13/11/2025
๐๐๐ ๐๐๐ ๐๐๐ฅ๐๐จ๐ฆ๐๐ฌ ๐๐ฎ๐ฉ๐ซ๐๐ฆ๐ ๐๐จ๐ฎ๐ซ๐ญ ๐๐๐ง๐๐ฆ๐๐ซ๐ค ๐๐ฎ๐ฅ๐ข๐ง๐ ๐๐ฉ๐ก๐จ๐ฅ๐๐ข๐ง๐ ๐ญ๐ก๐ ๐๐๐ฅ๐ข๐๐ข๐ญ๐ฒ ๐จ๐ ๐ ๐๐ฒ๐๐๐ซ๐๐ซ๐ข๐ฆ๐ ๐๐๐ซ๐ซ๐๐ง๐ญ ๐๐ฌ๐ฌ๐ฎ๐๐ ๐๐ ๐๐ข๐ง๐ฌ๐ญ ๐๐๐ง๐ค
The Supreme Court (SC) has upheld the validity of a Warrant to Disclose Computer Data (WDCD) issued by the Regional Trial Court of San Fernando City, La Union, authorizing the Regional Anti-Cybercrime Unit 1 (RACU 1) to compel a banking institution to release information necessary to identify a suspect involved in an online scam.
In a Decision dated July 29, 2025, penned by Associate Justice Henri Jean Paul B. Hernando, the Supreme Courtโs First Division, chaired by Chief Justice Alexander Gesmundo, denied the Petition for Review on Certiorari under Rule 45 filed by a banking institution against RACU 1, duly represented by the PNP ACG Legal Affairs Division. The petition sought to annul the Warrant to Disclose Computer Data (WDCD) and the subsequent disclosure order arising from a voice phishing or โvishingโ scam complaint filed by a bank customer who lost Php10,000.00 after unknowingly providing his credentials to a scammer posing as a bank employee.
The RACU 1 investigation traced the stolen funds to a Banking Institution account, prompting the application for a WDCD to obtain identifying data of the account holder, including the full name, address, contact information, and submitted identification.
The Bank argued that disclosing such information violated the provisions of RA No. 1405 (Bank Secrecy Law or Secrecy of Bank Deposits Act) and that the RA 10175 (Cybercrime Prevention Act) did not repeal or supersede bank secrecy provisions. The bank further contended that it was not a โservice providerโ under the Cybercrime Prevention Act and was therefore not bound by the WDCD.
The SC rejected these arguments, ruling that the Cybercrime Prevention Act did not repeal the Bank Secrecy Law but may coexist with it, allowing limited disclosures of identifying data in lawful cybercrime investigations.
The SC also ruled that Banks qualify as service providers under the Cybercrime Prevention Act. This is evident in petitioner's array of digital services, including online banking platforms, mobile applications, and automated email notifications. Through these digital platforms, petitioner effectively provides its customers communication channels for various financial activities and customer service operations, also as they process and store customer data through computer systems and online platforms. Moreover, the SC ruled that the WDCD did not violate bank secrecy, as it only required information necessary to establish the identity of the account holder, not access to deposit amounts or transactions.
The Court emphasized that the Cybercrime Prevention Act, Data Privacy Act, and Anti-Financial Account Scamming Act (AFASA) collectively authorize limited data disclosures to law enforcement in cybercrime and fraud investigations, subject to judicial oversight. It held that refusing such cooperation would โundermine the objectives of anti-cybercrime laws and impede the effective prosecution of online financial fraud.โ
Police Brigadier General Bernard R. Yang, Director of the Philippine National Police Anti-Cybercrime Group, congratulates RACU 1 and the Legal Team of the Group for this achievement. He welcomed the SC ruling stating: โThis Supreme Court decision is a major victory in our fight against cyber-enabled financial crimes. It reinforces the authority of the PNP ACG to lawfully obtain necessary information to identify and apprehend cybercriminals, while still upholding citizensโ right to data privacy. We remain steadfast in our commitment to protect the public from online fraud and ensure that justice is served within the bounds of the law.โ
