrays a borrower as a criminal, scammer, or immoral person may raise cyber libel concerns. Threats and coercive messages sent through digital platforms may also be relevant to cybercrime investigation.

D. Revised Penal Code

Depending on the facts, abusive debt collection may implicate the Revised Penal Code. Possible offenses include:

1. Grave threats, where the collector threatens harm, violence, or another wrong;
2. Light threats or other threats, depending on the nature and seriousness of the statement;
3. Grave coercion, where a person is compelled by violence, intimidation, or threats to do something against their will;
4. Unjust vexation, for acts that unjustifiably annoy, irritate, distress, or torment another person;
5. Libel or slander, where defamatory imputations are published or spoken;
6. Intriguing against honor, depending on the manner of rumor-spreading or reputation damage; and
7. Other offenses if the conduct involves extortion, identity misuse, falsification, stalking-like conduct, or threats of sexual or physical harm.

The specific offense depends on the exact words used, the platform, the audience, the intent, the effect, and the available evidence.

E. Civil Code Remedies

The Civil Code provides another route for relief. Articles 19, 20, and 21 impose standards of justice, good faith, and liability for unlawful, negligent, immoral, or abusive acts. Article 26 protects dignity, personality, privacy, and peace of mind against meddling, prying, humiliation, and similar acts.

A borrower or affected third person may consider a civil action for damages when the harassment causes injury such as humiliation, anxiety, reputational harm, loss of employment opportunity, family conflict, or emotional distress. Depending on proof, possible damages may include actual damages, moral damages, exemplary damages, attorney’s fees, and costs of suit.

F. Constitutional Protection Against Imprisonment for Debt

A person generally cannot be imprisoned merely for inability to pay a debt. Nonpayment of a loan is ordinarily a civil matter. Collectors who say “you will be arrested today,” “police will come to your house,” or “a warrant has been issued” may be making unlawful or deceptive threats unless there is a real criminal case and proper legal process.

This does not mean all loan-related conduct is immune from criminal liability. Fraud, falsification, identity theft, estafa, or issuance of worthless checks may create separate criminal issues if the elements are present. But mere nonpayment of a loan, without more, is not a crime.

IV. Common Forms of Online Lending App Harassment

The most common abusive practices include:

1. Contact-list harassment

Collectors call or message relatives, friends, co-workers, employers, neighbors, and unrelated contacts to pressure the borrower. This may violate SEC rules and data privacy principles, especially where those persons are not guarantors or co-makers.

2. Debt shaming

Collectors post the borrower’s name, photo, address, ID, workplace, or alleged debt on social media, group chats, or messaging platforms. This may give rise to administrative, privacy, civil, and criminal remedies.

3. Threats of arrest or imprisonment

Collectors often threaten immediate arrest, police visits, or imprisonment. Such threats are suspect when used to collect an ordinary civil debt and may constitute unfair collection, deception, threats, coercion, or unjust vexation.

4. Threats to contact an employer

A lender may have legitimate reasons to verify employment during loan processing, but using the employer as a pressure point, disclosing the debt to co-workers, or threatening the borrower’s job may be abusive.

5. Profanity, insults, and repeated verbal abuse

Collection agents may not use obscene, insulting, or profane language in a manner that abuses the borrower or amounts to a criminal offense.

6. False legal documents

Some collectors send fake subpoenas, fake warrants, fake court notices, fake police blotters, or misleading “final legal action” notices. Misrepresenting legal process is a serious matter.

7. Unreasonable call times

Collection calls before 6:00 a.m. or after 10:00 p.m. may be treated as unfair, subject to limited exceptions recognized by regulation.

8. Harassment of non-borrowers

Relatives, references, employers, and phone contacts who did not borrow money and did not guarantee the loan generally have no obligation to pay. Harassing them may create independent causes of action.

V. Remedies Available to Borrowers and Affected Third Persons

A. SEC Complaint

For unfair collection practices by lending companies, financing companies, online lending platforms, or their collection agents, the primary administrative remedy is a complaint with the SEC.

The SEC may impose administrative sanctions, including fines, suspension, revocation of authority to operate, and other penalties. Complaints are especially appropriate when the lending company is registered, licensed, identifiable, or operating through a known app or platform.

