The Cybercrime Prevention Act of 2012 is the first law in the Philippines which specifically criminalizes computer crime, which prior to the passage of the law had no strong legal precedent in Philippine jurisprudence. While laws such as the Electronic Commerce Act of 2000 (Republic Act No. 8792 regulated certain computer-related activities, these laws did not provide a legal basis for criminalizing crimes committed on a computer in general: for example, Onel de Guzman, the computer programmer charged with purportedly writing the ILOVEYOU computer worm, was ultimately not prosecuted by Philippine authorities due to a lack of legal basis for him to be charged under existing Philippine laws at the time of his arrest.
The Cybercrime Prevention Act of 2012, officially recorded as Republic Act No. 10175, is a law in the Philippines approved on 12 September 2012. It aims to address legal issues concerning online interactions and the Internet in the Philippines.
Among the cybercrime offenses included in the bill are cybersquatting, cybersex, child pornography, identity theft, illegal access to data and libel.
The Act, divided into 31 sections split across eight chapters, criminalizes several types of offenses, including illegal access (hacking), data interference, device misuse, cybersquatting, computer-related offenses such as computer fraud, content-related offenses such as cybersex and spam, and other offenses. The law also reaffirms existing laws against child pornography, an offense under Republic Act No. 9779 (the Anti-Child Pornography Act of 2009), and libel, an offense under Section 355 of the Revised Penal Code of the Philippines, also criminalizing them when committed using a computer system. Finally, the Act provides for a “catch-all” clause, wherein all offenses currently punishable under the Revised Penal Code are likewise punishable under the Act when committed using a computer, with corresponding stricter penalties than if the crimes were punishable under the Revised Penal Code alone.
The Act has universal jurisdiction: its provisions apply to all Filipino nationals regardless of the place of commission. Jurisdiction also lies when a punishable act is either committed within the Philippines, whether the erring device is wholly or partly situated in the Philippines, or whether damage was done to any natural or juridical person who at the time of commission was within the Philippines. Regional Trial Courts shall have jurisdiction over cases involving violations of the Act. A takedown clause is included in the Act, empowering the Department of Justice to restrict and/or demand the removal of content found to be contrary to the provisions of the Act, without the need for a court order. This provision, originally not included in earlier iterations of the Act as it was being deliberated through Congress, was inserted during Senate deliberations on May 31, 2012. Complementary to the takedown clause is a clause mandating the retention of data on computer servers for six months after the date of transaction, which may be extended for another six months should law enforcement authorities request it.
The Act also mandates the National Bureau of Investigation and the Philippine National Police to organize a cybercrime unit, staffed by special investigators whose responsibility will be to exclusively handle cases pertaining to violations of the Act, under the supervision of the Department of Justice. The unit is empowered to, among others, collect real-time traffic data from Internet service providers with due cause, require the disclosure of computer data within 72 hours after receipt of a court warrant from a service provider, and conduct searches and seizures of computer data and equipment. It also mandates the establishment of special “cybercrime courts” which will handle cases involving cybercrime offenses (offenses enumerated in Section 4(a) of the Act)