RESPICIO & CO.

Privacy of Communications and Correspondence

October 15, 2024

Privacy of Communications and Correspondence | THE BILL OF RIGHTS

POLITICAL LAW AND PUBLIC INTERNATIONAL LAW

Political Law and Public International Law > Bill of Rights > E. Privacy of Communications and
Correspondence

The right to privacy of communication and correspondence is enshrined in Article III, Section 3
of the 1987 Constitution of the Philippines, which provides the following:

Section 3(1): “The privacy of communication and correspondence shall be inviolable except
upon lawful order of the court, or when public safety or order requires otherwise, as prescribed
by law.”

Section 3(2): “Any evidence obtained in violation of this or the preceding section shall be
inadmissible for any purpose in any proceeding.”

This constitutional provision safeguards the right of every individual to the privacy of their
communication and correspondence from unlawful intrusion by the state, government agencies,
or private individuals. It ensures that communication in any form, whether oral, written, or
electronic, cannot be intercepted, recorded, or intruded upon without valid justification.

Key Concepts and Principles

Nature of the Right

The right to privacy of communication and correspondence is not absolute; however, it is

protected against any form of intrusion except under strictly regulated circumstances.

The phrase "shall be inviolable" emphasizes the strong protection afforded to individuals,
making any form of violation presumptively unlawful unless justified under specific and
exceptional conditions provided by law.

Scope of the Right

This right covers all forms of communication and correspondence, including but not limited to:

Oral communication (phone conversations, face-to-face discussions)

Written communication (letters, messages)

Electronic communication (emails, text messages, internet-based communication like social

media or messaging apps)

Any other medium used to communicate or exchange information

Exceptions to the Right The right to privacy of communication is not absolute and can be
subject to exceptions under the following circumstances:

Lawful order of the court: A competent court may issue an order authorizing the interception or
intrusion of communication in accordance with the law and upon the showing of probable cause
or a legitimate legal basis.

When public safety or order requires otherwise: The right may be curtailed in cases where public
safety or order necessitates government intrusion, but such exceptions must be grounded on
law and cannot be arbitrary.

Admissibility of Evidence

Any evidence obtained in violation of the right to privacy of communication and correspondence
is deemed inadmissible in any proceeding. This is in accordance with the exclusionary rule
provided in Section 3(2) of the Constitution. Evidence gathered through unlawful wiretapping,
unauthorized eavesdropping, or illegal surveillance cannot be used in both civil and criminal
proceedings.

Limitations and Regulatory Framework

Republic Act No. 4200 (Anti-Wiretapping Law)

One of the key legislative measures regulating the right to privacy of communication is the Anti-
Wiretapping Law (R.A. 4200), which prohibits unauthorized wiretapping, interception, or
recording of private communication. The law makes it illegal to:

Secretly record conversations through any electronic device

Possess, sell, distribute, or use any recording or communication obtained in violation of the law

Penalties: Violation of the Anti-Wiretapping Law carries serious penalties, including

imprisonment of six months to six years.

Exceptions: The law provides exceptions for law enforcement officers who have obtained a
valid court order based on probable cause that the subject of the communication is engaged in
criminal activity.

Republic Act No. 10173 (Data Privacy Act of 2012)

The Data Privacy Act of 2012 further strengthens the protection of personal information in
communication, particularly in the digital space. It protects against unauthorized processing,
access, or misuse of personal data, especially in online platforms and communications.

Under the act, personal communication and correspondence are included in the definition of
personal information that must be safeguarded by entities, including private organizations,
which collect and process data.

Jurisprudence on the Right to Privacy of Communication

People v. Marti (G.R. No. 81561, January 18, 1991): The Supreme Court ruled that the
constitutional protection applies only to government intrusion, and not to private individuals
unless there is collusion with state authorities.

Zaldivar v. Sandiganbayan (G.R. No. 79690, October 7, 1988): This case reiterated the
exclusionary rule, holding that evidence obtained in violation of the right to privacy of
communication is inadmissible.

Ramirez v. CA (G.R. No. 93833, September 28, 1995): The Court ruled that telephone
conversations recorded without the consent of the parties involved, and without a lawful court
order, violate R.A. 4200 and are inadmissible in court.

