Online Lending Harassment and Data Privacy Complaint in the Philippines

I. Introduction

Online lending has become common in the Philippines because it gives borrowers quick access to cash through mobile applications, websites, social media pages, and digital lending platforms. Many legitimate financing and lending companies operate online. However, the growth of digital lending has also led to widespread complaints involving abusive collection practices, public shaming, threats, unauthorized access to phone contacts, misuse of personal data, excessive interest, hidden charges, and harassment of borrowers, relatives, employers, and friends.

A borrower who is unable to pay a loan does not lose basic legal rights. Debt collection is allowed, but harassment, threats, public humiliation, unauthorized disclosure of personal information, and misuse of personal data may violate Philippine law. A person affected by online lending harassment may file complaints before several offices, including the National Privacy Commission, Securities and Exchange Commission, Philippine National Police, National Bureau of Investigation, Department of Trade and Industry, Bangko Sentral ng Pilipinas, and prosecutors, depending on the facts.

This article explains the Philippine legal framework, the rights of borrowers and third parties, the possible liabilities of online lenders and collectors, and the steps for filing data privacy, harassment, criminal, administrative, and consumer complaints.

II. What Is Online Lending Harassment?

Online lending harassment refers to abusive, unlawful, or oppressive acts committed by online lenders, financing companies, lending apps, collection agents, or persons pretending to collect debts.

Common examples include:

  1. Repeated calls or messages meant to intimidate or shame the borrower.
  2. Threats of arrest, imprisonment, public exposure, or physical harm.
  3. Contacting the borrower’s family, friends, employer, co-workers, or phone contacts.
  4. Telling third parties that the borrower owes money.
  5. Posting the borrower’s name, photo, ID, or debt information online.
  6. Sending defamatory messages to the borrower’s contacts.
  7. Using obscene, insulting, or degrading language.
  8. Creating fake social media posts or group chats to shame the borrower.
  9. Threatening to file fabricated criminal cases.
  10. Threatening to visit the borrower’s home or workplace in a humiliating manner.
  11. Misrepresenting themselves as lawyers, police officers, court personnel, or government agents.
  12. Accessing or using phone contacts without valid consent.
  13. Using personal data beyond the legitimate purpose of loan processing or collection.
  14. Harassing people who are not parties to the loan.
  15. Sending messages such as “scammer,” “magnanakaw,” “wanted,” or similar labels to third parties.
  16. Using edited photos, fake notices, or false legal documents.
  17. Threatening public posting unless payment is made.
  18. Continuing to process personal data after consent has been withdrawn, where withdrawal is legally applicable.
  19. Failing to provide a proper privacy notice.
  20. Refusing to identify the lending company, collection agency, or basis of the debt.

Not every collection attempt is unlawful. A lender may remind a borrower to pay, send notices, charge lawful fees, file a civil collection case, or report a legitimate obligation through proper legal channels. The problem begins when collection becomes abusive, deceptive, threatening, defamatory, or violative of data privacy rights.

III. Legal Nature of an Online Loan

An online loan is still a loan. It may be entered into through an app, website, electronic signature, digital acceptance, text confirmation, e-wallet transaction, or other electronic means.

The borrower may have civil obligations to repay the principal, interest, and lawful charges. However, the lender must still comply with:

  1. Lending and financing regulations
  2. Data privacy law
  3. Consumer protection rules
  4. Cybercrime law
  5. Criminal law on threats, coercion, unjust vexation, grave slander, libel, or other offenses
  6. Rules on fair debt collection
  7. Contract law
  8. Electronic commerce rules
  9. Corporate registration requirements
  10. Rules against unfair, abusive, or deceptive practices

A debt is not a license to harass. Nonpayment of a loan is generally a civil matter unless there are independent criminal acts such as fraud, falsification, threats, identity theft, or other crimes.

IV. Key Philippine Laws and Legal Remedies

Several laws may apply to online lending harassment and data privacy violations.

A. Data Privacy Act

The Data Privacy Act protects personal information and sensitive personal information. It applies to personal data collected and processed by lending apps, financing companies, collection agencies, and related persons.

Personal information may include:

  • Name
  • Address
  • Mobile number
  • Email address
  • Social media account
  • Contact list
  • Employer
  • Salary information
  • Loan details
  • Photos
  • Valid IDs
  • Bank or e-wallet details
  • Device information
  • Location data
  • References
  • Transaction history

Sensitive personal information may include information about age, marital status, health, government-issued numbers, financial details, IDs, and other protected categories.

Online lenders and collection agents may become liable if they collect, use, disclose, store, or share personal data without a lawful basis or beyond the declared purpose.

B. Lending Company and Financing Company Regulations

Online lending platforms may be regulated as lending companies, financing companies, or other financial service providers. They must be properly registered and must follow rules on disclosure, interest, fees, collection, advertising, and fair treatment.

Abusive online lending practices may lead to administrative sanctions, suspension, revocation of registration, fines, or cease-and-desist actions.

C. Cybercrime Prevention Act

If harassment occurs through social media, messaging apps, emails, websites, fake accounts, group chats, or online posts, cybercrime laws may apply.

Possible cyber-related issues include:

  • Cyber libel
  • Identity theft
  • Unauthorized access
  • Computer-related fraud
  • Online threats
  • Use of fake accounts
  • Public posting of personal information
  • Digital dissemination of defamatory or threatening content

D. Revised Penal Code

The Revised Penal Code may apply to conduct such as:

  • Grave threats
  • Light threats
  • Unjust vexation
  • Coercion
  • Grave coercion
  • Slander by deed
  • Oral defamation
  • Libel
  • Intriguing against honor
  • Alarms and scandals
  • Falsification
  • Usurpation of authority, if collectors pretend to be police, court personnel, or government officers

E. Civil Code

The borrower or affected third party may have civil claims for damages if the lender or collector violates rights, causes humiliation, invades privacy, harms reputation, or acts contrary to morals, good customs, public policy, or law.

