Right To Be Forgotten FINAL THESIS

TABLE OF CONTENTS
CHAPTER ONE: INTRODUCTION ............................................................. 1

A. Background of the study ................................................................................. 1
B. Significance of the study .................................................................................. 4
1. Digital population in the Philippines has dramatically increased ............ 4
2. Information hinder their employment prospects, hamper their ability to
obtain credit and prevent them from living their lives with dignity ............ 6
C. Statement of the problem................................................................................ 7
D. Scope and limitations ....................................................................................... 7
E. Methodology ..................................................................................................... 7
CHAPTER TWO: HOW THE RIGHT TO BE FORGOTTEN WORKS

....................................................................................................................................... 9
A. Scope of the right ............................................................................................. 9
B. How is the right to be enforced...................................................................... 9
1. Form available online by the service provider .......................................... 9
2. Search engine’s removal team will review the request at first instance 10
3. Appeal should be made to an independent adjudicatory court............. 11
4. Final Judgment ............................................................................................ 11
C. Factors to be considered ............................................................................... 11
1. Private information ..................................................................................... 11
2. Right to be Forgotten will not apply to public officer relating to his
public office ...................................................................................................... 13
3. Interest of the public in having access to that information. .................. 16
4. Only natural persons may enforce the Right to be Forgotten .............. 16
D. Nature and Business of Search Engines ...................................................... 17
CHAPTER THREE: LEGAL FRAMEWORK OF DATA PRIVACY IN

THE PHILIPPINES ............................................................................................ 19
i
A. 1987 Philippine Constitution ........................................................................ 19
B. Privacy Tort..................................................................................................... 20
C. Special laws have been passed by the Congress regarding privacy of
individuals .............................................................................................................. 21
1. Republic Act 10175 or The Cybercrime Prevention Act of 2012 ........ 21
2. Republic Act 8792 or The E-Commerce Act.......................................... 22
3. Republic Act 10173 or The Data Privacy Act of 2012 .......................... 23
4. Republic Act 9995 or Anti-Photo and Video Voyeurism Act .............. 25
D. Writ of Habeas Data ...................................................................................... 26
E. International legal frameworks on privacy and data protection ............... 27
1. Universal Declaration of Human Rights (UDHR) ................................. 27
2. International Covenant on Civil and Political Rights (ICCPR) ............ 28
3. Convention on Human Rights and American Convention on Human
Rights recognize privacy as a human right.................................................... 28
4. European Convention on Human Rights ................................................ 29
5. European Union Data Protection Directive (Directive 95/45/EC) .... 29
6. Organization for Economic Cooperation and Development (OECD)
30
7. Privacy framework endorsed by APEC nations ..................................... 32
CHAPTER FOUR: CONSTITUTIONAL DIMENSION OF THE

RIGHT TO BE FORGOTTEN ........................................................................ 34
A. The Right to be Forgotten is part of the Right to informational privacy 34
B. The Right to a Reputation ............................................................................. 38
C. Right to be Forgotten does not violate the Freedom of Expression under
Article III, Section 4 of the Constitution .......................................................... 40
1. Freedom of expression is not an absolute right ...................................... 40
2. Delisting in search engines does not restrict freedom of expression ... 43
CHAPTER FIVE: JURISDICTIONAL ISSUES .......................................... 44

A. Cyberspace jurisdiction .................................................................................. 44
ii
B. Means by which state can assert jurisdiction over data privacy protection
statutes ................................................................................................................... 46
1. Territoriality based on “establishment” ................................................... 46
2. Effects principle .......................................................................................... 47
3. Long-arm Statute ........................................................................................ 48
CHAPTER SIX: CONCLUSION ..................................................................... 52
CHAPTER SEVEN: RECOMMENDATION ............................................. 53
APPENDIX A : Right to be Forgotten Sample Google Form
iii
CHAPTER ONE: INTRODUCTION
A. Background of the study
“The enjoyment of a private reputation is as much a constitutional right

as the possession of life, liberty or property. It is one of those rights necessary to
human society that underlie the whole scheme of civilization.”1 According to
Roger Clarke, privacy is defined as the interest that individuals have in sustaining
a “personal space”, free from interference by other people and organizations.2 It
is “the right to be let alone” and as “the most fundamental of all rights cherished
by a free people.”3
The computer technology has advanced rapidly with the global internet
system.4 Such technology intrudes into privacy as personal information,
including evidence of present and past actions or associations may be
disseminated without the individual’s consent. There is also the probability of
introducing inaccurate information that might create erroneous information of
which the individual has no control.5
Professor Jorge Coquia further explained:

An individual, from the time of his birth, through the schools
he has attended, the work of which he was employed, and all
former and social associations, are recorded. He may have
filled up numerous forms all about himself without any idea
that all the information would one day be put together and
made available to others at different times and for various
1 Worcester v. Ocampo, 22 PHIL 42 (February 27, 1912).

2 Roger Clarke as cited in The Scope of Privacy in Digital World under Philippine Law and
Jurisprudence, https://ramrodriguez.wordpress.com/2015/07/03/the -scope-of-privacy-in-
digital-world-under-philippine-law-and-jurisprudence/#_edn1, (last visited December 21,
2016).
3Samuel D. Warren & Louis D. Brandeis, Right to Privacy, IV Harvard Law Review 193 –220,
193-220 (1890).
4Jorge R. Coquia, Annotation, The National Computerized Identification Reference System as
Violation of the Right to Privacy: A Review of the Principles and Jurisprudence on Privacy as
Human Rights, 293 SCRA 201 (1998).
5 Id.
1
purposes. An information of a privileged character can be fed
in a computer machine, which certainly is an invasion of one’s
privacy.6
Further, because of the advancement of technology, there is the need for

individuals to control the flow of information. In Vivares v. STC,7 the Supreme
Court held that:
“With the availability of numerous avenues for information

gathering and data sharing nowadays, not to mention each
system’s inherent vulnerability to attacks and intrusions, there
is more reason that every individual’s right to control said flow
of information should be protected and that each individual
should have at least a reasonable expectation of privacy in
cyberspace.”
Search engines have become a necessity, without which information

would be nigh on impossible to find and social media platforms play a crucial
role in enabling people around the world to communicate with each other.8
Search engines are a source of intelligence for us all. However, for some of us,
they are a source of concern.9 With the help of search engines, information are
now apparent online. The apparent permanence and instant availability of
information online has also come at a price.10
Search engines simultaneously allow access to information that individuals

may wish to keep “private” or secret, such as news articles about past crimes,
embarrassing old photos, or sex videos posted by ex-partners. Various types of
information, be it truthful, false, outdated or taken out of context, may cause
harm to individuals, and may threaten important values, such as dignity or
personal autonomy, which are protected by the right to privacy under
international human rights law.11 It may include information which individuals
6 Supra note 4.
7 Vivares v. St. Theresa’s College , GR No. 202666, (September 29, 20 14).
8 Article 19, The “Right to be Forgottten”: Remembering Freedom of Expression,
https://www.article19.org/data/files/The_right_to_be_forgotten_A5_EHH_H YPERLINKS.
pdf (2016).
9 Carly Nyst, Beyond the hype: The big issues in the European Court’s 'right to be forgotten'
ruling. (11/10/14) viewed at https://www.privacyinternational.org/node/458 (Last accessed
at November 4, 2016).
10 Supra note 8.
11 Supra note 8.
2
consented the posting of the said information before, but individual withdraws
such consent as it is now irrelevant, excessive or inadequate from the reason his
consent and would destroy one’s reputation.
The Right to be Forgotten was made more legally pronounced when the
Court of Justice of the European Union ruled in favor of Mr. Costeja Gonzalez
in Google Spain v. Gonzalez. Mr. Gonzalez was involved in insolvency proceedings
relating to social security debts in the late 1990’s. These proceedings were
reported in a regional newspaper in Spain and the article was later made available
online. Mr. Gonzalez, who was named in the report, asked the newspaper to
delete the piece arguing that the proceedings were concluded and it was no longer
relevant. The newspaper refused this request and prompting Mr. Gonzalez to
Google Spain to remove links to the article in its search results when his name
was entered into the Google search engine. The Spanish Data Protection
Authority, which had refused to order the newspaper to remove the original
article, asked Google Spain and Google Inc to remove the article from Google’s
index of search results.12 The Court of Justice of the European Union recognized
the Right to be Forgotten as a part of the fundamental right to privacy in the
Google Case.13
The concept of data privacy or informational privacy means that an

individual may claim that data about himself should not be automatically
available to other individuals and organizations, but when the data is made
available to another party, the individual must be able to exercise a substantial
degree of control over that data and its use.14 With the remedy of Right to be
Forgotten, individuals would have control over their information posted online.
The Right to be Forgotten allows individuals to delist or delink

information in search engines, may it be photo, video or data, which are
irrelevant, excessive and inadequate. It has been considered as a right of
individuals “to determine for themselves when, how, and to what extent
information about them is communicated to others”15 or as a right that gives the
individual increased control over information about them. It has been
Google Spain and Inc. v. Agencia Espanola de Proteccion de Datos (AEPD) and Mario Costeja Gonzalez ,
12
C-131/12, May 13, 2014.

13 Id.
14Roger Clarke, Introduction to Dataveillance and Information Privacy and Definition of
Terms, available at http://www.rogerclarke.com/DV/ (last accessed Nov. 4, 2016).
15 Alan F. Westin, Privacy and Freedom, Atheneum Press, New York (1967).
3
categorized as a privacy right even though it applies to information that is, at
least to some degree, public.16
B. Significance of the study
1. Digital population in the Philippines has dramatically increased
The Philippines has been crowned as the social network capital of the
world this is due to the fact that 93% of Internet Filipino users have Facebook.17
Based on a recent survey, the Philippines ranks 6th in the top 10 most engaged
countries for social networking.18 The internet audience’s growth rate shows no
signs of slowing down either. Here is a graph of the Internet growth in the
Philippines for the year 2009-2015:19
16 Supra note 8.
17MST Lifestyle, PH is social networking capital of the world, Manila Standard Today.
manilastandardtoday.com/2013/05/21/ph -is-social-networking-capital-of-the-world (May 21,
2013).
18Statistic Brain, Social Network Statistics, http://www.statisticbrain.com/social -networking-
statistics/.
19 Internet World Stats: Usage and Population Statistics.
http://www.internetworldstats.com/asia.htm#ph.
4
The graph clearly shows that Filipinos are fond of using the Internet, and
according to the statistics, there are fifty-four million Facebook users as of June
2016.20
Computer technology has advanced rapidly with the global internet

system,21 as well as the digital population in the Philippines. Such technology
tends to intrude into privacy as personal information, including evidence of
present and past actions or associations may be disseminated without individual’s
consent. There is clearly a need to protect informational privacy of individuals.
Individual should have control over their information. The advancement and
increase of digital population has the probability of introducing inaccurate
information that might create erroneous information of which the individual has
no control.22 With this, the proponent believes that the right to be forgotten is a
remedy that would better protect the Filipino individuals from intrusion of its
privacy in digital world.
20 Supra note 19.

