In my last two articles, I talked about the dangers surrounding government lists and the need for safeguards when it comes to the sharing or transfer of personal data, especially when state institutions are involved. I never imagined that, within weeks, the government would help me make my point in spectacular fashion.
On March 12, a letter from the Station Drug Enforcement Unit Chief of the Calbayog City Police Station addressed to the courts of that town went viral.
In it was a request for the names of lawyers representing “Communist Terrorist Group (CTG) personalities” before said courts, being made supposedly in compliance with a directive coming from “higher PNP offices”. Attached to the document was a table seeking additional details about each “legal personality”, like his or her affiliations, client, case, and its status. Curiously, it also featured a rather ominous space reserved for the “mode of neutralization”, which has left everyone stumped even now.
With numerous accounts of police abuses and attacks targeting lawyers circulating, the request caused quite a scandal. It prompted immediate, widespread condemnation, especially once its authenticity was confirmed by the recipient. Hundreds of lawyers have since called on the Supreme Court to require the leadership of the Philippine National Police (PNP) to provide an official explanation and to commence proceedings aimed at preventing similar incidents in the future.
The Commission on Human Rights described the move as having transcended “all legal and statutory basis” and posed a threat to the legal profession “by failing to appreciate the role of lawyers in upholding the people’s Constitutional rights”.
For some reason, though, the National Privacy Commission (NPC) has remained tight-lipped on the matter. Considering it just made data sharing so much easier for government agencies when it decided to do away with the data sharing agreement requirement, this would have been the perfect opportunity to declare its position as the country’s sole data protection authority.
The Commission could have said its removal of the documentary requirement should not be interpreted by government agencies as a license to share or transfer personal data, with no regard for people’s privacy rights and with little to no safeguards in place. A stern warning to the PNP would have been justified, too. Law enforcers cannot overstep their mandate. Lawyers simply doing their jobs are not criminals and must be free from any type of state surveillance or harassment.
To better explain the importance of this lost opportunity, I should note that when the NPC sought comments on its then-draft Circular on data sharing agreements, I emphasized in my position paper how important it is to appreciate the difference between data processing performed by government offices and private entities. Many state-sponsored data collection efforts are coercive by nature, making them inherently more dangerous than their private sector counterparts. If, on top of that, you give government agencies broad discretion over their data sharing activities, with few or no restrictions, then you inevitably amplify all attendant risks.
In my submission, I also included examples of questionable data sharing arrangements that could arise as a result of the policy change. One involved “an organization sharing with a law enforcement agency the records of its employee based on the agency’s letter-request which accuses the employee of a crime or describes him/her as a potential suspect in a crime”. The similarity of that scenario with today’s real-life example is too eerie, even for me.
The Commission went ahead with its plans, making no substantial changes to its proposed policy. It was then my hope that they had assessed their position carefully and would make sure to assert the same whenever a chance presented itself.
I believe the events of the past few days qualify as one such moment, but, unfortunately, no one from the agency stepped up to the plate. Nobody knows what the agency thinks about the issue. As for the rest of us, we are now left to deal with government agencies constantly testing the boundaries of their mandate, just as I anticipated.
The PNP request in question is just one of many examples out there today. The rest are often carried out in secret by willing parties, outside the reach of public scrutiny. It is there where the real danger lies. Entities are free to share information about individuals without the need to document the same, thereby avoiding potential review by the NPC, the courts, or the affected individuals. Their negative impact or consequences will be extremely hard to guard against. By the time they come about, it may already be too late for those involved to do something about it.
So let’s consider ourselves lucky this time. The attempt to solicit information was made public, which then snowballed into this widely publicized controversy that forced the PNP to disown the effort and even make a token apology to the legal profession. Unwarranted and unlawful data sharing was thwarted. Tomorrow, things will likely be very different.
To protect ourselves, we will have to remain vigilant and be on the lookout for similar attempts in the future. Once one is spotted, every responsible individual should lend his or her voice of condemnation until, together, we reach a chorus powerful enough to turn back another case of government overreach. It’s going to be difficult if we cannot rely on our regulators to have our backs, but not impossible. That is the essence of having real power lie with the people.
The author is a lawyer, artist, photographer, and privacy advocate. Additional information and queries may be sent to firstname.lastname@example.org.