IT Law Journal

administrator April 28th, 2008

The Efficacy of the Writ of Habeas Data in Affording Protection to One’s Right to Privacy
by Fraulein B. San Pedro

The Supreme Court, pursuant to its rule-making power, promulgated the Rules on the Writ of Habeas Data which took effect on February 2, 2008. The said Rules were promulgated in view of the alarming increase in number of incidents of violations of, not to mention worsening human rights condition in the country, which has already tallied more than 900 victims of extrajudicial killings and 200 more victims of enforced disappearances in the last five to six years.

The High Tribunal, with the aim of further strengthening the role of the Judiciary as the last bulwark of defense against violations of the constitutional rights to life and liberty of the people in an information-driven age, has come up with the rules. The writ in general is designed to safeguard individual freedom from abuse in the information age by means of an individual complaint presented in a constitutional court. Specifically, it protects the image, privacy, honor, information, self-determination, and freedom of information of a person.

Supreme Court Chief Justice Reynato Puno describes this right to truth as fundamental to citizens of countries in transition to democracy burdened by a legacy of massive human rights violations. “The exercise of this right is particularly crucial in disappearances driven by politics because they usually involve secret execution of detainees without any trial, followed by the concealment of the body with the purpose of erasing all material traces of the crime and securing impunity for the perpetrators. Indeed, truth is the bedrock of all legal systems, whether the system follows the common law tradition or the civil tradition. Justice that is not rooted in truth is injustice in disguise. That kind of justice will not stand the test of time, for it is not anchored in reality but on mere images.”¹

Brief History of the Writ of Habeas Data

The literal translation from Latin of Habeas Data is “you should have the data”. Habeas Data is a constitutional right granted in several countries in Latin-America. It shows variations from country to country, but in general, it is designed to protect, by means of an individual complaint presented to a constitutional court, the image, privacy, honour, information self-determination and freedom of information of a person.²

Interest in the right of privacy increased in the 1960s and 1970s with the advent of information technology (IT). The surveillance potential of powerful computer systems prompted demands for specific rules governing the collection and handling of personal information. In many countries, new constitutions reflect this right. The genesis of modern legislation in this area can be traced to the first data protection law in the world enacted in the Land of Hesse in Germany in 1970 This was followed by national laws in Sweden (1973), the United States (1974), Germany (1977) and France (1978).³ In view of the increased interest in the right of privacy, certain European legal mechanisms are traced to be the origins of the Habeas Data writ, Europe being the birthplace of the modern Data Protection. As a matter of fact, certain German constitutional rights are identified to be the direct progenitors of the Habeas Data right, particularly the right to information self- determination, which was created by the German Constitutional Tribunal upon interpretation of the then existing rights of human dignity and personality. The right to information self-determination pertains to the right of a person to know what type of data are stored on manual and automatic databases about an individual, and it implies that there must be transparency on the gathering and processing of such data.⁴

Two crucial international instruments evolved from the above-mentioned laws. The Council of Europe’s 1981 Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data and the Organization for Economic Cooperation and Development’s Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data articulate specific rules covering the handling of electronic data. The rules within these two documents form the core of the Data Protection laws of dozens of countries. These rules describe personal information as data which are afforded protection at every step from collection through to storage and dissemination. The right of people to access and amend their data is a primary component of these rules.

The other direct predecessor of the Habeas Data right is the Council of Europe’s 108th Convention on Data Protection of 1981. The said convention was had for the purpose of securing the privacy of an individual as regards the automated processing of personal data. To afford this protection, several rights are given to an individual, which includes the right to access their personal data held in an automated database.⁵

The first country to implement Habeas Data was the Federal Republic of Brazil, when in 1988, the Brazilian legislature voted a new Constitution, which included a novel right never seen before: the Habeas Data individual complaint. The same is expressed as a full constitutional right under Article 5, LXXI, Title II of the Constitution, which stipulates that:

“Habeas Data shall be granted: a) to ensure the knowledge of information related to the person of the petitioner, contained in records or databanks of government agencies or of agencies of a public character; b) for the correction of data, when the petitioner does not prefer to do so through a confidential process, either judicial or administrative”.⁶

In 1991, Colombia followed the Brazilian example by incorporating the Habeas Data right to its new constitution. Thereafter, many other countries such as Paraguay in 1992, Peru in 1993, Argentina in 1994, and Ecuador in 1996, followed and adopted the new legal tool in their respective constitutions.

