E-commerce Law of the Philippines

On 14 June 2000, President Joseph E. Estrada signed into law R.A. 8792 "An Act Providing For
The Recognition And Use of Electronic Commercial And Non-Commercial Transactions, Penalties
For Unlawful Use Thereof, And Other Purposes, also known as the "Electronic Commerce Act.” It
is a landmark legislation in the history of the Philippines. Not only has this bill made the country a
legitimate player in the global marketplace. The Philippine Internet community has played a major
role in pushing for its passage. The law took effect last June 19, 2000.

With the Philippines relaxed stock market listing rules plus a proposed vibrant investment priorities
program in place, Filipinos here and abroad, and its foreign partners, have something to look
forward for. Below is the framework for the promotion of e-commerce presented by Department of
Trade and Industry (DTI)

The framework for the promotion of E-commerce*

Philippine E-commerce Roadmap as

described by DITC/DTI*
Leadership
Internet access
E-government
Education
Logistics
Consumer protection
Law enforcement
Tax system
Electronic payment
 E-banking
Data privacy
Information security
Policies
Seal of trust
Education

The salient features of Republic Act 8792:

1. It gives legal recognition of electronic data messages, electronic documents, and electronic
signatures. (section 6 to 13)

2. Allows the formation of contracts in electronic form. (section 16)

3. Makes banking transactions done through ATM switching networks absolute once
consummated. (section 16)

4. Parties are given the right to choose the type and level of security methods that suit their needs.
(section 24)

5. Provides the mandate for the electronic implementation of transport documents to facilitate
carriage of goods. This includes documents such as, but not limited to, multi-modal, airport, road,
rail, inland waterway, courier, post receipts, transport documents issued by freight forwarders,
marine/ocean bill of lading, non-negotiable seaway bill, charter party bill of lading. (section 25 and
26)

6. Mandates the government to have the capability to do e-commerce within 2 years or before
June 19, 2002. (section 27)

7. Mandates RPWeb to be implemented. RPWeb is a strategy that intends to connect all

government offices to the Internet and provide universal access to the general public. The
Department of Transportation and Communications, National Telecommunications Commission,
and National Computer Center will come up with policies and rules that shall lead to substantial
reduction of costs of telecommunication and Internet facilities to ensure the implementation of
RPWeb. (section 28)

8. Made cable, broadcast, and wireless physical infrastructure within the activity of
telecommunications. (section 28)

9. Empowers the Department of Trade and Industry to supervise the development of e-commerce
in the country. It can also come up with policies and regulations, when needed, to facilitate the
growth of e-commerce. (section 29)

10. Provided guidelines as to when a service provider can be liable. (section 30)

11. Authorities and parties with the legal right can only gain access to electronic documents,
electronic data messages, and electronic signatures. For confidentiality purposes, it shall not share
or convey to any other person. (section 31 and 32)

12. Hacking or cracking, refers to unauthorized access including the introduction of computer
viruses, is punishable by a fine from 100 thousand to maximum commensurating to the damage.
With imprisonment from 6 months to 3 years. (section 33)
13. Piracy through the use of telecommunication networks, such as the Internet, that infringes
intellectual property rights is punishable. The penalties are the same as hacking. (section 33)

14. All existing laws such as the Consumer Act of the Philippines also applies to e-commerce
transactions. (section 33)

Anyone who uses the Internet, computer, cellular phone, and other IT-enabled devices has the
duty to know RA8792. As the old saying goes, “Ignorance of the law does not excuse anyone.”

Hacking, cracking, piracy is a crime under RA8792. Below is a Cybercrime Penalties infographics
created by Digital Pilipino, owned by Ms Janet Toral, the mother of e-commerce in the Philippines.
RA 10175: CYBERCRIME PREVENTION ACT

Republic Act 10175 – Cybercrime Prevention Act was signed into law last September 12, 2012.

This law is already in effect as the Supreme Court uphold its constitutionality (February 18,
2014). Although some provisions were deemed as unconstitutional (struck down) particularly
Sections 4(c)(3), 7, 12, and 19.

