You are on page 1of 3

Last August 2014, Michael Catalano, a family man who lives in New York was looking

for information online about pressure cookers. At the same time, his wife was looking
at backpacks. A counter-terrorist group visited them the next day and accused them of
being terrorists. Apparently, the police received a tip from a Bay Area computer company
regarding suspicious computer searches.
Stories such as these are not new. In fact, unknown to many, instances like these happen
everyday whenever we use our computers. The Bay Area Company are what you call
data brokers. These companies track our searches in the Internet, gather all our personal
information from our searches the websites that we visit, our credit card purchases
and sell them to advertisers. So how exactly does it work? Let us say that the user lives in
Rockwell, that he or she has a smelly feet, and he or she wants to cure her smelly feet. So
he or she goes to Google and conducts a search and out comes numerous medicines for
smelly feet: Medicine A, Medicine B, and so on. His search query will then be harvested
by a data broker. In the meantime, the company that makes Medicine A wants to see who
among those who lives in the Rockwell area are potential costumers. So the company
buys the information from the data broker. Next thing you know, the user will have all
sorts of smelly feet remedy ads popping up in his computer.
Many will say that in the Internet nowadays, there is no reasonable expectation of
privacy. However, we must remember that such doctrine came from Katz v. US, (state
the facts of the case). In that case, the US SC said that Katz had a reasonable expectation
of privacy because he was inside the phone booth. The Katz test rests on the assumption
that this hypothetical reasonable person has a well-developed and stable set of privacy
expectations. Hence, what constitutes a reasonable expectation of privacy will
sometimes be subjective. In fact, the reasonableness of ones privacy is based ones own
experience. In my example, many will say that what happened was not even a privacy
violation. Some people enjoy this targeted marketing, because they're viewing only ads
that relate to their lives. These people are willing to give up a little privacy for
convenience. Others, however, desire a greater degree of privacy: you dont want your
credit card information be passed on to strangers; you dont other people to know that
you have smelly feet, etc. Of course, you cannot have both. As Ben Franklin said those
who surrender freedom for security will not have, nor do they, deserve either one.
Essentially, whether we choose freedom or security is our decision. But regardless of
what we choose, the Philippine Constitution guarantees the right of the people to be
secure in their persons, houses, papers, and effects. [Word vomit: ICCPR, Civil Code].
Essentially, as stated in Olmstead v. US, the right to privacy is the right to be left alone.
Thus, the proponent poses the issue that websites that track, gather, sells, or in any
other manner conveys a users personal information to third parties with the users
consent violates the users right to privacy as enshrined in the Constitution and the
laws.
The Constitution protects people, not places, thus the person on the Internet should
be protected. The right to be left alone in the Internet has already been recognized in

existing laws: 1) Data Privacy Act of 2012; 2) the Cybercrime Law; 3) the e-commerce
act in particular. However, the proponent believes that these laws do not address the issue
at hand.
Data Privacy Act of 2012 - the Act does not apply to personal information processed for
literary, journalistic, research purposes.
Cybercrime Law - the Act does not apply because there is no illegal access involved.
More often than not, we consent to the use of cookies and such. However, what we dont
consent to is the fact that these cookies gather our online activities and sells it to third
parties. The Act also punishes Identity Theft. However, there is no identify theft in the
scenario. The Proponent believes at the situation is just short of being a full fledged
identity theft.
E-commerce Act - Similar to the Data Privacy Act, the act does not also apply to personal
data.
As I earlier said, reasonable expectation of privacy especially on the Internet is
subjective. However, I believe that it is one thing to reasonably believe that whatever we
say on the Internet is really not private; but it is a different thing altogether when your
information is being shared to strangers w/o your consent. Such is not a reasonable
expectation. In fact, even if you are not on the Internet, that would be uncomfortable for
anyone. It might be a cause of action under Art. 26 of the NCC: every person shall
respect the dignity, personality, privacy, peace of mind of other persons.
In 2013, Google was involved in a class action lawsuit. The petitioners in that case
claimed that their privacy rights were being violated because Google read their emails
and sold the information to advertisers. Google claimed that Gmail users have no
reasonable expectation to privacy because Google has to read the emails in order to
protect the user from spam mail, junk mail, etc. Even if that might be true, the gmail
users only expects the email to be read to prevent spam not to be tracked, gathered,
and sold to advertisers.
Thus, the proponent believes that there are two important points that needs to be
addressed: 1) consent; and 2) transparency. First, before the website tracks, gathers, sells
the personal information of the user, it must first get its express consent. Thus, my thesis
proposes that there should be regulation regarding this. In Europe, before a user can
access a website that uses tracking devices, it has to click a small icon wherein he gives
his or her express consent. Second, there should be transparency. The website must fully
disclose to the user that it is mining his personal information, what personal information
is being mined, how will it be used, among others. I believe with these two points, our
right to privacy will be less encroached. At least now, we have a say on our own personal
information.
So for my recommendations:

1) Propose legislation that would regulate tracking websites. It must compel them to get
the express consent of the user and they must be transparent with their purpose. There are
penalties if they do not follow. Such concept is not new. The Data Privacy Act of 2012 in
fact requires entities that gather the information to notify the user before he/she gathers
such information. Unfortunately, the acts stated here are not included in the scope of the
Act.
2) Having said that, I propose the amendment of Section 4 (d) of the Act in order to
include this scenario under the coverage of the Act. Any work done for literary,
journalistic, research purposes should be included under the coverage of the Act.
3) I also recommend that the users must be compensated by these websites for the
personal information that they gather. These websites profit from out personal
information at our expense and w/o any cost on their part. There are also some who
believes that these personal information are own personal property.
4) As to the implementation and regulation of what I am proposing, I propose that it
should be made part of the functions of the National Privacy Commission under the Data
Privacy Act of 2012.
And with that I end with a quote from George Clooney that I sums up what I have said:
I dont like to share my personal life it wouldnt be personal if I shared it.

You might also like