Rights to Prohibit Contact from Online Lending Companies as Loan Reference in the Philippines

Rights to Prohibit Contact from Online Lending Companies as “Loan References” in the Philippines

This is general information for the Philippine setting and not a substitute for legal advice. If harassment, threats, or sensitive personal-data issues are involved, consider speaking with a Philippine lawyer or contacting the proper regulators immediately.

Key takeaways

  • You (the borrower) can withdraw or limit consent for an online lender to contact the “references” you listed. You may invoke your right to object and right to erasure/blocking under the Data Privacy Act of 2012 (DPA).
  • Your references (the third parties)—friends, relatives, co-workers—are independent “data subjects.” They can demand that the lender stop contacting them and delete their data, unless a narrow legal basis justifies continued processing.
  • Debt shaming and unauthorized disclosure of a borrower’s debt to contacts, group chats, or social media may violate privacy law, financial consumer-protection rules, and could even give rise to civil or criminal liability (e.g., threats, coercion, libel/cyber-libel).
  • A “reference” is not a guarantor. Unless someone signed as a co-borrower or surety/guarantor, they have no obligation to pay and may direct lenders to stop contacting them.
  • You may escalate to the National Privacy Commission (NPC) for privacy violations, the Securities and Exchange Commission (SEC) for lending/financing companies and online lending platforms, and the Bangko Sentral ng Pilipinas (BSP) if a bank or BSP-supervised financial institution is involved.

Legal foundations that protect you

1) Data Privacy Act of 2012 (Republic Act No. 10173) and its IRR

  • Lawful basis & consent. A lender must have a lawful basis to process and use personal data (e.g., your phone number and your contacts’ numbers). For most “reference” calls/texts, the basis is consent.

  • Rights of data subjects (borrowers and references):

    • Right to be informed how data will be used and to whom it may be disclosed.
    • Right to object to processing (e.g., “Do not contact my references”).
    • Right to access and rectify inaccurate data.
    • Right to erasure or blocking of data when processing is unlawful, excessive, or no longer necessary.
    • Right to damages for violations.

  • Principles: Proportionality, transparency, and legitimate purpose. Scraping entire contact lists, mass-messaging friends, or disclosing a borrower’s debt to third parties usually fails these tests.

2) Financial Consumer Protection (FCP) regime

  • The Financial Consumer Protection Act (RA 11765) and sector rules prohibit abusive, misleading, or unfair collection practices. Lenders, financing companies, and lending companies must treat consumers fairly and confidentially, and have channels for complaints and redress.

3) Sector regulators and rules

  • SEC regulates lending and financing companies and has expressly acted against “debt shaming,” harassment, and scraping of contact lists by online lending apps.
  • BSP supervises banks, e-money issuers, and other BSP-regulated financial institutions; its consumer-protection rules similarly prohibit harassing or humiliating collection tactics and require proper handling of customer data.

4) Other potentially applicable laws

  • Revised Penal Code (e.g., grave threats, grave coercion, libel) and the Cybercrime Prevention Act (for cyber-libel and other cyber offenses) may apply when lenders or agents threaten, coerce, or publicly shame borrowers.
  • Anti-Wiretapping Act (RA 4200): generally prohibits secretly recording private conversations without consent. Preserve texts, chat messages, emails, voicemails, call logs, screenshots—but do not secretly record live calls unless you have lawful grounds.

“Reference” vs. “Guarantor”: why it matters

Role What it means Can they be contacted? Can they demand “No further contact”? Any duty to pay?
Reference / character reference A person named for identity or employment verification Possibly, only for that limited purpose and with their own consent Yes. They are data subjects with full DPA rights No
Emergency contact For emergencies (e.g., health/safety) Not for debt collection Yes No
Guarantor/Surety Signed to be secondarily (or solidarily) liable Yes, for matters tied to the obligation Limited (they consented to be contacted) Yes (per the contract)
Co-borrower Jointly liable for the loan Yes Limited Yes

If a person never consented to be a reference (or their details were scraped from your phone by an app), lender contact is typically unauthorized.