The 1992 Paraguay Constitution has followed the example set by Brazil but enhanced the protection by providing in Article 135 thereof the following:

“Everyone may have access to information and data available on himself or assets in official or private registries of a public nature. He is also entitled to know how the information is being used and for what purpose. He may request a competent judge to order the updating, rectification, or destruction of these entries if they are wrong or if they are illegitimately affecting his rights.”⁷

The Argentinian version of Habeas Data is the most complete to date, as stated in Article 43 of their Constitution, amended on the 1994 reform:

“Any person shall file this action to obtain information on the data about himself and their purpose, registered in public records or data bases, or in private ones intended to supply information; and in case of false data or discrimination, this action may be filed to request the suppression, rectification, confidentiality or updating of said data. The secret nature of the sources of journalistic information shall not be impaired.”

In our country, on February 2, 2008, the rules on the writ of Habeas Data (A.M. No. 08-1-16-SC) became effective, with Section 1 thereof providing:

“The writ of habeas data is a remedy available to any person whose right to privacy in life, liberty or security is violated or threatened by an unlawful act or omission of a public official or employee, or of a data or information regarding the person, family, home and correspondence of the aggrieved party.”

The expression of data protection in various declarations and laws varies only by degrees. All require that personal information must be:

• obtained fairly and lawfully;
• used only for the original specified purpose;
• adequate, relevant and not excessive to purpose;
• accurate and up to date; and
• destroyed after its purpose is completed.⁸

The Right to Privacy

Privacy can be defined as a fundamental (though not an absolute) human right. The law on privacy can be traced as far back as 1361, when the Justices of the Peace Act in England provided for the arrest of peeping toms and eavesdroppers. In 1765, British Lord Camden, striking down a warrant to enter a house and seize papers wrote, “We can safely say there is no law in this country to justify the defendants in what they have done; if there was, it would destroy all the comforts of society, for papers are often the dearest property any man can have.” Parliamentarian William Pitt wrote, “The poorest man may in his cottage bid defiance to all the force of the Crown. It may be frail; its roof may shake; the wind may blow though it; the storms may enter; the rain may enter — but the King of England cannot enter; all his forces dare not cross the threshold of the ruined tenement.”⁹

Privacy is a fundamental human right recognized in the UN Declaration of Human Rights, the International Covenant on Civil and Political Rights and in many other international and regional treaties. Privacy underpins human dignity and other key values such as freedom of association and freedom of speech. It has become one of the most important human rights issues of the modern age.

The essence of privacy is the “right to be let alone.” In the 1965 case of Griswold vs. Connecticut, the United States Supreme Court gave more substance to the right of privacy when it ruled that the right has a constitutional foundation. It held that there is a right of privacy which can be found within the penumbras of the First, Fourth, Fifth and Ninth Amendments xxx. In the 1968 case of Morfe vs. Mutuc, we adopted the Griswold ruling that there is a constitutional right to privacy.¹⁰

The Supreme Court held further: Indeed, if we extend our judicial gaze, we will find that the right of privacy is recognized and enshrined in several provisions of our Constitution. It is expressly recognized in Section 3(1) of the Bill of Rights xxx. Other facets of the right to privacy are protected in various provisions of the Bill of Rights, viz, Sections 1, 2, 6, 8, and 17. Other zones of privacy are recognized and protected in our laws, to wit: (1) the Civil Code provides that “every person shall respect the dignity, personality, privacy and peace of mind of his neighbors and other persons” and punishes as actionable torts several acts by a person of meddling and prying into the privacy of another. It also holds a public officer or employee or any private individual liable for damages for any violation of the rights and liberties of another person, and recognizes the privacy of letters and other private communications; (2) the Revised Penal Code makes a crime the violation of secrets by an officer, the revelation of trade and industrial secrets, and trespass to dwelling; (3) invasion of privacy is an offense in special laws like the Anti- Wiretapping Law (R.A. 4200, the Secrecy of bank Deposits (R.A 1405), and the Intellectual Property Code (R.A. 8293); (4) the Rules of Court on privileged communication likewise recognize the privacy of certain information (Sec. 24 ,Rule 130 (c), Revised Rules on Evidence.¹¹

Threats to the Right to Privacy

Threats to privacy come from multiple sources - technological, government actions, and the private sector and commercial services. In the modern era, technology has long been viewed as the source of many privacy concerns.

a. Technology

In a paper¹² prepared by the Director of Electronic Privacy Information Center of the United States of America it was mentioned therei that amplification, routinization, and sublimation are among the key characteristics of technology in the surveillance realm.

