[The Philippines] AIC Submits Comments on Subscriber Identity Module (SIM) Card Registration Act (Feb 2022)

Download: [The Philippines] AIC Submits Comments on Subscriber Identity Module (SIM) Card Registration Act (Feb 2022)

The Asia Internet Coalition (AIC) has submitted comments and recommendations on the Philippines’  Subscriber Identity Module (SIM) Card Registration Act (“Act”). We acknowledge the importance of this Act that outlines the key elements of the data protection framework, with the objective of having a safe and secure online environment. In the backdrop of digitalization and the growth of digital services across the world, the role of data has become more and more significant. This has given rise to concerns of informational privacy and the exercise of rights over personal data. Without a framework to govern these two subjects, no digital industry can be sustainable.

The provision in the recently ratified Subscriber Identity Module (SIM) Card Registration Act that mandates social media users to use their real names and phone numbers in creating accounts is problematic. More than 80% of the total population in the Philippines are active social media users as of January 2022.  Social media is a convenient and accessible means of consuming content and communication especially since internet connectivity in the Philippines is often slow and unreliable. Restriction of access to services for those users in the Philippines who do not provide the required registration information will have a disproportionately negative impact on certain groups of users, including those without access to a mobile phone or those without access to ID documentation.

Firstly, the mandatory registration of SIM cards will undermine security and privacy interests by increasing the public and private sharing and matching of SIM users’ information. Companies, third parties and the state empowered to create individual profiles and give access to vast amounts of user data, inevitably will increase the overall chances of data breaches. This is exacerbated by moving into biometric registration with fingerprints and facial recognition.

It is important to note that provision on social media registration was not indicated in House Act 5793 or Senate Act 2395, the Acts which Congress deliberated on before drafting the final version of the Act.  Information collected as part of mandatory registration, kept for an indefinite amount of time, used for different purposes and applied for secondary uses, including biometric databases, put individuals in particular vulnerable groups at risk of tracking and targeting, increasing the chances of their private information being misused.  The experience of many countries clearly demonstrated the numerous ways through which criminals and rogue state actors regularly circumvent this type of regulation. Consequently, some countries that once considered adopting a similar system have either abandoned their attempts or steered clear of such aspirations entirely. The registration requirement will also substantially impact individuals who use social media as a “safe space” to explore their identity, find support, and manage boundaries safely under a veil of anonymity.  For example, social media has helped marginalized populations or groups excluded due to gender identity, sexual orientation, age, physical ability, and/or language to find their community of like-minded people.

Secondly, with the Act’s vague scope and insufficient legislative guidelines, it projects an abundance of potential abuse scenarios if implemented. Mobile users will be asked to provide their personal data, including sensitive personal information, to third-party resellers—entities that would ordinarily have no business asking for such information. These entities are frequently ill-equipped to handle such amounts of data, making them more prone to data loss or misuse. Meanwhile, the system would afford the government easy access to the data collected while providing little to no limitation on its use.

Thirdly, there exists a lack of industry consultation, for the Act was not thoroughly deliberated upon and without consultation with relevant stakeholders. Therefore, we request the Government of the Philippines to review the Act, study the provisions further and conduct wider consultation with industry stakeholders – both on the provisions in the existing Act and associated implementing rules and regulations.

Although we appreciate the Philippines government efforts towards developing the Act, there are relevant concerns regarding its provisions that would significantly alter the landscape for digital companies. We strongly recommend that the Act should have more parity with the best practices to help improve compliance and improve business environment. It is useful and important to recognise that many of the ambitious conversations in this area are the subject of in-depth, evidence-based, and lengthy policy research and exchanges, where a panoply of policy solutions are being explored rather than a rushed legislative route.