Online Lending Harassment Under RA 10175 and Other Philippine Laws

A Philippine Legal Article

I. Introduction

Online lending has become common in the Philippines because of mobile applications, digital wallets, instant loan approvals, and paperless credit transactions. While online lending can provide access to emergency funds, it has also produced widespread complaints involving harassment, public shaming, unauthorized access to phone contacts, threats, defamatory messages, abusive collection practices, and misuse of personal data.

In Philippine law, a borrower’s failure to pay a debt does not give a lender, financing company, collection agency, agent, or employee the right to harass, threaten, shame, deceive, or unlawfully process personal information. Debt collection must remain lawful, fair, proportionate, and respectful of privacy and dignity.

Online lending harassment may trigger liability under several Philippine laws, including:

  1. Republic Act No. 10175, the Cybercrime Prevention Act of 2012;
  2. Republic Act No. 10173, the Data Privacy Act of 2012;
  3. Republic Act No. 9474, the Lending Company Regulation Act of 2007;
  4. Republic Act No. 8556, the Financing Company Act;
  5. Republic Act No. 7394, the Consumer Act of the Philippines;
  6. Revised Penal Code provisions on threats, coercions, unjust vexation, slander, libel, grave scandal, and related offenses;
  7. Civil Code provisions on damages, abuse of rights, human dignity, privacy, and tort liability;
  8. SEC rules and circulars regulating lending and financing companies;
  9. BSP rules, where the lender is a bank, quasi-bank, financing institution, or supervised financial institution;
  10. NPC rules and decisions involving personal data processing.

This article explains the legal treatment of online lending harassment in the Philippine context.

II. What Is Online Lending Harassment?

Online lending harassment refers to abusive, oppressive, unlawful, deceptive, threatening, defamatory, or privacy-invasive conduct committed in connection with the collection of a debt obtained through an online lending platform, mobile app, financing company, lending company, or digital credit provider.

It may be committed by:

  • The online lending company;
  • Its officers or employees;
  • Collection agents;
  • Third-party collection agencies;
  • Call center representatives;
  • Field collectors;
  • App administrators;
  • Affiliates or related lending platforms;
  • Persons acting under the lender’s authority.

Common forms include:

  • Repeated abusive calls or messages;
  • Threats of arrest or imprisonment;
  • Threats of public exposure;
  • Posting the borrower’s photo online;
  • Sending defamatory messages to the borrower’s contacts;
  • Calling the borrower’s employer, relatives, friends, or co-workers;
  • Using insults, obscenities, or degrading language;
  • Falsely claiming to be police, NBI, court personnel, lawyers, or government officers;
  • Threatening legal action that is false, exaggerated, or impossible;
  • Accessing the borrower’s phone contacts without valid consent;
  • Using personal data for public shaming;
  • Sending fabricated “wanted,” “scammer,” or “estafa” notices;
  • Creating group chats to shame the borrower;
  • Disclosing loan details to third persons;
  • Publishing the borrower’s debt;
  • Sending death threats or threats of physical harm;
  • Harassing family members who are not parties to the loan;
  • Charging undisclosed or excessive fees;
  • Continuing collection after the loan has been paid;
  • Using fake Facebook accounts, text blasts, or automated harassment.

Not every collection attempt is harassment. A creditor may lawfully demand payment, send reminders, impose lawful charges, report legitimate credit information through proper channels, and pursue legal remedies. The line is crossed when collection becomes abusive, unlawful, deceptive, defamatory, threatening, or privacy-invasive.

III. Debt Is Not a Crime by Itself

A basic point must be emphasized: non-payment of a debt is generally not a criminal offense in the Philippines.

The Philippine Constitution prohibits imprisonment for debt. A borrower cannot be jailed merely because they failed to pay a loan.

However, criminal liability may arise if the facts involve a separate criminal act, such as:

  • Fraud from the beginning;
  • Issuance of bouncing checks under applicable law;
  • Falsification of documents;
  • Identity theft;
  • Use of another person’s personal data;
  • Estafa, where all elements are present.

Online lenders often threaten borrowers with immediate arrest, imprisonment, blotter reports, or criminal prosecution. These threats may themselves become unlawful if they are false, misleading, coercive, or intended to intimidate the borrower into paying through fear.

A lender may file a civil collection case. It may also file a criminal complaint if a real criminal offense exists. But it may not falsely tell a borrower that failure to pay an ordinary online loan automatically results in arrest or imprisonment.

IV. RA 10175: Cybercrime Prevention Act and Online Lending Harassment

Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, penalizes certain crimes committed through computer systems, information and communications technology, and online platforms. Online lending harassment often occurs through mobile apps, text messages, calls, social media, email, messaging applications, and digital platforms. Because of this, RA 10175 may apply.

A. Cyber Libel

One of the most relevant provisions is cyber libel.

Cyber libel may arise when a lender, collector, or agent publishes or sends defamatory statements against the borrower through electronic means.

Examples may include messages stating that the borrower is:

  • A scammer;
  • A criminal;
  • A thief;
  • An estafador;
  • A fraudster;
  • A person wanted by authorities;
  • A person who should not be trusted;
  • A person who deliberately deceives creditors.

If these statements are sent through Facebook, Messenger, Viber, SMS, email, group chat, online posts, or other digital means, they may be treated as libel committed through a computer system.