The paper described amplification to refer to the ability of technology to extend the ability to gather information and intrude into private life. Examples of amplification are linked directly to the sensory abilities. Techniques for amplification invariably also capture information beyond what may be justified by initial inquiry.

There is considerable debate on whether it is appropriate to regulate techniques of amplification. While it is true that some of these methods intrude into private life, it is also clearly the case that such technologies have beneficial applications. Regulating the technique rather than the activity inevitably raises the danger of criminalizing behavior that might otherwise be considered permissible. Thus, one of the first lessons of legislating to protect privacy is the need to focus on the underlying activity and not the technology itself.¹³

Routinization, on the other hand, is the process of using technology in making intrusion into private life an ongoing process. Again it is possible to conceive of both appropriate and inappropriate forms of routinized surveillance. The paper cited as an example a camera at a bank cashiers desk, which is probably an appropriate use of surveillance technology as it provides protection in case of a robbery. However, a camera placed in the changing room of a department store would be more problematic. While it could be argued that the purpose of the camera is to deter shoplifting, customers are likely to find a camera in a changing room simply too intrusive.

The last, sublimation is described as the means by which a technique for privacy invasion becomes increasingly difficult to detect. Hidden cameras, listening devices and similar data gathering techniques offer little opportunity for the data subject to escape detection and frequently little opportunity in the political realm to challenge the desirability of such techniques. Illegal wire surveillance by law enforcement agencies is a long-standing privacy concern since it is so difficult to detect, to assess, and to challenge.

While technology is not required for an invasion of privacy, the ability of techniques to amplify, routinize and sublimate surveillance has traditionally raised some of the greatest privacy concerns.¹⁴

b. Government

It would not need a genius to say that many of the most serious threats to privacy come from government. In the most extreme form when a government arrests and imprisons a person, it has denied the individual the dignity of privacy almost absolutely. Government can also diminish privacy through schemes for compelled identification, drug testing, physical searches of one’s home or person, database profiling, genetic testing, and polygraph examinations to name just a few.¹⁵ Threats to privacy caused by the government are particularly problematic since once established, citizens have little choice but to comply. An individual has no choice but to comply with the requirements of national identity or drug testing as a condition for public employment or issuance of licenses.

c. Private and Commercial Transactions

In a workplace, corporations seek to exert greater control over workers through a variety of monitoring and surveillance practices such as monitoring of telephone calls and computer use, video surveillance of change rooms and bathrooms.

More generally, corporations threaten privacy in the marketplace through extraction of information of commercial value from consumers in their personally identified transactions. At present, customers are required to provide personal details that can be used by companies for subsequent purposes, while some requests are necessary and appropriate for a particular transaction, in many more, data collections are unrelated to a particular purpose.

This process of extracting commercial value in the marketplace might be called the commodification of identity. Efforts to limit this process focus on either regulatory restrictions on the collection of information or technical means to promote commercial transactions that do not require disclosure of personally identifiable information.

Supreme Court’s Response to the Threats

According to an international survey of privacy law and practice, there are three major reasons for the movement towards comprehensive privacy and data protection laws. Many countries are adopting these laws for one or more reasons, to wit:

To remedy past injustices. Many countries, especially in Central Europe, South America and South Africa, are adopting laws to remedy privacy violations that occurred under previous authoritarian regimes.
• To promote electronic commerce. Many countries, especially in Asia, but also Canada, have developed or are currently developing laws in an effort to promote electronic commerce. These countries recognize consumers are uneasy with their personal information being sent worldwide. Privacy laws are being introduced as part of a package of laws intended to facilitate electronic commerce by setting up uniform rules.
• To ensure laws are consistent with Pan-European laws. Most countries in Central and Eastern Europe are adopting new laws based on the Council of Europe Convention and the European Union Data Protection Directive. Many of these countries hope to join the European Union in the near future. Countries in other regions, such as Canada, are adopting new laws to ensure that trade will not be affected by the requirements of the EU Directive.¹⁶

It is quite unfortunate that the promulgation of the rules on the writ of habeas data for a more comprehensive privacy and data protection, was brought about to remedy the worsening privacy violations, as well as the distressing human rights condition in our country. Supreme Court Justice Puno in a speech delivered before the promulgation of the rules on the writ of habeas data declared: “I took pains to narrate the development and protection of human rights in the world to show how the Philippines is faring in that regard. Looking at our record with the most hospitable eye, the conclusion will not be kind to our authorities. The number of victims of extrajudicial killings and involuntary disappearances is already chilling as it is, and we are still counting. This bulging number of victims of human rights violations and the failure to bring the perpetrators to swift justice have brought to us what observers derisively call a culture of impunity.