21 Supra note 4.
22 Id.
5
2. Information hinder their employment prospects, hamper their
ability to obtain credit and prevent them from living their lives
with dignity23
Developments in our technology is now threatening our privacy.

According to Godkin, curiosity was the “chief enemy of privacy in modern life”.
Godkin noted that for a long time in history, gossip was oral and only slightly
wounded the individual. But “gossip about private individuals is now printed,
and makes its victim, with all his imperfections on his head, known to hundreds
or thousands miles away from his place of abode.”24
The vast majority of personal information available online is of limited

intrinsic value, whereas its accessibility could have disastrous consequences on
people’s lives: such information may thwart their employment prospects, hamper
their ability to obtain the credit they need, or simply prevent them from living
their lives with dignity.25
For example, A 13 year old boy stole some candy from a candy shop, gets
punished for it, and that information ends up on the Internet. The said
Information will be there as long as such webpage exists, which can easily be
searched. After 8 years, the boy, who is now 21 years old, tries to apply a job in
retail stores. However, due to the past information, the boy gets turned down
everytime, because the HR-department “googles” the name of the boy and finds
the link about him stealing candy. Yes the boy made a mistake when he was
young, but he got punished for it and changed for the better, he became a good
citizen. But the said mistake keeps on haunting him on the Internet, while a
human being would already have forgiven and forgotten such mistake.26
Various types of information – be it truthful, false, outdated or taken out

of context - may cause harm to individuals, and may threaten important values,
23 Supra note 8.
24E. L. Godkin, The Rights of the Citizen: IV. To His Own Reputation, Scribner’s Magazine
(1890).
25 Supra note 8.
26 Nielsbergervoet. Right to be forgotten is just as important as freedom of speech,
Technologica (2015) https://nielsbergervoet.wordpress.com/2015/09/30/right -to-be-
forgotten/ last visited Jan. 25, 2016.
6
such as dignity or personal autonomy, which are protected by the right to privacy
under international human rights law..27
The apparent permanence and instant availability of information online

has also come at a price. Search engines and social media platforms
simultaneously allow access to information that individuals may wish to keep
“private” or secret, such as embarrassing old photos, or sex videos posted by ex-
partners.
C. Statement of the problem
1. Does an individual still have a reasonable expectation of privacy if an

information is posted online?
2. Will the right to be forgotten violate the freedom of expression and

right to information?
3. Does the Philippine courts have jurisdiction over search engines

located outside the Philippines?
D. Scope and limitations
This study is limited to an examination and critical analysis of the

constitutionality and jurisdiction in establishing the Right to be Forgotten in the
Philippines.
E. Methodology
The Author employed Qualitative desk research in conducting this study

through the use of various Philippine law books, law journals, written and
published articles regarding the right to be forgotten and data privacy,
International Conventions and Treaties, as well as foreign and Philippine cases
27 Supra note 8.
7
regarding the privacy in digital world. The previously mentioned research
materials have been studied, compared, and used as references in order to come
up with this legal article.
8
CHAPTER TWO: HOW THE RIGHT TO BE FORGOTTEN
WORKS
A. Scope of the right
The Right to be Forgotten covers information that are initially posted by

the data subject, and information about the data subject posted by a third person.
It covers even lawfully processed accurate data, which in the course of time
become incompatible, where those data are no longer necessary in the light of
the purposes for which they were collected or processed. That the information
will appear to be inadequate, irrelevant or no longer relevant, or excessive in
relation to those purposes and in the light of the time that has elapsed.28 It applies
to personal data storage no longer necessary or is irrelevant for the original
purposes of the processing for which the data was collected.
The criteria for accuracy and relevance for example may critically depend
on how much time has passed since the original references to a person. While
some search results linking to content on other webpages may remain relevant
even after a considerable passage of time, others will not be so, and an individual
may legitimately ask to have them deleted.29
The term inadequate, irrelevant or excessive should be applied in its

general term. However, the said right would not apply to information of public
officer relating to his public office and information that has compelling state
interest.
B. How is the right to be enforced
1. Form available online by the service provider
a. The search engine shall provide a form30 that is available online.
28 Supra note 12 para 92.

29 European Commission, Factsheet on the “Right to be Forgotten” ruling (C -131/12),
http://ec.europa.eu/justice/data -
protection/files/factsheets/factsheet_data_protection_en.pdf.
30 Appendix A
9
b. The petitioner, his representative or a third person shall fill up the
form provided by the search engine.
c. The form requires submission of a photo ID of the petitioner.
Further, the representative or third person doing the submission
for the petitioner is required to present the petitioner’s photo ID
and a proof that they have obtained approval of the latter such as a
Special Power of Attorney (SPA).
d. The ID presented should be a government-issued ID.
e. The petitioner shall specify the name (legal name of the petitioner)
in which the information may be delisted.
f. The petitioner shall then be required to list one or more URLs be
removed provided he gives a reasonable explanation on why he
want it dropped.
2. Search engine’s removal team will review the request at first

instance
a. Upon receipt of the request by the search engine, it shall be

reviewed by the search engine’s removal team.
b. Once a request for delisting of search results has been submitted
by a data-subject, the data controller or search engine’s removal
team shall make a preliminary assessment as to whether the request
meets the formal requirements – that is, whether the claim has
prima facie validity. The requests will be reviewed on a case-by-case
basis.
c. The search engine’s removal team would base its decision of the
type of information. The basis for approval of the petition for the
Right to be Forgotten is when an information is irrelevant,
inadequate and excessive.
d. Publishers of webpages should be notified that a request to delist
their content has been made and would be given the decision
whether the petition was approved or denied.
e. If the petition of the Right to be Forgotten is approved, the
publisher of the data at issue should be given 30 days to contest the
approval in the Regional Trial Court of the Philippines.
10
f. However, in case the petition is denied, petitioner or his
representative will be notified and informed that an appeal may be
resorted to the Regional Trial Courts of the Philippines.
3. Appeal should be made to an independent adjudicatory court
Appeal to the approval or denial of the petition of the Right to be

Forgotten from the search engine’s removal team should be raised in the
Regional Trial Court of the Philippines.
4. Final Judgment
If the petition is granted, the search engine shall delist or delink the
domain site petitioned upon the receipt of the notice. Further, the domain site
or publisher shall be given fifteen days from receipt of the notice of question the
validity of the decision of trial judge in granting the petition.
On the other hand, if the petition would be denied, the petitioner shall be
given fifteen days from receipt of the notice to question the validity of the
decision.
C. Factors to be considered
1. Private information
There are two types of information, public or private. However, this study
is concerned with private information, because it is this type of information that
is prone to infringement of privacy. Data subject should have the control of the
flow of information. The following information are inherently private
information:
 Details of their intimate or sex life
 Information about their health
 Bank or payment accounts details (such as card numbers)
 Private contact or identification information, including PINs or
passwords, passport or social security numbers
11
 Other sensitive information such as trade-union membership, racial or
ethnic origin, political opinions or religious or philosophical belief could
also be considered private.31
There are also information that are sensitive by nature, and would affect
the individual’s private life. Under Section 3 or R.A. No. 10173 or Data privacy
act:
Sec. 3(l) Sensitive Personal Information refers to personal

information:
1. About an individual’s race, ethnic origin, marital status,
age, color and religious, philosophical or political
affiliations;
2. About an individual’s health, education, genetic or sexual
life of a person, or to any proceeding for any offense
committed or alleged to have been committed by such person,
the disposal of such proceedings, or the sentence of any court
in such proceedings;
3. Issued by government agencies peculiar to an individual
which includes, but not limited to social security numbers,
previous or current health records, licenses or its denials,
suspension or revocation and tax returns
4. Specifically established by an executive order or an act of
Congress to be kept classified.
The type of information the request is filed should be taken into account.
When the information belongs to one of the mentioned categories, strong
justification, such as an overriding public interest in the information at issue, will
need to be provided as to why it should remain accessible on the Internet through
a search for a person’s name. 32
The nature of information that points to strong privacy interest: Such as

intimate details of a person’s private life, personal financial information, personal
identifying information, criminal activity information, information about
children, information that is false or heightens privacy interest because of a risk
31 Supra note 8.
32 Supra note 8.
12
of harm, or information that heightens privacy interest because it is in digital
image or video form.33
Further, the court or other relevant body should assess the impact of the
passage of time on the public interest value of the information at issue and
whether it should remain easily discoverable through a search of someone’s
name.34 Further, as a general rule, recent information is more likely to have public
interest value, and therefore the balance of rights is less likely to be in favor of
delisting the links.35 The request should also be assessed whether applicants have
demonstrated that they have suffered substantial damage or harm due to the
availability of the search results linked to their name.36
The “substantial harm” criterion is especially important in circumstances

where individuals seek the de-listing of links to information of a public nature,
or information to which publication they previously consented, or information
they themselves made publicly available. The author believes that in such cases,
applicants should be required to show that their privacy is significantly affected
by the information remaining easily searchable.37
2. Right to be Forgotten will not apply to public officer relating to

his public office
This remedy should not apply to public officer or employee of a

government institution that would relate to his function or position because of
public interest. Public figure doctrine holds that public figures, those who by
their accomplishments, fame, mode of living, or particular profession have given
the public a legitimate interest in their affairs,38 have a generally decreased
expectation of privacy and they will naturally be the subject of discussion,
33 Joy Liddicoat, The Right to be Forgotten,

https://www.privacy.org.nz/assets/Files/Speeches -presentations/Right -to-be-Forgotten-Joy-
Liddicoat.pdf.
34 Supra note 8.
35 Supra note 8.
36Axel Springer v. Germany , op cit. or Court of Amsterdam, European Court, C/13/569654, (18
September 2014).
37 Supra note 8.
Ayer Prod’ns v. Capulong , GR No. 82380, 160 SCRA 861, April 29, 1988, citing Prosser and
38
Keepton on Tort 854 -63 (5 t h Ed., 1984).
13
especially in the media. The public figure doctrine is one area where Philippine
jurisprudence was arguably ahead of its American counterpart, as pointed out by
Chief Justice Fernando.39
The concept of “public figure” and the consequences of being such, the
Court quoted from Prosser and Keeton40:
A public figure has been defined as a person who, by his

accomplishments, fame, or mode of living, or by adopting a
profession or calling which gives the public a legitimate interest
in his doings, his affairs, and his character, has become a ‘public
personage.’ He is, in other words, a celebrity. Obviously to be
included in this category are those who have achieved some
degree of reputation by appearing before the public, as in the
case of an actor, a professional baseball player, a pugilist, or
any other entertainer. That list is, however, broader than this.
It includes public officer, famous inventors and explorers, war
heroes and even ordinary soldiers, an infant prodigy, and no
less a personage than the Grand Exalted Ruler of a lodged. It
includes, in short, anyone who has arrived at a position where
public attention is focused upon him as a person.
Such public figures were held to have lost, to some extent at

least, their right of privacy. Three reasons were given, more or
less indiscriminately, in the decisions” that they had sought
publicity and consented to it, and so could not complain when
they received it; that their personalities and their affairs had
already become public, and could no longer be regarded as
their own private business; and that the press had a privilege,
under the Constitution, to inform the public about those who
have become legitimate matters of public interest. On one or
another of these grounds, and sometimes all, it was held that
there was no liability when they were given additional publicity,
as to matters legitimately within the scope of the public interest
they had aroused.
The public figure exception to privacy, however, is not an absolute one,

