Professional Documents
Culture Documents
COMLAW5 - Module 3 Data Privacy and Electronic Commerce Act
COMLAW5 - Module 3 Data Privacy and Electronic Commerce Act
3
DISTANCE EDUCATION COURSE STUDY GUIDE v.3
Course instructor: Atty. Bebelan A. Madera, CPA, MBA, RCA, MICB
Contact details: FB messenger: Bebelan A. Madera | Email: b.madera@usls.edu.ph | Phone: +63 9179262342
Consultation schedule: MWF 5:30 to 6:30 p.m.
9 hours
Amid COVID19 pandemic, the study of data privacy and electronic commerce act
becomes relevant as more and more businesses are doing the transactions online and in a digital
platform. This module aims to explain the data privacy of all individuals as well as the rules in
electronic commerce.
It is the policy of the State to adopt generally accepted international principles and
standards for personal data protection and to safeguard the fundamental human right of every
individual to privacy while ensuring free flow of information for innovation, growth, and
national development. Moreover, to facilitate domestic and international dealings, transactions,
arrangements, agreements, contracts and exchanges and storage of information through the
utilization of electronic, optical and similar medium, mode, instrumentality and technology to
recognize the authenticity and reliability of electronic documents related to such activities and
to promote universal use of electronic transaction in the government and general public,
electronic commerce act was enacted.
Learning Outcomes
Read the Data Privacy Act of 2012 (Republic Act 10173). Here’s the link:
https://www.privacy.gov.ph/data-privacy-act/
What are the most critical data privacy issues that have surfaced as a result of COVID-19?
https://www.bworldonline.com/content.php?section=Opinion&title=a-survey-of-cases-on-electronic-
evidence&id=66437
Amicus Curiae
John Paul M. Gaba
Posted on February 27, 2013
THE ENACTMENT in June 2000 of the Electronic Commerce Act (E-Commerce Act), as well as the
issuance in August 2001 by the Supreme Court (SC) of the Rules on Electronic Evidence (E-Evidence
Rules), provided a legal framework that addresses various concerns relative to electronic documents
and transactions. To date, the SC promulgated a handful of decisions that interpreted the relevant
provisions of said legal measures. However, there appears to be a bifurcation in their interpretation and
application.
The SC also discussed the provisions of the E-Evidence Rules and said that even if the E-Evidence Rules
was applied, the authentication of the subject document was also found to be "wanting." It ruled that
the offeror’s testimony failed to demonstrate how the information reflected on the print-out was
generated and how said information could be relied upon as true.
In the UNCITRAL Model Law, data message is defined as "information generated, sent, received or
stored by electronic, optical or similar means including, but not limited to, electronic data interchange
(EDI), electronic mail, telegram, telex or telecopy." This definition is similar to the IRR’s definition of
what constitutes electronic data message.
The SC pointed out that the intention of the legislature when it passed the E-Commerce Act is to
exclude facsimile transmissions. Notably, the definition in the E-Commerce Act of "electronic data
message" does not include the latter portion of the UNCITRAL’s definition, i.e., the portion "but not
limited to, electronic data interchange (EDI), electronic mail, telegram, telex or telecopy." The E-
Evidence Rules defines electronic data message and electronic document substantially the same as how
the E-Commerce Act defines said terms. The SC stressed that said deletion from the E-Commerce Act’s
definition was intentional, as Congress intended to focus the thrust of the law to paper-less
communications and digital transactions. In its obiter dictum, the SC reiterated this ruling in the 2011
case of Torres vs. PAGCOR (Dec. 14, 2011).
In denying their admissibility, the SC pointed out that under the E-Evidence Rules, an electronic
document is relevant only in terms of the information contained therein. What differentiates an
Parallel to its efforts to establish a more efficient court system through a paper-less Judiciary, it is hoped
that the SC shall continue to enrich the local legal landscape by, among others, promulgating decisions
on cases involving electronic documents and electronic evidence.