F. Consumer Protection Laws

Borrowers may also raise consumer protection issues if the lender used deceptive advertising, hidden charges, misleading loan terms, unfair contract clauses, or abusive practices.

V. Borrower’s Rights in Online Lending

A borrower has rights even if the loan is unpaid.

These include:

  1. The right to be treated fairly and respectfully.
  2. The right not to be threatened, insulted, or humiliated.
  3. The right to know the identity of the lender and collector.
  4. The right to receive clear loan terms.
  5. The right to know the amount due and how it was computed.
  6. The right to object to unauthorized processing of personal data.
  7. The right to request access to personal data being processed.
  8. The right to correction of inaccurate personal data.
  9. The right to complain to the proper regulator.
  10. The right not to have private debt information disclosed to unrelated third parties.
  11. The right not to have photos, IDs, contacts, or personal details posted online.
  12. The right not to be falsely accused of a crime.
  13. The right not to be contacted at unreasonable times or through abusive means.
  14. The right to seek damages if unlawful acts cause injury.
  15. The right to file administrative, civil, or criminal complaints.

Debt collection must be lawful. A collector may demand payment, but cannot use shame, threats, intimidation, deception, or unlawful disclosure of data.

VI. Rights of Relatives, Friends, Employers, and Third Parties

Online lending harassment often affects people who did not borrow money. Lenders may call or message contacts taken from the borrower’s phone. They may accuse the borrower in messages sent to family members, friends, co-workers, or employers.

Third parties have their own rights. They may complain if:

  1. Their contact details were accessed without valid consent.
  2. They received harassing calls or messages.
  3. They were told private loan information without lawful basis.
  4. They were threatened or insulted.
  5. They were added to group chats meant to shame the borrower.
  6. Their own personal data was processed without authority.
  7. Their reputation or peace was harmed.

A reference person is not automatically a co-maker, guarantor, or debtor. Merely being listed as a contact or reference does not make a person liable for the borrower’s loan unless that person clearly agreed to be legally bound.

VII. Data Privacy Issues in Online Lending Apps

Online lending apps often request access to phone contacts, photos, camera, location, SMS, storage, or device information. Some permissions may be unnecessary or excessive for a simple loan transaction.

A. Excessive Data Collection

A lending app may violate privacy principles if it collects more information than necessary. For example, collecting an entire contact list may be excessive if the stated purpose is merely loan evaluation.

B. Unauthorized Use of Contacts

Using phone contacts to shame or pressure a borrower is one of the most common privacy complaints. Even if the borrower clicked “allow” during app installation, consent may not be valid if it was forced, unclear, bundled, or used for purposes not reasonably explained.

C. Disclosure of Debt to Third Parties

Debt information is personal information. Disclosing it to relatives, friends, employers, neighbors, or co-workers may be unlawful unless there is a valid legal basis.

D. Public Posting of Borrower Information

Posting a borrower’s name, photo, address, ID, debt amount, or alleged delinquency online may violate privacy rights and may also constitute cyber libel or other offenses.

E. Use of Personal Data for Harassment

Personal data collected for loan processing cannot be misused for intimidation, threats, public shaming, or coercive collection.

F. Retention of Data

Lenders should not retain personal data longer than necessary. Borrowers may ask how long data will be kept and for what purpose.

G. Sharing with Collection Agencies

If the lender transfers data to a collection agency, the processing must still be lawful, secure, proportionate, and covered by proper arrangements. The lender may remain accountable for acts of its agents or processors.

VIII. What Counts as Harassment?

The line between collection and harassment depends on the content, frequency, manner, timing, and purpose of the communication.

A. Repeated Calls and Messages

Frequent reminders may become harassment when they are excessive, abusive, or intended to disturb the borrower’s peace.

B. Threats of Imprisonment

Collectors often say “makukulong ka,” “may warrant ka,” or “pupuntahan ka ng police.” Nonpayment of a loan, by itself, generally does not automatically result in imprisonment. A creditor may file a civil case or, in proper cases, a criminal complaint if fraud or another crime exists, but collectors should not falsely threaten immediate arrest.

C. Threats to Contact Employer

Threatening to tell an employer about a private loan may be unlawful if done to shame or pressure the borrower and if it discloses personal debt information without valid basis.

D. Public Shaming

Posting borrowers online, sending their photos to group chats, or labeling them as scammers may expose collectors and lenders to liability.

E. Use of Profanity or Degrading Words

Insults, vulgar language, and degrading messages may support complaints for harassment, unjust vexation, defamation, or privacy violations.

F. Fake Legal Notices

Some collectors send fake subpoenas, fake warrants, fake court orders, or fake police reports. These may create additional liability, especially if documents are falsified or used to intimidate.

G. Contacting Third Parties

Calling or messaging contacts to pressure the borrower is highly problematic, especially if the third party is not a guarantor or co-borrower.

IX. Criminal Liability That May Arise

Depending on the facts, online lending harassment may involve criminal offenses.

A. Grave Threats

If the collector threatens to inflict harm, expose sensitive information, or commit an unlawful act, grave threats may be considered.

B. Coercion

If threats or intimidation are used to compel the borrower to pay immediately or do something against their will, coercion may be involved.

C. Unjust Vexation

Repeated harassment, annoying calls, insulting messages, or conduct that disturbs peace may amount to unjust vexation depending on the circumstances.

D. Cyber Libel

If defamatory accusations are posted online or sent through digital platforms under circumstances covered by law, cyber libel may be considered.

E. Oral Defamation or Slander

If collectors verbally insult or falsely accuse the borrower in calls or in the presence of others, oral defamation may be relevant.