and even the most famous celebrities retain privacy over the clearly private facets
of their lives, In Ayer,41 now Senator Juan Ponce Enrile was not allowed to
39 Phil. Comm’l and Indus. Bank v. Philnabank Employees’ Ass’n , GR No. 29630 , (July 2, 1981).
40 Prosser and Keeton on Torts, 5 t h Ed. at 859-861 (1984).
41 Supra note 38.
14
prohibit the publicized role in that historic event, his right to privacy could not
overcome the filmakers’ freedom of expression. On the other hand, Lagunzad
rule in favor of privacy when it addressed another movie about Negros mayoralty
candidate Moises Padilla. This second movie depicted Padilla’s private and family
life, and even including a certain Auring as his girlfriend.
Lagunzad emphasized: “Being a public figure ipso facto does not

automatically destroy in toto a person’s right to privacy.”42 As Warren and
Brandeis put it, “Some things all men alike are entitled to keep from popular
curiosity, whether in public life or not.”43
The Court said in Lagunzad v. Vda. de Gonzales44:
A limited intrusion into a person’s privacy has long been

regarded as permissible where that person is a public figure and
the information sought to be elicited from him or to be
published about him constitute matters of a public character.
Succinctly put, the right of privacy cannot be invoked to resist
publication and dissemination of matters of public interest.
The interest sought to be protected by the right of privacy is
the right to be free from ‘unwarranted publicity, from the
wrongful publicizing of the private affairs and activities of an
individual which are outside the realm of legitimate public
concern.
In Conclusion, the Right to be Forgotten should apply to information that

are inherently private such as gender, birthdate, On the other hand, the Right to
be Forgotten should not apply to information relating to a public officer
regarding his public office.
42 Lagunzad v. Vda. de Gonzales , GR No. 32066, 92 SCRA 476, (August 6, 1979).

43 Supra note 3.
44 Supra note 42.
15
3. Interest of the public in having access to that information.
Public interest is information that is important to matters of public

concern, may it be about public officials and public figures.45 This includes, but
is by no means limited to the following:
 Politics
 Public health and safety
 Law enforcement and the administration of justice
 Consumer and social interests
 The environment
 Economic issues
 The exercises of power
 Art and culture
Even intimate details of someone’s private life may be considered to be in

the public interest if it involves a public figure or that person is in a position of
trust, and there is a wider public interest dimension, e.g. a public figure using
public money to fund a lavish private lifestyle.46
Finally, as an exception to the above in the case of children or young

persons, special considerations should apply in their case. Children have a
stronger interest in the protection of their right to private life because of the
vulnerability inherent to their age. For this reason, even in cases where there is a
strong public interest, such as because the information concerns child abuse,
there would be strong countervailing interests in protecting children from
unwarranted publicity.47
4. Only natural persons may enforce the Right to be Forgotten
The Right to be Forgotten must be strictly limited, and certain minimum

requirements must be complied for such a right to be compatible with the right
to freedom of expression, both in terms of substance and procedure. The Right
45TshabalalaMsimang & Another v Makhanya and Others , High Court of South Africa, (18656/07)
[2007] ZAGPHC 161 (30 August 2007).
46 Supra note 8.
47 Id.
16
to be Forgotten should be limited to natural persons. The right should be limited
only to natural persons. The purpose of this right should ultimately be to protect
an individual’s dignity and privacy, which only individuals are capable of having.48
D. Nature and Business of Search Engines
In the early 1900s, the proliferation of information available on the

Internet and the growth of Internet-related businesses produced new challenges
for the distribution and dissemination of information. Search engines enhances
information sharing and expand global access to information by allowing users
to find online content through keyword searches.49
The first search engine was Archie, created in 1990 by Alan Emtage, a
student at McGill University in Montreal.50 Archie was a tool for indexing FTP
(File Transfer Protocol) archives through a searchable database of filenames as a
method of storing and retrieving file online.51 In the mid-90s, the new search
engine emerged, introducing a complex system of search modifiers, enabling
natural language searches, and grouping web pages by their underlying concepts
to fine-tune a users’ search results.52
In Google v. Gonzalez, the Court noted the activities of search engines –

which ‘collects’, ‘retrieves’, ‘records’, ‘organises’, ‘discloses’ and ‘makes available’
personal data – must be classified as ‘processing’.53 The Court emphasized the
capability of search engines to make data accessible to any internet user
conducting a search on the basis of a data subject’s name54 and to organize and
aggregate information into detailed profiles of the data subject55 may affect the
fundamental rights of the data subject significantly.56
48 Id.
49 Retail Servs., Inc. v. Freebies Publ’g , 354 F.3d 535, 541 n.1 (4 t h Cir. 2004).
50Urs Gasser, Regulat ing Search Engines: Taking Stock and Looking Ahead, Yale J.L. & Tech.
203 (2006).
51 Id.
52John Battelle, THE SEARCH: How Google and its rivals rewrote the rules of business and
transformed our culture 53 (2005).
54 Id para 36.
55 Id para 37.
56 Id para 38.
17
Further, the Court held that Google Spain’s activity of promoting and
selling advertising space offered by the search engine which made it economically
profitable was processing carried out in the context of the activities of
establishment.57 Search Engines are doing business in a country due to the service
it provides to the individuals.
57 Id para 56.
18
CHAPTER THREE: LEGAL FRAMEWORK OF DATA
PRIVACY IN THE PHILIPPINES
A. 1987 Philippine Constitution
In Black’s Law Dictionary, privacy describes as “the condition or state of

being free from public attention to intrusion into or interference with one’s acts
or decisions.” The right to privacy in the Philippines is guaranteed under the Bill
of Rights particularly Article III Section 2 and 3 of the 1987 Constitution.
Sec. 2. The right of the people to be secure in their persons,

houses, papers, and effects against unreasonable searches and
seizures of whatever nature and for any purpose shall be
inviolable, and no search warrant or warrant of arrest shall
issue except upon probable cause to be determined personally by
the judge after examination under oath or affirmation of the
complainant and the witness he may produce, and particularly
describing the place to be searched and the persons or things to
be seized.
Sec. 3. (1) The privacy of communication and correspondence

shall be inviolable except upon lawful order of the court, or when
public safety or order requires otherwise as prescribed by law.
(2) Any evidence obtained in violation of this or the
preceding section shall be inadmissible for any purpose in any
proceeding.
The right to privacy in the digital world is clearly protected in the

Philippines. However, there is still a need to improve these laws and statutes, as
it inadequately provides remedy for the needs of the citizen. As we step in the
modern age and with the evolution of technologies and gadgets, Philippines
should adopt laws that enhances the whole scope of privacy in digital world.
Right to be Forgotten, which is protects informational privacy should be clearly
established in the Philippines.
19
B. Privacy Tort
Under the Civil Code of the Philippines, Article 26 and Article 32 protects
personal privacy. To wit:
“Art. 26. Every person shall respect the dignity, personality,

privacy and peace of mind of his neighbors and other persons.
The following and similar acts, though they may not constitute
a criminal offense, shall produce a cause of action for damages,
prevention and other relief:
(1) Prying into the privacy of another's residence:
(2) Meddling with or disturbing the private life or family
relations of another;
(3) Intriguing to cause another to be alienated from his friends;
(4) Vexing or humiliating another on account of his religious
beliefs, lowly station in life, place of birth, physical defect, or
other personal condition.”
“Art. 32. Any public officer or employee, or any private

individual, who directly or indirectly obstructs, defeats, violates
or in any manner impedes or impairs any of the following rights
and liberties of another person shall be liable to the latter for
damages:
…
(9) The right to be secure in one's person, house, papers, and
effects against unreasonable searches and seizures;
…
(11) The privacy of communication and correspondence;
…”
Some aspects of privacy doctrine are more developed in tort law than in
Constitutional law, yet are readily applicable the moment one replaces the private
sector with a State agent.58 It must further be argued that tort law sheds further
light on values protected by privacy but hardly highlighted in Constitutional law.
Again, Ople59 detailed specific statutory zones of privacy.
58 Oscar Franklin B. Tan, Articulating The Complete Philippine Right to Privacy in

Constitutional and Civil Law: A Tribute to Chief Justice Fernando and Justice Carpio,
82 P HILIPPINE L AW J OUR NAL 81, 81.
59 Ople v. Torres, GR No. 127685, 293 SCRA 141, (July 23, 1998).
20
Zones of privacy are likewise recognized and protected in our
laws. The Civil Code provides that ‘[e]very person shall respect
the dignity, personality, privacy and peace of mind of his
neighbors and other persons and punishes as actionable torts
several acts by a person of meddling and prying into the privacy
of another. It also holds a public officer or employee or any
private individual liable for damages for any violation of the
rights and liberties of communications. The Revised Penal
Code makes a crime the violation of trespass to dwelling.
Invasion of privacy is an offense in special laws like the Anti-
Wiretapping Law, the Secrecy of Bank Deposits Act and the
Intellectual Property Code The Rules of Court on privileged
communication likewise recognize the privacy of certain
information.
In Privacy Tort, the person who invaded the privacy of another must have
a personal gain. A person has an actionable right to be free from the invasion of
privacy. Invasion of privacy is a tort based in common law allowing an aggrieved
party to bring a lawsuit against an individual who unlawfully intrudes into his/her
private affairs, discloses his/her private information, publicizes him/her in a
false light, or appropriates his/her name for personal gain.60 Right to privacy
under tort law confers personal rights on an individual as against other
individuals.
C. Special laws have been passed by the Congress regarding privacy of

individuals
1. Republic Act 10175 or The Cybercrime Prevention Act of 2012
The Philippines accede to the Budapest Convention on Cybercrime, the

first international treaty aimed at addressing Internet and cybercrime offenses in
harmony with domestic laws and through international cooperation.
Consequently, the Cybercrime Prevention Act was enacted to enforce the
objectives of the Convention.
60Common Law Right to Privacy, US Legal, https://privacy.uslegal.com/common -law-right-

to-privacy/ (last visited Feb 26, 2017).
21
The Cybercrime Prevention Act was passed to penalize crimes that are
committed with the use of computer. The said act is divided into 31 sections split
across eight chapters. It penalizes fifteen types of crimes constituting
Cybercrime61 or computer-related offenses such as illegal access (hacking), illegal
interception, data interference, system interference, misuse of devices,
cybersquatting, computer-related forgery, computer-related fraud, computer-
related identity theft and cybersex. The law also punishes and confirms laws that
are already punishable under the Revised Penal Code and other Special laws, such
as child pornography and libel. Moreover, it includes a “catch-all” provision,
which punishes all crimes that are defined and penalized by the Revised Penal
Code, as amended, and special laws, if committed by, through and with the use
of information and communications technologies.
2. Republic Act 8792 or The E-Commerce Act
R.A. No. 8792 was specifically enacted to protect businesses and