Cyber libel becomes especially relevant when the collector sends defamatory statements to:

  • The borrower’s family;
  • Employer;
  • Co-workers;
  • Friends;
  • Neighbors;
  • School;
  • Business contacts;
  • Social media followers;
  • Barangay officials;
  • Group chats.

Even if the borrower has an unpaid debt, the lender does not have the right to publicly brand the borrower as a criminal, scammer, or immoral person. Truth may be a defense in some defamation cases, but the malicious, unnecessary, excessive, or public disclosure of debt-related accusations can still create legal exposure.

B. Cyber Threats and Threatening Messages

RA 10175 may apply when threats are transmitted through ICT. Depending on the content, threats may be prosecuted under the Revised Penal Code as committed through electronic means.

Examples include:

  • “We will have you arrested tomorrow.”
  • “We will send police to your house.”
  • “We will post your face everywhere.”
  • “We will ruin your reputation.”
  • “We know where your children study.”
  • “We will go to your workplace and humiliate you.”
  • “You will be jailed for estafa.”
  • “We will report you as a scammer to all your contacts.”
  • “Something bad will happen to you if you do not pay.”

Threats may be classified depending on their seriousness, condition, and nature. If made through online systems, cybercrime implications may arise.

C. Unlawful Access and Misuse of Phone Contacts

Many online lending apps have been accused of accessing a borrower’s phone contacts, gallery, call logs, or personal information, then using that information to pressure payment.

Under RA 10175, unlawful or unauthorized access to a computer system or data may potentially raise cybercrime concerns. A mobile phone is a computer system for purposes of modern cybercrime analysis. If an app accesses data without valid authority, or beyond the scope of consent, liability may arise.

However, many cases involving contact harvesting are more directly addressed under the Data Privacy Act, because the issue involves personal information processing, consent, purpose limitation, proportionality, and unauthorized disclosure.

D. Identity Misuse, Fake Accounts, and Deceptive Online Communications

Some collectors use fake social media accounts, fake legal notices, fake court summons, or fake government identities. Depending on the facts, these acts may implicate:

  • Computer-related fraud;
  • Identity-related offenses;
  • Falsification;
  • Usurpation of authority;
  • Unjust vexation;
  • Libel;
  • Threats;
  • Data privacy violations.

Creating fake “legal department” messages or fake court notices to intimidate a borrower may also support administrative sanctions by regulators.

E. Cyberstalking-Like Conduct

Philippine law does not use the term “cyberstalking” in the same way some foreign jurisdictions do, but repeated online harassment may still fall under several legal categories, such as unjust vexation, grave coercion, threats, cyber libel, data privacy violations, or civil liability.

Repeated messages, tagging, public posts, and contact spamming may be evidence of harassment.

V. Data Privacy Act: Unauthorized Use of Personal Data

The Data Privacy Act of 2012 is one of the most important laws in online lending harassment cases.

Online lending apps often collect personal data, including:

  • Name;
  • Address;
  • Phone number;
  • Email address;
  • Government ID;
  • Photograph;
  • Employment details;
  • Salary information;
  • Bank or e-wallet information;
  • Contact references;
  • Phone contacts;
  • Device information;
  • Location data;
  • Social media accounts;
  • Emergency contact details.

Personal data must be collected and processed lawfully, fairly, and for legitimate purposes. Even if the borrower consents to data processing, consent is not unlimited. The lender may process data only for declared, legitimate, necessary, and proportionate purposes.

A. Principles of Data Privacy

The key principles are:

1. Transparency

The borrower must be informed about what data will be collected, why it will be collected, how it will be used, who will receive it, how long it will be retained, and what rights the borrower has.

Hidden or vague app permissions may not be enough.

2. Legitimate Purpose

Data must be processed for a legitimate purpose connected to the loan transaction.

Using personal data to shame, threaten, humiliate, or pressure the borrower through third persons is not a legitimate debt collection purpose.

3. Proportionality

Only data necessary for the declared purpose should be collected.

An online lender may need identity and contact information. It generally does not need unrestricted access to the borrower’s full contact list, photo gallery, or unrelated personal files for public shaming or harassment.

B. Unauthorized Disclosure to Contacts

A common complaint is that collectors send messages to the borrower’s phone contacts saying that the borrower has an unpaid loan.

This may violate data privacy rights because:

  • The loan information is personal information;
  • The borrower’s debt status is disclosed to third persons;
  • The disclosure may be unnecessary and excessive;
  • The borrower’s contacts may not have consented to receive collection messages;
  • The borrower may not have validly consented to public disclosure;
  • The lender may be using embarrassment as a collection tool.

Even if the borrower listed a reference person, that does not automatically authorize the lender to disclose full loan details, harass the reference, or demand payment from that person.

C. Accessing Contacts Through App Permissions

Many lending apps ask permission to access contacts. Consent obtained through app permissions may still be invalid or insufficient if:

  • It is forced as a condition for an unnecessary purpose;
  • It is not specific;
  • It is not informed;
  • It is not freely given;
  • The purpose is unclear;
  • The data is used for harassment;
  • The app accesses more information than needed;
  • The borrower cannot reasonably refuse without losing access to the service.

The fact that the borrower clicked “allow” does not automatically legalize abusive processing.

