Atty. Julius Gregory Delgado
SUBSCRIBER IDENTITY MODULE (SIM) REGISTRATION ACT OF 2022
On October 10, 2022, President Ferdinand R. Marcos, Jr. signed into law Republic Act No. 11934, otherwise known as the Subscriber Identity Module (SIM) Registration Act of 2022. Basically, the meat of this new statute, which is found in Section 4 thereof, is that all end-users shall be required to register their SIMs with their PTEs or Public Telecommunication Entities as a pre-requisite to the activation thereof. The law provides that all SIMs to be sold by the PTEs, its agents, resellers, or any entity shall be in a deactivated state and shall only be activated after the end-user completes the process of registration. The law provides for a timeline of one hundred eighty (180) days from effectivity of the Act within which all existing SIM subscribers shall register their cards with their respective PTEs. The law provides that the Department of Information and Communications Technology (DICT) may extend registration for a period of not more than one hundred twenty (120) days. Finally, the law provides that failure to register the existing SIM within the periods prescribed shall result in automatic deactivation of the SIM and may only be reactivated after registration.
Just like the National ID System, many are skeptical and fear that the law may be weaponized to invade their sacred personal spaces ergo people will invoke their right to privacy. The right to privacy is also the right to be left alone. However, there are compelling State interest for government to interfere in this personal or private sphere. Under Section 2 of the law, while State recognizes the vital role of information and communications technology in nation-building, it is equally cognizant that the illegal use of modern technology endangers people’s lives, damages property, poses hazards to public order, and even threatens the security of nations. Finally, the State shall promote responsibility in the use of SIM and provide law enforcement agencies the tools to resolve crimes which involve utilization and a platform to deter the commission of wrongdoings.
With respect to the fear of breach of data, the law ensures that the storage and processing of data based on the registration of SIMs shall adhere to the strictest standards under Republic Act No. 10173, otherwise known as the Data Privacy of 2012. Section 9 of the law (SIM Registration Act) ensures compliance with the Confidentiality Clause. However, disclosure of the full name and address shall be made under the following circumstances: (a) those in compliance with any law obligating the PTEs to disclose information in accordance with Data Privacy Act of 2012; (b) in compliance with a court order or legal process upon finding of probable cause; (c) in compliance with Section 10 hereof; and (d) with the written consent of the subscriber. With regard to item (c), in compliance with Section 10 of the law, it is provided that the PTEs shall be required to provide information obtained in the registration process only upon the issuance of a subpoena by a competent authority pursuant to an investigation based on a sworn complaint that a specific mobile number was or is being used in the commission of a crime or that it was utilized as a means to commit a malicious, fraudulent or unlawful act, and that the complaint is unable to ascertain the identity of the perpetrator.
Hence, the law strikes a balance between the right of the State to prevent criminality or nefarious and fraudulent activities and ensuring that the data privacy is protected. Data can only be processed following the following pillars: legitimate interest, proportionality and transparency.