F. Identity Theft

If the lender or collector uses another person’s identity, photo, profile, or account without authority, identity theft may be involved.

G. Falsification

Fake subpoenas, fake demand letters from non-existent law firms, fake police notices, or fabricated documents may involve falsification or use of falsified documents.

H. Usurpation of Authority

A collector who pretends to be a police officer, court sheriff, prosecutor, barangay official, or government agent may face liability.

X. Administrative Liability of Online Lenders

Online lending companies and financing companies may face administrative sanctions for abusive practices. Possible consequences include:

  1. Warning
  2. Fine
  3. Suspension
  4. Revocation of certificate of authority
  5. Takedown of lending app
  6. Cease-and-desist order
  7. Disqualification of officers
  8. Referral for criminal investigation
  9. Public advisories against the company
  10. Regulatory enforcement action

Administrative complaints are especially useful when the lender is a registered company or uses an identifiable app.

XI. Where to File Complaints

A. National Privacy Commission

The National Privacy Commission is the primary body for complaints involving unauthorized processing, misuse, disclosure, or breach of personal data.

File with the NPC when the issue involves:

  • Accessing contacts without valid consent
  • Sending messages to contacts
  • Disclosing debt to third parties
  • Posting personal information online
  • Misusing IDs, photos, or personal records
  • Failing to provide privacy notice
  • Refusing to act on data privacy rights
  • Retaining or sharing personal data unlawfully
  • Data breach or unauthorized disclosure

B. Securities and Exchange Commission

The SEC may handle complaints against lending companies, financing companies, and online lending platforms, especially if the issue involves registration, unfair collection, abusive lending practices, unauthorized lending, or corporate violations.

File with the SEC when the complaint involves:

  • Online lending app misconduct
  • Abusive collection practices
  • Unregistered lending activity
  • Excessive or undisclosed charges
  • Harassment by a financing or lending company
  • False advertising or misleading loan terms
  • Illegal use of app permissions in collection

C. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group may handle cyber-related harassment, cyber libel, identity theft, threats, online shaming, fake accounts, and digital evidence.

D. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division may investigate serious or complex online harassment, identity misuse, cyber libel, online threats, unauthorized access, and coordinated app-based harassment.

E. Office of the Prosecutor

Criminal complaints may be filed before the Office of the City or Provincial Prosecutor with jurisdiction over the offense.

A prosecutor may handle complaints for threats, coercion, unjust vexation, libel, falsification, identity theft, cybercrime-related offenses, or other crimes.

F. Department of Trade and Industry

The DTI may be relevant for consumer complaints involving deceptive, unfair, or abusive business practices, especially where the transaction concerns consumer services.

G. Bangko Sentral ng Pilipinas

The BSP may be relevant if the complaint involves a bank, e-wallet, remittance company, payment system operator, or financial institution under its supervision.

H. Barangay

For certain minor disputes between individuals residing in the same city or municipality, barangay conciliation may apply. However, complaints against companies, online platforms, cyber-related offenses, or parties in different jurisdictions may require direct filing with regulators, law enforcement, or prosecutors.

XII. Choosing the Right Complaint Route

A single incident may justify multiple complaints. The best route depends on the conduct.

If the lender accessed contacts and messaged them:

File with the National Privacy Commission and SEC. Consider cybercrime complaint if messages are threatening or defamatory.

If the lender posted the borrower online:

File with NPC, PNP/NBI Cybercrime, and possibly prosecutor for cyber libel or related offenses.

If the lender used threats of harm:

File a police report and criminal complaint. Preserve messages and call recordings if legally obtained.

If the lender is unregistered:

File with SEC and consider law enforcement referral.

If the lender charged hidden or excessive fees:

File with SEC, DTI, or relevant financial regulator.

If the lender used fake subpoenas or fake warrants:

File with law enforcement and prosecutor; also report to SEC and NPC if personal data was involved.

If a bank or e-wallet account was misused:

Report to the bank, e-wallet provider, and BSP-supervised institution, if applicable.

XIII. Evidence Needed for a Strong Complaint

The complaint should be evidence-based. Prepare a complete file.

A. Borrower Information

  • Full name
  • Contact number
  • Email address
  • Address
  • Copy of valid ID
  • Loan account number, if any
  • App name and company name
  • Date loan was obtained
  • Amount borrowed
  • Amount received
  • Amount demanded
  • Payment history

B. Lender or Collector Information

  • App name
  • Website
  • Social media page
  • Company name
  • SEC registration details, if known
  • Phone numbers used
  • Email addresses used
  • Names or aliases of collectors
  • Bank or e-wallet accounts used for payment
  • Screenshots of app listing
  • Screenshots of privacy policy and terms

C. Harassment Evidence

  • Screenshots of threatening messages
  • Call logs
  • Voice recordings, where legally obtained
  • Text messages
  • Emails
  • Social media posts
  • Group chat screenshots
  • Messages sent to contacts
  • Photos or IDs posted online
  • Fake legal notices
  • Names of affected contacts
  • Affidavits from recipients of harassment

D. Data Privacy Evidence

  • App permissions requested
  • Privacy notice shown in the app
  • Terms and conditions
  • Screenshots showing access to contacts
  • Messages sent to contacts
  • Proof that contacts were not co-makers or guarantors
  • Requests for deletion, access, or correction
  • Lender’s response or refusal

E. Loan and Payment Evidence

  • Loan agreement
  • Disclosure statement
  • App dashboard showing loan terms
  • Amount disbursed
  • Interest and fees
  • Due dates
  • Payment receipts
  • E-wallet or bank transfer confirmations
  • Demand notices
  • Settlement offers

F. Evidence Index

Organize evidence as annexes:

  • Annex A – Screenshot of loan app and company details
  • Annex B – Loan approval and amount disbursed
  • Annex C – Disclosure statement or terms
  • Annex D – Harassing text messages
  • Annex E – Messages sent to borrower’s contacts
  • Annex F – Fake legal notice
  • Annex G – Payment receipts
  • Annex H – Affidavit of third-party contact
  • Annex I – Request for deletion or privacy complaint letter

XIV. Preserving Digital Evidence

Digital evidence must be preserved carefully.