D. Using Borrower’s Photo for Shame Posts

Posting a borrower’s photo with text such as “scammer,” “wanted,” “unpaid loan,” or “do not trust this person” may involve:

  • Unauthorized processing of personal information;
  • Cyber libel;
  • Civil damages;
  • Violation of SEC collection rules;
  • Harassment;
  • Possible criminal liability depending on the content.

E. Data Privacy Rights of Borrowers

A borrower has rights as a data subject, including the right to:

  • Be informed;
  • Access personal data;
  • Object to processing;
  • Correct inaccurate data;
  • Suspend or block unlawful processing;
  • Withdraw consent where applicable;
  • Claim damages;
  • File a complaint with the National Privacy Commission.

The borrower may demand that the lender stop unlawful processing and delete data that is no longer necessary or was unlawfully obtained.

VI. SEC Regulation of Online Lending Companies

Online lending companies in the Philippines are generally regulated by the Securities and Exchange Commission when they operate as lending companies or financing companies.

A legitimate lending company must be properly registered and must have authority to operate. The use of online platforms does not exempt a lender from licensing and regulatory requirements.

A. Lending Company Regulation Act

Under the Lending Company Regulation Act, lending companies must comply with registration, disclosure, reporting, and fair lending requirements. They may not operate without proper authority.

An online lending app that lends money to the public without the required registration or certificate of authority may be subject to enforcement action.

B. Financing Company Act

Financing companies are also regulated. If the company’s business falls under financing company operations, it must comply with applicable requirements.

C. SEC Rules on Unfair Debt Collection Practices

The SEC has issued rules and memoranda against unfair debt collection practices by lending and financing companies.

Prohibited or sanctionable acts may include:

  • Use of threats;
  • Use of obscenities, insults, or profane language;
  • Disclosure of borrower information to third parties;
  • False representation that the collector is a lawyer, government officer, or law enforcement agent;
  • Threats of legal action that cannot legally be taken;
  • Contacting persons in the borrower’s contact list other than those named as guarantors or co-makers;
  • Posting borrower information online;
  • Using abusive collection methods;
  • Misleading or deceptive collection messages;
  • Shaming borrowers publicly.

The SEC may impose fines, suspend or revoke certificates of authority, order takedowns, or refer cases for prosecution.

D. Liability of Officers and Directors

In appropriate cases, liability may extend to responsible officers, directors, managers, or persons who authorized, tolerated, or failed to stop abusive practices.

A company cannot avoid liability by claiming that harassment was done by outsourced collectors if the collectors acted on its behalf or under its authority.

VII. Revised Penal Code Offenses

Online lending harassment may also violate the Revised Penal Code.

A. Grave Threats

Grave threats may be committed when a person threatens another with the infliction of a wrong amounting to a crime, such as bodily harm, kidnapping, destruction of property, or other criminal acts.

Examples:

  • Threatening to physically hurt the borrower;
  • Threatening to harm the borrower’s family;
  • Threatening to damage property;
  • Threatening unlawful arrest;
  • Threatening to fabricate a criminal case.

If the threat is made through text, chat, email, or social media, cybercrime considerations may also arise.

B. Light Threats

Light threats may involve threats that do not amount to grave threats but are still unlawful and coercive.

C. Grave Coercions

Grave coercion may occur when a person prevents another from doing something not prohibited by law, or compels another to do something against their will, through violence, threats, or intimidation.

In the collection context, coercion may arise when collectors use unlawful intimidation to force immediate payment, force the borrower to borrow from others, force the borrower to sell property, or force the borrower to disclose private information.

D. Unjust Vexation

Unjust vexation is often invoked in harassment situations. It generally refers to conduct that unjustly annoys, irritates, disturbs, or causes distress to another person without lawful justification.

Repeated calls, humiliating messages, insults, and oppressive contact may support a complaint for unjust vexation, depending on the circumstances.

E. Libel and Slander

Defamatory statements may be prosecuted as libel if written or published, and as oral defamation or slander if spoken.

If the defamatory statement is made online, through social media, messaging apps, or other ICT systems, cyber libel may apply.

Calling a borrower a “scammer,” “criminal,” “estafador,” or similar accusation in messages to third persons may be legally dangerous for collectors.

F. Grave Slander or Oral Defamation

If collectors call the borrower’s employer, barangay, family, or neighbors and orally make defamatory accusations, oral defamation may be considered.

G. Grave Scandal

If collectors create public disturbance or humiliation in a manner offensive to decency or good customs, grave scandal may be considered in appropriate cases.

H. Usurpation of Authority or Official Functions

Collectors who falsely pretend to be police officers, NBI agents, prosecutors, sheriffs, court personnel, or government officials may incur criminal liability.

A collector cannot legally claim government authority to intimidate a borrower unless they actually hold such authority.

I. Falsification

Fake subpoenas, fake court orders, fake warrants, fake police blotters, fake prosecutor notices, or fake legal documents may raise falsification issues.

J. Estafa Accusations by Collectors

Collectors often accuse borrowers of estafa. Non-payment alone is not automatically estafa. Estafa generally requires deceit, abuse of confidence, or other specific elements. A borrower who merely fails to pay due to inability, delay, unemployment, emergency, or financial hardship is not automatically guilty of estafa.

False accusations of estafa may expose collectors to libel, cyber libel, unjust vexation, or civil liability.

VIII. Civil Liability and Damages

A victim of online lending harassment may also pursue civil remedies.