Learning Task 2
https://www.privacy.gov.ph/data-privacy-act/
Purpose:
adopt generally accepted international principles and standards for personal data
protection.
recognize the vital role of information and communications technology in nation-building and
enforce the State’s inherent obligation to ensure that personal data in information and
communications systems in the government and in the private sector are secured and
protected.
SCOPE OF APPLICATION
The Act and these Rules apply to the processing of personal data
Extraterritorial Application. –
dThis Act applies to an act done or practice engaged in and outside of the Philippines by an
entity if:
(a) The act, practice or processing relates to personal information about a Philippine citizen or a
resident;
(b) The entity has a link with the Philippines, and the entity is processing personal information
in the Philippines or even if the processing is outside the Philippines as long as it is about
Philippine citizens or residents such as, but not limited to, the following:
(1) A contract is entered in the Philippines;
(2) A juridical entity unincorporated in the Philippines but has central management and control
in the country; and
(3) An entity that has a branch, agency, office or subsidiary in the Philippines and the parent or
affiliate of the Philippine entity has access to personal information; and
(c) The entity has other links in the Philippines such as, but not limited to:
(1) The entity carries on business in the Philippines; and
(2) The personal information was collected or held by an entity in the Philippines.
for such to be lawful it must comply with any of the following conditions
a. The data subject must have given his or her consent prior to the
collection, or as soon as practicable and reasonable;
Compliance Officers.
Data Protection Policies.
Records of Processing Activities.
Management of Human Resources.
Right to be informed.
Right to Access.
Right to rectification.
-data subject has the right to dispute the
inaccuracy or error in the personal data and have the personal information
controller correct it immediately and accordingly
• Commission
• Data Subject
•
notification is required when it involves sensitive personal information
or such information may be used to enable identity fraud
personal information controller or the Commission believes that such unauthorized acquisition
is likely to give rise to a real risk of serious harm to any affected data subject.
Breach Report
1. personal information controller shall notify the Commission by
submitting a report
2.report shall also include the name of a designated
representative of the personal information controller, and his or her contact
details.
3. All security incidents and personal data breaches shall be documented
through written reports
PENALTIES
A penalty of imprisonment ranging from one (1) year to three (3) years
and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not
more than Two million pesos (Php2,000,000.00) shall be imposed on persons who
process personal information without the consent of the data subject, or without
being authorized under the Act or any existing law.
penalty of imprisonment ranging from three (3) years to six (6) years
and a fine of not less than Five hundred thousand pesos (Php500,000.00) but not
more than Four million pesos (Php4,000,000.00)
imposed on persons who process sensitive personal information without the consent of the
data subject, or without being authorized under the Act or any existing law.
Malicious disclosure
concealment of security breach
unauthorized disclosure
Combination or Series of Acts
A. State Policy
o The State recognizes the vital role of information and communications technology
(ICT) in nation-building;
o the need to create an information-friendly environment which supports and ensures
the availability, diversity and affordability of ICT products and services;
o the primary responsibility of the private sector in contributing investments and
services in telecommunications and information technology;
o the need to develop, with appropriate training programs and institutional policy
changes, human resources for the information technology age, a labor force skilled
B. Objective
o This Act aims to facilitate domestic and international dealings, transactions,
arrangements agreements, contracts and exchanges and storage of information
through the utilization of electronic, optical and similar medium, mode,
instrumentality and technology to recognize the authenticity and reliability of
electronic documents related to such activities and to promote the universal use of
electronic transaction in the government and general public.
