Reporting Debt Collection Harassment and Privacy Violations by Lending Apps

The digital lending landscape in the Philippines has expanded rapidly, providing accessible credit to underserved populations. However, this growth has been shadowed by a surge in predatory practices, specifically debt collection harassment and gross privacy violations. These practices often involve the unauthorized access of a borrower’s contact list and the subsequent shaming of the borrower to their social and professional circles.

Navigating the legal remedies against these "online lending apps" (OLAs) requires an understanding of three primary regulatory pillars: the Data Privacy Act of 2012, the Revised Penal Code, and specific circulars issued by the Securities and Exchange Commission (SEC) and the Bangko Sentral ng Pilipinas (BSP).

1. The Legal Framework of Privacy Violations

The most common violation committed by rogue lending apps is the "contact list harvesting" technique. Upon installation, many OLAs require broad permissions to access contacts, photos, and location data.

  • RA 10173 (Data Privacy Act of 2012): This is the primary weapon against unauthorized data processing. Under the law, personal information must be collected for specified and legitimate purposes and processed fairly and lawfully.
  • Unauthorized Processing (Section 25): Accessing a borrower’s contact list to harass third parties (who never consented to their data being shared) constitutes unauthorized processing.
  • Processing for Unauthorized Purposes (Section 28): Using data obtained for a loan application to publicly shame a borrower is a criminal offense punishable by imprisonment and heavy fines.

The National Privacy Commission (NPC) has frequently issued "Cease and Desist" orders against apps found to be "doxing" borrowers or using contact lists to send threatening messages to friends and family.

2. Prohibited Debt Collection Practices

The SEC, through SEC Memorandum Circular No. 18 (Series of 2019), explicitly defines what constitutes "Unfair Debt Collection Practices." Financing and lending companies are prohibited from:

  • Threats of Violence: Any use or threat of force to harm the person, reputation, or property of the borrower.
  • Profanity and Insults: Using obscene or profane language to shame the borrower.
  • Disclosure of Information: Posting the names of borrowers on social media or contacting the borrower’s employer/contacts, unless the borrower specifically gave those persons as references.
  • Deceptive Representations: Falsely claiming to be a lawyer, a court representative, or a police officer to intimidate the borrower.
  • Harassing Contact Hours: Contacting borrowers between 10:00 PM and 6:00 AM, unless the debt is more than 30 days past due and the borrower gave prior consent.

3. Criminal Liabilities: Libel and Cyberlibel

When a lending app or its collection agent posts a borrower’s photo on Facebook with a caption labeling them a "thief" or "scammer," they transition from civil violations to criminal acts.

  • Cyberlibel (RA 10175): Under the Cybercrime Prevention Act of 2012, libelous statements made through a computer system carry higher penalties than traditional libel.
  • Grave Threats and Coercion: If a collector threatens to kill the borrower or force them to perform an act against their will (such as selling organs or illicit acts) to pay a debt, they can be charged under the Revised Penal Code.

4. Administrative Redress and Reporting Mechanisms

Victims of OLA harassment have several avenues for legal recourse. It is crucial to document all interactions (screenshots of texts, call logs, and social media posts) before the app or the agent deletes them.

A. Securities and Exchange Commission (SEC)

The SEC regulates the licenses of lending companies. If an app is operating without a Certificate of Authority (CA), it is an illegal entity. Even if licensed, violations of MC No. 18 can lead to the suspension or revocation of their license.

  • Action: File a formal complaint with the SEC Corporate Governance and Finance Department (CGFD).

B. National Privacy Commission (NPC)

If the harassment involves the misuse of personal data or contact lists, the NPC is the proper venue.

  • Action: File a "Sumbong" or a formal complaint for violation of the Data Privacy Act. The NPC has the power to order the shutdown of apps and recommend criminal prosecution.

C. National Bureau of Investigation (NBI) & PNP-ACG

For cases involving cyberlibel, grave threats, or hacking, the NBI Cybercrime Division or the Philippine National Police Anti-Cybercrime Group (PNP-ACG) should be tapped for forensic investigation and the filing of criminal charges.

5. Summary of Borrower Rights

Right Description
Right to Privacy Data can only be used for loan processing, not for social shaming.
Right to Fair Treatment Collectors cannot use "strong-arm" tactics or harassment.
Right to Information Borrowers must be informed of the full cost of credit (interest, fees) under the Truth in Lending Act.
Right to Erasure Borrowers can request the deletion of their data once the legal obligation is fulfilled or if the data is being misused.

Conclusion

Debt collection harassment and privacy violations are not merely "unethical" business practices; they are statutory violations and, in many cases, criminal acts. Borrowers are encouraged to assert their rights under the Data Privacy Act and SEC regulations. Regulatory bodies in the Philippines have become increasingly aggressive in delisting non-compliant apps, but the primary defense remains the formal reporting and documentation of these abuses.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login