Under the Civil Code, liability may arise from:

  • Abuse of rights;
  • Acts contrary to morals, good customs, or public policy;
  • Violation of privacy;
  • Defamation;
  • Negligence;
  • Quasi-delict;
  • Breach of contract;
  • Bad faith;
  • Intentional infliction of harm;
  • Violation of human dignity.

A. Abuse of Rights

A creditor has the right to collect a debt, but that right must be exercised in good faith. A right cannot be used solely to injure another person.

If a lender uses collection rights as a weapon for humiliation or psychological pressure, it may be liable for damages.

B. Human Dignity and Privacy

Philippine civil law recognizes respect for dignity, personality, privacy, and peace of mind. Public shaming, harassment, and intrusive messages may violate these interests.

C. Types of Damages

Depending on the facts, a victim may claim:

  • Actual damages;
  • Moral damages;
  • Exemplary damages;
  • Nominal damages;
  • Temperate damages;
  • Attorney’s fees;
  • Litigation expenses.

Moral damages may be relevant where the borrower suffers anxiety, humiliation, sleeplessness, reputational injury, mental anguish, or social embarrassment due to unlawful collection methods.

IX. Consumer Protection Issues

Online borrowers are consumers of financial services. Abusive online lending may involve consumer protection concerns.

Potential consumer law issues include:

  • Misleading loan terms;
  • Hidden charges;
  • Excessive or undisclosed interest;
  • Deceptive advertisements;
  • False promises of low interest;
  • Unclear repayment schedules;
  • Unauthorized deductions;
  • Unfair penalties;
  • Lack of disclosure of total cost of credit;
  • Misleading collection messages.

A loan agreement should clearly disclose the principal, interest, fees, penalties, maturity date, total amount due, and consequences of default.

Even when interest is contractually agreed, courts and regulators may scrutinize unconscionable terms.

X. Interest, Penalties, and Charges

Online lenders sometimes impose daily interest, processing fees, platform fees, penalty charges, rollover fees, and collection fees that cause the debt to multiply rapidly.

The law generally allows parties to stipulate interest, but interest and penalties may be challenged if they are:

  • Unconscionable;
  • Iniquitous;
  • Excessive;
  • Unclear;
  • Not properly disclosed;
  • Contrary to law or public policy.

Courts may reduce unconscionable interest or penalty charges.

A borrower should distinguish between:

  • The principal loan;
  • Contractual interest;
  • Penalty interest;
  • Service fees;
  • Processing fees;
  • Collection charges;
  • Late payment charges.

Harassment often occurs when lenders pressure borrowers to pay inflated amounts without clear accounting. Borrowers may request a detailed statement of account.

XI. Collection Agencies and Third-Party Collectors

A lender may hire a collection agency, but it remains responsible for ensuring lawful collection practices.

Third-party collectors must not:

  • Harass;
  • Threaten;
  • Shame;
  • Misrepresent authority;
  • Disclose debt information to unauthorized persons;
  • Use obscene language;
  • Contact contacts indiscriminately;
  • Publish borrower information;
  • Pretend to be lawyers or police;
  • Use fake legal documents.

A lender may be administratively, civilly, or even criminally implicated if it authorized, benefited from, tolerated, or failed to control abusive collectors.

XII. Employer, Relatives, and Contacts: What Collectors May Not Do

A frequent issue is whether collectors may contact the borrower’s employer, family, or phone contacts.

A lender may contact a person if that person is:

  • A co-maker;
  • Guarantor;
  • Surety;
  • Authorized representative;
  • Officially listed reference for limited verification;
  • Otherwise legally connected to the loan.

But even then, contact must be limited, truthful, necessary, and non-harassing.

Collectors generally should not:

  • Tell the employer that the borrower is a scammer;
  • Demand payment from relatives who did not sign the loan;
  • Threaten parents, siblings, friends, or co-workers;
  • Send loan details to all contacts;
  • Create group chats with contacts;
  • Post the debt online;
  • Send edited photos or shame posters;
  • Contact minor children;
  • Disclose personal data beyond what is necessary;
  • Use contacts to humiliate the borrower.

A reference person is not automatically liable for the debt. A person is generally liable only if they signed as borrower, co-maker, guarantor, surety, or otherwise validly assumed liability.

XIII. Harassment Through Barangay, Police, or Employer

Collectors sometimes threaten to report the borrower to the barangay, police, NBI, employer, or prosecutor.

A. Barangay

A creditor may seek barangay conciliation where legally applicable, especially if the parties reside in the same city or municipality. However, barangay proceedings are not a license to shame or threaten the borrower.

Barangay officials do not imprison borrowers for unpaid civil debts.

B. Police

Police generally do not arrest persons merely for unpaid civil loans. A police blotter is not a conviction and does not prove criminal liability.

A collector who falsely claims that police are coming to arrest the borrower may be committing harassment or misrepresentation.

C. Employer

A lender should not disclose debt information to an employer unless there is a lawful and legitimate basis. Publicly humiliating a borrower at work, threatening job loss, or sending defamatory messages to HR or supervisors may be unlawful.

D. Courts

Only courts issue judgments. A collection message is not a court order. A “final notice,” “legal notice,” or “demand letter” from a lender is not the same as a court judgment.

XIV. Demand Letters: What Is Lawful and What Is Not

A legitimate demand letter may state:

  • The name of the creditor;
  • The amount due;
  • The basis of the debt;
  • The due date;
  • The borrower’s obligation;
  • A deadline for payment;
  • Possible lawful remedies if payment is not made;
  • Contact details for settlement.