Indeed, the human rights situation in the Philippines has alarmed the international community. Human rights advocates from the United Nations, the European Union, and the United States have decried that the Philippines is fast gaining the reputation as the graveyard of human rights in Asia. But the business of protecting human rights in the Philippines is the business of Filipinos, more than the business of foreigners. Let me submit, however, that as Filipinos, let us not forget that we have a glorious history of protecting human rights in our shores and of advancing their frontiers elsewhere in the world. Nobody can dispute the fact that Rizal, Mabini, Del Pilar, and our other national heroes established the first democracy in Asia.¹⁷

Aside from the foregoing human rights condition in the country, based on opinion polls, concern over privacy violations is now greater than at any time in recent history. The increasing sophistication of information technology with its capacity to collect, analyze and disseminate information on individuals has introduced a sense of urgency to the demand for legislation. Furthermore, new developments in medical research and care, telecommunications, advanced transportation systems and financial transfers have dramatically increased the level of information generated by each individual. Computers linked together by high speed networks with advanced processing systems can create comprehensive dossiers on any person without the need for a single central computer system. New technologies developed by the defense industry are spreading into law enforcement, civilian agencies, and private companies.¹⁸

Uniformly, populations throughout the world express fears about encroachment on privacy, prompting an unprecedented number of nations to pass laws which specifically protect the privacy of their citizens. Human rights groups are concerned that much of this technology is being exported to developing countries which lack adequate protections. Currently, there are few barriers to the trade in surveillance technologies.

It is now common wisdom that the power, capacity and speed of information technology is accelerating rapidly. The extent of privacy invasion — or certainly the potential to invade privacy — increases correspondingly.¹⁹

Over the past decade the Internet has become an important tool for communication and research. The technology is growing at an exponential rate, with millions of new users going on line each year. The Internet is also used increasingly as a tool for commercial transactions. The capacity, capability, speed and reliability of the Internet is constantly improving, resulting in the constant development of new uses for the medium.

Efficacy of the Writ

Chief Justice Puno, less than a month after the promulgation of the rules on the writ of habeas data stated that: “It is an excellent human rights tool used mostly in countries recovering from military dictatorships. It enforces the right to truth, which is the bedrock of the rule of law. Observers say that with the promulgation of these two writs, the number of victims of extrajudicial and enforced disappearances had declined. Perhaps it is too early to rejoice over their deterrent effect.”²⁰

It is not enough that the judiciary has taken steps to afford protection upon one’s right to privacy, as well as deter, if not totally bring to an end the worsening human rights condition in the country. Both the legislative and the executive departments have to undertake the necessary steps to complement that taken by the judiciary.

The legislative department is expected to enact laws that would comprehensively cover the right to privacy, as well as its other facets, taking into consideration the sophistication of technology. Laws regulating the collection and gathering of data for identity systems (identity cards, biometrics) should be enacted in no time. Likewise, the surveillance of communications, the installation and use of video surveillance cameras, as well as the filing or storing of the videos require regulation so as to prevent wrongful use of the same. As regards the information gathered for purposes of employment or commercial transactions, our country lacks the necessary laws drawing the parameters as to the extent of the use of the said information.

In 1998, Administrative Order no. 308 issued by then President Fidel V. Ramos, prescribed for a national ID system for all citizens to facilitate business transactions with government agencies engaged in the delivery of basic services and social security provisions was declared unconstitutional by the Supreme Court. The Court held that A.O. No. 308 falls short of assuring that personal information which will be gathered about our people will only be processed for unequivocally specified purposes.²¹ Further, the Court held that the ability of a sophisticated data center to generate a comprehensive cradle-to-grave dossier on an individual and transmit it over a national network is one of the most graphic threats of computer revolution.²² The Court is not unmindful of the fact that the retrieval of stored data is simple, such that when information of privileged character finds its way into the computer, it can be extracted together with other data on the subject. Hence, once extracted, the information is putty in the hands of any person; it is at that point the end of privacy begins.