It is a law considered to be 11 years in the making as various groups, organizations, and

personalities lobbied for its passage. It took awhile for the law to be passed as legislators and
various stakeholders need to understand the magnitude of cybercrime and whether the penalty
provisions indicated in the E-Commerce Law.

Types of Cybercrime Penalty

Prision mayor (imprisonment of six

years and 1 day up to 12 years) or  a
fine of at least Two hundred thousand
pesos (P200,000) up to a maximum
amount commensurate to the damage
1. Illegal access incurred or BOTH.————————If
committed against critical
Unauthorized access (without right) to a computer infrastructure:Reclusion temporal
system or application. (imprisonment for twelve years and one
day up to twenty years) or a fine of at
least Five hundred thousand pesos
(P500,000) up to a maximum amount
commensurate to the damage incurred
or BOTH

2. Illegal interception
Unauthorized interception of any non-public – same as above
transmission of computer data to, from, or within a
computer system.

3. Data Interference
Unauthorized alteration, damaging, deletion or
deterioration of computer data, electronic document,
or electronic data message, and including the – same as above
introduction or transmission of viruses.Authorized
action can also be covered by this provision if the
action of the person went beyond agreed scope
resulting to damages stated in this provision.

4. System Interference – same as above

Unauthorized hindering or interference with the
functioning of a computer or computer network by
inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data
or program, electronic document, or electronic data
messages, and including the introduction or
transmission of viruses.Authorized action can also
be covered by this provision if the action of the
person went beyond agreed scope resulting to
damages stated in this provision.

5. Misuse of devices
The unauthorized use, possession, production, sale,
procurement, importation, distribution, or otherwise
making available, of devices, computer program
designed or adapted for the purpose of committing – same as above except fine should be
any of the offenses stated in Republic Act no more than Five hundred thousand
10175.Unauthorized use of computer password, pesos (P500,000).
access code, or similar data by which the whole or
any part of a computer system is capable of being
accessed with intent that it be used for the purpose
of committing any of the offenses under Republic
Act 10175.

6. Cyber-squatting
Acquisition of domain name over the Internet in bad
faith to profit, mislead, destroy reputation, and
deprive others from the registering the same. This
includes those existing trademark at the time of
registration; names of persons other than the
registrant; and acquired with intellectual property – same as above
interests in it.Those who get domain names of
prominent brands and individuals which in turn is
used to damage their reputation – can be sued
under this provision.Note that freedom of expression
and infringement on trademarks or names of person
are usually treated separately. A party can exercise
freedom of expression without necessarily violating
the trademarks of a brand or names of persons.

7. Computer-related Forgery
Unauthorized input, alteration, or deletion of
computer data resulting to inauthentic data with the
intent that it be considered or acted upon for legal
purposes as if it were authentic, regardless whether
or not the data is directly readable and intelligible;
orThe act of knowingly using computer data which is
the product of computer-related forgery as defined
here, for the purpose of perpetuating a fraudulent or
dishonest design.
Prision mayor (imprisonment of six
years and 1 day up to 12 years) or a
fine of at least Two hundred thousand
pesos (P200,000) up to a maximum
amount commensurate to the damage
incurred or BOTH.
8. Computer-related Fraud – same as aboveProvided, That if no
Unauthorized input, alteration, or deletion of damage has yet been caused, the
computer data or program or interference in the penalty imposed shall be one (1)
functioning of a computer system, causing damage degree lower.
thereby with fraudulent intent.

9. Computer-related Identity Theft

Unauthorized acquisition, use, misuse, transfer, – same as above
possession, alteration or deletion of identifying
information belonging to another, whether natural or
juridical.