A demand letter becomes problematic when it includes:

  • False threats of arrest;
  • Fake case numbers;
  • Fake court seals;
  • False government logos;
  • Defamatory language;
  • Threats to post online;
  • Threats to contact all phone contacts;
  • Threats to harm the borrower;
  • Misleading claims that non-payment is automatically estafa;
  • Disclosure to unauthorized third persons.

XV. What Victims Should Preserve as Evidence

A borrower who experiences online lending harassment should preserve evidence immediately.

Important evidence includes:

  • Screenshots of text messages;
  • Screenshots of chat messages;
  • Call logs;
  • Audio recordings, where lawfully obtained;
  • Emails;
  • Social media posts;
  • Group chat messages;
  • Names and numbers of collectors;
  • App name and company name;
  • Loan agreement;
  • Disclosure statement;
  • Payment receipts;
  • Proof of full or partial payment;
  • Demand letters;
  • Messages sent to contacts;
  • Statements from contacted relatives or co-workers;
  • Screenshots of app permissions;
  • Privacy policy;
  • SEC registration details, if available;
  • Links to online posts;
  • URLs and account names;
  • Dates and times of harassment.

Evidence should be saved in multiple copies. Screenshots should show the sender, date, time, and full content. Victims may also ask contacted third persons to preserve the messages they received.

XVI. Where to File Complaints

Depending on the facts, victims may file complaints with different agencies.

A. Securities and Exchange Commission

If the offender is a lending company, financing company, or online lending app, the SEC is often the appropriate agency for regulatory complaints.

Complaints may involve:

  • Abusive collection;
  • Unauthorized lending operations;
  • Misleading loan terms;
  • Excessive charges;
  • Harassment by collectors;
  • Disclosure to contacts;
  • Unregistered online lending app;
  • Violation of SEC circulars.

B. National Privacy Commission

If the issue involves misuse of personal data, unauthorized contact access, disclosure of loan information, or unlawful processing, the National Privacy Commission may be appropriate.

The complaint may allege violation of:

  • Transparency;
  • Legitimate purpose;
  • Proportionality;
  • Unauthorized processing;
  • Unauthorized disclosure;
  • Failure to protect personal data;
  • Failure to honor data subject rights.

C. Philippine National Police Anti-Cybercrime Group

For cyber threats, cyber libel, identity misuse, hacking, online harassment, and similar acts, a complaint may be brought to the PNP Anti-Cybercrime Group.

D. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division may investigate cybercrime-related acts, including cyber libel, threats, identity misuse, and online harassment.

E. Prosecutor’s Office

Criminal complaints may be filed before the prosecutor’s office, supported by affidavits and evidence.

F. Barangay

For certain offenses and disputes covered by barangay conciliation, the barangay may be the first step. However, cybercrime, offenses punishable above certain thresholds, or disputes involving parties from different localities may fall outside barangay conciliation requirements.

G. Courts

Civil actions for damages, injunctions, and other relief may be filed in court.

XVII. Possible Remedies

A victim may seek several remedies, depending on the case:

  • Stop-processing order or privacy-related relief;
  • Regulatory sanctions against the lender;
  • Suspension or revocation of lending authority;
  • Takedown of defamatory posts;
  • Criminal prosecution;
  • Civil damages;
  • Injunction;
  • Correction or deletion of personal data;
  • Cease-and-desist relief;
  • Refund or accounting of excessive charges;
  • Settlement or restructuring of lawful debt;
  • Protection against further harassment.

The correct remedy depends on the evidence, identity of the offender, amount involved, nature of the harassment, and whether the lender is registered.

XVIII. Borrower’s Duties Despite Harassment

Harassment by a lender does not automatically erase a valid debt. If the loan is lawful and the borrower received the money, the borrower may still have a civil obligation to pay the valid amount due.

However, the borrower may contest:

  • Illegal charges;
  • Unconscionable interest;
  • Unauthorized fees;
  • Payments not credited;
  • Duplicate charges;
  • Fraudulent add-ons;
  • Invalid loan terms;
  • Harassment damages;
  • Privacy violations;
  • Defamatory acts.

The borrower may communicate in writing, request a statement of account, offer a reasonable settlement, and preserve proof of payment.

Borrowers should avoid making false statements, using fake IDs, or threatening collectors, because those acts may create separate liability.

XIX. Liability of Borrowers for Online Loans

A borrower may be liable for:

  • Principal amount borrowed;
  • Lawful interest;
  • Lawful penalties;
  • Attorney’s fees if validly stipulated and reasonable;
  • Collection costs if lawful and reasonable;
  • Court costs if ordered by a court.

A borrower is generally not liable for:

  • Amounts not disclosed;
  • Fabricated fees;
  • Charges contrary to law;
  • Excessive or unconscionable penalties;
  • Debts of another person unless they legally assumed liability;
  • Harassment-related “fees”;
  • Amounts already paid.

XX. Guarantors, Co-Makers, and References

It is important to distinguish among these roles.

A. Borrower

The borrower is the principal debtor and is directly liable.

B. Co-Maker

A co-maker usually signs the loan and may be directly liable with the borrower.

C. Guarantor

A guarantor undertakes to answer for the debt if the borrower fails to pay, subject to the terms of the guarantee and applicable law.

