The rise of Financial Technology (FinTech) in the Philippines has brought convenience through Online Lending Applications (OLAs). However, this convenience often comes with a dark side: predatory collection practices. One of the most prevalent abuses involves accessing a borrower’s contact list to harass friends, family, and colleagues—a blatant violation of Philippine law.
The Legal Framework: Republic Act No. 10173
The primary shield against these practices is the Data Privacy Act of 2012 (DPA). Under this law, the processing of personal information is governed by three main principles: Transparency, Legitimate Purpose, and Proportionality.
- Transparency: You must be informed exactly how your data will be used.
- Legitimate Purpose: The data collected must be necessary for the transaction.
- Proportionality: Accessing your entire contact list to collect a debt is considered "excessive" and not proportional to the purpose of credit evaluation.
Common Violations by OLAs
Harassment often takes many forms, most of which fall under "unauthorized processing" or "malicious disclosure":
- Contact Tracing/Gifting: Accessing the phone's contact list and messaging individuals who have no part in the loan agreement.
- Debt Shaming: Posting a borrower’s photo or debt details on social media or sending them to their contacts to induce shame.
- Threats and Profanity: Using intimidatory language or falsely claiming to be law enforcement or court officials.
- Unauthorized Access: Requiring "permissions" to photos, contacts, and location as a condition for the loan, even when unnecessary.
SEC and NPC Regulations
Beyond the DPA, the Securities and Exchange Commission (SEC) and the National Privacy Commission (NPC) have issued specific circulars to curb these abuses:
- SEC Memorandum Circular No. 18 (Series of 2019): Prohibits unfair debt collection practices, specifically "contacting the persons in the borrower's contact list other than those who were named as guarantors or co-makers."
- NPC Circular No. 20-01: Strictly prohibits OLAs from accessing a borrower's contact list, gallery, or social media accounts for debt collection or "social shaming."
How to File a Complaint
If you are a victim of OLA harassment, you have the right to seek redress. Here is the general process:
| Step | Agency | Action |
|---|---|---|
| 1. Document | Personal Record | Screenshot all threatening messages, call logs, and posts. Keep the loan agreement. |
| 2. Cease & Desist | To the OLA | Formally notify the OLA (via email) to stop contacting your references. |
| 3. NPC Filing | National Privacy Commission | File a formal complaint for violation of the Data Privacy Act via the NPC website. |
| 4. SEC Filing | Securities & Exchange Commission | Report the OLA to the Corporate Governance and Finance Department (CGFD) for unfair collection practices. |
Note: Many of these apps operate illegally without SEC registration. You can check the SEC website for the "List of Recorded Online Lending Platforms" to see if they are authorized.
Criminal Liabilities for Violators
Under the DPA, officers of these lending companies can face imprisonment (1 to 6 years) and fines (Php 500,000 to Php 5,000,000) for:
- Unauthorized Processing of Personal Information.
- Processing for Unauthorized Purposes.
- Malicious Disclosure.
Furthermore, these acts may also constitute Cyber-Libel under the Cybercrime Prevention Act of 2012 if the OLA publishes false or damaging information about you online.
Practical Tips for Borrowers
- Check Permissions: Before installing an app, review what data it asks for. If it asks for "Contacts" or "Gallery," deny it or find another provider.
- Verify Registration: Only borrow from apps listed on the SEC’s official roster of licensed lending companies.
- Report Early: Do not wait for the harassment to escalate. Once a contact is reached without consent, a violation has already occurred.
Would you like me to draft a formal Demand Letter or a "Cease and Desist" message that you can send to an online lending app?