C. Coverage
a. Electronic Data Message
▪ Refers to information generated, sent, received, or stored by electronic,
optical or similar means.
b. Electronic Signature
▪ refers to any distinctive mark, characteristic and/or sound in electronic
form, representing the identity of a person and attached to or logically
associated with the electronic data message or electronic document or any
methodology or procedures employed or adopted by a person and executed
or adopted by such person with the intention of authenticating or approving
an electronic data message or electronic document.
c. Electronic Document
▪ refers to information or the representation of information, data, figures,
symbols or other modes of written expression, described or however
represented, by which a right is established or an obligation extinguished,
or by which a fact may be prove and affirmed, which is receive, recorded,
transmitted, stored, processed, retrieved or produced electronically.
d. Electronic Key
▪ refers to a secret code which secures and defends sensitive information that
cross over public channels into a form decipherable only with a matching
electronic key.
D. Legal Recognition
Section 6. Legal Recognition of Electronic Data Messages - Information shall not be denied legal
effect, validity or enforceability solely on the grounds that it is in the data message purporting to
give rise to such legal effect, or that it is merely referred to in that electronic data message.
Section 7. Legal Recognition of Electronic Documents - Electronic documents shall have the legal
effect, validity or enforceability as any other document or legal writing, and -
(a) Where the law requires a document to be in writing, that requirement is met by an
electronic document if the said electronic document maintains its integrity and reliability
and can be authenticated so as to be usable for subsequent reference, in that -
i. The electronic document has remained complete and unaltered, apart from
the addition of any endorsement and any authorized change, or any change
which arises in the normal course of communication, storage and display; and
ii. The electronic document is reliable in the light of the purpose for which it was
generated and in the light of all relevant circumstances.
(c) Where the law requires that a document be presented or retained in its original form,
that requirement is met by an electronic document if -
i. There exists a reliable assurance as to the integrity of the document from the
time when it was first generated in its final form; and
This Act does not modify any statutory rule relating to admissibility of electronic data
massages or electronic documents, except the rules relating to authentication and best
evidence.
(a) A method is used to identify the party sought to be bound and to indicate said party's
access to the electronic document necessary for his consent or approval through the
electronic signature;
(b) Said method is reliable and appropriate for the purpose for which the electronic
document was generated or communicated, in the light of all circumstances, including
any relevant agreement;
(c) It is necessary for the party sought to be bound, in or order to proceed further with
the transaction, to have executed or provided the electronic signature; and
(d) The other party is authorized and enabled to verify the electronic signature and to
make the decision to proceed with the transaction authenticated by the same.
(a) The electronic signature is the signature of the person to whom it correlates; and
(b) The electronic signature was affixed by that person with the intention of signing or
approving the electronic document unless the person relying on the electronically signed
electronic document knows or has noticed of defects in or unreliability of the signature
or reliance on the electronic signature is not reasonable under the circumstances.
Section 12. Admissibility and Evidential Weight of Electronic Data Message or Electronic
Document. - In any legal proceedings, nothing in the application of the rules on evidence shall deny
the admissibility of an electronic data message or electronic document in evidence -
(b) On the ground that it is not in the standard written form, and the electronic data
message or electronic document meeting, and complying with the requirements under
Sections 6 or 7 hereof shall be the best evidence of the agreement and transaction
contained therein.
F. Electronic Contracts
(1) Except as otherwise agreed by the parties, an offer, the acceptance of an offer and
such other elements required under existing laws for the formation of contracts may be
expressed in, demonstrated and proved by means of electronic data messages or
electronic documents and no contract shall be denied validity or enforceability on the sole
ground that it is in the form of an electronic data message or electronic document, or that
any or all of the elements required under existing laws for the formation of contracts is
expressed, demonstrated and proved by means of electronic data messages or electronic
documents.
(2) Electronic transactions made through networking among banks, or linkages thereof
with other entities or networks, and vice versa, shall be deemed consummated upon the
actual dispensing of cash or the debit of one account and the corresponding credit to
another, whether such transaction is initiated by the depositor or by an authorized
collecting party: Provided, that the obligation of one bank, entity, or person similarly
situated to another arising therefrom shall be considered absolute and shall not be
subjected to the process of preference of credits.
Please see Elaborate_Data Privacy Act.pdf and choose the correct answer. Use capital letters.
TRUE OR FALSE
References