D. Surety

A surety is usually directly and solidarily liable with the principal debtor.

E. Reference Person

A reference person is generally not liable for the debt merely because their name or number appears in the application.

Collectors who demand payment from mere references may be acting unlawfully or deceptively.

XXI. Online Lending Apps and App Store Liability

Some abusive lenders operate through apps distributed on digital platforms. While app stores are not automatically liable for every act of an app operator, complaints to app platforms may result in takedown or suspension where the app violates platform policies.

Victims may report apps that:

  • Require excessive permissions;
  • Harvest contacts;
  • Use harassment;
  • Misrepresent loan terms;
  • Impersonate other companies;
  • Operate without authority;
  • Publish borrower data.

Regulatory agencies may also coordinate app takedowns.

XXII. Public Shaming and “Name-and-Shame” Collection

Public shaming is one of the clearest danger areas for online lenders.

Examples include:

  • Posting the borrower’s face on Facebook;
  • Calling the borrower a scammer;
  • Sending edited images to contacts;
  • Creating public warnings;
  • Tagging the borrower’s employer;
  • Posting in marketplace groups;
  • Sending messages to all contacts;
  • Creating group chats titled “scammer alert”;
  • Publishing the borrower’s government ID;
  • Uploading loan documents publicly.

These acts may expose the lender or collector to:

  • Cyber libel;
  • Data privacy complaints;
  • Civil damages;
  • SEC sanctions;
  • Criminal complaints;
  • Takedown orders;
  • Platform bans.

Debt collection is not a license to destroy a person’s reputation.

XXIII. False Threats of Estafa

Collectors frequently state that the borrower will be charged with estafa. This is often legally misleading.

Estafa requires specific elements. A mere failure to pay a loan, without fraud at the beginning or other required elements, is ordinarily a civil matter.

A false estafa accusation may become defamatory if communicated to third persons. It may also be harassment if used to intimidate the borrower.

A creditor may file a criminal complaint if facts genuinely support estafa, but it should not use baseless criminal accusations as a collection tactic.

XXIV. Threats of Arrest or Imprisonment

A borrower cannot be arrested merely because a collector says so. Arrest normally requires lawful grounds, such as a warrant or valid warrantless arrest situation.

For ordinary unpaid online loans:

  • A collector cannot order arrest;
  • A lawyer cannot order arrest;
  • A barangay official cannot jail the borrower;
  • A police blotter does not equal arrest;
  • A demand letter does not equal a warrant;
  • A civil debt does not automatically produce imprisonment.

Threatening immediate arrest for ordinary non-payment may be misleading, coercive, and unlawful.

XXV. Use of Lawyers and Law Firms in Collection

A lender may hire a lawyer to send a demand letter or file a case. That is lawful if done properly.

However, the use of legal titles does not authorize harassment. Lawyers and law offices must follow professional and ethical standards.

Improper conduct may include:

  • Sending false threats;
  • Misrepresenting the existence of a case;
  • Using fake docket numbers;
  • Threatening arrest without basis;
  • Harassing third persons;
  • Participating in public shaming;
  • Demanding unconscionable amounts;
  • Disclosing confidential personal data.

A borrower may verify whether a demand letter is genuine and whether the sender is actually a lawyer or authorized representative.

XXVI. Barangay Blotter and Police Blotter

A blotter is merely a record of a report. It is not proof of guilt. It is not a court judgment. It does not automatically create criminal liability.

Collectors may not properly use the word “blotter” to scare borrowers into believing they are already convicted or about to be jailed.

If a borrower is invited to the barangay or police station, they may attend calmly, bring documents, and state that the matter is a civil loan dispute unless there are allegations of a specific crime.

XXVII. Cyber Libel vs. Private Message

Cyber libel generally requires publication, meaning communication to a third person. A defamatory message sent only to the borrower may not always be libel because there may be no third-party publication, although it may still be harassment, unjust vexation, threat, or coercion depending on the content.

A message sent to the borrower’s employer, relatives, friends, contacts, group chat, or social media audience is more likely to satisfy publication.

Even private messages can become evidence of threats, coercion, unjust vexation, or privacy violations.

XXVIII. When the Borrower Gave Consent

Online lenders often argue that the borrower consented to app permissions and data use.

Consent is not a complete defense if:

  • Consent was not informed;
  • Consent was not specific;
  • Consent was not freely given;
  • The purpose was not legitimate;
  • The processing was excessive;
  • The borrower was not told data would be used for shaming;
  • The processing violated law or public policy;
  • The lender disclosed information to unauthorized persons;
  • The consent language was vague or abusive;
  • The data subject withdrew consent where applicable.

A borrower cannot be deemed to have validly consented to unlawful harassment or public humiliation.

XXIX. Legitimate Collection Practices

A lender may generally do the following if done lawfully:

  • Send payment reminders;
  • Call during reasonable hours;
  • Send a proper demand letter;
  • Provide a statement of account;
  • Negotiate restructuring;
  • Charge lawful interest and penalties;
  • File a civil collection case;
  • Refer the account to a legitimate collection agency;
  • Report credit information through lawful channels;
  • Contact a guarantor, surety, or co-maker;
  • Exercise contractual remedies allowed by law.

The key is that collection must be truthful, fair, non-abusive, and compliant with privacy and consumer protection rules.