consumers in the cyber world. Electronic commerce is defined as the process of
buying and selling goods electronically by consumers and from company to
company through computerized business transactions.62 R.A. No. 8792 provides
in its declaration of policy that “the State recognizes the vital role of information
and communication technology (ICT) in nation-building” and further provides
that the State recognize “the need to create an information-friendly environment
which supports and ensures the availability, diversity and affordability of ICT
products and services.”63
The declaration of policy further recognizes the “obligation to facilitate

the transfer and promotion of adaptation technology for the national benefit”
and further states “the need to marshal, organize and deploy national
information infrastructures, comprising both telecommunications network and
strategic information services, including their interconnection to the global
information networks, with the necessary and appropriate legal financial,
diplomatic and technical framework, systems and facilities.”64
61 Section 4 of RA 10175 or The Cybercrime Prevention Act of 2012.
62Ramrodriquez, https://ramrodriguez.wordpress.com/2015/07/03/the -scope-of-privacy-in-
digital-world-under-philippine-law-and-jurisprudence/#_ednref4 (July 3, 2015).
63Christopher Lim, Privacy and Data Protection in the Philippines, 50 ATENEO L.J. 669
(2005).
64 Id.
22
R.A. No. 8792 has the following salient features: (1) it provides legal
recognition of electronic data messages, signatures, and documents and their
communication; (2) it penalizes hacking and privacy; (3) it recognizes the vital
role of information and communications technology in nation building; (4) it
facilitates domestic and international dealings, transactions, arrangements,
contracts and exchanges and storage of information; it applies to both
commercial and non-commercial transactions; (5) it made the Department of
Trade and Industry (DTI) the lead agency to direct and supervise the promotion
and development of electronic commerce in the country; and (6) it provides for
the extent of liability of service providers.
Section 24 provides that parties to any electronic transaction are free to

determine the type and level of electronic data message or electronic document
security needed, and to select and use or implement appropriate technological
methods that suit their needs. It merely provides that the parties involved may
control the level of security they need. It may include the type and level of
encryption they would like to employ when transmitting data to one another, or
maybe the security software they would use to prevent data leakage as the data
passes through the network.65 Section 32 provides for an obligation of
confidentiality on the part of the person or entity collecting with regard to any
electronic information obtained.66
Neither do these two provisions specifically refer to personal data.

Without jurisprudence to test these definitions as regards informational privacy,
it can at most only be inferred and maybe even hoped that these definitions
would cover informational privacy, such the Electronic Commerce Act
insufficient.67
3. Republic Act 10173 or The Data Privacy Act of 2012
With the changing of the time’s new basic mediums of communications

are now introduced like desktop computers and cellular phones. The gadgets
evolved into more advanced technology like iPads, iPods, iTouch, laptops, smart
65 Supra note 63.

66 Id.
67 Id.
23
phones in which watching videos, listening to audios, surfing the Internet are
now possible.
With the new gadgets and technologies invented, the right to privacy in
today’s generation has soared parallel to the expansion of these technologies.
Information may easily be published and republished on the internet with just a
click of a button. Further, it does not only reach local subscribers but subscribers
from all over the world. An individual’s right to privacy is beyond paper-bound
and therefore, the legislature had to enact certain laws that could protect a private
right. Hence the creation of Republic Act No. 10173 or the Data Privacy Act of
2012.68
In its declaration of policy, the law states that, although the free flow of
information promotes innovation and growth, it is essential that personal
information in the government’s and private sector’s information and
communications system are secured and protected. 69
Personal information is defined as “any information whether recorded in

material form or not, from which the identity of an individual is apparent or can
be reasonably and directly ascertained by the entity holding the information.” It
includes facts and figures about a person’s race, ethnic origin, marital status, age,
color and religious, philosophical and political affiliations. Or practically, his life
story.70
R.A. No. 10173 established the National Privacy Commission tasked to

ensure that proper handling of privileged and sensitive information of an
individual, also called the data subject, by the data controllers and data
processors. The scope of the law is broad enough to grant reliefs to those whose
right to privacy have been intruded. Information Technology (IT) industry and
Business Process Outsourcing (BPO) industry will benefit most in this law
because of the size of information processed in these industries that must be
68 The Scope of Privacy in a Digital World under Philippine law and jurisprudence.
https://samfaedchan.wordpress.com/2015/07/03/the -scope-of-privacy-in-a-digital-world-
under-philippine -law-and-jurisprudence/ (last visited January 5, 2017).
69 Raul J. Palabric, Data Privacy Act of 2012, Inquirer.net, August 31, 2012,
http://business.inquirer.net/79534/data -privacy-act-of-2012 (last visited Feb 18, 2017).
70 Id.
24
within international standards of privacy for them to be able to compete in the
global market.71
4. Republic Act 9995 or Anti-Photo and Video Voyeurism Act
Anti-Photo and Video Voyeurism Act or R.A. No. 9995 prohibits

recording videos or taking photos of a sexual act, the male or female genitalia,
and of the female breast, among others, without consent of the persons featured
in the material. The law ultimately seeks to prevent the reproduction,
distribution, and publication of said material regardless of whether or not the
persons featured consented to the recording.
The Law mentioned four prohibited acts namely:

 The unconsented taking of a photo or video of a person or group
of persons engaged in a sexual act or any similar activity, or
capturing an image of the private area of a person, under
circumstances in which the said person has a reasonable
expectation of privacy;
 The copying or reproduction of such photo or video recording of
the sexual act;
 The selling or distribution of such photo or video recording;
 The publication or broadcasting, whether in print or broadcast
media, or the showing of such sexual act or any similar activity
through VCD/DVD, the internet, cellular phones, and other
similar means or devices without the written consent of the persons
featured.72
R.A. No. 9995 contemplates two situations where a person can have a
reasonable expectation of privacy: first, when the person believes that one could
undress in privacy without being concerned that an image of him or her being
taken. Second, when a reasonable man would believe that one’s private would
not be visible regardless of whether the person is in public or private place.73
71 Supra note 62.

72 Section 4 of RA 9995 or Anti -Photo and Video Voyeurism Act of 2009.
73 Section 3 of RA 9995 or Anti -Photo and Video Voyeurism Act of 2009.
25
The penalties for any person found guilty of violating any of the
prohibitions enumerated under Section 4 of R.A. 9995 range from an
imprisonment of three to seven years and a fine of P100,000.00 up to
P500,000.00 at the discretion of the court. Additional penalties are meted for the
following violators: juridical persons, public officers or employees, and aliens.
The law provides a penalty for the violators of the said law, however, it does not
provide a remedy for the photos and videos taken in violation of the said law.
Though R.A. No. 9995 provides for the penalty of violators as mentioned
above, it did not provide for the remedy of those photos and videos available
online. These photos and videos are still prone for circulating. Hence, the
proponent submit that the Right to be Forgotten would be the best remedy to
stop the further spreading the said photos and videos.
D. Writ of Habeas Data
The Writ of Habeas Data is “a remedy available to any person whose right
to privacy in life, liberty or security is violated or threatened by an unlawful act
or omission of a public official or employee, or of a private individual or entity
engaged in the gathering, collecting or storing of data or information regarding
the person, family, home and correspondence of the aggrieved party”.74 It is a
remedy designed to protect the image, privacy, honor, information, and freedom
of information of an individual, and to provide a forum to enforce one’s right to
the truth and to informational privacy. It seeks to protect a person’s right to
control information regarding oneself, particularly in instances in which such
information is being collected through unlawful means in order to achieve
unlawful ends.75 It is independent and summary.
According to Enrique Falcon, a comparative law scholar, Writ Habeas Data

is “a procedure designed to safeguard individual freedom from abuse in the
information age.”76 The importance of the Writ in present times is stressed by
the fact that it can be a mechanism available to citizens that to ensure a real
74 A.M. No. 08-1-16-SC, February 2, 2008 Sec 1.

75 Gamboa v. Chan, 677 SCRA 385, (July 24, 2012).
Enrique Falcon, Habeas Corpus: Concepto y Procedimiento (1996) Editorial Abeledo Perrot,
76
Buenos Aires p. 28.
26
control over sensible personal data, stopping the abuse of such information that
is detrimental to the individuals.77
The writ, however, will not issue on the basis merely of an alleged
unauthorized access to information about a person. The availment of the writ
requires the existence of a nexus between the right to privacy on the one hand,
and the right to life, liberty or security on the other.78 Thus, the existence of a
person’s right to informational privacy and a showing, at least by substantial
evidence, of an actual or threatened violation of the right to privacy in life, liberty
or security of the victim are indispensable before the privilege of the writ may be
extended.79 The two must be present for the writ to be available.
E. International legal frameworks on privacy and data protection
Under this section, the author would like to present the different
international treaties and conventions around the world that would clearly show
that privacy is an important basic human right. With this, the author would
clearly show that Right to be Forgotten, a necessary incident of right to privacy,
should be established in the Philippines.
1. Universal Declaration of Human Rights (UDHR)
The legal protection of the right to privacy in general – and of data privacy
in particular – varies greatly around the world. The Universal Declaration of
Human Rights mandates that, “no one shall be subjected to arbitrary interference
with his privacy, family, home or correspondence, nor to attacks upon his honor
and reputation. Everyone has the right to the protection of the law against such
interference or attacks.”80 There is a significant challenge for organizations that
hold sensitive data to achieve and maintain compliance with so many regulations
that have relevance to information privacy.
77Gonzales Murua, Ana Rosa. El Derecho a la Intimidad, el Derecho a la Auto determinacion

Informativa (1994), Instituto de Ciencias Sociales, Barcelona.
78 Supra note 75.
79 Roxas v. Macapagal-Arroyo, 630 SCRA 211, (September 7, 2010).
80Article 12 of the Universal Declaration of Human Rights. See also Article 17 (1) and (2) of
the International Covenant on Civil and Political Rights.
27
2. International Covenant on Civil and Political Rights (ICCPR)
Based on the declaration in the UDHR, right to privacy is also enshrined

in Article 17 of the International Covenant on Civil and Political Rights, which
states that:
Article 17
1. No one shall be subjected to arbitrary or unlawful interference
with his privacy, family, home or correspondence, nor to
unlawful attacks on his honour and reputation.
2. Everyone has the right to the protection of the law against
such interference or attacks.
3. Convention on Human Rights81 and American Convention on

Human Rights82 recognize privacy as a human right
The Right to privacy is recognized as a basic human right of individuals.

It is enshrined in the Convention on Human Rights and American Convention
of Human Rights. Under Article 8 of the Convention for the Protection of
Human Rights and Fundamental Freedoms, which states that:
Article 8 – Right to respect for private and family

life
1. Everyone has the right to respect for his private and family life,
his home and his correspondence.
2. There shall be no interference by a public authority with the
exercise of this right except such as is in accordance with the law
and is necessary in a democratic society in the interests of
national security, public safety or the economic well-being of the
country, for the prevention of disorder or crime, for the protection
Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms,
81
Rome, 4.XI. 1950.

