The hot button these past couple of days concerns a number of videos that have gone viral and which depict what most consider as reprehensible bullying incidents involving students of a particular educational institution (NOTE: This author is affiliated with said school).
This is not an analysis or commentary on that issue. Suffice to say, it was the subject of a recently-concluded investigation that resulted in the prompt dismissal of the student involved.
Instead, this focuses on an equally relevant concern that comes as an offshoot of that main problem — the irresponsible disclosure and dissemination of information that purport to relate to a specific individual.
A few hours after the videos began circulating online, certain netizens took it upon themselves to comb through the web and identify the main antagonist (i.e., the bully) in the videos. Soon, his name, his photos and those of his family’s were plastered all over social media. Often, posts were accompanied by other sordid details no longer limited to the student. His family had become fair game, too. It did not take long before their supposed home address was brought forward and recklessly spread around.
This is extremely troubling; but more importantly, it is illegal.
Under the country’s data privacy law, the malicious disclosure of personal data is considered a crime. It is committed when an individual or an organization “discloses unwarranted or false information relative to any personal information or sensitive personal information” it has obtained. The imposable penalty ranges between 1 year and 6 months to 5 years, and five hundred thousand to a million pesos.
When done in the context of cyberspace, this is more popularly known as “doxing”, or the active search and subsequent publication of private or identifying information about a person that is often carried out with ill motive.
It doesn’t matter if the information later turns out to be false. The act of attribution coupled with malicious intent is enough. In the case of the viral videos, the home address of the student posted online turned out to be a fake one — that it caused considerable distress and inconvenience to the actual residents of said address is another matter, albeit they can pursue a similar case against the perpetrators.
Beyond the unlawful nature of the act, recent history is full of glaring examples why playing fast and loose with other people’s personal data is wrong.
In 2010, a U.S. government official was forced out of her job in a matter of hours after a video depicting her as a racist was published and shared online—including by reputable news organizations. Not even an apology from former President Obama could convince her to go back after it was soon revealed her video had been spliced methodically to distort her speech and make it look like she was racist.
Last year, also in the U.S., a young man was shot and killed by police after a prank 911 call had them sending a SWAT team to his home. The caller gave the man’s correct address while reporting a fake bomb threat as originating from his home. This practice has become so rampant, there is already a name for it: swatting.
There are plenty of local precedents, too. Two years ago, a man was subjected to numerous death threats after an overzealous editor of one online publication effectively accused him of murder in the aftermath of a bizarre road rage incident. Apparently, his vehicle was identified by mistake to be that of the actual perpetrator, based on grainy CCTV footages released to the public.
Last year, at the height of the Marawi siege, the life of a photojournalist was put in danger when a blogger falsely accused him of revealing the positions of the country’s armed forces. Together with other journalists — particularly those perceived to be critical of the current administration — he was bombarded with insults, threats, and online harassment enabled by the disclosure of his personal information.
Prior to the 2016 elections, a student was also on the receiving end of death threats and was forced to step away from social media after a clip shared online seemed to show him asking President (then candidate) Duterte a question in a “rude” manner. He would later explain that had the full exchange been shown, his demeanor would likely not have been taken out of context. His experience is no isolated incident either, as it is shared by many others, specifically those caught on video or in photos protesting against the government or the family of the late dictator, Ferdinand Marcos. Someone would seek out their personal information (usually starting with their legitimate social media accounts), share it via blog posts or memes, and the online abuse would start raining down.
In all these cases, personal data was weaponized and used to inflict harm on individuals — directly or otherwise — founded on motivations ranging from being a mere prank to a skewed notion of vengeful justice (an oxymoron).
To emphasize the point: this is wrong and it is illegal.
Of course, it is not an easy path to tread. Freedom of expression, a free press, and the people’s right to have appropriate access to information are compelling reasons some sectors are sure to invoke when defending public disclosures and other exposés. This means a balancing of interests is inevitable, attended by related concepts like due process and accountability. That said, there is consensus among most people that social media or the internet, in general, is rarely (if ever) the proper venue for this delicate but very important task. Despite ongoing efforts towards a working internet governance framework, the web is still very much susceptible to irrational behavior and mob rule.
With that, one analogy worth pursuing here is that describing data today as the world’s new oil. Assuming this perspective is accurate, people would do well to remember that they always have a choice when handling information. They can either use it to establish and drive new relationships and new economies for a more inclusive future, or they can pour it down and fuel the destructive flame now consuming the globe with so much vitriol and hate.
I hope we all choose the first, or at least enough of us do.
Jamael Jacob (@jamjacob) is a lawyer specializing in the field of law, ICT, and human rights. He is currently the Director of the University Data Protection Office of the Ateneo de Manila University, and Policy and Legal Advisor to the Foundation for Media Alternatives. The views expressed herein do not necessarily represent or reflect the views of the organizations he is currently affiliated with.