XXX. Unlawful or Abusive Collection Practices

Examples of unlawful or abusive collection practices include:

  • Threatening violence;
  • Threatening arrest without legal basis;
  • Threatening public humiliation;
  • Sending defamatory messages to contacts;
  • Posting borrower information online;
  • Disclosing debt to employers;
  • Contacting all phone contacts;
  • Using profanity or insults;
  • Calling repeatedly to harass;
  • Calling at unreasonable hours;
  • Pretending to be police, NBI, court, or prosecutor;
  • Sending fake subpoenas or warrants;
  • Using fake legal case numbers;
  • Demanding payment from non-liable relatives;
  • Accessing contacts without valid consent;
  • Using personal data beyond legitimate purposes;
  • Misrepresenting the amount due;
  • Adding hidden charges;
  • Refusing to acknowledge payment;
  • Continuing harassment after settlement.

XXXI. Practical Steps for Victims

A victim of online lending harassment may consider the following steps:

  1. Do not panic. Ordinary debt does not automatically mean jail.
  2. Save all evidence. Screenshots, call logs, messages, and recordings may be important.
  3. Ask for a statement of account. Demand a breakdown of principal, interest, penalties, and fees.
  4. Communicate in writing. Written records are easier to prove.
  5. Do not delete the app immediately if evidence is inside it. Capture relevant data first.
  6. Revoke unnecessary app permissions.
  7. Inform contacts not to engage with collectors.
  8. Send a written demand to stop unlawful processing and harassment.
  9. File complaints with the SEC, NPC, PNP-ACG, NBI Cybercrime Division, or prosecutor, depending on the facts.
  10. Consult a lawyer for serious threats, public shaming, or lawsuits.

XXXII. Sample Cease-and-Desist Language

A borrower may send a concise written notice such as:

I acknowledge your right to pursue lawful collection of any valid obligation. However, I demand that you immediately stop all harassment, threats, defamatory statements, unauthorized disclosure of my personal information, and communication with persons who are not parties to the loan. Please send me a complete statement of account and communicate with me only through lawful and proper channels. I reserve all rights to file complaints with the SEC, National Privacy Commission, law enforcement authorities, and the courts.

This kind of message does not erase the debt, but it creates a written record that the borrower objected to unlawful practices.

XXXIII. Remedies Against Defamatory Posts

If the lender or collector posts defamatory content online, the victim should:

  • Screenshot the post;
  • Capture the URL;
  • Record the date and time;
  • Identify the account or page;
  • Ask witnesses to preserve evidence;
  • Report the post to the platform;
  • Send a takedown demand;
  • File a complaint for cyber libel if warranted;
  • File a data privacy complaint if personal information was disclosed;
  • Consider civil damages.

The victim should avoid retaliatory defamatory posts, because that may create separate liability.

XXXIV. Special Concern: Harassment of Family Members

Family members who did not sign the loan are generally not liable for the debt. Collectors may not lawfully harass them into paying.

If collectors threaten parents, spouses, siblings, children, or relatives, those relatives may also have their own claims for harassment, privacy violation, unjust vexation, threats, or damages.

Contacting minor children is especially serious and may support stronger complaints.

XXXV. Mental Health and Severe Harassment

Online lending harassment can cause anxiety, depression, reputational harm, family conflict, employment problems, and severe emotional distress.

Where harassment includes threats of violence, suicide-triggering pressure, doxxing, or persistent intimidation, the victim should seek immediate help from trusted persons, law enforcement, and legal counsel.

The law does not allow debt collection by psychological torture or social destruction.

XXXVI. Common Defenses of Lenders

Lenders may raise several defenses, including:

  • The borrower voluntarily gave consent;
  • The borrower listed the contacts as references;
  • The statements were true;
  • The messages were sent by a third-party collector without authority;
  • The borrower is in default;
  • The company has a privacy policy;
  • The borrower agreed to collection terms;
  • The account was endorsed for legal collection.

These defenses are not automatically sufficient. Regulators and courts will still examine whether the conduct was lawful, necessary, proportionate, truthful, authorized, non-defamatory, and non-abusive.

XXXVII. Possible Liability of Individual Collectors

Individual collectors may be personally liable if they personally sent threats, defamatory messages, fake notices, or abusive communications.

They cannot always hide behind the company. A person who commits a criminal act or tort may be personally responsible.

The company may also be liable if the collector acted within the scope of employment, agency, or authority.

XXXVIII. Possible Liability of Company Officers

Company officers may be liable where they:

  • Authorized abusive collection scripts;
  • Approved unlawful access to contacts;
  • Directed public shaming campaigns;
  • Failed to supervise collectors;
  • Ignored repeated complaints;
  • Benefited from illegal practices;
  • Operated without required authority;
  • Implemented deceptive app permissions;
  • Continued abusive collection despite regulatory warnings.

Corporate structure does not automatically shield persons from liability for their own wrongful acts.

XXXIX. Data Retention and Deletion

Online lenders should not keep personal data longer than necessary. Borrowers may request deletion or blocking of personal data when:

  • The loan has been fully paid;
  • The data was unlawfully collected;
  • The data is no longer necessary;
  • Consent has been withdrawn, where applicable;
  • The data is being used for harassment;
  • Retention violates the stated privacy policy.

However, lenders may retain certain records where required by law, accounting rules, anti-fraud measures, litigation, or legitimate business purposes. The key is that retention must remain lawful and proportionate.