Balancing Privacy and State Interests

The right to privacy of communication and correspondence is balanced against the needs of
public safety, security, and law enforcement. However, this balance is carefully regulated to
prevent abuse by the state. Courts play a pivotal role in determining when the right can be
lawfully intruded upon, with the primary consideration being the necessity and proportionality of
the intrusion in relation to public interest.

International Standards and Principles

The right to privacy of communication is also recognized in various international instruments,

reflecting the Philippines' commitment to uphold human rights standards globally:

Universal Declaration of Human Rights (UDHR)

Article 12 of the UDHR states that "No one shall be subjected to arbitrary interference with his
privacy, family, home, or correspondence, nor to attacks upon his honour and reputation.
Everyone has the right to the protection of the law against such interference or attacks."

International Covenant on Civil and Political Rights (ICCPR)

Article 17 of the ICCPR provides a similar guarantee, emphasizing protection against unlawful
interference with one's privacy, family, home, or correspondence.

General Data Protection Regulation (GDPR)

Although primarily applicable within the European Union, the GDPR has implications for
international privacy standards, influencing data protection laws globally, including the
Philippines' Data Privacy Act. It mandates strict requirements for the protection of personal
information in communications, particularly in cross-border data transfers.

Enforcement Mechanisms

The National Privacy Commission (NPC) oversees the implementation of privacy laws,
particularly in relation to the Data Privacy Act, and ensures that entities handling personal data
in communications comply with the law.

Individuals whose rights are violated can file complaints with the NPC, or pursue civil, criminal,
or administrative remedies depending on the nature of the violation.

Conclusion

The right to privacy of communication and correspondence under Philippine law is a

fundamental human right with strong constitutional and legislative protections. While not
absolute, it is inviolable except under conditions expressly provided by law, such as court orders
or public safety concerns. The exclusionary rule further ensures that evidence obtained through
unlawful means is inadmissible in any court proceeding, protecting individuals from arbitrary or
unlawful intrusions into their private communications.

Bar Reviewers 2025

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be
inaccurate.

September 28, 2024

Exclusionary Rule | Privacy of Communications and Correspondence | THE BILL OF RIGHTS

POLITICAL LAW AND PUBLIC INTERNATIONAL LAW

The Bill of Rights: Privacy of Communications and Correspondence (Article III, Section 3)

Exclusionary Rule

1. Constitutional Basis

The right to privacy of communication and correspondence is enshrined under Article III, Section
3 of the 1987 Philippine Constitution, which provides that:

Section 3(1): "The privacy of communication and correspondence shall be inviolable except
upon lawful order of the court, or when public safety or order requires otherwise as prescribed
by law."

Section 3(2): "Any evidence obtained in violation of this or the preceding section shall be
inadmissible for any purpose in any proceeding."

The provision grants individuals the constitutional right to the privacy of their communications,
with limitations set only by lawful court orders or exigent public safety and order concerns as
determined by law. The second paragraph introduces the Exclusionary Rule, which disallows any
evidence gathered through the violation of the first paragraph from being used in any legal
proceeding.
2. Nature and Scope of the Right to Privacy of Communications

The privacy of communications encompasses various forms of correspondence, whether

traditional or electronic. This includes:

Letters, documents, and physical communications (e.g., postal correspondence).

Telephone conversations and wiretapping (R.A. 4200 or the Anti-Wiretapping Law).

Digital communications, such as emails, text messages, and online data.

Any other modern forms of communication.

3. The Exclusionary Rule: "Fruit of the Poisonous Tree"

The Exclusionary Rule is a constitutional doctrine that dictates the inadmissibility of evidence
obtained in violation of the right to privacy. This principle is often referred to as the "fruit of the
poisonous tree" doctrine, wherein evidence obtained illegally (the "poisonous tree")
contaminates all derivative evidence (the "fruit"), rendering them inadmissible.

Key Principle: Any evidence obtained through illegal means, i.e., a violation of the privacy of
communications and correspondence, is inadmissible in court.

Scope of the Rule: Not only is the primary evidence obtained in violation of the right excluded,
but all other derivative evidence that may arise as a result of the illegal act is also inadmissible.
For example, a confession made after an illegal wiretap, or further evidence gathered as a result
of an illegally intercepted communication, cannot be used in court.

