By: Atty. Ma. Katrina Rafaelle M. Ortiz
Have you ever received a text message bearing your complete name, claiming that you won a raffle or asking if you want to avail of a quick loan? How about receiving a call from an unknown number, only to find no one at the end of the line? These are just some examples of attempts at scams through the use of cellular phones.
Republic Act No. 11932 or the Subscriber Identity Module (“SIM”) Registration Act was enacted to primarily address the perpetration of wrongdoings with the use of unregistered SIM cards, that pose a threat to one’s properties, security, privacy and often, even sanity. The policy considerations of the said law include the vital role of information and communications in nation-building and the encouragement of its growth and development. Another consideration is the increasing number of victims that have fallen prey to scams from spam calls and messages.
The SIM Registration Act, which was signed by President Ferdinand R. Marcos, Jr. on October 10, 2022, and its Internal Rules and Regulations (“IRR”) mandates its full implementation by December 27, 2022. So, what does this mean?
The SIM Registration Act mandates all end-users, whether an existing or new subscriber, an individual or juridical entity, that purchase a SIM card from a Public Telecommunications Entity (“PTE”), its agents, resellers or any another entity, to register their SIM card. SIM card registration, which shall be done at or through PTEs, is as a pre-requisite for SIM card activation. Hence, beginning December 27, 2022, all purchasers of new SIM cards will receive a deactivated SIM. Existing subscribers, on the other hand, must register their SIM with their respective PTEs within 180 days from the effectivity of the act. The Department of Information and Communications Technology (“DICT”) may extend registration for a period not exceeding 120 days. Failure to register the SIM card will result in its automatic deactivation until compliance with the registration requirement.
While its policy considerations are laudable, concerns were raised that the SIM Registration Act may just be another source of data privacy breaches. For instance, one of the issues that were raised with the National Privacy Commission (“NPC”) was that tick boxes seen on some PTE’s websites and applications requests permission and consent from users and SIM card holders to share their personal data with affiliated third parties. The NPC, through Privacy Commissioner John Henry Naga, assuaged this particular concern by directing PTEs to remove existing tick boxes and notices that are related to data sharing to unauthorized third parties (link here), and instructed them to include modifications and improvements on their websites and applications to further comply with the Data Privacy Act of 2012 (“DPA”).
This leads us to the next important question: is there any possibility of data privacy breaches despite the safeguards that this new law seeks to provide? The answer lies in DPA and its IRR. The said law protects all forms of personal information, including those that are considered as sensitive such as age, ethnic origin, and other privileged personal information. Further, it enumerates all the rights of data subjects, in this case the SIM card holders, as well as the responsibilities and obligations of personal information controllers or personal information processors. Under the SIM Registration Act, all PTEs are required to abide by the DPA and the NPC’s issuances. Lastly, PTEs are required to notify both the NPC and the DICT in case of a privacy breach.
While safeguards in place, SIM card holders must remain vigilant and cautious when sharing or disclosing personal information in different platforms, be it online or in person.
Ma. Katrina Rafaelle M. Ortiz is a Junior Associate at Gorriceta Africa Cauton & Saavedra (www.gorricetalaw.com). She is a member of the Corporate, Technology Media & Telecommunications, and Energy & Public Utility Departments of the Firm. Katrina’s practice includes handling mergers and acquisitions, corporate planning and restructuring, and conducting legal due diligence. She also assists clients in complying with legal and regulatory requirements for their specific industries and activities.