When can a lender contact your references?

Permissible (narrow):

  • Before loan release to verify identity/employment if you provided the reference’s details and the reference freely consented to be contacted for that specific purpose.

Not permissible (common violations):

  • Debt shaming: group messages, social media posts, calls to colleagues/neighbors disclosing your debt.
  • Mass-harassment: blasting your entire contact list; repeated, menacing calls or profane language.
  • Using collected data for a different purpose (verification → later debt shaming).
  • Scraping phone contacts via app permissions beyond what is necessary (violates proportionality/minimization).

Even where a lender asserts “legitimate interests” (e.g., fraud prevention), that interest must be necessary and proportionate, and cannot override the privacy rights of you or your references—especially for public shaming or coercive tactics.

Your rights (and your references’ rights) to prohibit contact

Borrower can:

  1. Withdraw/limit consent to contact references and object to further disclosure of debt to third parties.
  2. Demand erasure/blocking of references’ data (and other excess data) that is not necessary to fulfill legitimate, lawful purposes.
  3. Insist on confidentiality: your debt is personal data; disclosing it to others without a clear lawful basis is typically unlawful.
  4. Ask for an audit trail: what data was collected, from where, for what purpose, to whom it was disclosed, and when.
  5. Complain to the NPC (privacy violations) and to SEC/BSP (unfair collection).

Reference (third party) can:

  1. Object to processing and demand deletion of their number/name from the lender’s systems.
  2. Require the lender to stop contacting them, especially for debt collection or any purpose beyond the exact consent they gave (if any).
  3. Seek damages for unlawful processing and/or lodge an NPC complaint.

What lenders and collectors may not do

  • Harass, threaten, or shame borrowers or references; use obscene language; threaten violence or unfounded legal action (e.g., “We’ll have you arrested tomorrow”).
  • Expose personal data (names, photos, employer, debt details) in texts, group chats, or social media.
  • Pretend to be law enforcement, court staff, or lawyers when they are not.
  • Access your contact list without necessity or proper consent, or reuse it for coercion.

Practical step-by-step: stopping contact and protecting yourself

A) If you are the borrower

  1. Lock down permissions: remove the app’s access to contacts, files, location; change app permissions; consider uninstalling.

  2. Write a “Cease Contact & Privacy Rights” notice to the lender’s Data Protection Officer (DPO) and customer support:

    • Withdraw consent for contacting references.
    • Invoke right to object and right to erasure/blocking of reference data.
    • Demand a confirmation and list of disclosures already made.

  3. Notify your references: tell them they can send their own “Do Not Contact / Delete My Data” notice.

  4. Document everything: screenshots, dates/times of calls, caller IDs, messages, URLs, and names of agents.

  5. Escalate:

    • NPC – for privacy violations (unauthorized processing, unlawful disclosure).
    • SEC – if it is a lending/financing company or online lending platform using unfair collection.
    • BSP – if the entity is bank/BSP-supervised.
    • Police / NBI Cybercrime – for threats, extortion, harassment, or (cyber) libel.

  6. Avoid secret recordings of live calls (possible violation of RA 4200). Keep texts, chats, emails, voicemails, and call logs instead.

  7. If the debt is valid and you want to settle: communicate in writing only, negotiate for waiver of charges added through unlawful collection, and get a final settlement letter.

B) If you are the reference (third party)

  1. Send a “Do Not Contact / Delete My Data” notice to the lender’s DPO.
  2. State clearly that you do not consent to any processing of your data for collection or publicity and that you are not a guarantor.
  3. If harassment continues, file a complaint with NPC and, where relevant, SEC/BSP; preserve your evidence.

Ready-to-use templates (adapt as needed)

1) Borrower → Lender (Cease contact re: references)

Subject: Withdrawal of Consent; Objection to Processing; Erasure/Blocking of Reference Data

To the Data Protection Officer:

I, [Full Name], borrower under Loan No. [____], hereby WITHDRAW any consent for your company, its agents, and affiliates to contact any person listed as my “reference,” and I OBJECT to any further processing or disclosure of my personal data for that purpose.