Best practices:

  1. Take full screenshots showing sender, date, time, platform, and message.
  2. Do not crop or edit screenshots.
  3. Export chat histories if possible.
  4. Save call logs.
  5. Record exact phone numbers and account names.
  6. Save profile links and URLs.
  7. Screenshot app permissions and app store pages.
  8. Preserve the phone used for the transaction.
  9. Back up evidence in cloud storage and external storage.
  10. Ask affected contacts to send screenshots directly.
  11. Prepare affidavits from third parties who received messages.
  12. Save emails in original format if possible.
  13. Keep payment receipts and transaction IDs.
  14. Do not delete the lending app until evidence is captured.
  15. Make a written chronology while memories are fresh.

For online posts, capture the URL, timestamp, username, comments, and visible identifying details.

XV. Filing a Data Privacy Complaint

A data privacy complaint focuses on the unlawful collection, use, sharing, disclosure, or retention of personal data.

A. Grounds for a Data Privacy Complaint

A borrower or affected third party may complain when:

  1. The lender accessed contacts without valid consent.
  2. The lender messaged contacts who were not parties to the loan.
  3. The lender disclosed the borrower’s debt to third parties.
  4. The lender posted personal information online.
  5. The lender used personal data for shaming or threats.
  6. The lender collected excessive app permissions.
  7. The lender failed to provide a clear privacy notice.
  8. The lender ignored requests to access, correct, delete, or stop processing data.
  9. The lender shared data with unauthorized collectors.
  10. The lender processed data for purposes not disclosed at the time of collection.

B. Who May File

The following may file:

  • Borrower
  • Guarantor or co-maker whose data was misused
  • Relative or friend whose contact information was accessed or used
  • Employer or co-worker who received unlawful messages
  • Any data subject whose personal information was processed improperly

C. Contents of the Complaint

A privacy complaint should include:

  1. Name and contact details of complainant.
  2. Name of lending app or company.
  3. Description of the loan transaction.
  4. Description of personal data collected.
  5. Explanation of how the data was misused.
  6. Details of unauthorized disclosure.
  7. Names or numbers of collectors, if known.
  8. Evidence of messages, calls, posts, and app permissions.
  9. Harm suffered.
  10. Relief requested.

D. Relief That May Be Requested

The complainant may ask for:

  • Investigation
  • Order to stop unlawful processing
  • Deletion or blocking of unlawfully processed data
  • Correction of inaccurate data
  • Removal of online posts
  • Accountability for unauthorized disclosure
  • Penalties under applicable law
  • Referral for prosecution, if warranted
  • Damages through appropriate proceedings

XVI. Filing an SEC Complaint Against an Online Lending App

The SEC may act against registered or unregistered lending and financing companies that engage in abusive online lending or collection practices.

A. Useful Information for SEC Complaint

Include:

  • App name
  • Company name
  • SEC registration number, if known
  • Certificate of authority, if known
  • Website or app store link
  • Names of officers, if known
  • Loan terms
  • Collection messages
  • Evidence of harassment
  • Privacy violations
  • Excessive charges
  • Hidden fees
  • Failure to disclose terms
  • Use of third-party collection agencies

B. Possible SEC Action

The SEC may issue advisories, impose penalties, suspend operations, revoke authority, or refer the matter for criminal or other enforcement action.

C. If the App Is Unregistered

If the app is unregistered or uses a fake company identity, include screenshots and payment account details. This may support enforcement action and warnings to the public.

XVII. Filing a Criminal Complaint

A criminal complaint may be appropriate where harassment crosses into threats, coercion, defamation, identity theft, falsification, or cybercrime.

A. Complaint-Affidavit

The complaint should be supported by a sworn complaint-affidavit explaining:

  1. The loan transaction.
  2. The identity of the respondent, if known.
  3. The messages or acts complained of.
  4. Dates and times of harassment.
  5. The exact words used.
  6. How the complainant was threatened, shamed, or harmed.
  7. How third parties were contacted.
  8. Evidence attached as annexes.
  9. Requested charges.

B. Respondents

Possible respondents may include:

  • Lending company
  • Financing company
  • Company officers
  • Collection agency
  • Individual collectors
  • App operators
  • Persons using fake names or accounts
  • Persons who posted defamatory content

The complaint should identify individuals where possible. Corporate entities act through people, so evidence linking collectors or officers to the acts is important.

C. Venue

Venue may depend on where the complainant received the messages, where the respondent acted, where the online content was accessed, or where harm occurred. Venue can be technical, especially in cybercrime cases, so counsel should review the facts.

XVIII. Demand, Cease-and-Desist, and Privacy Rights Letter

Before or alongside formal complaints, a borrower may send a written notice to the lender.

The letter may:

  1. Dispute unlawful charges.
  2. Demand a statement of account.
  3. Demand that harassment stop.
  4. Demand that third-party contacts stop.
  5. Demand deletion or blocking of unlawfully processed data.
  6. Demand removal of online posts.
  7. Withdraw consent where legally applicable.
  8. Object to processing of personal data for harassment.
  9. Request the identity of the personal information controller.
  10. Request the basis for sharing data with collectors.

A letter should be factual and professional. Avoid threats, insults, or admissions that are inaccurate.