A strong SEC complaint should include:

1. Name of the lending app or company;
2. Screenshots of the app, loan agreement, payment schedule, and collection messages;
3. Phone numbers, email addresses, social media accounts, or names used by collectors;
4. Dates and times of calls or messages;
5. Screenshots of threats, insults, group chats, or public posts;
6. Proof that third persons were contacted;
7. Proof that the contacted persons were not guarantors or co-makers;
8. Payment records, if any;
9. A concise narration of events; and
10. Specific relief requested, such as investigation, sanctions, cessation of harassment, or correction of records.

B. National Privacy Commission Complaint

If the issue involves unauthorized access, misuse, disclosure, or excessive processing of personal data, a complaint with the National Privacy Commission may be appropriate.

This remedy is particularly relevant where the app accessed the borrower’s contact list, messaged third persons, disclosed the loan to non-guarantors, posted personal information, used the borrower’s photo, or processed data beyond what was necessary for the loan.

A privacy complaint should show:

1. What personal data was collected or accessed;
2. How it was used;
3. Why the use was unauthorized, excessive, or disproportionate;
4. Who received the information;
5. Screenshots or recordings showing disclosure;
6. The harm suffered; and
7. Any request made to stop processing, delete data, or cease contacting third persons.

C. PNP Anti-Cybercrime Group or NBI Cybercrime Division

Where the harassment involves threats, extortion-like conduct, online shaming, fake posts, cyber libel, identity misuse, hacking, or other digital abuse, the victim may approach law enforcement, including the PNP Anti-Cybercrime Group or NBI Cybercrime Division.

Law enforcement involvement is especially important where there are:

1. Death threats;
2. Threats of physical harm;
3. Sexual threats or use of intimate images;
4. Fake social media posts;
5. Public defamatory posts;
6. Identity theft or impersonation;
7. Threats to family members;
8. Repeated harassment from changing numbers; or
9. Organized scam activity.

D. Criminal Complaint Before the Prosecutor

A victim may file a criminal complaint with the Office of the City or Provincial Prosecutor if the facts support an offense under the Revised Penal Code, Cybercrime Prevention Act, Data Privacy Act, or other laws.

The complaint-affidavit should be detailed, chronological, and evidence-based. It should identify the respondents if known. If the individual collectors are unknown, the complaint may initially identify the company, app operator, phone numbers, account names, and other traceable identifiers, while requesting investigation.

E. Civil Action for Damages

A civil action may be considered when the victim wants compensation or court relief for injury caused by harassment. Civil claims may be based on abuse of rights, violation of privacy, defamation, negligence, bad faith, or other wrongful acts.

Civil suits may be useful where the harassment caused measurable harm, such as job loss, business damage, medical expenses, reputational injury, or severe emotional distress. However, litigation involves time, filing fees, and proof requirements, so it should be assessed strategically.

F. Barangay, Demand Letters, and Settlement

Some disputes may be addressed through a formal cease-and-desist letter, complaint to the company’s data protection officer, or settlement negotiation. However, barangay conciliation is usually not the main remedy where the respondent is a corporation, an unknown online collector, or the issue involves offenses beyond barangay authority.

Settlement should be approached carefully. A borrower may negotiate payment terms without waiving claims for harassment or privacy violations unless the waiver is clear, voluntary, and legally acceptable. A borrower should avoid signing admissions or waivers under intimidation.

VI. Evidence Preservation

Evidence is often the key to a successful complaint. Borrowers and affected third persons should preserve:

1. Screenshots of messages, including sender number, date, and time;
2. Screen recordings showing the conversation thread and account profile;
3. Call logs showing repeated calls;
4. Audio recordings, where legally and safely obtained;
5. Links and screenshots of social media posts;
6. Group chat screenshots;
7. Names and statements of contacted relatives, friends, co-workers, or employers;
8. App name, developer name, website, email, and app store listing;
9. Loan agreement, disclosure statement, repayment schedule, and interest charges;
10. Proof of payments;
11. Demand letters or notices;
12. Any fake legal documents sent;
13. Privacy policy and permission screens of the app;
14. Evidence of app permissions requested or granted;
15. Copies of complaints filed and agency acknowledgments.

Screenshots should be complete and unedited. It is useful to export conversations, preserve the original device, back up files, and avoid deleting messages. If posts are public, the victim may ask a trusted person to capture independent screenshots as corroboration.

