Cease and Desist Process for Online Lending Harassment and Privacy Violation

Disclaimer: The following discussion is provided for general informational purposes only and does not constitute legal advice. Laws, regulations, and enforcement practices may change, and individual circumstances vary. If you need specific legal guidance, consult a qualified attorney in the Philippines.

Cease and Desist Process for Online Lending Harassment and Privacy Violation (Philippine Context)

Online lending platforms have proliferated in the Philippines, offering fast loan approvals and minimal documentary requirements. However, many complaints have arisen over unethical collection methods and violations of borrowers’ privacy. The Philippine government—through the Securities and Exchange Commission (SEC) and the National Privacy Commission (NPC)—has acted to curb these abuses.

This article provides a comprehensive overview of:

  1. Relevant Laws and Regulations
  2. Common Forms of Harassment and Privacy Violations
  3. The Role of the Securities and Exchange Commission (SEC)
  4. The Role of the National Privacy Commission (NPC)
  5. Filing Complaints and the Cease and Desist Process
  6. Possible Penalties and Remedies
  7. Practical Steps for Borrowers

1. Relevant Laws and Regulations

1.1. Data Privacy Act of 2012 (Republic Act No. 10173)

  • Scope: The Data Privacy Act (DPA) safeguards the right to privacy by regulating how personal information is collected, stored, used, and shared.
  • Key Provisions:
    • Consent: Organizations must obtain proper consent for data collection and processing.
    • Purpose Limitation: Personal data may only be used for the specific purpose declared to the data subject (e.g., loan processing).
    • Transparency: Data subjects have the right to be informed about how their data is handled.
    • Security Measures: Personal data must be protected by adequate security measures to avoid unauthorized access or breaches.

1.2. SEC Laws and Memorandum Circulars

  • Republic Act No. 9474 (Lending Company Regulation Act of 2007): Governs lending companies’ registration and operation.
  • Republic Act No. 8556 (Financing Company Act of 1998): Governs financing companies’ registration and operation.
  • SEC Memorandum Circular No. 18, Series of 2019: Prohibits unfair debt collection practices and sets guidelines for what constitutes unacceptable harassment and privacy violations by lending and financing companies.

1.3. Other Relevant Laws

  • Cybercrime Prevention Act of 2012 (Republic Act No. 10175): Can be invoked if online harassment involves hacking, unauthorized access, or other cyber-offenses.
  • Revised Penal Code (RPC) Provisions on Grave Threats, Coercion, Slander, or Libel: May apply if online lenders use threatening or defamatory tactics.

2. Common Forms of Harassment and Privacy Violations

  1. Accessing the Borrower’s Contacts Without Consent: Many lending apps request access to phone contacts but later misuse that data to harass or shame borrowers via calls or text blasts to friends and family.
  2. Unsolicited Calls, Texts, and Online Messages: Excessive calling at odd hours, repeated text messages, and threatening language.
  3. Shaming or Disclosing Loan Information to Third Parties: Posting a borrower’s information on social media or sending mass messages to a borrower’s acquaintances about unpaid debts.
  4. Use of Insults and Threats: Verbal abuse, profanity, threats of legal action that are out of proportion or untrue, or even threats of violence or arrest.
  5. False Representation: Some collectors pretend to be lawyers, government officials, or law enforcement to intimidate borrowers into paying.

All these acts, if done without proper authority or if excessive, can qualify as forms of harassment and may violate the borrower’s right to privacy and fair debt collection practices.

3. The Role of the Securities and Exchange Commission (SEC)

The SEC is the primary regulator of lending and financing companies in the Philippines. It:

  1. Issues Licenses and Accreditation: All legitimate lending and financing companies must register with the SEC.
  2. Sets Fair Collection Guidelines:
    • Prohibits threats, harassment, or misleading representations.
    • Disallows contacting persons in the borrower’s contact list who are not parties to the loan (unless they have been listed formally as co-makers or guarantors).
  3. Initiates Investigations and Enforces Penalties:
    • Receives complaints from borrowers.
    • Conducts investigations into reports of harassment and privacy breaches.
    • May issue Cease and Desist Orders (CDOs) and revoke business licenses for non-compliant lending apps or companies.

4. The Role of the National Privacy Commission (NPC)

The NPC enforces the Data Privacy Act and focuses on privacy-related violations:

  1. Jurisdiction Over Data Privacy Issues:
    • Evaluates complaints about unauthorized processing or misuse of personal data.
    • Investigates apps accessing a borrower’s phone contacts without legitimate basis or consent.
  2. Authority to Issue Compliance Orders and CDOs:
    • If the NPC finds probable cause that a lending platform violates the DPA (e.g., misusing contact lists, unauthorized disclosure), it can issue a Cease and Desist Order against the company.
    • The NPC can require the company to undertake remedial measures (e.g., data deletion, improved security measures).
  3. Imposes Penalties and Fines:
    • Violators of the DPA can face fines, imprisonment (depending on the offense), or both.
    • The NPC may also recommend further prosecution if criminal offenses are involved.