XIX. Sample Cease-and-Desist and Privacy Rights Letter

Subject: Cease-and-Desist from Harassment and Unauthorized Processing of Personal Data

To: [Name of Lending Company / Collection Agency]

I am writing regarding Loan Account No. [account number], allegedly under [app/company name].

I demand that your company, agents, collectors, representatives, and third-party service providers immediately cease all harassing, threatening, defamatory, and abusive collection practices, including but not limited to repeated threatening calls, insulting messages, disclosure of my alleged debt to third parties, contacting my relatives, friends, employer, co-workers, and other persons who are not parties to the loan, and posting or threatening to post my personal information online.

I further object to the unauthorized processing, sharing, disclosure, and use of my personal data and the personal data of my contacts for purposes unrelated to lawful loan administration. Please provide the following:

  1. The name and contact details of the personal information controller.
  2. The legal basis for processing my personal data.
  3. The categories of personal data collected.
  4. The recipients or categories of recipients to whom my data was disclosed.
  5. The purpose of disclosing my information to third parties.
  6. A complete statement of account showing principal, interest, fees, payments, and balance.
  7. The name of any collection agency or third-party processor handling my account.

I reserve all rights to file complaints before the National Privacy Commission, Securities and Exchange Commission, law enforcement agencies, prosecutors, and other appropriate authorities.

Sincerely, [Name]

XX. Can a Borrower Be Imprisoned for Nonpayment of an Online Loan?

As a general principle, a person is not imprisoned merely for failure to pay a debt. Nonpayment of a loan is usually a civil matter.

However, criminal liability may arise if the borrower committed an independent crime, such as:

  • Fraud at the time of borrowing
  • Use of false identity
  • Falsification of documents
  • Use of fake IDs
  • Issuance of checks under circumstances covered by special laws
  • Other criminal acts separate from simple nonpayment

Collectors often exaggerate by saying that nonpayment automatically results in arrest. That is misleading. A lender must go through proper legal process. A borrower should not ignore lawful notices, but should not be intimidated by fake threats.

XXI. Are Online Lending Interest Rates and Charges Always Valid?

Not necessarily. Online lending apps sometimes impose high interest, service fees, processing fees, penalties, rollover fees, and hidden charges.

Issues may arise if:

  1. Charges were not clearly disclosed.
  2. The borrower received much less than the stated loan amount.
  3. Interest and fees are unconscionable.
  4. Penalties are excessive.
  5. The contract terms are misleading.
  6. The lender is unregistered or unauthorized.
  7. The lender uses unfair or abusive practices.

A borrower may demand a full statement of account and challenge unlawful or undisclosed charges through the proper forum.

XXII. Are App Permissions Valid Consent?

Not always.

Consent under data privacy principles should be informed, specific, freely given, and evidenced. A borrower may argue that app permissions were invalid or excessive if:

  1. The app required access to the entire contact list without necessity.
  2. The purpose of access was not clearly explained.
  3. Consent was bundled with unrelated terms.
  4. The borrower could not use the service unless excessive permissions were granted.
  5. Data was used for harassment instead of loan processing.
  6. Contacts did not consent to their own data being processed.
  7. The app used data for purposes beyond the privacy notice.

Even where a borrower allowed app access, that does not authorize public shaming, threats, or disclosure of debt to unrelated persons.

XXIII. Liability of Collection Agencies

Lenders often use third-party collectors. These collectors may call, text, email, or message borrowers and contacts.

The lender may still be responsible if the collector acts on its behalf. The collection agency and individual collectors may also be liable for their own unlawful acts.

A complaint should include evidence showing:

  • The collector claimed to represent the lender.
  • The number or account was used for collection.
  • The messages referred to the loan.
  • The lender had knowledge of the collection activity.
  • Similar complaints exist against the same app or company.
  • Payment instructions linked the collector to the lender.

XXIV. Liability of Officers and Employees

Company officers, directors, managers, compliance officers, data protection officers, collection heads, and individual collectors may become relevant depending on the evidence.

Corporate officers are not automatically liable for every act of a company. However, they may be accountable if they authorized, tolerated, directed, participated in, or failed to prevent unlawful practices despite responsibility to do so.

XXV. Remedies Available to Borrowers and Third Parties

Possible remedies include:

  1. Administrative complaint
  2. Data privacy complaint
  3. Criminal complaint
  4. Civil action for damages
  5. Takedown request for online posts
  6. Report to app stores or hosting platforms
  7. Complaint to financial regulators
  8. Complaint to banks or payment providers
  9. Demand for statement of account
  10. Demand for deletion or correction of personal data
  11. Cease-and-desist demand
  12. Injunctive relief, where appropriate
  13. Settlement or restructuring of lawful debt
  14. Referral to consumer protection authorities

The best approach often combines privacy complaint, regulatory complaint, and evidence preservation.

XXVI. What to Do Immediately When Harassment Starts

  1. Do not panic.
  2. Do not delete messages.
  3. Take screenshots of all harassment.
  4. Record call logs.
  5. Ask contacts to forward screenshots.
  6. Save the lender’s app name, number, and company details.
  7. Capture the app permissions and privacy policy.
  8. Stop giving additional personal information.
  9. Send a written cease-and-desist request.
  10. Ask for a full statement of account.
  11. Report abusive conduct to the proper agencies.
  12. Secure social media accounts.
  13. Inform close contacts that they may ignore illegal collection messages.
  14. Avoid posting defamatory counter-statements online.
  15. Consult a lawyer if threats, public posting, or criminal accusations are involved.