In other countries like Singapore, the single ID system for government and social services transactions work due to the fact that the government has provided utmost, not to mention maximum protection over the information pertaining to its citizens. As for our country, while the end sought to be achieved by the said administrative order is one laudable, the same does not justify the gravity of violation of one’s privacy rights. It is about time that our government make use of the available technology to the fullest without sacrificing the privacy of its people.

Affording protection to the rights of the people, privacy or otherwise, is not just an obligation reposed upon one of the three branches of our government- the judiciary, that is. The desire and enthusiasm on the part of the judiciary to protect the right to privacy would prove futile if the other two allow statistics on violations count from day to day.

As of this writing, the Supreme Court has issued two writs of habeas data, marking the first time that the high tribunal did so since its promulgation. The high court issued the habeas data together with the writ of amparo for two cases filed separately by Guillermo M. Luz, executive vice president of Ayala Foundation, Inc., and Anakpawis partylist member Francis Saez last March 3 and March 5 respectively.

It also ordered the Court of Appeals to hear each petition separately on March 18.

In his petition for the issuance of a writ of amparo and writ of habeas data, Luz said that the military should appear before the court to confirm or deny whether the military has been conducting surveillance operations on him over his alleged involvement in a plot to oust President Gloria Macapagal-Arroyo, particularly in the “Pen coup.”

This refers to the siege by rebel soldiers and civilians at the Manila Peninsula Hotel in Makati City last Nov. 29, 2007 to demand the resignation of Arroyo.

Luz said the respondents should submit to the court and disclose to him any photographs, reports, data, or information gathered in the course of their “case buildup” against him.

Meanwhile, in his petition for the writ of amparo and for the writ of habeas data, with prayers for temporary protection order, inspection of place, and production of documents, Saez prayed that respondents Arroyo, Esperon, and other involved persons produce before the court the “Order of Battle” containing his name.²³

The sufficiency of the writ to afford protection to one’s right to privacy is one thing, the intentional violation thereof by those in power and in control is another.

1. Guerra, Gleo Sp., Writ of Habeas Data in the Offing as Protection In Information Age, http://www.supremecourt .gov.ph/publications/benchmark/2007/11/110703.php [↩]
2. http://en.wikipedia.org/wiki/Habeas_Data. [↩]
3. Banisar, David, et al., PRIVACY AND HUMAN RIGHTS, An International Survey of Privacy Laws and Practice, http://www.gilc.org/privacy/survey/intro.html. [↩]
4. Op cit. [↩]
5. Ibid. [↩]
6. http://en.wikipedia.org/wiki/Habeas_Data [↩]
7. Ibid. [↩]
8. Banisar, David, et al., PRIVACY AND HUMAN RIGHTS, An International Survey of Privacy Laws and Practice, http://www.gilc.org/privacy/survey/intro.html. [↩]
9. Ibid. [↩]
10. Ople vs. Torres, G.R. No. 127685, July 23, 1998) [↩]
11. Ibid. [↩]
12. Rotenberg, Marc, Preserving Privacy in Information Society, http://www.stii.dost.gov.ph/astinfo/aprtojun2k/pg10.htm [↩]
13. Ibid. [↩]
14. Ibid. [↩]
15. Ibid. [↩]
16. Banisar, David, et al., PRIVACY AND HUMAN RIGHTS, An International Survey of Privacy Laws and Practice, http://www.gilc.org/privacy/survey/intro.html. [↩]
17. No Turning Back On Human Rights, delivered by Supreme Court Chief Justice Reynato Puno on 25 August 2007 at the Luce Auditorium, Silliman University, Dumaguete City, http://www.salongacenter.org/human_rights.php. [↩]
18. Ibid. [↩]
19. Ibid. [↩]
20. Chief Justice Reynato S. Puno, Freedom of Press: a Touchstone of Democracy, February 27, 2008, http://www.nujp.org/pr/pr08/prfeb27-puno.html. [↩]
21. Ople vs. Torres, G.R. No. 127685, July 23, 1998. [↩]
22. Ibid. [↩]
23. Torres, Tetch SC grants ‘habeas data, amparo’ for businessman, activist, March 12, 2008, INQUIRER.NET http://services.inquirer.net/express/08/03/13/html_output/xmlhtml/20080312-124306-xml.html. [↩]

• ITLJ 4-2
• Comments(1)