Under the Data Privacy Act of 2012 and its IRR, I demand:
(1) Immediate cessation of all contact with my references for collection or publicity;
(2) Erasure/blocking of all reference data not strictly necessary for lawful purposes;
(3) A complete record of processing: what reference data you hold, sources, purposes, and any disclosures made, with dates and recipients.

Please confirm compliance in writing within 10 days. This notice is without prejudice to my rights and remedies for any prior unauthorized processing or unfair collection.

Sincerely,
[Name]
[Mobile/Email]
[Date]

2) Reference → Lender (Do not contact / Delete my data)

Subject: Do Not Contact; Objection to Processing; Erasure of My Personal Data

To the Data Protection Officer:

I am [Full Name], whose number [____] your company has been contacting regarding [Borrower Name]. I am NOT a guarantor/surety. I do not consent to the processing of my personal data for debt collection or publicity.

Pursuant to the Data Privacy Act of 2012, I hereby:
(1) OBJECT to any processing of my data for collection or disclosure of [Borrower Name]’s account;
(2) DEMAND deletion/erasure of my number/name from your systems; and
(3) REQUEST written confirmation of compliance and disclosure of any parties to whom my data was shared.

Further contact may be treated as harassment and a privacy violation and will be reported to the authorities.

Sincerely,
[Name]
[Mobile/Email]
[Date]

3) Short complaint outline (NPC / SEC / BSP)

  • Who you are and who the lender is (name, app, website, numbers used).
  • What happened (timeline; attach screenshots).
  • Which rights were violated (privacy rights; unfair/abusive collection).
  • What you already asked for (attach your notices).
  • What you want (cease contact, deletion, sanctions, damages).

Evidence checklist

  • Screenshots of texts, chat messages, social-media posts, and caller logs.
  • Copies of demand letters and your notices (with timestamps/acknowledgments).
  • Names or agent codes of callers, phone numbers used (including VoIP).
  • Any app permissions the lender required (and when you revoked them).
  • If your contacts were scraped, proof of the app’s request for contact access.

Frequently asked questions

1) Can a lender keep calling my boss or co-workers after I say stop? Generally no. A borrower’s debt is confidential personal data. Contacting employers or co-workers for collection or publicity, after you object (or without a valid consent/legal basis), is usually unlawful and can be sanctionable.

2) My friend used my number as a reference without asking. What can I do? You can object, demand deletion, and require no further contact. You are not liable for the loan unless you signed as a guarantor/surety or co-borrower.

3) The app forced me to allow contact-list access. Is that valid consent? Consent must be freely given, specific, and informed. “Take-it-or-leave-it” access to entire contact lists—then using those contacts for debt shaming—is typically non-compliant with the DPA.

4) Can I record calls to prove harassment? Be careful. Secretly recording live calls can violate RA 4200. Prefer written channels; save voicemails and texts/chats; keep logs.

5) What if I still owe the money? The debt can be collected lawfully (e.g., demand letters, litigation, negotiated settlement) without harassing you or your contacts or disclosing your debt to third parties.

Practical tips for borrowers (and references)

  • Use written channels for all communications.
  • Never share co-workers’ or friends’ numbers unless you have their permission.
  • If you must list a reference, explain the limited purpose and get their explicit consent.
  • Keep a paper trail and set a personal deadline for escalation (e.g., 7–10 days after your notice).
  • For banks or e-money apps, use their official consumer-assistance or dispute channels; for lending apps, identify the SEC-registered entity behind the app when complaining.

Bottom line

You and your contacts can prohibit online lenders from using your references as a pressure tactic. Philippine law—through the Data Privacy Act, financial consumer-protection rules, and related statutes—protects against harassment, unauthorized disclosure, and disproportionate data use. Exercise your rights in writing, preserve evidence, and escalate to the NPC and the proper financial regulator if the behavior persists.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login