Exceptions:

Good Faith Exception: The Supreme Court of the Philippines has yet to establish a clear good
faith exception to the exclusionary rule in privacy violations. Under this hypothetical exception
(as applied in some jurisdictions), if law enforcement officers reasonably believed that they
were acting under legal authority, the evidence obtained may still be admissible.

Inevitable Discovery Rule: The Philippine judiciary has not definitively ruled on whether the
doctrine of inevitable discovery (which allows evidence to be admitted if it would have been
discovered through lawful means eventually) applies in privacy violation cases.

4. Relation to Other Exclusionary Provisions (Bill of Rights)

The Exclusionary Rule found in Section 3(2) is closely related to other exclusionary provisions in
the Bill of Rights, particularly Section 2 of Article III, which guarantees protection from
unreasonable searches and seizures. Under Section 2, evidence obtained from unreasonable
searches and seizures without a valid warrant is inadmissible under the exclusionary rule. Both
sections provide complementary protections, ensuring that any violation of a person's
constitutional rights results in the exclusion of illegally obtained evidence.

5. Jurisprudence on the Exclusionary Rule in Privacy of Communications

Several key cases illustrate the application of the exclusionary rule in protecting the privacy of
communication and correspondence:

a. People v. Estrada, G.R. No. 124461 (2001)

This case highlighted the application of the exclusionary rule where the Supreme Court ruled
that evidence obtained through illegal wiretapping without a valid court order, in violation of the
Anti-Wiretapping Law (R.A. 4200), was inadmissible. It emphasized that any communication
intercepted without proper legal authority breaches the constitutional right to privacy, thus
activating the exclusionary rule.

b. Zaldivar v. Sandiganbayan, G.R. Nos. 79690-707 (1994)

The case involved the interception of a telephone conversation. The Supreme Court held that
wiretapping without a court order is illegal and violates both the Anti-Wiretapping Law and the
Constitution. The Court declared that any evidence obtained in this manner was inadmissible in
court as it violated the privacy of communication.

c. People v. Marti, G.R. No. 81561 (1991)

In this case, the Supreme Court ruled that the right to privacy of communication can only be
invoked against the State or agents of the State. Private individuals violating another person's
privacy of communication would not trigger the exclusionary rule unless it can be shown that
they acted in collusion with law enforcement or governmental authorities.

6. The Anti-Wiretapping Law (R.A. 4200)

The Anti-Wiretapping Law (R.A. 4200) supplements the constitutional right to the privacy of
communications. The law specifically prohibits:

The unauthorized interception or recording of private conversations via wire, radio, or any other
device.

The admissibility of evidence obtained in violation of this law.

The law is stringent in ensuring that any interception of communication is sanctioned only
through a lawful court order. Evidence obtained without complying with the requisites of the
Anti-Wiretapping Law is automatically rendered inadmissible under both the law and the
constitutional Exclusionary Rule.

Exceptions under the Anti-Wiretapping Law:

A court order allows interception when necessary for public safety or order.

Instances where the person involved in the communication consents to the interception.

Relevant Jurisprudence:

Ramirez v. CA, G.R. No. 93833 (1995) - The Court ruled that even if a private individual or a non-
state actor wiretaps a communication without consent, the privacy rights under R.A. 4200 and
the Constitution are violated. Hence, such evidence is inadmissible.

7. Applicability to Electronic and Digital Communication

Modern jurisprudence and legal interpretations have extended the privacy protection under
Section 3, Article III to cover electronic communications, such as emails, text messages, and
online correspondence. These modern forms of communication are subject to the same
constitutional protections, and any illegal interception or access to such communication without
a court order renders any obtained evidence inadmissible.

The Cybercrime Prevention Act of 2012 (R.A. 10175) also imposes penalties on those who
illegally access or intercept data. The exclusionary rule applies in instances where evidence is
obtained in violation of the Cybercrime Law’s provisions on illegal interception or unauthorized
access.

8. Procedural Aspects

In criminal proceedings, the defense may move to suppress evidence obtained in violation of
the right to privacy of communication through a motion to suppress. This motion seeks to
invoke the exclusionary rule and render the evidence inadmissible. Courts are required to
assess whether the evidence in question was gathered in compliance with legal procedures, and
if not, to apply the exclusionary rule.