XXVII. What Not to Do

Avoid these mistakes:

  1. Do not delete the app before preserving evidence.
  2. Do not ignore legitimate legal notices.
  3. Do not admit false allegations.
  4. Do not send payment to random personal accounts without verification.
  5. Do not engage in heated exchanges with collectors.
  6. Do not threaten collectors back.
  7. Do not post private personal information of collectors online.
  8. Do not rely solely on phone calls; communicate in writing.
  9. Do not sign settlement terms without understanding the amount.
  10. Do not assume all collectors are legitimate.
  11. Do not allow access to more data than necessary.
  12. Do not pay unlawful charges without requesting computation.
  13. Do not use fake information in complaints.
  14. Do not delay preserving evidence.

XXVIII. Complaint Package Checklist

A strong complaint package should include:

A. Cover Letter

Briefly identify the complainant, respondent, app, nature of complaint, and relief requested.

B. Complaint-Affidavit

A sworn statement narrating the facts chronologically.

C. Evidence Index

A table of annexes with descriptions.

D. Screenshots

Full, readable screenshots with dates, times, numbers, and account names.

E. Call Logs

Screenshots or records of repeated calls.

F. Third-Party Affidavits

Statements from relatives, friends, employers, or co-workers who received messages.

G. Loan Documents

Loan agreement, app dashboard, disclosure statement, payment records, and account details.

H. App Evidence

App name, app store page, permissions, privacy policy, terms and conditions, company information.

I. Identity Documents

Complainant’s ID and proof of contact details.

J. Prior Communications

Demand letters, cease-and-desist letters, privacy requests, and responses.

XXIX. Sample Complaint-Affidavit Structure

Republic of the Philippines City/Municipality of ________

Complaint-Affidavit

I, [Name], of legal age, Filipino, residing at [address], after being duly sworn, state:

  1. I am the complainant in this case.
  2. Respondent [company/app/collector name], with address/contact details at [details], operates or collects for the online lending application known as [app name].
  3. On [date], I obtained an online loan through [app name] in the amount of PHP [amount].
  4. The amount actually received was PHP [amount], while the app demanded PHP [amount] by [due date].
  5. On [date], respondent began sending me messages demanding payment.
  6. Respondent sent threatening and abusive messages, including the following: “[quote exact message].”
  7. Copies of these messages are attached as Annexes “A” to “A-__.”
  8. Respondent also contacted my relatives, friends, employer, and other persons who were not parties to the loan, including [names or descriptions].
  9. Respondent disclosed my alleged debt and sent messages calling me “[exact words],” as shown by Annexes “B” to “B-__.”
  10. Respondent accessed and used my phone contacts without lawful basis and used such information to shame, threaten, and pressure me.
  11. I did not authorize respondent to harass third parties or disclose my debt to them.
  12. Respondent’s acts caused me anxiety, humiliation, reputational harm, and disturbance of peace.
  13. I am executing this affidavit to request investigation and appropriate action for violations of data privacy law, abusive collection practices, cybercrime-related offenses, threats, coercion, unjust vexation, defamation, and such other violations as may be supported by the evidence.

Prayer

WHEREFORE, I respectfully request that respondent and responsible officers, agents, collectors, and representatives be investigated and held liable under applicable law.

[Signature] [Name]

Subscribed and sworn before me this ___ day of ______ at ______.

XXX. Sample Evidence Index

Annex Description
A Screenshot of lending app profile and app store page
B Loan approval page showing amount and due date
C Proof of amount actually received
D Payment history
E Harassing text messages sent to borrower
F Call logs showing repeated calls
G Messages sent to borrower’s contacts
H Screenshot of public post naming borrower
I Fake legal notice or threat
J Screenshot of app permissions
K Privacy policy or terms and conditions
L Cease-and-desist letter
M Reply or refusal by lender
N Affidavit of third-party recipient

XXXI. Special Issues: Borrower Is Abroad

A Filipino or resident abroad may still complain if the online lender, collector, borrower data, or harm has a Philippine connection.

A complainant abroad may:

  1. Execute a complaint-affidavit before a Philippine embassy or consulate.
  2. Use foreign notarization with apostille if appropriate.
  3. Appoint a Philippine representative through a Special Power of Attorney.
  4. Submit scanned evidence first, followed by originals if required.
  5. Coordinate with a Philippine lawyer.
  6. File online or by email where the receiving agency allows.
  7. Ask affected contacts in the Philippines to execute affidavits.
  8. File separate complaints for harassment received by Philippine contacts.

The borrower abroad should preserve evidence showing that messages were received abroad and that third parties in the Philippines were contacted.

XXXII. Special Issues: Contacts Were Accessed Without Permission

Contacts are personal data of third parties. A borrower may not have full authority to consent to the processing of other people’s contact details for harassment or collection.

If a lending app uploads or uses a borrower’s contact list, affected contacts may complain that their personal information was processed without lawful basis.

This is especially serious where collectors send messages such as:

  • “Your friend is a scammer.”
  • “Tell this person to pay.”
  • “You are listed as guarantor.”
  • “We will report your friend to the police.”
  • “Your employee has a debt.”
  • “This person is wanted for nonpayment.”

Such communications may involve privacy violations, defamation, harassment, and unfair collection practices.

XXXIII. Special Issues: Employer Harassment

Online collectors sometimes contact employers or co-workers. This may cause reputational harm, workplace embarrassment, or employment consequences.

A borrower may complain if the lender:

  1. Disclosed loan information to the employer.
  2. Called the workplace repeatedly.
  3. Sent defamatory accusations.
  4. Threatened to damage the borrower’s employment.
  5. Pretended that the employer is legally responsible.
  6. Demanded payroll deduction without authority.

Employers are generally not liable for an employee’s personal loan unless they expressly agreed to be a guarantor, co-maker, or payroll deduction party.

XXXIV. Special Issues: Public Posting and Social Media Shaming

Public posting is one of the most serious forms of harassment.