XL. Credit Reporting

A lender may report credit information only through lawful means and authorized channels. Credit reporting must comply with applicable laws, including privacy and credit information rules.

A lawful credit report is different from public shaming. A lender may not replace proper credit reporting with Facebook posts, messages to relatives, or employer harassment.

XLI. Illegal Online Lending Operations

Some online lending apps operate without proper registration or authority. Borrowers should check whether the company is legitimate.

Red flags include:

  • No clear company name;
  • No SEC registration information;
  • No physical office;
  • Only mobile numbers or social media accounts;
  • No written loan agreement;
  • Extremely short repayment periods;
  • Excessive interest;
  • Forced contact access;
  • Immediate threats after due date;
  • Use of multiple app names;
  • No official receipts;
  • Refusal to provide statement of account;
  • Harassment of contacts.

Illegal operations may be reported to regulators and law enforcement.

XLII. Interaction Between RA 10175 and Other Laws

RA 10175 does not replace other laws. It often works together with them.

For example:

  • A defamatory Facebook post may be cyber libel under RA 10175 and also a civil wrong.
  • Unauthorized contact harvesting may violate the Data Privacy Act and may support cybercrime-related allegations depending on access and use.
  • Threatening messages may be punishable under the Revised Penal Code, with cybercrime implications if committed through ICT.
  • Public shaming may violate SEC rules, privacy law, and defamation law.
  • Fake legal notices may involve falsification, misrepresentation, and unfair collection practices.

A single course of conduct may produce multiple legal consequences.

XLIII. Prescription and Timing

Victims should act promptly. Legal remedies may be subject to prescriptive periods, procedural requirements, and evidence preservation concerns.

Digital evidence can disappear quickly if posts are deleted, accounts are deactivated, or numbers are changed. Early evidence preservation is critical.

For cyber libel and other criminal complaints, legal advice is important because prescription rules and procedural requirements may be complex.

XLIV. Settlement and Payment Arrangements

Some borrowers prefer to settle the lawful amount to stop collection pressure. Settlement should be documented.

A proper settlement should include:

  • Name of creditor;
  • Account number or loan reference;
  • Agreed amount;
  • Payment deadline;
  • Waiver or reduction of penalties, if any;
  • Confirmation that payment fully settles the account;
  • Official payment channel;
  • Receipt;
  • Written confirmation after payment;
  • Agreement to stop collection and update records.

Borrowers should avoid paying through suspicious personal accounts unless verified.

XLV. Filing a Strong Complaint

A strong complaint should include:

  • Full name and contact details of complainant;
  • Name of lending app and company;
  • SEC registration details, if known;
  • Loan details;
  • Timeline of events;
  • Description of harassment;
  • Names, numbers, or accounts used by collectors;
  • Screenshots and call logs;
  • Names of third persons contacted;
  • Copies of defamatory messages;
  • Proof of app permissions or privacy policy;
  • Proof of payments;
  • Statement of account, if available;
  • Specific laws or rights violated;
  • Relief requested.

The complaint should be factual, organized, and supported by evidence.

XLVI. Preventive Measures for Borrowers

Before using an online lending app, borrowers should:

  • Check if the company is registered;
  • Read the loan agreement;
  • Review interest and fees;
  • Check app permissions;
  • Avoid apps requiring unnecessary access to contacts or photos;
  • Avoid lenders with harassment complaints;
  • Keep copies of all documents;
  • Borrow only what can realistically be paid;
  • Use official payment channels;
  • Avoid rolling over multiple loans;
  • Avoid giving false information;
  • Understand the total cost of credit.

XLVII. Compliance Measures for Online Lenders

Responsible online lenders should:

  • Register properly with the SEC;
  • Use fair and transparent loan terms;
  • Disclose interest, fees, and penalties;
  • Limit data collection to necessary information;
  • Avoid contact harvesting;
  • Train collectors on lawful practices;
  • Prohibit threats, insults, and shaming;
  • Monitor third-party collectors;
  • Maintain complaint channels;
  • Honor data subject rights;
  • Stop contacting unauthorized third persons;
  • Use lawful demand letters;
  • Keep accurate payment records;
  • Comply with privacy and cybersecurity obligations;
  • Adopt internal disciplinary measures for abusive collectors.

XLVIII. Conclusion

Online lending harassment in the Philippines is not merely a customer service issue. It can involve cybercrime, data privacy violations, unfair debt collection, consumer protection violations, criminal offenses, civil damages, and regulatory sanctions.

A creditor has the right to collect a lawful debt, but that right must be exercised within the limits of law. A borrower’s default does not authorize threats, public shaming, cyber libel, unauthorized disclosure of personal data, fake legal notices, contact blasting, or abusive collection.

Under RA 10175, online harassment may become cyber libel, cyber-related threats, identity misuse, or another ICT-enabled offense. Under the Data Privacy Act, misuse of contacts, disclosure of debt information, and unlawful processing of borrower data may create separate liability. Under SEC rules and lending laws, online lending companies may be sanctioned for unfair collection practices. Under the Revised Penal Code and Civil Code, individual collectors and companies may face criminal and civil consequences.

The lawful path is clear: creditors may demand payment, negotiate, and file proper cases; borrowers must pay valid obligations or contest unlawful charges through proper channels; and both sides must respect privacy, dignity, due process, and the rule of law.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login