Summary

The Exclusionary Rule is a robust constitutional protection under the Bill of Rights that
safeguards individuals' right to privacy in communication and correspondence. Evidence
obtained in violation of this right is deemed inadmissible in any judicial or quasi-judicial
proceeding. The rule is a critical part of ensuring the protection of civil liberties, especially in the
context of modern communication methods, and is supported by related laws like the Anti-
Wiretapping Law and the Cybercrime Prevention Act. Through jurisprudence, the Supreme Court
has consistently upheld the inviolability of this right, emphasizing that any breach thereof
nullifies the legality of the evidence obtained.

Bar Reviewers 2025

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be
inaccurate.

September 28, 2024

R.A. No. 10173 or the Data Privacy Act | Privacy of Communications and Correspondence | THE
BILL OF RIGHTS

POLITICAL LAW AND PUBLIC INTERNATIONAL LAW

R.A. No. 10173 or the Data Privacy Act of 2012

The Data Privacy Act of 2012 (Republic Act No. 10173) is the primary law in the Philippines that
governs the collection, processing, and storage of personal data in both the public and private
sectors. It is a comprehensive law designed to protect the privacy of individuals and ensure the
free flow of information to promote innovation and growth. The law applies to all forms of
personal data, whether in physical or digital form, and establishes various rights for data
subjects and obligations for data controllers and processors. Here's a detailed breakdown of
the key aspects related to the Act:
I. Objectives of the Data Privacy Act

Protect the Fundamental Human Right to Privacy: The Data Privacy Act upholds the right to
privacy of communication and correspondence as enshrined in Section 3(1), Article III of the
Philippine Constitution, which protects the privacy of communication from unlawful intrusion.

Regulate the Collection, Use, and Processing of Personal Data: It seeks to regulate how
personal data is collected, used, stored, disclosed, and disposed of, ensuring that individuals’
personal data is not misused or unlawfully disclosed.

Ensure Data Security: The law emphasizes the importance of maintaining security in handling
personal information, particularly against unauthorized access, modification, or destruction.

II. Scope of the Data Privacy Act

Territorial Scope: The Data Privacy Act applies to both government and private sector entities
located within the Philippines that process personal data. It also applies to entities outside the
Philippines if they use equipment located in the country or process the personal data of
Philippine citizens and residents.

Entities Covered:

Personal Information Controllers (PIC): These are entities that control the processing of
personal data, such as corporations, organizations, or individuals.

Personal Information Processors (PIP): These are entities or individuals that process data on
behalf of PICs.

Exclusions: The Act does not apply to the following:

Personal, family, or household activities.

Journalistic, artistic, literary, or research purposes.

Information about government officials in relation to their official functions.

Data processed for the national security, public order, and safety of the country.

Law enforcement, if duly authorized under existing laws.

III. Key Definitions Under the Data Privacy Act

Personal Data: Information, whether recorded or not, from which the identity of an individual can
be reasonably and directly ascertained or, when put together with other information, would
make an individual identifiable.

Sensitive Personal Information: Information related to an individual's race, ethnic origin, marital
status, age, health, education, genetic or sexual life, government-issued identifiers (such as
social security number), and financial data.

Privileged Information: Any and all forms of data that are considered privileged under existing
laws (e.g., attorney-client communications).

IV. Data Privacy Principles

The Act imposes a set of principles that data controllers and processors must adhere to when
handling personal data:

Transparency: Personal data processing must be fully transparent to the data subject. The data
subject must be aware of how, why, and what personal data is being processed.

Legitimate Purpose: The data collected must be for a legitimate purpose that is clearly
communicated to the data subject, and the data must be processed in a manner compatible
with that purpose.

Proportionality: Only personal data that is necessary for the declared purpose should be
collected, and it should not be retained longer than necessary.

V. Rights of Data Subjects

The Data Privacy Act grants individuals specific rights concerning their personal data:

Right to Be Informed: Individuals have the right to be informed whether their personal data is
being processed, including the purpose of such processing, the data being collected, and other
related information.

Right to Access: Data subjects have the right to access the personal data being held about them
and be informed about how this data has been processed.

Right to Rectification: If the data subject finds inaccuracies in their personal data, they have the
right to have it corrected without undue delay.