Examples include:

  • Posting the borrower’s photo with “scammer”
  • Uploading IDs or addresses
  • Tagging relatives and friends
  • Posting in barangay or community groups
  • Creating fake wanted posters
  • Sharing edited images
  • Publishing screenshots of private conversations
  • Posting debt details

Possible remedies include:

  1. Platform takedown request
  2. Data privacy complaint
  3. Cybercrime complaint
  4. Criminal complaint for cyber libel or related offenses
  5. Civil action for damages
  6. Regulatory complaint against the lender

Take screenshots and save URLs before reporting the post, because removal may make later proof harder.

XXXV. Special Issues: Fake Court, Police, or Barangay Notices

Some collectors send fake documents claiming:

  • A warrant has been issued.
  • A subpoena is pending.
  • Police will arrest the borrower.
  • Barangay officials will visit.
  • A case has already been filed.
  • The borrower is blacklisted by government.
  • Immigration hold departure orders will be issued.
  • Assets will be seized immediately.

A legitimate subpoena, court order, or police communication has formal details and comes from the proper authority. Fake notices should be preserved as evidence.

Misrepresentation as a government officer, lawyer, court employee, or law enforcement agent may create additional liability.

XXXVI. Settlement and Payment Issues

A borrower may still want to settle the legitimate debt while pursuing complaints for harassment. Settlement of debt does not automatically erase the lender’s past privacy violations or abusive conduct.

Before paying, request:

  1. Full statement of account.
  2. Principal amount.
  3. Interest computation.
  4. Fees and penalties.
  5. Proof that the collector is authorized.
  6. Official payment channel.
  7. Written settlement agreement.
  8. Confirmation that payment fully settles the account.
  9. Written undertaking to stop collection and delete or limit data as legally required.
  10. Official receipt or acknowledgment.

Avoid paying random collectors through personal e-wallets unless authority is verified.

XXXVII. Can the Borrower File a Complaint Even If the Debt Is Real?

Yes. A valid debt does not justify illegal collection methods. The borrower may owe money and still be a victim of harassment, defamation, threats, or data privacy violations.

The complaint should be honest. It may state:

  • The borrower obtained a loan.
  • The borrower disputes the amount or charges, if applicable.
  • The lender or collector used abusive and unlawful methods.
  • The borrower seeks action for harassment and privacy violations, not necessarily denial of all debt.

Credibility is stronger when the borrower does not falsely deny a real transaction.

XXXVIII. Can a Third Party File Even If They Are Not the Borrower?

Yes. A person whose personal information was misused or who received harassing messages may file a complaint.

A third-party complaint may state:

  1. The complainant did not borrow money.
  2. The complainant did not guarantee the loan.
  3. The complainant did not consent to receive collection messages.
  4. The collector disclosed another person’s debt.
  5. The collector used threats, insults, or repeated calls.
  6. The complainant’s phone number or identity was processed without proper basis.
  7. The complainant suffered disturbance, anxiety, or reputational harm.

XXXIX. Defenses Commonly Raised by Online Lenders

Online lenders may argue:

  1. The borrower consented to app permissions.
  2. The borrower agreed to the terms and conditions.
  3. The borrower listed contacts as references.
  4. The messages were sent by a third-party collector, not the lender.
  5. The borrower is delinquent.
  6. The messages were merely collection reminders.
  7. The screenshots are incomplete or edited.
  8. The collector acted without company authority.
  9. The borrower used fake information.
  10. The company had a legitimate interest in collecting the debt.

A strong complaint should respond with facts showing that the collection was excessive, abusive, unauthorized, defamatory, threatening, or beyond the lawful purpose of data processing.

XL. Practical Legal Strategy

A practical strategy may involve several parallel steps:

  1. Preserve all evidence.
  2. Send a cease-and-desist and privacy rights letter.
  3. Ask for a statement of account.
  4. Report harassment to the SEC if the lender is a lending or financing company.
  5. File with the NPC for data misuse.
  6. File cybercrime or criminal complaint if threats, shaming, fake documents, identity theft, or online defamation occurred.
  7. Report fake or abusive apps to app stores.
  8. Notify banks or e-wallet providers if payment accounts are suspicious.
  9. Ask third-party contacts to prepare affidavits.
  10. Consider settlement only through verified channels.
  11. Consult a Philippine lawyer if the harassment is severe or public.

XLI. Model Timeline for a Complaint

A useful chronology might look like this:

Date Event
1 June Borrower downloaded app and applied for loan
1 June App requested access to contacts and photos
2 June Loan approved for PHP 5,000; borrower received PHP 3,500 after deductions
8 June Collector began sending payment reminders
9 June Collector sent threats of public posting
10 June Collector messaged borrower’s mother and employer
10 June Collector disclosed borrower’s alleged debt to third parties
11 June Collector posted borrower’s photo in group chat
12 June Borrower sent cease-and-desist letter
13 June Harassment continued
14 June Complaint prepared with screenshots and affidavits

A clear timeline helps regulators and prosecutors understand the case.

XLII. Remedies for Removal of Online Posts

If a lender or collector posts private or defamatory material online:

  1. Screenshot the post first.
  2. Save the URL.
  3. Record the profile name and account link.
  4. Ask trusted witnesses to capture screenshots.
  5. Report the post to the platform.
  6. Send a takedown demand.
  7. File a privacy and cybercrime complaint.
  8. Avoid retaliatory posts.
  9. Preserve proof of emotional, reputational, or employment harm.

Removal is important, but evidence should be preserved before deletion.

XLIII. How to Deal With Collectors Safely

When communicating with collectors:

  1. Ask for their full name, company, and authority to collect.
  2. Ask for a written statement of account.
  3. Do not confirm sensitive details until identity is verified.
  4. Communicate in writing when possible.
  5. Do not respond to insults.
  6. Save all communications.
  7. Tell them not to contact third parties.
  8. State that harassment and unauthorized data disclosure will be reported.
  9. Pay only through verified official channels.
  10. Keep receipts.

