Online Lending App Harassment and Defamation

In the Philippines, the convenience of "one-tap" loans has been shadowed by the rise of predatory Online Lending Apps (OLAs). While these platforms offer quick financial relief, many employ debt collection strategies that border on—and frequently cross into—criminality. As of early 2026, the government has intensified its crackdown, with the Securities and Exchange Commission (SEC) and the National Privacy Commission (NPC) reporting tens of thousands of complaints involving harassment, shaming, and data privacy breaches.

The legal landscape surrounding OLAs is a blend of corporate regulation, data privacy protection, and criminal law.

1. The Legal Framework: Key Pillars

Harassment and defamation by OLAs are not just "bad customer service"; they are violations of specific Philippine laws and circulars:

Law / Regulation Key Protection
SEC Memorandum Circular No. 18 (s. 2019) Prohibits "Unfair Debt Collection Practices."
RA 10173 (Data Privacy Act of 2012) Protects personal data from unauthorized access/processing.
RA 10175 (Cybercrime Prevention Act) Punishes online libel, threats, and harassment.
RA 9474 (Lending Company Regulation Act) Mandates that all lending entities must be SEC-registered.
Revised Penal Code Addresses Grave Coercion, Threats, and Defamation.

2. Unfair Debt Collection Practices

Under SEC MC No. 18, Series of 2019, the following acts are strictly prohibited, regardless of whether the debt is legitimate:

  • Threats of Violence: Any suggestion of physical harm to the borrower or their family.
  • Profane Language: Using insults, obscenities, or derogatory "shaming" language.
  • Privacy Breaches: Disclosing the borrower's name or debt status to third parties (except guarantors).
  • Harassment of Contacts: Contacting people in the borrower's contact list who were not named as guarantors.
  • Unreasonable Hours: Making calls before 6:00 AM or after 10:00 PM, unless the debt is more than 15 days past due.
  • Deceptive Representation: Claiming to be a lawyer, a court official, or a government agent to intimidate the borrower.

3. The "Contact List" Breach and Data Privacy

The most common OLA tactic is "contact list harvesting." Upon installation, many apps require permission to access contacts. Per the March 2026 Joint Public Advisory from the DICT, NPC, and SEC:

  • Proportionality Principle: Accessing a full contact list is considered "disproportionate processing." Apps may only access contacts to allow the user to select specific references or guarantors.
  • Revocation of Consent: Borrowers must be given a clear way to revoke app permissions once the loan is processed or paid.
  • Deceptive Design: Pre-ticked boxes or "dark patterns" that trick users into granting broad permissions are now specifically flagged as violations of the Data Privacy Act.

Legal Note: If an OLA messages your boss, parents, or friends to inform them of your debt, they have committed a criminal violation of the Data Privacy Act, punishable by imprisonment and million-peso fines.

4. Online Defamation and Cyberlibel

"Debt shaming"—posting a borrower’s photo on social media with captions like "Scammer" or "Magnanakaw"—is a classic case of Cyberlibel.

As of the Supreme Court ruling in April 2026, the prescriptive period for Cyberlibel is confirmed to be one year from the time of discovery. This means victims have one year from the moment they see the shaming post to file a criminal complaint.

Defamation in this context requires four elements:

  1. An allegation of a vice or defect (calling someone a "scammer").
  2. Publication (posting on Facebook or sending to a group chat).
  3. Malice (the intent to shame rather than a legitimate legal demand).
  4. Identifiability of the victim.

5. Remedies: How to Fight Back

Victims of OLA harassment are not helpless. The Philippine government has established specific channels for redress:

  1. SEC Enforcement and Investor Protection Department (EIPD): File a complaint for violations of MC 18. The SEC has the power to revoke the "Certificate of Authority" of the lending company.
  2. National Privacy Commission (NPC): If the harassment involves your contact list or social media shaming, file a formal complaint via the NPC’s "Complaints and Investigation Division."
  3. PNP Anti-Cybercrime Group (ACG) or NBI Cybercrime Division: For death threats, grave threats, or cyberlibel, these agencies handle the criminal investigation necessary for filing cases in court.
  4. CICC (Cybercrime Investigation and Coordinating Center): For reporting illegal, unregistered apps that often operate from offshore servers.

Summary of Actionable Steps

  • Document Everything: Take screenshots of all threatening texts, social media posts, and call logs.
  • Check the SEC Registry: Verify if the app is on the "List of Recorded Online Lending Platforms." If it isn't, they are operating illegally.
  • Cease and Desist: Send a formal email to the OLA’s Data Protection Officer (DPO) demanding they stop contacting third parties. This serves as evidence of your attempt to resolve the issue.
  • Do Not Pay More Than Lawful: While interest rate caps in the PH are not strictly set by law, the Supreme Court has repeatedly ruled that "unconscionable" interest (often 20%–100% per month) is void. You are legally obligated to pay the principal and a reasonable interest rate, but you can contest predatory charges in court.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login