VII. Practical Steps for Victims

A victim may take the following practical steps:

1. Do not panic over threats of arrest for ordinary nonpayment.
2. Verify whether the lender is registered or authorized.
3. Preserve all evidence before blocking numbers.
4. Revoke unnecessary app permissions from the phone settings.
5. Inform relatives, employer, or references that they are not required to pay unless they validly acted as guarantors or co-makers.
6. Send a written notice demanding that the lender stop contacting non-guarantors and stop unlawful processing of personal data.
7. Request a statement of account and breakdown of principal, interest, penalties, and charges.
8. Pay only through verifiable channels and keep receipts.
9. File complaints with the proper agency when harassment continues.
10. Seek legal assistance where threats, public shaming, or serious privacy violations are involved.

VIII. What Borrowers Should Avoid

Borrowers should avoid:

1. Deleting evidence;
2. Retaliating with defamatory posts;
3. Threatening collectors back;
4. Sending additional personal documents unnecessarily;
5. Paying to personal accounts without verification;
6. Admitting false accusations out of fear;
7. Signing waivers without understanding them;
8. Ignoring legitimate court papers; and
9. Assuming that all collectors are fake merely because they are rude.

A borrower may dispute harassment while still addressing the legitimate portion of the debt.

IX. Rights of Contacted Relatives, Friends, Employers, and References

Third persons who are contacted by collectors have rights too. A person who did not borrow, co-make, or guarantee the loan generally has no obligation to pay. Collectors should not pressure such persons to settle the borrower’s account.

A contacted third person may:

1. Tell the collector to stop contacting them;
2. Preserve screenshots and call logs;
3. Ask how their personal data was obtained;
4. File a privacy complaint if their information was misused;
5. Support the borrower’s complaint as a witness; and
6. Consider legal remedies if they were threatened, defamed, or harassed.

X. Interest, Penalties, and Disclosure Issues

Harassment is separate from the validity of the loan charges. Even when a borrower was harassed, the principal obligation may still exist. However, borrowers may question excessive, undisclosed, unconscionable, or improperly imposed charges.

The Truth in Lending Act requires disclosure of finance charges in credit transactions. Lending and financing companies must also comply with applicable disclosure rules. Borrowers should request a full computation showing principal, interest, service fees, penalties, collection fees, and payments already made.

Where charges are unclear, hidden, or grossly disproportionate, the borrower may raise the issue in complaints, negotiations, or court proceedings.

XI. Administrative, Civil, Criminal, and Privacy Remedies Can Overlap

One incident can create several remedies. For example, if a collector accesses the borrower’s contacts, posts the borrower’s photo on Facebook, calls the borrower’s employer, and threatens arrest, the borrower may consider:

1. SEC complaint for unfair debt collection;
2. NPC complaint for unauthorized or excessive personal data processing;
3. Cybercrime complaint for online publication or digital threats;
4. Criminal complaint for threats, coercion, unjust vexation, libel, or other offenses;
5. Civil action for damages; and
6. A cease-and-desist or demand letter.

These remedies are not always mutually exclusive. The correct strategy depends on the evidence, seriousness of harm, identity of the offender, urgency, and the victim’s goal.

XII. Remedies Against Unregistered or Illegal Online Lending Apps

If the online lending app is unregistered, unauthorized, or using hidden operators, the borrower should still preserve evidence and report it. An illegal lender may be subject to SEC enforcement, cybercrime investigation, privacy enforcement, and possible criminal prosecution.

The difficulty is often identification. Victims should capture app store pages, developer details, URLs, phone numbers, payment account names, bank or e-wallet recipients, text headers, email addresses, and social media profiles. These details may help regulators and law enforcement trace the operators.

XIII. Sample Cease-and-Desist Language

A borrower may send a concise written notice such as:

“Please cease and desist from contacting persons in my phonebook, workplace, family, or social circle who are not guarantors or co-makers of my loan. I do not authorize the disclosure of my personal information or loan information to third persons. Please direct all lawful collection communications to me through proper channels. I also request a complete statement of account showing principal, interest, penalties, fees, and all payments credited.”

This message should be sent through a channel that can be documented, such as email, text, or in-app support. It is not a substitute for a formal complaint, but it helps show that the borrower objected to the conduct.

XIV. Conclusion

Online lending apps may lawfully collect legitimate debts, but they may not weaponize shame, fear, personal data, or social pressure. Philippine law provides multiple remedies: SEC complaints for unfair collection, NPC complaints for privacy violations, law enforcement action for threats and cyber abuse, criminal complaints where offenses are present, and civil actions for damages.

The most important first step is evidence preservation. Borrowers and affected third persons should document the harassment, identify the lender or collector as much as possible, revoke unnecessary app permissions, avoid retaliation, and report serious abuse to the appropriate agency.

A debt may be collected. A person may not be destroyed to collect it.