82Article 11 of American Convention on Human Rights "PACT OF SAN JOSE, COSTA RICA"
(B-32).
28
of health or morals, or for the protection of the rights and
freedoms of others.
Further, under Article 11 of the American Convention on Human Rights

states that:
Article 11. Right to Privacy

1. Everyone has the right to have his honor respected and his
dignity recognized.
2. No one may be the object of arbitrary or abusive interference

with his private life, his family, his home, or his correspondence,
or of unlawful attacks on his honor or reputation.
3. Everyone has the right to the protection of the law against

such interference or attacks.
4. European Convention on Human Rights
European Convention on Human Rights and Article 8 of the Charter of

Fundamental Rights of the European Union expressly recognizes the
fundamental right to the protection of personal data, which states that:
ARTICLE 8 Right to respect for private and family life 1.

Everyone has the right to respect for his private and family life,
his home and his correspondence. 2. There shall be no
interference by a public authority with the exercise of this right
except such as is in accordance with the law and is necessary in
a democratic society in the interests of national security, public
safety or the economic well-being of the country, for the prevention
of disorder or crime, for the protection of health or morals, or for
the protection of the rights and freedoms of others.
5. European Union Data Protection Directive (Directive

95/45/EC)
29
The European Union adopted several Directives on data protection.83
Further, its constitutional instruments now recognize that protection of personal
data is in itself a basic human right. One of its Data Protection Directive is
Directive 95/46/EC. It is a directive adopted by the European Union designed
to protect the privacy and protection of all personal data collected for or about
citizen of the EU, especially as it relates to processing, using, or exchanging such
data. Directive 95/46/EC encompasses all key elements from Article 8 of the
European Convention on Human Rights, which states its intention to respect
the rights of privacy in personal and family life, as well as in the home and in
personal correspondence.
EU Directive 95/46/EC enshrined seven principles:

 Notice – subjects whose data is being collected should be given
notice of such collection
 Purpose – data collected should be used only for stated purpose(s)
and for no other purposes.
 Consent – personal data should not be disclosed or shared with
third parties without consent from its subject(s)
 Security – once collected, personal data should be kept safe and
secure from potential abuse, theft, loss
 Disclosure – subjects whose personal data is being collected should
be informed as to the party or parties collecting such data.
 Access – subjects should granted access to their personal data and
allowed to correct any inaccuracies.
 Accountability – subjects should be able to hold personal data
collectors accountable for adhering to all seven of these principles.
6. Organization for Economic Cooperation and Development

(OECD)
OECD developed guidelines based on the principle that privacy

protection is an important human right. The free flow of trans-border data is a
83Directive 96/46/EC on the Protection of Individuals with Regard to the Processing of

Personal Data and on the Free Movement of such Data (“EU Directive”)
30
prerequisite for a free economy84, but such free flow of information is affected
by privacy protection. The OECD Privacy Guidelines broadly influenced policy-
making by introducing broad principles that can harmonize privacy protection
in different states. It set out the following eight basic privacy principles:
 Collection Limitation requires that the collection data be limited to
what is RELEVANT and NECESSARY for the purposes for
which they are collected and that it will be obtained by lawful and
fair means with the knowledge of the data subject.
 Data Quality – personal data collected should be relevant for the
purpose for which it is to be used, to the extent necessary for these
purposes, and should be accurate and up to date.
 Purpose Specification and Notice – the purpose for which personal
data are collected should be specified not later than the time of data
collection. The subsequent use of data is limited to such purposes
and to other purposes not incompatible with such.
 Use Limitation – as a general rule, data should not be disclosed,
made available or used for purposes other than those specified for
its collection. The exceptions are when the individual consents or
when the law so requires its disclosure.
 Security Safeguard – this requires that personal data be protected
by reasonable security safeguards against risks like loss,
unauthorized access, destruction, use, modification or disclosure of
data.
 Openness – this refers to practices and policies regarding personal
data. Means should be readily available for establishing the
existence and nature of personal data, and the main purposes of
their use, as well as identity and usual residence of the data
possessor or collector.
 Individual Participation – the individual should have the right to
have reasonable access to data collected, the right to challenge data
relating to him or her and, if the challenge is unsuccessful, to have
the data erased, rectified, completed or amended.
84Tony Lam, An Overview of the Principles Established by the APEC Privacy Framework,
available at http://www.apec.org.
31
 Accountability – the data controller is made accountable for giving
effect to these principles by complying with the protection
accorded the individual.
7. Privacy framework endorsed by APEC nations
In November 2004, the APEC nations endorsed its Privacy Framework.85

The framework, which consists of nine principles, aims to balance privacy rights
and the public interest in e-commerce. The principles are as follows:
 Preventing Harm – the aim of privacy protection is to prevent harm
to individuals resulting from wrongful collection or misuse of their
personal information. This principle endorses proportionality, for
example, remedies should be proportional to the likelihood and
severity of the risk of harm.
 Notice – a data controller must inform the individual the purpose
for which personal information is being collected. This principle
also requires that all reasonably practicable steps, including the use
of web sites, be taken to provide the notice before or at the time of
data collection.
 Collection Limitation – this is similar to the OECD principle.
 Use of Personal Information – use of personal information should
be limited to fulfilling the purposes of collection and other
compatible or related purposes.
 Choice – this provides individuals with mechanisms to exercise
choice in relation to the collection, use and disclosure of their
personal information.
 Integrity of Personal Information – personal information should be
accurate, complete, and kept up-to-date to the extent necessary for
the purpose of use.
 Security Safeguards – appropriate security safeguards are required
to be applied to personal information provided these safeguards are
proportional to the likelihood and severity of the information and
the context in which it is held.
85 APEC Privacy Framework, available at http://www.apecsec.org.sg .
32
 Access and Correction – individuals are given the right to access
their personal information, challenge its accuracy, and request
correction when appropriate. However, access need not be
provided if the burden or expense of doing so would be
unreasonable or disproportionate to the risks or disclosure to the
individual would compromise security or the confidentiality of
commercial information.
 Accountability – the data controller is accountable for complying
with measures that give effect to the said principles. 86
86 Supra note 63.
33
CHAPTER FOUR: CONSTITUTIONAL DIMENSION OF
THE RIGHT TO BE FORGOTTEN
A. The Right to be Forgotten is part of the Right to informational

privacy
Privacy is a fundamental human right, enshrined in numerous

international human rights instruments.87 It is necessary for the protection of
human dignity and the basis of any democratic society. The Philippines has
recognized privacy as a fundamental right for many years. One of the
fundamental policies of the State is to put premium on the dignity of every
person and guaranteeing full respect for their human rights, as enshrined in the
Constitution.
United Nations adopted the Universal Declaration of Human Rights

(UDHR) to recognize formally the inalienable rights of every person. The
UDHR enumerates many rights, including those established in Article 12, which
states that “no one shall be subjected to arbitrary interference with his privacy,
family, home or correspondence, nor to attacks upon his honour and reputation.
Everyone has the right to the protection of the law against such interference or
attacks.”88 The UDHR thus not only set out a universal articulation for the right
to privacy; it simultaneously called on nations to establish privacy as a legal right.
The right set out herein forms part of the law of land in the Philippines by virtue
of Article 2, Section 2 of the 1987 Constitution, incorporating generally accepted
principles of international law. Furthermore, the UDHR principles have already
risen to the level of Customary International Law, and is therefore binding on
the Philippines as a member of the United Nations.
87Universal Declaration of Human Rights Article 12, United Nations Convention on Migrant
Workers Article 14, UN Convention of the Protection of the Child Article 16, International
Covenant on Civil and Political Rights, International Covenant on Civil and Political Rights
Article 17; regional conventions including Article 10 of the African Charter on the Rights and
Welfare of the Child, Article 11 of the American Convention on Human Rights, Article 4 of
the African Union Principles on Freedom of E xpression, Article 5 of the American Declaration
of the Rights and Duties of Man, Article 21 of the Arab Charter on Human Rights, and Article
8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms;
Johannesburg Principles on National Security, Free Expression and Access to Information,
Camden Principles on Freedom of Expression and Equality.
88 Article 12 of the Universal Declaration of Huma n Rights.
34
The United States Supreme Court in the case of Whalen v. Roe established
the two aspects of the right to privacy, decisional privacy and informational
privacy. Decisional privacy, in the case of Roe v. Wade, was described as the right
distinct from liberty, by which an individual is free to make his own choices and
the government is precluded from interfering. Informational privacy, on the
other hand, was described as the ability to control the collection, use, and
disclosure of one’s personal information.89 In Whalen, the Court explained that
informational privacy has two aspects: the right not to have private information
disclosed and the right to live freely without surveillance and intrusion. The right
to informational privacy has been discussed and recognized by Philippine
jurisprudence. In the case of Disini vs. Secretary of Justice, the Supreme Court cited
the very same right as discussed in Whalen in discussing whether the restrictions
imposed by the cybercrime law are constitutional.
The right to be forgotten is defined as "the right to silence on past events

in life that are no longer occurring." It leads to allowing individuals to have
information, videos or photographs about themselves deleted from certain
internet records so that they cannot be found by search engines.90 This right is
thus a manifestation of the right to informational privacy, allowing an individual
to control information him published by search engines.
In Katz v. United States, the Court laid down a two-fold test in determining
whether a matter is entitled to privacy: the first is a subjective test, where one
claiming the right must have an actual or legitimate expectation of privacy over
a certain matter. The second is an objective test, where his or her expectation of
privacy must be one society is prepared to accept as objectively reasonable.
The proponent submits that information covered by the right to be

forgotten falls under the sphere of privacy. As established in Chapter 2(A) of this
Study, the right covers information about an individual that is irrelevant,
inadequate, or excessive in relation to those purposes and in the light of the time
that has elapsed.91
89 Roger J.R. Levesque, Adolescence, Privacy, and the Law: A Developmental S cience
Perspective,
http://www.oxfordscholarship.com/view/10.1093/acprof:oso/9780190460792.001.0001/acpr
of-9780190460792 -chapter-4 (September 2016).
90Alessandro Mantelero, "The EU Proposal for a General Data Protection Regulation and the
roots of the 'rig ht to be forgotten'". Computer Law & Security Review . 29 (3): 229–235 (2013).
35
The first test is met. When information becomes irrelevant, inadequate, or
excessive, the individual has an actual expectation of privacy over such
information, because the accuracy of the information is already impaired. While
it is acknowledged that under the third-party doctrine,92 there is no legitimate
expectation of privacy as to information voluntarily offered to a third party, the
proponent submits that the extent that privacy is relinquished under the doctrine
is only as regards the accurate meaning of the information at the time it was
published. When this accuracy or meaning has changed by the passage of time
or the change of circumstances, the expectation of privacy is restored, because
such change is no longer with the consent of the person concerned. Besides, legal
scholars have acknowledged that the third party doctrine is too sweeping a
doctrine to determine the existence of an expectation of privacy, the
restriction/standard proposed above is a fitting way to limit the doctrine and
protect individual privacy rights.
The second test is likewise met. The expectation of privacy involved is

one which society is prepared to accept as objectively reasonable because in the
very first place society has no interest in the private life or information of an
individual. Information that concerns him is his concern alone. This is part of
the right to privacy.93
The basic attribute of an effective right to informational privacy is the

individual’s ability to control the flow of information concerning or describing
him, which however must be overbalanced by legitimate public concerns. To
deprive an individual of his power to control or determine whom to share
information of his personal details would deny him of his right to his own
personhood. For the essence of the constitutional right to informational privacy
goes to the very heart of a persons individuality, a sphere as exclusive and as
personal to an individual which the state has no right to intrude without any
legitimate public concern.94
As the erosion of personal privacy by computer technology and advanced

information systems accelerate, the individual’s ability to control its use has
diminished. Sharing of data among government agencies and private and public
organizations are not uncommon. Aside from the chilling prospect that one’s
profile is being formed from the gathering of data from various sources, there is
92 Smith v. Maryland , 442 U.S. 735 (1979).