5. Filing Complaints and the Cease and Desist Process

When facing harassment and privacy violations from online lending platforms, borrowers and data subjects can take the following steps:

5.1. Gather Evidence

  • Save screenshots of threatening messages, calls, or social media posts.
  • Collect emails, text messages, or any messages sent to your contacts.
  • Document the times and dates of calls or messages.

5.2. Send a Formal Demand or “Cease and Desist Letter” (Optional but Recommended)

  • Although borrowers often seek relief directly from regulatory authorities, you may also send a demand letter to the lending company, requesting them to:

    1. Stop contacting you in a harassing manner.
    2. Cease unauthorized processing of your personal data (including contacting third parties).
    3. Rectify or delete unlawfully obtained or stored personal data.

  • This written notice can serve as evidence of your attempt to resolve the matter amicably, should you need to escalate.

5.3. File a Complaint with the National Privacy Commission

  • Requirements:
    1. Accomplish a Complaint Affidavit, detailing how your personal data was used without your consent or beyond the agreed purpose.
    2. Provide evidence of the violation (screenshots, call logs, witness statements).
    3. Submit a copy of the demand letter (if you have sent one).
  • NPC Procedure:
    1. The NPC evaluates the complaint for sufficiency in substance and form.
    2. If the complaint is accepted, the NPC may require the respondent (lending company) to file a comment.
    3. The NPC can call for mediation or a summary hearing.
    4. If there is probable cause, the NPC may issue a Cease and Desist Order or a compliance order to immediately halt the unauthorized data processing or harassment.

5.4. File a Complaint with the SEC

  • Requirements:
    1. Prepare a written complaint detailing the harassment or unfair collection practices.
    2. Provide supporting evidence (screenshots, call logs, etc.).
  • SEC Procedure:
    1. The SEC’s Enforcement and Investor Protection Department (EIPD) investigates.
    2. The SEC may order the lending company to explain or respond to allegations.
    3. Depending on findings, the SEC can issue a Cease and Desist Order, impose penalties, or revoke the company’s license.

5.5. Criminal Complaints (If Threats, Libel, or Coercion Are Involved)

  • If you believe the harassment involves criminal acts (e.g., threats of harm, extortion, or defamatory statements), you may file a complaint with:
    • The Philippine National Police (PNP) Cybercrime Division,
    • The National Bureau of Investigation (NBI) Cybercrime Division, or
    • The Office of the City Prosecutor in your area.

6. Possible Penalties and Remedies

6.1. Administrative Penalties by SEC and NPC

  • Cease and Desist Orders (CDOs): Requires the company to stop their operations related to illegal data processing or unfair collection.
  • Fines: Amount varies depending on the gravity of violation, number of data subjects involved, and damages caused.
  • License Revocation or Suspension: The SEC can revoke the company’s certificate of authority to operate, effectively shutting down the business.

6.2. Criminal Penalties Under the Data Privacy Act

  • Unauthorized processing of personal information, accessing sensitive personal information due to negligence, and other serious offenses can lead to imprisonment ranging from one to six years and fines ranging from PHP 500,000 to PHP 4,000,000, depending on the specific violation.

6.3. Civil Damages

  • Affected borrowers or data subjects may file civil suits for damages suffered due to privacy breaches or reputational harm. Courts may award compensation for emotional distress, reputational damage, or other losses.

7. Practical Steps for Borrowers

  1. Document Everything: Keep detailed records of the nature of harassment—times, dates, mediums (calls, texts, social media), and the content of messages.
  2. Avoid Hostile Confrontations: If possible, do not engage in heated exchanges. Limit communication to essential details (e.g., scheduling payment arrangements or clarifying amounts owed).
  3. Safeguard Your Personal Data:
    • Before installing lending apps, check permission requests.
    • Revoke unnecessary permissions (like access to contacts or messages) in your phone settings if you suspect misuse.
  4. Consult a Lawyer (If Possible): Professional legal advice can help you craft a strong case and protect your rights.
  5. Explore Alternative Resolution: Attempt to settle or restructure your debt through legal and amicable means, where feasible, to avoid further complications.

Key Takeaways

  • Harassment and Privacy Violation Are Illegal: Online lending companies cannot use threats, harassment, or unauthorized disclosure of personal information to force repayment.
  • Regulatory Bodies Can Issue Cease and Desist Orders: Both the SEC and NPC have the legal mandate to stop unfair debt collection practices and unauthorized data processing.
  • Evidence Is Crucial: Document and retain all proof of wrongdoing—written communications, call logs, screenshots.
  • Multiple Avenues for Redress: File complaints with the NPC (for data privacy issues), the SEC (for unfair collection practices), and law enforcement (for criminal acts such as grave threats or extortion).
  • Legal Support Is Advisable: Consulting a lawyer can strengthen your complaint and help navigate procedural complexities.

In the Philippine context, the Cease and Desist process for online lending harassment and privacy violations is grounded on strict data privacy protections and fair debt collection standards. Borrowers are encouraged to be proactive in asserting their rights—gathering evidence, filing complaints with the correct agencies, and cooperating with investigations to ensure that responsible parties are held accountable. If you find yourself a victim of these abuses, do not hesitate to seek legal counsel and utilize the remedies available under Philippine law.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login