RHONDA AVE S. VIVARES and SPS. MARGARITA and DAVID SUZARA, Petitioners,
ST. THERESA’S COLLEGE, MYLENE RHEZA T. ESCUDERO, and JOHN DOES, Respondents.
G.R. No. 202666 September 29, 2014
TOPIC: right to informational privacy, writ of habeas data
PONENTE: Velasco, Jr.
The individual’s desire for privacy is never absolute, since participation in society is an equally powerful desire. Thus each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication of himself to others, in light of the environmental conditions and social norms set by the society in which he lives.
– Alan Westin, Privacy and Freedom (1967)
Julia and Julienne, both minors, were graduating high school students at St. Theresa’s College (STC), Cebu City. Sometime in January 2012, while changing into their swimsuits for a beach party they were about to attend, Julia and Julienne, along with several others, took digital pictures of themselves clad only in their undergarments. These pictures were then uploaded by Angela on her Facebook profile.
At STC, Mylene Escudero, a computer teacher at STC’s high school department, learned from her students that some seniors at STC posted pictures online, depicting themselves from the waist up, dressed only in brassieres. Escudero then asked her students if they knew who the girls in the photos are. In turn, they readily identified Julia and Julienne, among others.
Using STC’s computers, Escudero’s students logged in to their respective personal Facebook accounts and showed her photos of the identified students, which include: (a) Julia and Julienne drinking hard liquor and smoking cigarettes inside a bar; and (b) Julia and Julienne along the streets of Cebu wearing articles of clothing that show virtually the entirety of their black brassieres.
Also, Escudero’s students claimed that there were times when access to or the availability of the identified students’ photos was not confined to the girls’ Facebook friends, but were, in fact, viewable by any Facebook user.
Investigation ensued. Then Julia, Julienne and other students involved were barred from joining the commencement exercises.
Petitioners, who are the respective parents of the minors, filed a Petition for the Issuance of a Writ of Habeas Data. RTC dismissed the petition for habeas data on the following grounds:
- Petitioners failed to prove the existence of an actual or threatened violation of the minors’ right to privacy, one of the preconditions for the issuance of the writ of habeas data.
- The photos, having been uploaded on Facebook without restrictions as to who may view them, lost their privacy in some way.
- STC gathered the photographs through legal means and for a legal purpose, that is, the implementation of the school’s policies and rules on discipline.
Whether or not there was indeed an actual or threatened violation of the right to privacy in the life, liberty, or security of the minors involved in this case. (Is there a right to informational privacy in online social network activities of its users?)
HELD: (Note that you can skip the preliminary discussions and check the ruling at the latter part)
Nature of Writ of Habeas Data
It is a remedy available to any person whose right to privacy in life, liberty or security is violated or threatened by an unlawful act or omission of a public official or employee, or of a private individual or entity engaged in the gathering, collecting or storing of data or information regarding the person, family, home and correspondence of the aggrieved party.
It is an independent and summary remedy designed to protect the image, privacy, honor, information, and freedom of information of an individual, and to provide a forum to enforce one’s right to the truth and to informational privacy. It seeks to protect a person’s right to control information regarding oneself, particularly in instances in which such information is being collected through unlawful means in order to achieve unlawful ends.
In developing the writ of habeas data, the Court aimed to protect an individual’s right to informational privacy, among others. A comparative law scholar has, in fact, defined habeas data as “a procedure designed to safeguard individual freedom from abuse in the information age.”
Issuance of writ of habeas data; requirements
- The existence of a person’s right to informational privacy
- An actual or threatened violation of the right to privacy in life, liberty or security of the victim (proven by at least substantial evidence)
Note that the writ will not issue on the basis merely of an alleged unauthorized access to information about a person.
The writ of habeas data is not only confined to cases of extralegal killings and enforced disappearances
The writ of habeas data can be availed of as an independent remedy to enforce one’s right to privacy, more specifically the right to informational privacy. The remedies against the violation of such right can include the updating, rectification, suppression or destruction of the database or information or files in possession or in control of respondents. Clearly then, the privilege of the Writ of Habeas Data may also be availed of in cases outside of extralegal killings and enforced disappearances.
Meaning of “engaged” in the gathering, collecting or storing of data or information
Habeas data is a protection against unlawful acts or omissions of public officials and of private individuals or entities engaged in gathering, collecting, or storing data about the aggrieved party and his or her correspondences, or about his or her family. Such individual or entity need not be in the business of collecting or storing data.
To “engage” in something is different from undertaking a business endeavour. To “engage” means “to do or take part in something.” It does not necessarily mean that the activity must be done in pursuit of a business. What matters is that the person or entity must be gathering, collecting or storing said data or information about the aggrieved party or his or her family. Whether such undertaking carries the element of regularity, as when one pursues a business, and is in the nature of a personal endeavour, for any other reason or even for no reason at all, is immaterial and such will not prevent the writ from getting to said person or entity.