93 Whalen v. Roe, 429 U.S. 589 (1977).
94 Kilusang Mayo Uno v. NEDA, GR 167798, (April 19, 2006) Dissenting Opinion.
36
also the unsettling thought that these data may be inaccurate, outdated or worse,
misused. There is therefore a pressing need to define the parameters on the use
of electronic files or information, to be properly initiated by a legislative act.95
Privacy principles have long contended that if some institution holds

information on individuals, then individuals retain rights about how that
information is used, and it must abide by a set of fair information practices.96
The right to be forgotten is the often described as the right to have control over
one’s life. Control conceived as a set of “micro-rights” should undoubtedly be
considered as a central element to any empowerment policy in the field of privacy
and data protection.
A. Westin describes privacy as “the claim of individuals, groups, or

institutions to determine for themselves when, how, and to what extent
information about them is communicated to others.”97 The idea that privacy is
the ability of the individual to control the terms under which personal
information is acquired and used has been endorsed by a broad community of
scholars. C. Fried (1968) also recognizes that being able to maintain control over
personal information is crucial. It allows us to create the necessary context for
relationships of respect, trust and friendship. According to him, “privacy is not
simply an absence of information about us in the minds of others; rather it is the
control we have over information about ourselves.”98 Along same lines, J.
Rachels (1975) argues that there is a close connection between the ability to
control who has access to one’s information and one’s ability to maintain a
variety of social relationships with different types of people.99
Beside self-determination and self-management, informational privacy

scholars have also conceptualized control and data subject’s right in terms of
property. Indeed, an important part of the privacy literature has focused on
property-based metaphors and descriptions to sustain the argument that a greater
control over personal information could be achieved through market-oriented
mechanisms based on individual ownership of personal data. According to this
view privacy can be compared to a property right: “Privacy can be cast as a
property right. People should own information about themselves and, as owners
95 Supra note 94.
96 Supra note 12.
97 Supra note 15.
98 Ch. Fried (1968), Privacy. In: Yale L. J., Vol. 77, p. 482.
99 J. Rachels (1975), Why privacy is important. In: Philosophy & Public Affairs, Vol. 4, p. 326.
37
of property, should be entitled to control what it is done with it.”100 Or as V.
Bergelson puts it “in order to protect privacy, individuals must secure control
over their personal information by becoming real owners.”101
B. The Right to a Reputation
The right to be forgotten can be considered as being contained in the right

of the personality, encompassing several elements such as dignity, honor, and the
right to private life.102 Everyone is entitled to the right to reputation, that
reputation of each individual should always be protected, and it is where the
Right to be Forgotten is partly based.
Reputation is defined by the Oxford English Dictionary as “the general

opinion or estimate of a person’s character or other qualities; the relative esteem
in within a person or thing is held”. Within the Western tradition, there is a long-
standing and strong consensus that both reputation, and the right to it, are of
foundational importance. Thus, Solove in his book “The future of reputation”
argues that our reputation is one of our most cherished assets. Our reputation is
an essential component of our freedom, for without the good opinion of our
community, our freedom can become empty. Our reputation can be a key
dimension of our self-conception, our reputation affects our ability to engage in
basic activities in society. We depend upon others to engage in transactions with
us, to employ us, to befriend us, and to listen to us.103
In the case of Worcester v. Ocampo,104 the court ruled that the enjoyment
of a private reputation is as much a constitutional right as the possession of life,
liberty or property. It is one of those rights necessary to human society that
underlie the whole scheme of human civilization, the Court in Worcester held:
"The respect and esteem of his fellows are among the highest
rewards of a well-spent life vouchsafed to man in this
existence. The hope of it is the inspiration of youth, and their
possession the solace of later years. A man of affairs, a business
100 J. Litman, Information Privacy/Information Property. In: Stan. L. Rev., Vol. 52, (2000).
101V. Bergelson, It’s Personal but Is It Mine?, Toward Property Rights in Personal Information.
In: U.C. Davis L. Rev., Vol. 37, (2003).
102 Rolf H. Weber, The Right to Be Forgotten : More Than a Pandora’s Box?, (2011).
103 D. J. Solove, The Future of Reputation (New Haven, Conn., 2007).
104 Supra note 1.
38
man, who has been seen and known of his fellowmen in the
active pursuits of life for many years, and who has developed
a great character and an unblemished reputation, has secured a
possession more useful, and more valuable than lands, or
houses, or silver, or gold . . .
"The law recognizes the value of such a reputation, and

constantly strives to give redress for its injury. It imposes upon
him who attacks it by slanderous words, or libelous
publication, a liability to make full compensation for the
damage to the reputation, for the shame and obloquy, and for
the injury to the feelings of the owner, which are caused by the
publication of the slander or the libel.
"It goes further. If the words are spoken, or the publication is

made, with the intent to injure the victim, or with the criminal
indifference to civil obligation, it imposes such damages as a
jury (in this case the judge), in view of all the circumstances of
the particular case adjudge that the wrongdoer ought to pay as
an example to the public, to deter others from committing like
offenses, and as a punishment for the infliction of the injury.
"In the ordinary acceptance of the term, malice signifies ill will,
evil intent, or hatred, while it is legal signification is defined to
be "a wrongful act done intentionally, without legal
justification."
The right to reputation and right to privacy are important to achieve the
right to have a good life. The right to privacy is the inalienable right of an
individual to be let alone.105 The right to be forgotten is a necessary incident to
the right to privacy. One type of the right to privacy is the informational privacy.
105 Supra note 94.
39
C. Right to be Forgotten does not violate the Freedom of Expression
under Article III, Section 4 of the Constitution
1. Freedom of expression is not an absolute right
Freedom of expression carries with it responsibilities and has limits both

in the online and offline world.106 Freedom of expression and Right to
Information, are constitutional rights107, but are not absolute rights.108
The right to freedom of expression and information (freedom of

expression) protects the free flow of information, opinion and ideas. It applies
to all media and regardless of borders. It includes the right not only to impart
but also to seek and receive information. Freedom of expression has long been
recognized as fundamental to both individual autonomy and a free society in
general.109
The right to freedom of expression is recognized in nearly every national

constitution and in most international human rights treaties including the
Universal Declaration of Human Rights (UDHR),110 the International Covenant
on Civil and Political Rights (ICCPR),111 the African Charter on Human and
Peoples' Rights (African Charter),112 the American Declaration of the Rights and
Duties of Man (American Declaration),113 and the American Convention on
Human Rights (American Convention),114 and the European Convention on
Human Rights (European Convention).115
106 Supra note 12.

107 Section 4, Article III of 1987 Constitution.
108Limitations, Article 19, https://www.article19.org/pages/en/limitations.html (last visited
Jan 29, 2017).
109Handyside v. The UK, European Court of Human Rights (European Co urt) Appl. no. 5493/72,
(7 December 1976 ).
110 Article 19 of the UDHR.
111 Article 19 of the ICCPR.
112 Article 9 of the African Chapter.
113 Article 4 of the American Declaration.
114 Article 13 of the American Convention.
115 Article 10 of the European Convention.
40
Freedom of expression is not absolute. In oft quoted expression of Justice
Holmes:
“the constitutional guarantee obviously was not intended to
give immunity for every possible use of language.”
International standards make it clear that freedom of expression is a qualified

right which may be limited, provided the restriction complies with a three-part
test. The restriction must:
• be provided by law;
• pursue the legitimate aims explicitly enumerated in Article 19 of the
ICCPR; and
• be necessary in a democratic society. In particular, the requirement of
necessity entails that the measure adopted must be proportionate to the
aim pursued. If a less intrusive measure is capable of achieving the same
purpose as a more restrictive one, the least restrictive measure must be
applied.116
In the International law, it declares that freedom of expression has

limitations, which are its exceptions. The following are the exceptions which are
permitted only to protect:
 The rights or reputation of others
 National Security
 Public Order
 Public Health
 Morals.117
One of the permitted exception of freedom of expression is when the said

limitation would protect the rights and reputation of others. Access to
information may be limited subject to certain conditions, including whether
disclosure of such information would cause substantial harm to the privacy
interests of the individual concerned, and whether there is an overriding public
interest in making the information available.118
116 Supra note 8.

117 Supra note 108.
118 Supra note 8.
41
The balance between freedom of expression and right to privacy may
depend on the nature of the information in question, its sensitivity for the
person’s private life and on the public interest in having that information. It may
also depend on the personality in question: the right to be forgotten is certainly
not about making prominent people less prominent or making criminals less
criminal.119 There are also exceptions under the right to be forgotten which
would protect the public at large. Public officers and employees with regard to
their public office are not protected by the right to be forgotten.
Further, restraints on free speech are generally evaluated on one of or a

combination of three tests: (1) the dangerous tendency doctrine (2) the balancing
of interest test and (3) the clear and present danger rule.
First, the danger tendency doctrine is applied to detect whether an act

caused evil for a society. When a substantial evil is identified, it is not
unconstitutional for a government to interfere. The accepted rule was that speech
may be curtailed or punished when it “creates a dangerous tendency which the
state has the right to prevent.”120
Second, the balancing of interest test is any judicial test in which the jurists
weigh the importance of multiple factors in a legal case. The balancing test
weighs the considerations of: (1) private interest affected by an official action
taken by a government agency, official, or non-governmental entity acting as a
governmental agency. (2) the risk of some deprivation being erroneously inflicted
on the respondent through the process used or if no process is used. (3) the
government’s interest in a specific outcome. The test rests on the theory that it
is the Court’s function in cases before it, when it finds public interests served by
legislation on the one hand and guaranteed freedoms affected by it on the other,
to balance one against the other and to arrive at a judgment, where the greater
weight shall be placed.121
Lastly, the clear and present danger is a standard which serves to

emphasize the importance of speech to a free society without sacrificing other
freedoms essential to a democracy.122
119 Supra note 29.