10. Cybersex
Willful engagement, maintenance, control, or
operation, directly or indirectly, of any lascivious Prision mayor (imprisonment of six
exhibition of sexual organs or sexual activity, with years and 1 day up to 12 years) or a
the aid of a computer system, for favor or fine of at least Two hundred thousand
consideration.There is a discussion on this matter if pesos (P200,000) but not exceeding
it involves “couples” or “people in relationship” who One million pesos (P1,000,000) or
engage in cybersex. For as long it is not done for BOTH.
favor or consideration, I don’t think it will be
covered. However, if one party (in a couple or
relationship) sues claiming to be forced to do
cybersex, then it can be covered.

11. Child Pornography Penalty to be imposed shall be one (1)

Unlawful or prohibited acts defined and punishable degree higher than that provided for in
by Republic Act No. 9775 or the Anti-Child Republic Act 9775, if committed through
Pornography Act of 2009, committed through a a computer system.
computer system.

****** Unsolicited Commercial

Communications (SPAMMING)
THIS PROVISION WAS STRUCK DOWN BY THE
SUPREME COURT AS UNCONSTITUTIONAL.

12. Aiding or Abetting in the commission of Imprisonment of one (1) degree lower
cybercrime than that of the prescribed penalty for
the offense or a fine of at least One
– Any person who willfully abets or aids in the hundred thousand pesos (P100,000)
commission of any of the offenses enumerated in but not exceeding Five hundred
this Act shall be held liable. thousand pesos (P500,000) or both.

– same as above
13.  Attempt in the commission of cybercrime
Any person who willfully attempts to commit any of
the offenses enumerated in this  Act shall be held
liable.

14. Libel
Unlawful or prohibited acts of libel as defined in
Article 355 of the Revised Penal Code, as amended
committed through a computer system or any other
similar means which may be devised in the
future.Revised Penal Code Art. 355 states Libel
means by writings or similar means. — A libel
committed by means of writing, printing, lithography,
engraving, radio, phonograph, painting, theatrical Penalty to be imposed shall be one (1)
exhibition, cinematographic exhibition, or any similar degree higher than that provided for by
means, shall be punished by prision correccional in the Revised Penal Code, as amended,
its minimum and medium periods or a fine ranging and special laws, as the case may be.
from 200 to 6,000 pesos, or both, in addition to the
civil action which may be brought by the offended
party.The Cybercrime Prevention Act strengthened
libel in terms of penalty provisions.The electronic
counterpart of libel has been recognized since the
year 2000 when the E-Commerce Law was passed.
The E-Commerce Law empowered all existing laws
to recognize its electronic counterpart whether
commercial or not in nature.

15. All crimes defined and penalized by the

Penalty to be imposed shall be one (1)
Revised Penal Code, as amended, and special
degree higher than that provided for by
laws, if committed by, through and with the use of
the Revised Penal Code, as amended,
information and communications technologies shall
and special laws, as the case may be.
be covered by the relevant provisions of this Act.

Although not exactly a cybercrime, I am including

this here as penalties are also imposed by the law.
16. Corporate Liability. (Section 9)
When any of the punishable acts herein defined are
knowingly committed on behalf of or for the benefit
of a juridical person, by a natural person acting
either individually or as part of an organ of the
juridical person, who has a leading position within,
based on:(a) a power of representation of the
juridical person provided the act committed falls
within the scope of such authority;(b) an authority to
take decisions on behalf of the juridical
person. Provided, That the act committed falls within
the scope of such authority; or(c) an authority to
exercise control within the juridical person,It also
includes commission of any of the punishable acts
made possible due to the lack of supervision or
control.
For sanctioned actions, Juridical person
shall be held liable for a fine equivalent
to at least double the fines imposable in
Section 7 up to a maximum of Ten
million pesos (P10,000,000).For neglect
such as misuse of computer resources
that resulted to cybercrime committed in
organization physical or virtual
premises or resources, juridical person
shall be held liable for a fine equivalent
to at least double the fines imposable in
Section 7 up to a maximum of Five
million pesos (P5,000,000).Criminal
liability may still apply to the natural
person.
Watch : https://www.facebook.com/watch/digitalfilipinoclub
Review: https://www.mondaq.com/corporatecommercial-law/9200/electronic-commerce-act-
republic-act-no-8792