As such, the writ of habeas data may be issued against a school like STC.
Right to informational privacy
Right to informational privacy is the right of individuals to control information about themselves. Several commentators regarding privacy and social networking sites, however, all agree that given the millions of OSN users, “in this Social Networking environment, privacy is no longer grounded in reasonable expectations, but rather in some theoretical protocol better known as wishful thinking.” So the underlying question now is: Up to what extent is the right to privacy protected in OSNs?
Facebook Privacy Tools
To address concerns about privacy, but without defeating its purpose, Facebook was armed with different privacy tools designed to regulate the accessibility of a user’s profile as well as information uploaded by the user. In H v. W, the South Gauteng High Court recognized this ability of the users to “customize their privacy settings,” but did so with this caveat: “Facebook states in its policies that, although it makes every effort to protect a user’s information, these privacy settings are not foolproof.”
For instance, a Facebook user can regulate the visibility and accessibility of digital images (photos), posted on his or her personal bulletin or “wall,” except for the user’s profile picture and ID, by selecting his or her desired privacy setting:
- Public – the default setting; every Facebook user can view the photo;
- Friends of Friends – only the user’s Facebook friends and their friends can view the photo;
- Friends – only the user’s Facebook friends can view the photo;
- Custom – the photo is made visible only to particular friends and/or networks of the Facebook user; and
- Only Me – the digital image can be viewed only by the user.
The foregoing are privacy tools, available to Facebook users, designed to set up barriers to broaden or limit the visibility of his or her specific profile content, statuses, and photos, among others, from another user’s point of view. In other words, Facebook extends its users an avenue to make the availability of their Facebook activities reflect their choice as to “when and to what extent to disclose facts about themselves – and to put others in the position of receiving such confidences.”
NONE. The Supreme Court held that STC did not violate petitioners’ daughters’ right to privacy as the subject digital photos were viewable either by the minors’ Facebook friends, or by the public at large.
Without any evidence to corroborate the minors’ statement that the images were visible only to the five of them, and without their challenging Escudero’s claim that the other students were able to view the photos, their statements are, at best, self-serving, thus deserving scant consideration.
It is well to note that not one of petitioners disputed Escudero’s sworn account that her students, who are the minors’ Facebook “friends,” showed her the photos using their own Facebook accounts. This only goes to show that no special means to be able to view the allegedly private posts were ever resorted to by Escudero’s students, and that it is reasonable to assume, therefore, that the photos were, in reality, viewable either by (1) their Facebook friends, or (2) by the public at large.
Considering that the default setting for Facebook posts is “Public,” it can be surmised that the photographs in question were viewable to everyone on Facebook, absent any proof that petitioners’ children positively limited the disclosure of the photograph. If such were the case, they cannot invoke the protection attached to the right to informational privacy.
US v. Gines-Perez: A person who places a photograph on the Internet precisely intends to forsake and renounce all privacy rights to such imagery, particularly under circumstances such as here, where the Defendant did not employ protective measures or devices that would have controlled access to the Web page or the photograph itself.
United States v. Maxwell: The more open the method of transmission is, the less privacy one can reasonably expect. Messages sent to the public at large in the chat room or e-mail that is forwarded from correspondent to correspondent loses any semblance of privacy.
The Honorable Supreme Court continued and held that setting a post’s or profile detail’s privacy to “Friends” is no assurance that it can no longer be viewed by another user who is not Facebook friends with the source of the content. The user’s own Facebook friend can share said content or tag his or her own Facebook friend thereto, regardless of whether the user tagged by the latter is Facebook friends or not with the former. Also, when the post is shared or when a person is tagged, the respective Facebook friends of the person who shared the post or who was tagged can view the post, the privacy setting of which was set at “Friends.” Thus, it is suggested, that a profile, or even a post, with visibility set at “Friends Only” cannot easily, more so automatically, be said to be “very private,” contrary to petitioners’ argument.
No privacy invasion by STC; fault lies with the friends of minors
Respondent STC can hardly be taken to task for the perceived privacy invasion since it was the minors’ Facebook friends who showed the pictures to Tigol. Respondents were mere recipients of what were posted. They did not resort to any unlawful means of gathering the information as it was voluntarily given to them by persons who had legitimate access to the said posts. Clearly, the fault, if any, lies with the friends of the minors. Curiously enough, however, neither the minors nor their parents imputed any violation of privacy against the students who showed the images to Escudero.
Different scenario of setting is set on “Me Only” or “Custom”
Had it been proved that the access to the pictures posted were limited to the original uploader, through the “Me Only” privacy setting, or that the user’s contact list has been screened to limit access to a select few, through the “Custom” setting, the result may have been different, for in such instances, the intention to limit access to the particular post, instead of being broadcasted to the public at large or all the user’s friends en masse, becomes more manifest and palpable.