Right to Erasure or Blocking: Data subjects can demand the deletion or blocking of their
personal data if it is unlawfully processed or if it is no longer necessary for the purpose for
which it was collected.

Right to Object: Individuals can object to the processing of their personal data, especially for
purposes such as direct marketing or profiling.

Right to Data Portability: Data subjects have the right to receive a copy of their data in a
structured, commonly used, and machine-readable format.

Right to File a Complaint: The data subject can lodge a complaint with the National Privacy
Commission (NPC) in case of a violation of their privacy rights.

Right to Damages: Individuals are entitled to claim compensation for any damage caused by the
unlawful processing of their personal data.

VI. Obligations of Personal Information Controllers (PIC) and Personal Information Processors
(PIP)
Compliance with Data Privacy Principles: PICs and PIPs must strictly comply with the principles
of transparency, legitimate purpose, and proportionality when processing personal data.

Implementation of Security Measures: Entities must implement reasonable and appropriate

organizational, physical, and technical measures to secure personal data against breaches,
unauthorized access, and other risks.

Notification of Data Breach: In case of a breach of personal data, the PIC must inform the NPC
and the affected data subjects within 72 hours of discovering the breach.

Appointment of a Data Protection Officer (DPO): Every entity processing personal data is
required to appoint a Data Protection Officer who ensures compliance with the law and
manages data protection issues.

Data Processing Agreement: Where a PIC contracts with a PIP for data processing, a contract
ensuring compliance with data privacy standards must be executed between the parties.

VII. Security Measures and Breach Notification

The Data Privacy Act outlines stringent security measures to safeguard personal data. These
include:

Organizational Security: Establishing clear policies and procedures for data management and
protection, and ensuring that employees handling personal data are adequately trained.

Physical Security: Implementing access controls to prevent unauthorized physical access to

personal data storage facilities, whether on-premises or remote.

Technical Security: Employing measures such as encryption, secure storage, and access control
to protect personal data in electronic form.
Data Breach Notification: If a breach occurs, the PIC must notify the NPC and affected
individuals if the breach is likely to affect their rights and freedoms. This notification should
include the nature of the breach, the personal data involved, and actions taken to mitigate the
breach.

VIII. Enforcement and Penalties

The law grants the NPC powers to investigate and enforce compliance with the Act. Violators of
the Data Privacy Act face civil, criminal, and administrative liabilities:

Criminal Penalties: The Act provides for imprisonment of up to six (6) years and fines of up to
five million pesos (₱5,000,000) for violations such as unauthorized processing, accessing, or
disclosing personal data, and concealment of breaches.

Administrative Penalties: The NPC can impose administrative fines and sanctions, such as
revoking or suspending licenses, depending on the gravity of the violation.

Civil Liability: Data subjects who suffer damages due to non-compliance with the Act may seek
compensation.

IX. Role of the National Privacy Commission (NPC)

The National Privacy Commission is the primary enforcement body under the Data Privacy Act.
Its roles include:

Monitoring Compliance: Ensuring that entities comply with the Data Privacy Act and its
implementing rules and regulations.

Adjudicating Complaints: Handling complaints filed by data subjects and imposing penalties for
violations.

Issuing Guidelines: Issuing rules, guidelines, and advisory opinions to clarify the application of
the Data Privacy Act.

X. Relationship with the Constitution and the Bill of Rights

The Data Privacy Act of 2012 operationalizes the constitutional guarantee under Article III,
Section 3 of the 1987 Constitution, which provides for the privacy of communication and
correspondence. The Act complements this constitutional right by regulating the collection,
processing, and management of personal data in modern information systems, providing a legal
framework that balances the individual's right to privacy with the demands of technological and
economic advancement.

Conclusion

R.A. No. 10173, the Data Privacy Act of 2012, is a comprehensive legislative measure aimed at
protecting individuals' personal data from misuse while ensuring that the free flow of
information is not unduly restricted. The law’s extensive provisions on data subject rights, data
controller and processor obligations, security measures, and breach notification reflect the
country’s commitment to protecting privacy in the digital age. Compliance with this law is vital
for both public and private entities that handle personal information, and the enforcement
powers granted to the National Privacy Commission ensure that individuals’ rights are
adequately protected.