LEGAL MEMORANDUM

To: Atty. Orthello M. Mendoza II

From: Jon Polo A. Alon
Date: April 8, 2019
RE: lawfulness of the global positioning system tracking devices to the
motorcycles of the business of Mr. A.

Issue No.1: Does the act violate the Right to Privacy?

Answer: No, because the motorcycles are used for business purposes only with
the option given to its employees for personal use after office hours.
There is no known law that can be invoked to prohibit the implementation of
this system in Mr.A’s business. Article 26 of the Civil Code1 cannot apply to this case
because a quasi-delict necessitates that there is no pre-existing contractual relation
between the parties, wherein in this case, there exists an employer-employee
relationship bound contractually. Further, Article 723 of the Civil Code 2 cannot also
apply because what this provision punishes is the dissemination of the information
gathered. The information would be merely used by the employer for its own private
business purposes. No where in the facts does it state that such information gathered
in the monitoring scheme of the business will be used wherein it would be to the
knowledge of the public or third persons. As per the Revised Penal Code, there is also
no provision therein that would make Mr.A criminally liable. Under Revised Penal
Code3, only Articles 229, 280, 290, 291, and 292 would correspond to the Right to
Privacy, and none of these provisions would reflect on Mr.A’s business.
Ultimately, this business monitoring scheme is not unlawful unless the
information would be used to the detriment, prejudice, or damage of the employee who
would use the business’ motorcycle.
Issue No.1: Does it violate the Data Privacy Act of 2012?
Answer: No, because the option to use the motorcycles after office hours already
provides implied consent to the incidental aspects of the business’ motorcycle
usage.
Under the Data Privacy Act of 20124:
“The processing of personal information shall be permitted only if not otherwise prohibited by law,
and when at least one of the following conditions exists:
(a) The data subject has given his or her consent”

Even arguing that there is no express consent given, paragraph (d) and (c) of the act
would provide that the information gathered would still be lawful provided that “The
processing is necessary to protect vitally important interests of the data subject,

1
Civil Code, Art. 26
2
Civil Code, Art. 723
3
Revised Penal Code of the Philippines
4
Rep. Act No. 10173(2012), Sec 12
including life and health”5 and that “The processing is necessary for the purposes of
the legitimate interests pursued by the personal information controller or by a third
party or parties to whom the data is disclosed, except where such interests are
overridden by fundamental rights and freedoms of the data subject which require
protection under the Philippine Constitution”6
As such for the business scheme to be considered violative of the Data Privacy Act of
2012, it must not conform to any of the criteria enumerated in Section 12 thereof.

5
Rep. Act No. 10173(2012), Sec 12, Par. d
6
Rep. Act No. 10173(2012), Sec 12, Par. f