Case Summary and Outcome

The Supreme Court of Philippines ruled that several provisions of the Cybercrime Prevention Act of 2012 violated freedom of expression and privacy. Fourteen petitioners, including the Philippine Bar Association, the National Press Club, a number of other NGOs and prominent academics, challenged twenty-one provisions of the Cybercrime Act. The Court held that Sections 4(c)(3), 12, and 19 of the Act were unconstitutional. It found that Section 4(c)(3) restricted freedom of expression by prohibiting the unsolicited transmission of commercial communications, such as spam. Section 12 was declared in violation of the right to privacy because it lacked sufficient specificity and definiteness in collecting real-time computer data. Section 19 was found to violate the rights against unreasonable searches and seizures, which gave the government the authority to restrict or block access to computer data without a judicial warrant.

---

Facts

The case arises out of consolidated petitions to the Supreme Court of the Philippines on the constitutionality of several provisions of the Cybercrime Prevention Act of 2012, Act No. 10175.

The Petitioners argued that even though the Act is the government’s platform in combating illegal cyberspace activities, 21 separate sections of the Act violate their constitutional rights, particularly the right to freedom of expression and access to information. 

In February 2013, the Supreme Court extended the duration of a temporary restraining order against the government to halt enforcement of the Act until the adjudication of the issues.

 

---

Decision Overview

Justice Abad delivered the Court’s opinion.

The government of Philippines adopted the Cybercrime Prevention Act of 2012 for the purpose of regulating access to and use of cyberspace.  Several sections of the law define relevant cyber crimes and enable the government to track down and penalize violators.  

Among 21 challenged sections, the Court declared Sections 4(c)(3), 12, and 19 of the Act as unconstitutional. 

Section 4(c)(3) prohibits the transmission of unsolicited commercial electronic communications, commonly known as spams, that seek to advertise, sell, or offer for sale of products and services unless the recipient affirmatively consents, or when the purpose of the communication is for service or administrative announcements from the sender to its existing users, or “when the following conditions are present: (aa) The commercial electronic communication contains a simple, valid, and reliable way for the recipient to reject receipt of further commercial electronic messages (opt-out) from the same source; (bb) The commercial electronic communication does not purposely disguise the source of the electronic message; and (cc) The commercial electronic communication does not purposely include misleading information in any part of the message in order to induce the recipients to read the message.”

The government argued that unsolicited commercial communications amount to both nuisance and trespass because they tend to interfere with the enjoyment of using online services and that they enter the recipient’s domain without prior permission.

The Court first noted that spams are a category of commercial speech, which does not receive the same level of protection as other constitutionally guaranteed forms of expression ,”but is nonetheless entitled to protection.”   It ruled that the prohibition on transmitting unsolicited communications “would deny a person the right to read his emails, even unsolicited commercial ads addressed to him.”   Accordingly, the Court declared Section4(c)(3) as unconstitutional. 

Section 12 of the Act authorizes the law enforcement without a court warrant “to collect or record traffic data in real-time associated with specified communications transmitted by means of a computer system.”  Traffic data under this Section includes the origin, destination, route, size, date, and duration of the communication, but not its content nor the identity of users.

The Petitioners argued that such warrantless authority curtails their civil liberties and set the stage for abuse of discretion by the government.  They also claimed that this provision violates the right to privacy and protection from the government’s intrusion into online communications.

According to the Court, since Section 12 may lead to disclosure of private communications, it must survive the rational basis standard of whether it is narrowly tailored towards serving a government’s compelling interest.  The Court found that the government did have a compelling interest in preventing cyber crimes by monitoring real-time traffic data.

As to whether Section 12 violated the right to privacy, the Court first recognized that the right at stake concerned informational privacy, defined as “the right not to have private information disclosed, and the right to live freely without surveillance and intrusion.”  In determining whether a communication is entitled to the right of privacy, the Court applied a two-part test: (1) Whether the person claiming the right has a legitimate expectation of privacy over the communication, and (2) whether his expectation of privacy can be regarded as objectively reasonable in the society. 

The Court noted that internet users have subjective reasonable expectation of privacy over their communications transmitted online.  However, it did not find the expectation as objectively reasonable because traffic data sent through internet “does not disclose the actual names and addresses (residential or office) of the sender and the recipient, only their coded Internet Protocol (IP) addresses.” 

Even though the Court ruled that real-time traffic data under Section 12 does not enjoy the objective reasonable expectation of privacy, the existence of enough data may reveal the personal information of its sender or recipient, against which the Section fails to provide sufficient safeguard.  The Court viewed the law as “virtually limitless, enabling law enforcement authorities to engage in “fishing expedition,” choosing whatever specified communication they want.”

Accordingly, the Court struck down Section 12 for lack of specificity and definiteness as to ensure respect for the right to privacy.

Section 19 authorizes the Department of Justice to restrict or block access to a computer data found to be in violation of the Act.  The Petitioners argued that this section also violated the right to freedom of expression, as well as the constitutional protection against unreasonable searches and seizures.

The Court first recognized that computer data constitutes a personal property, entitled to protection against unreasonable searches and seizures.  Also, the Philippines’ Constitution requires the government to secure a valid judicial warrant when it seeks to seize a personal property or to block a form of expression.   Because Section 19 precluded any judicial intervention, the Court found it unconstitutional.  

 

---