A short response may be enough:

Please send a complete statement of account and proof that you are authorized to collect. Do not contact my relatives, employer, friends, or other third parties. I object to the unauthorized processing and disclosure of my personal data. Further harassment will be reported to the proper authorities.

XLIV. Possible Civil Claims for Damages

Aside from administrative and criminal remedies, the borrower or affected third party may seek damages in proper cases.

Possible damages may include:

  • Actual damages
  • Moral damages
  • Exemplary damages
  • Attorney’s fees
  • Litigation expenses

Civil claims may be based on invasion of privacy, abuse of rights, defamatory statements, unlawful processing, bad faith, or acts contrary to law, morals, good customs, or public policy.

The claimant should preserve evidence of harm, such as:

  • Employer notices
  • Medical or psychological records
  • Lost employment opportunities
  • Witness statements
  • Social media posts
  • Business losses
  • Messages from contacts
  • Proof of anxiety, humiliation, or reputational damage

XLV. Data Protection Officer and Company Accountability

A lending company that processes personal data should have accountability mechanisms. Borrowers may request the identity or contact details of the company’s data protection officer or responsible privacy contact.

A complaint may allege failure to:

  1. Provide clear privacy notice.
  2. Implement reasonable security measures.
  3. Limit collection to necessary data.
  4. Prevent unauthorized disclosure.
  5. Supervise third-party collectors.
  6. Respond to privacy rights requests.
  7. Stop unlawful processing.
  8. Protect data subjects from harm.

The company cannot simply blame collectors if the unlawful processing occurred in the course of collecting company loans.

XLVI. Online Lending Apps and App Stores

Borrowers may also report abusive lending apps to app stores or digital platforms. The report should include:

  • App name
  • Developer name
  • Screenshots of harassment
  • Evidence of misuse of contacts
  • Privacy concerns
  • Fake or misleading app details
  • Links to public shaming posts
  • Regulatory complaint reference numbers, if any

App store takedowns do not replace legal complaints, but they may prevent further harm.

XLVII. If the Lender Is Unknown or Uses Fake Names

Some online lenders hide behind fake app names, personal e-wallet accounts, unregistered entities, or disposable phone numbers.

In that case, gather:

  1. App name and download link
  2. Developer name
  3. Website
  4. Phone numbers
  5. Payment accounts
  6. E-wallet names
  7. Bank account numbers
  8. Social media pages
  9. Email addresses
  10. Collector aliases
  11. Message headers, if available
  12. Screenshots of all communications

Cybercrime authorities, banks, e-wallet providers, regulators, and platforms may help identify actors through proper legal processes.

XLVIII. Prescription and Timing

Complaints should be filed promptly. Delay can create problems because:

  1. Messages may be deleted.
  2. Apps may disappear.
  3. Numbers may be deactivated.
  4. Posts may be removed.
  5. Logs may no longer be available.
  6. Witnesses may forget details.
  7. Legal deadlines may apply.
  8. The lender may change names or platforms.

Even if the borrower is still negotiating payment, harassment evidence should be preserved immediately.

XLIX. Frequently Asked Questions

1. Can an online lender contact my contacts?

A lender may not freely use your contacts for shaming, pressure, or disclosure of debt. Contacting third parties who are not co-makers, guarantors, or authorized references may raise serious data privacy and harassment issues.

2. Can a lending app post my photo online?

Public posting of your photo, ID, debt, address, or personal details may violate privacy rights and may also support cybercrime or defamation complaints.

3. Can I complain even if I owe money?

Yes. A valid debt does not permit harassment, threats, public shaming, or unlawful disclosure of personal data.

4. Can I be arrested for not paying an online loan?

Nonpayment of a debt is generally civil. Arrest requires proper legal grounds and process. Threats of immediate arrest for simple nonpayment are usually misleading.

5. Can my employer be contacted?

Your employer should not be used as a tool to shame or pressure you unless there is a lawful and legitimate basis. Disclosing your personal debt to your employer may support a complaint.

6. What if I allowed app access to my contacts?

App permission does not automatically authorize misuse of contacts, public shaming, harassment, or disclosure of debt to unrelated persons.

7. Can my friend file a complaint if they received messages?

Yes. A third party whose number or personal information was used without proper basis, or who received harassment, may file their own complaint.

8. Should I delete the app?

Preserve evidence first. Screenshot the loan details, terms, app permissions, privacy notice, payment history, and messages before deleting anything.

9. What if the collector uses different numbers?

Record all numbers and link them through the messages, loan account, payment instructions, or repeated references to the same debt.

10. Can I sue for damages?

Possibly. If the harassment caused reputational harm, emotional distress, employment problems, or other injury, civil remedies may be considered.

L. Conclusion

Online lending harassment in the Philippines is not merely a private inconvenience. It may involve violations of data privacy rights, lending regulations, consumer protection rules, cybercrime laws, criminal law, and civil rights. Borrowers have an obligation to pay lawful debts, but lenders and collectors must collect lawfully.

The most common unlawful practices are unauthorized access to contacts, messaging third parties, public shaming, threats of arrest, insults, fake legal notices, and disclosure of debt information. These acts may justify complaints before the National Privacy Commission, Securities and Exchange Commission, cybercrime authorities, prosecutors, and other regulators.

The strongest cases are built on organized evidence: screenshots, call logs, app details, loan terms, payment records, messages to third parties, and witness affidavits. A borrower or affected third party should act quickly, preserve digital proof, send a written objection or cease-and-desist notice, demand a statement of account, and file complaints with the proper agencies.

A debt may be collected, but it must be collected within the limits of law, fairness, privacy, and human dignity.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login