120 People v. Perez, 45 Phil. 599 (1923).
121 Gonzales v. COMELEC, 27 SCRA 853 (1969).
122J. Bernas, The 1987 Constitution of the Republic of the Philippines: A Commentary (2009
ed.).
42
2. Delisting in search engines does not restrict freedom of
expression
Removing irrelevant and outdated links in search engines does not

tantamount to deleting content.123 The individuals’ data may still be accessible
but is no longer ubiquitous. This is enough for the individuals’ privacy to be
respected.124
The impact of de-listing on individuals’ right to freedom of expression

and access to information will prove to be very limited. The right to be forgotten
affects only the results obtained from searches made on the basis of a person’s
name and does not require deletion of link from the indexes of search engine
altogether. That is, the original information will still be accessible using direct
access to the publisher’s original source.125
Right to be forgotten is a limited-scope erasure. It only delink or delist

websites from the search engines. It does not completely delete the information
from the domain site, hence there is no restriction to the freedom of expression.
According to Harvard Law Review Association (1997), one of the acceptable
methods to restrict access to the Internet communication is “security through
obscurity.” This approach assumes that communication will be protected if it is
not known by the public where the message is.126 Delisting or delinking a site
from search engine is enough to protect the right of privacy as well as it does not
also restrict your freedom of expression.
123 Supra note 29.

124 Id.
125Data Protection Working Party, Guidelines on the Implementation of the Court of Justice
of the European Union Judgment on “Google Spain and Inc. v. Agencia Espanola de Proteccion
de Datos (AEPD) and Mario Costeja Gonzalez” C -131/12, http://ec.europa.eu/ju stice/data-
protection/article-29/documentation/opinion-recommendation/files/2014/wp 225_en.pdf
(November 26, 2014).
Ilker Pekgozlu and Mustafa Kemal Oktem, Expectation of Privacy in Cyberspace: The Fourth
126
Amendment of US Constitution and an Evaluation of the Turkish Case (02 -2012).
43
CHAPTER FIVE: JURISDICTIONAL ISSUES
A. Cyberspace jurisdiction
Basis of international jurisdiction is primarily in geographical terms.127

According to Perritt, there are three types of jurisdiction as governmental power,
namely: prescriptive jurisdiction, adjudicative jurisdiction and enforcement
jurisdiction.128 Prescriptive jurisdiction is the power to apply legal norms to
conduct; adjudicative jurisdiction is the power of tribunals to resolve disputes;
and enforcement jurisdiction is the power of the jurisdiction to enforce.129
Jurisdiction over person or personal jurisdiction is based on the

interaction between an affirmative statutory or common-law source law dictating
the scope of the court's jurisdiction, and limitations imposed by constitutional
due process rights. Generally, state courts have complete jurisdiction over
entities or things that are physically present in a state, and they can always assert
jurisdiction.130 Nevertheless, conflicts of law are particularly likely to arise in
cyberspace, where the location of an occurrence is never certain, where
ideological differences are likely to create conflicting laws, and where rules are
made not only by nations and their representatives, but also by sub-national and
transnational institutions.131
The jurisdiction in the cyber world is complicated, that there is ambiguity

for the sovereign territory in the current internet technology because network
boundaries intersect and transcend national borders. The said technologically-
created ambiguity challenges sovereign jurisdiction. However, the evolution of
the Internet’s technological infrastructure is intertwined with sovereign
jurisdiction because the relationship between technology and law is dynamic.132
127Jack L. Goldsmith, Against Cyberanarchy, 65 U. CHI. L. REv. 1199 (1998), available at

http://eon.law.harvard.edu/property00/jurisdiction/cyberanarchydit.html (last visited Jan.
26, 2017).
128Henry H. Perritt, Jr., Jurisdiction and the Internet: Basic Anglo/American Perspectives
Projects in the Coming 2000's, INTERNET LAW AND POLICY FORUM, Ju ly 26, 1999,
available at http://www.kentlaw.edu/perritt/montreal.rev.htm (last visited Feb. 26, 2017).
129 Id.
130 Burnham v. Superior Court , 495 U.S. 604, 619, 110 S. Ct. 2105, 2115 (1990).
131 Betsy Rosenblatt, Principles of Jurisdiction,
https://cyber.harvard.edu/property99/domain/Betsy.html (last visited Feb. 26, 2017).
Joel R. Reidenberg, Lex Informatica: The Formulation of Information Policy Rules Through
132
Technology, 76 TEX. L. REV. 553, 554 -55 (1998) (describing the regulatory role of
44
Jurisdiction fits within a broader struggle over the respect for the rule of law in
the information society. In effect, jurisdiction over activities on the Internet has
become one of the main battlegrounds for the struggle to establish the rule of
law in the information society.133
With the said struggle and ambiguity, the recognition of foreign judgments
in cases in connection with the cyber world is often problematic. In the Yahoo!
case, public order rules at the place where Internet activity is launched may
conflict with those of the place where the activity has its effects. Even the
international conventions on recognition of foreign judgments provide an
exception to enforcement when there is a conflict with the public order of the
enforcing state.134 There is confusion as to who has jurisdiction, whether the state
where the activity was made or where the activity has its effects.
Nevertheless, though there is ambiguity and struggle, but with the

technological innovation, sovereign states now have stronger basis to assert their
personal jurisdiction that creates a seamless experience for users. In which,
technological innovation also supports sovereign states in the claim for
prescriptive jurisdiction and the application of their laws to online activity. An
infrastructure that takes advantage of facilities or processing capabilities in a state
implicates the state’s interests.135 Technological innovations also mean that states
can impose liability on those who do not comply with local rules. Technology
empowers sovereign states with very potent electronic tools to enforce their
policies and decisions even in the absence of a wrongdoer’s physical presence or
tangible assets.136
“[t]echnological capabilities and system design choices”); R. Polk Wagner, On Software

Regulation, 78 S. CAL. L. REV. 457 (2005) (arguing for a symbiotic relationship between code
and law in Internet regulation).
133 Dan Hunter, Culture War (Aug. 10, 2004),
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=586463 (last accessed February 18,
2017).
134Convention 88/592/EEC on Jurisdiction and the Enforcement of Judgments in Civil and
Commercial Matters, 1988 O.J. (L 319) 9, 10 -11 (Lugano Convention); Convention on
Jurisdiction and Enforcement of Judgments in Civil and Commercial Matters, 1978 O.J. (L 304)
77, 79-80 (Brussels Convention).
135Joel R. Reidenberg, Technology and Internet Jurisdiction, 153 U. Pa. L. Rev. 1951
(2005). Available at: http://scholarship.law.upenn.edu/ penn_law_review/vol153/iss6/3.
136Joel R. Reidenberg, States and Internet Enforcement, 1 U. OTTAWA L. & TECH. J. 213,
225-29 (2003)
(http://scholarship.law.upenn.edu/cgi/viewcontent.cgi?article=1347&context=penn_law_rev
iew).
45
B. Means by which state can assert jurisdiction over data privacy
protection statutes
1. Territoriality based on “establishment”
Under International Law jurisdiction may be based on: (1) the territoriality
principle (objective and subjective); (2) the nationality principle (active or
passive); (3) the effects principle; (4) the protective principle; or (5) the
universality principle.137 As it stands today, territoriality is the primary basis of
jurisdiction138 to regulate persons within its territory139. The discussion becomes
relevant considering that online activities done in the Philippines are processed
elsewhere in the globe. Interestingly, Google Spain applied the principle of
territoriality140 based on Article 4(1)A of Directive 95/46141. Article 4(1)a
provides that Member States must apply their national data protection laws if
“the processing is carried out in the context of the activities of an establishment of the controller
on the territory of the Member State […]”. A closer scrutiny on the provision is
provided, viz:
“The determination of applicable law under article
4(1)a is closely related to the identification of the entity acting
as a “controller” and its” “establishment(s)”. Equally
important, however, is the reference to the “context of
activities”: this criterion implies that the establishment of the
controller must be involved in activities implying the
processing of personal data in question.19 Or rather, the
establishment must be involved in a “real and effective exercise
137See D.J.B. Svantesson, ‘The Extraterritoriality of EU Data Privacy Laws – Its Theoretical
Justification and Its Practical Effect on U.S. Businesses’ (2014), (50)(1) SJIL, 80 et seq.;
Bernhard Maier, ‘How Has the Law Attempted to Tackle the Borderless Nature of the Internet’
(2010) IJLIT (18)(2) 143 and Robert Dover and Justin Frosini, ‘The extraterritorial effects of
legislation and policies in the EU and US’ (2012) Study for the European Parliament's
Committee on Foreign Affairs
<http://www.europarl.europa.eu/RegData/etudes/etudes/joi n/2012/433701/EXPOAFET_
ET%282012%29433701_EN.pdf> (last accessed 19 February 2017) .
138Uta Kohl, Jurisdiction and the Internet – Regulatory Competence of Online Activity,
(Cambridge University Press 2007), p. 20 and Cedric Ryngaert, Jurisdiction in Interna tional
Law (OUP, 2008), 27 et seq. See also The American Law Institute, Restatement (Third) of the
Law of the Foreign Relations Law of the United States (1988) Section 402.
139 Uta Kohl, Id., 89 et seq.
140Bernhard Maier, ‘How Has the Law Attempted to Tackle the Borderless Nature of the
Internet’ (2010) IJLIT (18)(2) 174.
141Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on
the protection of individuals with regard to the processing of personal data and on the free
movement of such data.
46
of activities in the context of which the personal data are being
processed”.142
In that case, the parties did not dispute the status of Google Spain as an
“establishment.” The bone of contention was on Google’s search engine
activities may be viewed as taking place “in the context of the activities” of the
establishment.143 The Court concluded that search engine operator (Google Inc.)
and those of its establishment (Google Spain), which consist of selling
advertising space among others, are “inextricably linked”. The Court ruled, viz:
“the activities relating to the advertising space constitute the

means of rendering the search engine at issue economically
profitable and that engine is, at the same time, the means
enabling those activities to be performed.”144
2. Effects principle
The “effects principle” allows states to regulate behaviors that occur

outside their territory but produce substantial effects within their territory.145
This principle, therefore, allows states to assert extraterritorial jurisdiction to
compel search engines to delink information that is initially processed in the
Philippines but is nonetheless controlled in another jurisdiction.
142Brendan Van Alsenoy & Marieke Koekkoek. INTERNET AND JURISDICTION AFTER
GOOGLE SPAIN: THE EXTRA-TERRITORIAL REACH OF THE EU’S “RIGHT TO BE
FORGOTTEN. Working Paper No. 152 – March 2015.
https://ghum.kuleuven.be/ggs/publications/working_pape rs/new_series/wp151-160/wp152-
alsenoy-koekkoek.pdf
143Brendan Van Alsenoy & Marieke Koekkoek. INTERNET AND JURISDICTION AFTER
GOOGLE SPAIN: THE EXTRA-TERRITORIAL REACH OF THE EU’S “RIGHT TO BE
FORGOTTEN. Working Paper No. 152 – March 2015.
https://ghum.kule uven.be/ggs/publications/working_papers/new_series/wp151 -160/wp152-
alsenoy-koekkoek.pdf
145The American Law Institute, Restatement (Third) of the Law of the Foreign Relations Law
of the United States (1988) section 402. See also D.J .B. Svantesson, ‘The Extraterritoriality of
EU Data Privacy Laws – Its Theoretical Justification and Its Practical Effect on U.S.
Businesses’ (2014), (50)(1) SJIL, 82; Cedric Ryngaert, Jurisdiction in International Law, United
States and European perspecti ves (2007) PhD. Thesis, 198,
<https://lirias.kuleuven.be/bitstream/1979/911/2/doctoraat.pdf> accessed at 11 December
2014. See also M. Huffman, “A Retrospective of Twenty -Five Years on the Foreign Trade
Antitrust Improvements Act”, Houston Law Review 2007, Vol. 44, p. 285, 298-300.
47
3. Long-arm Statute
In International Shoe v. Washington,146 Long-arm statute refers to the

jurisdiction a court has over out-of-state defendant corporations. If a corporation
is located in one state, does business in another state and employs people in yet
another state, they just may fall under the long arm statute. The long arm statute
allows a state to exercise jurisdiction over out-of-state defendants, provided that
the government can prove that the defendant has at least minimum contacts in
the forum state. Under the long-arm statue, the state even has the authority to
sue a corporation who do not actually do business in that said state, but have a
connection to the state – for example, by employing people within that state, and
the employees receive regular compensation for their work - the corporation is
considered to have minimum contact sufficient enough to be sued within the
forum state.147
Minimum contract rule establishes that so long as a corporation had a

degree of contact within the state bringing suit, they are subject to the laws of
the state and can be sued by and within the forum state in court. Further, search
engines are doing business in a country.148
The above mentioned principles may provide distinct approaches but

nonetheless result to allow a state to acquire jurisdiction. These principles may
have found its expression in Section 6 of RA 10173 or Data Privacy Act of 2012
as it permits the application of the said act done or practice which is engaged in
or outside of the Philippines or extraterritorial application. As mentioned in RA
10173, the said Act applies to any natural and juridical person involved in
personal information processing including those personal information
processing including those personal information controllers and processors who
although not found or established in the Philippines, use equipment that are
located in the Philippines, or those who maintain an office, branch or agency in
the Philippines.
Further, as already discussed in RA 10173, the extraterritorial application

of RA 10173. It applies to an act done or practice engaged in and outside of the
146 International Shoe v. Washington, 326 U.S. 310 (1945).

147Study.com, Definition and Example, http://study.com/academy/lesson/long -arm-statute-
definition-example.html (last accessed February 26, 2016).
148 Id.
48
Philippines by an entity. As long as the said entity has an office in the Philippines.
Google and Yahoo has office in the Philippines.
In fact, Google and Yahoo, the two major search engines have branch
offices here in the Philippines. Google office is located at Net Park Building, 5th
Avenue, Bonifacio Global City, Taguig, 1634 Metro Manila.
Yahoo! Philippines office is located at 20th Floor., Accralaw Tower, 2nd Ave.,
Bonifacio Global City (at 30th St.) 1634 Taguig City Philippines.
Right to be Forgotten gives people some ability to control their personal

information held by others, especially when those with the data are commercial
firms profiting from its sale. The cornerstone of modern privacy law is for
49
individuals to have control.149 Google, a business or commercial firm which
profits by advertisement. The company now controls more than 90% of the
Internet search market in the World. It routinely records and stores search
histories and directs advertising based on intimate personal facts. It provides
name-based searches that shape our understanding of others. Further, it reveals
to others information about us that we may wish to keep private.150
The European Court concluded that this is a business, and that it should
comply with the law. The Court also found that because Google targeted Web
users in Spain and gathered information about them, Google was subject to
European law. The European court wisely distinguished between search
companies and news organizations. In the decision, Google was viewed as a
commercial service provider, not a media organization.
A company that sells services in a jurisdiction has to abide by the laws of

that jurisdiction.151 Search engines make money from their services based on their
search, they comply with a wide variety of requests to alter the results of searches,
and they present information in response to search requests in tailored ways.152
An example of how search engines make money in a country is Search

Engine Marketing (SEM). SEM is a form of Internet marketing that involves the
promotion of websites by increasing their visibility in search engine results pages
(SERPs) primarily through paid advertising.153 Further, a state has personal
jurisdiction over a party for causes of action arising out of his contacts with the
state, or arising out of activities taking place outside the state expressly intended
to cause an effect within the state. The said effect was described from the
American Law Institute’s Restatement (Second) of Conflict of Laws 37(1971),
which provides:
"A state has power to exercise judicial jurisdiction over an

individual who causes effects in the state by an act done
149Marc Rotenberg, EU strikes a blow for privacy: Opposing view, USA Today, May 14, 2014,
http://www.usatoday.com/story/opinion/2014/05/14/european -union-google-privacy-epic-
editorials-debates/9104063/ (last visited Feb 27, 2017).
150 Id.
151 Supra note 12.
152 Supra note 9.
153 Chris Sherman, The State of Search Engine Marketing 2006.
http://searchengineland.com/the -state-of-search-engine-marketing-2006-10474.
50
elsewhere with respect to any cause of action arising from these
effects unless the nature of the effects and of the individual's
relationship to the state make the exercise of such jurisdiction
unreasonable."
Regulating a company’s business practices is not the same as regulating

the Internet. If we are to have an Internet that protects the freedom of its users,
we must place fundamental rights of users before the commercial interests of
companies.154
154 Supra note 149.
51
CHAPTER SIX: CONCLUSION
The proponent submits three arguments to prove that the Right to be

Forgotten could be validly established in the Philippines for the following
reasons:
First, the proponent submits that even after an individual posts an
information online, he still enjoys a reasonable expectation of privacy. The two-
fold test is met. The first test or the subjective test states that a person who claims
the right must have an actual or legitimate expectation of privacy over a certain
matter. The person reacquires his reasonable expectation of privacy of the
information he voluntarily gave when the information becomes irrelevant,
inadequate, or excessive in the passage of time or the change of circumstances.
Further, the second test or the objective test, where his or her expectation
of privacy must be one society is prepared to accept as objectively reasonable.
The expectation of privacy involved is one which society is prepared to accept
as objectively reasonable because in the very first place society has no interest in
the private life or information of an individual. Information that concerns him is
his concern alone. This is part of the right to privacy.155
Second, the proponent submits that the Right to be Forgotten does not
violate the freedom of expression and right to information. Freedom of
expression and right to information are both constitutional rights, however they
are not absolute. One of the permitted exception of freedom of expression is
when the said limitation would protect the rights and reputation of others.
Further, removing irrelevant and outdated links in search engines does not
tantamount to deleting content. The individuals’ data may still be accessible but
is no longer ubiquitous. This is enough for the individuals’ privacy to be
respected while balancing the webpages’ freedom of expression.
Lastly, the proponent submits that the Philippine courts have jurisdiction
over search engines located outside the country. There are three ways which the
state can assert jurisdiction over data privacy protection statutes. Territoriality
based on “establishment”, effects principle and long-arm statute proves that
Philippine courts can compel search engines to delist or delink an information
under the Right to be Forgotten.
155 Supra note 93.
52
CHAPTER SEVEN: RECOMMENDATION
There is a need to strengthen the privacy of individuals in cyberspace in

the Philippines, being tagged as “The Social Network Capital of the World.”
Connecting to social networking sites has become part of the Filipino cyber
culture. According to data, most of the active users of social networking sites
such as Facebook, Instagram, Twitter and Snapchat are Filipinos. They are also
regarded as the top photo uploaders and web video viewers, and second when it
comes to the number of blog readers and video uploaders.156
Search engines have become basic sources of never ending information

about anything under the sun. Data from different parts of the world become
accessible right at our fingertips. The Right to be Forgotten ensures individuals
to have control over their information posted online. It allows them to ask the
search engine to delink or delist an information which are inadequate, irrelevant
and excessive.
After studying its viability, the proponent propose that the Legislature
should enact the Right to be Forgotten in the Philippines. There is a need to
update our privacy laws which would satisfy the need of the people. It must be
updated based on the changing circumstances, such as the rapid advancement of
technologies.
Jerry Liao (May 20, 2008). "The Philippines - Social Networking Capital of the World" .
156
Manila Bulletin.
53

Right To Be Forgotten FINAL THESIS

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Right To Be Forgotten FINAL THESIS

Încărcat de

Drepturi de autor:

Formate disponibile

TABLE OF CONTENTS

CHAPTER ONE: INTRODUCTION ............................................................. 1

CHAPTER TWO: HOW THE RIGHT TO BE FORGOTTEN WORKS

CHAPTER THREE: LEGAL FRAMEWORK OF DATA PRIVACY IN

CHAPTER FOUR: CONSTITUTIONAL DIMENSION OF THE

CHAPTER FIVE: JURISDICTIONAL ISSUES .......................................... 44

CHAPTER SIX: CONCLUSION ..................................................................... 52

CHAPTER SEVEN: RECOMMENDATION ............................................. 53

APPENDIX A : Right to be Forgotten Sample Google Form

A. Background of the study

“The enjoyment of a private reputation is as much a constitutional right

Professor Jorge Coquia further explained:

1 Worcester v. Ocampo, 22 PHIL 42 (February 27, 1912).

Further, because of the advancement of technology, there is the need for

“With the availability of numerous avenues for information

Search engines have become a necessity, without which information

Search engines simultaneously allow access to information that individuals

The concept of data privacy or informational privacy means that an

The Right to be Forgotten allows individuals to delist or delink

C-131/12, May 13, 2014.

B. Significance of the study

1. Digital population in the Philippines has dramatically increased

Computer technology has advanced rapidly with the global internet

20 Supra note 19.

Developments in our technology is now threatening our privacy.

The vast majority of personal information available online is of limited

Various types of information – be it truthful, false, outdated or taken out

The apparent permanence and instant availability of information online

C. Statement of the problem

1. Does an individual still have a reasonable expectation of privacy if an

2. Will the right to be forgotten violate the freedom of expression and

3. Does the Philippine courts have jurisdiction over search engines

D. Scope and limitations

This study is limited to an examination and critical analysis of the

The Author employed Qualitative desk research in conducting this study

A. Scope of the right

The Right to be Forgotten covers information that are initially posted by

The term inadequate, irrelevant or excessive should be applied in its

B. How is the right to be enforced

1. Form available online by the service provider

a. The search engine shall provide a form30 that is available online.

28 Supra note 12 para 92.

2. Search engine’s removal team will review the request at first

a. Upon receipt of the request by the search engine, it shall be

3. Appeal should be made to an independent adjudicatory court

Appeal to the approval or denial of the petition of the Right to be

Sec. 3(l) Sensitive Personal Information refers to personal

The nature of information that points to strong privacy interest: Such as

The “substantial harm” criterion is especially important in circumstances

2. Right to be Forgotten will not apply to public officer relating to

This remedy should not apply to public officer or employee of a

33 Joy Liddicoat, The Right to be Forgotten,

Keepton on Tort 854 -63 (5 t h Ed., 1984).

A public figure has been defined as a person who, by his

Such public figures were held to have lost, to some extent at

The public figure exception to privacy, however, is not an absolute one,

Lagunzad emphasized: “Being a public figure ipso facto does not

The Court said in Lagunzad v. Vda. de Gonzales44:

A limited intrusion into a person’s privacy has long been

In Conclusion, the Right to be Forgotten should apply to information that

42 Lagunzad v. Vda. de Gonzales , GR No. 32066, 92 SCRA 476, (August 6, 1979).

Public interest is information that is important to matters of public

Even intimate details of someone’s private life may be considered to be in