G.R. No. 202666 - Vivares vs. St. Theresa's College

Case Summary (G.R. No. 202666)

Factual Background

Two minor students, Julia and Julienne, were among several senior high school students who took digital pictures of themselves in their undergarments at a beach party in January 2012. Those pictures were uploaded to a Facebook account maintained by a co-student, Angela. A computer teacher at St. Theresas College, Mylene Rheza T. Escudero, learned from her students that photos of seniors wearing brassieres had been posted, and her students showed her such images by logging into their own Facebook accounts at the school computer laboratory. The school conducted an investigation and imposed disciplinary sanctions, including barring the sanctioned students from commencement. A related petition for injunction and damages was filed by Dr. Armenia M. Tan to enjoin the school from imposing the sanction. Petitioners then filed a petition for the writ of habeas data before the RTC alleging invasion of their childrens right to privacy by respondents’ access to, copying of, and disclosure of the disputed digital images.

Trial Court Proceedings

The RTC found the habeas data petition sufficient in form and issued the writ on July 5, 2012, directing respondents to file a verified return. Respondents complied and argued among others that petitioners were not proper parties, that the petition involved forum shopping, that the writ did not lie in the circumstances, and that there was no reasonable expectation of privacy on Facebook. On July 27, 2012, the RTC dismissed the petition for failure to prove an actual or threatened violation of the minors’ right to privacy, finding that the photos had lost privacy protection and that the school gathered the photographs through lawful means for a legitimate disciplinary purpose.

Petitioners’ Contentions

Petitioners asserted that the questioned photographs were taken during a private moment and uploaded under privacy settings that limited access to friends only, thereby creating a reasonable expectation of privacy. They claimed that Escudero intruded into the minors’ Facebook accounts, saved copies of the photos using the school’s computers, and broadcasted them by including the images in a memorandum submitted in Civil Case No. CEB-38594. Petitioners prayed for issuance of the writ, for respondents to surrender all soft and printed copies of the subject data, and for a declaration that the accessed and disseminated images were illegally obtained in violation of the minors’ right to privacy.

Respondents’ Contentions

Respondents maintained that petitioners lacked proper standing, that the petition was an exercise in forum shopping, and that the facts did not warrant a habeas data remedy. They further contended that the photos were viewable by the students’ Facebook friends or the public, that no unlawful means were used to obtain the images because students with legitimate access showed the photos to school officials, and that attaching the photographs to a memorandum in Civil Case No. CEB-38594 did not amount to an unlawful broadcast or reproduction.

Issues Presented

The controlling issue was whether petitioners had demonstrated an actual or threatened violation of the right to privacy in life, liberty, or security sufficient to warrant the extraordinary and summary remedy of the writ of habeas data under A.M. No. 08-1-16-SC. Subsidiary questions included whether the writ extends beyond cases of extralegal killings and enforced disappearances, whether a private educational institution may be a proper subject of the writ when it gathers or receives data, and whether the minors manifested a protected expectation of informational privacy in their Facebook activity.

Legal Standard for the Writ of Habeas Data

The Court reiterated that the writ of habeas data is available to any person whose right to privacy in life, liberty or security is violated or threatened by an unlawful act or omission of a public official or employee, or of a private individual or entity engaged in the gathering, collecting or storing of data or information regarding the person, family, home and correspondence of the aggrieved party (Section 1). The writ is an independent and summary remedy to protect informational privacy and to correct unlawful collection or use of personal data. The petitioner must show a nexus between the alleged invasion of informational privacy and the right to life, liberty, or security and must establish by at least substantial evidence an actual or threatened violation to obtain relief. The Court relied on prior decisions including Gamboa v. Chan and Roxas v. Macapagal-Arroyo for these principles.

Scope of the Writ and Respondent’s Status

The Court rejected the contention that the writ applies only to cases of extralegal killings and enforced disappearances, citing Section 2 of the Rule and the explanatory annotations which treat habeas data as a remedy to enforce the right to informational privacy beyond those particular contexts. The Court further held that a private person or entity need not be in the business of data collection to fall within the Rule; engaging in the gathering, collecting or storing of data is sufficient whether undertaken as a commercial activity or otherwise. Consequently, a school that receives, accesses, or stores personal data may be a proper respondent where unlawful acts or omissions are shown.

The Right to Informational Privacy on Facebook

The Court analyzed the nature and mechanics of online social networks, notably Facebook, and described the privacy tools that permit users to set varying levels of visibility for posts and images (Public, Friends of Friends, Friends, Custom, Only Me). The Court recognized that users may retain a right to informational privacy in OSN activities when they manifest an intention to limit disclosure by employing such privacy tools. The invocation and exercise of privacy settings on an OSN is the cyberspace analogue of a user’s assertion of a zone of informational privacy. The Court cited comparative jurisprudence, including H v. W, and commentary to underscore that technological and social realities require the law to accommodate evolving expectations of privacy online.

Application to the Evidence

Applying those standards, the Court found that petitioners failed to prove that the minors placed the disputed photographs within a protected zone of privacy. The trial record contained no corroboration that the photos were visible only to “the five of them” as claimed by the minors. Escudero averred that her students, who were Facebook friends of the minors, showed her the photos by logging into their own accounts, and that at times the photos had been public. The Court treated the minors’ testimony as self-serving and gave it little weight in the absence of supporting evidence. Given Facebook’s default Public setting and the technological features that permit friends to share or tag others, the Court concluded that the record did not establish that the images were confined to a protected, private audie

Case Syllabus (G.R. No. 202666)

Parties and Procedural Posture

Rhonda Ave S. Vivares and Sps. Margarita and David Suzara filed a petition for review on certiorari under Rule 45 from the dismissal of their habeas data petition by the Regional Trial Court, Branch 14, Cebu City in SP. Proc. No. 19251-CEB.
St. Theresas College, Mylene Rheza T. Escudero, and John Does were respondents in the habeas data proceeding before the RTC.
The petition invoked Section 19 of A.M. No. 08-1-16-SC as the Supreme Court appeal route from the RTC decision dismissing the habeas data petition.
A related civil action, Civil Case No. CEB-38594, was filed by Dr. Armenia M. Tan on behalf of her minor child and resulted in the submission of the contested photographs to the RTC in a memorandum by respondents.

Key Facts

Two minors, Julia and Julienne, were graduating students of St. Theresas College who, before a beach party, took digital photographs of themselves in undergarments that were later uploaded to Facebook by Angela Lindsay Tan.
A computer teacher, Mylene Rheza T. Escudero, learned from students that senior students had posted photos showing brassieres and was shown such photos by her students using their personal Facebook accounts on school computers.
The students who showed the photos informed Escudero that some photos had at times been accessible to the public and showed other images of the minors drinking and smoking.
St. Theresas College investigated and found the students to have breached the Student Handbook and imposed sanctions including barring them from commencement exercises.
Petitioners alleged that respondents accessed the minors' Facebook accounts, copied and reproduced the photos at the school's computer laboratory, and broadcasted them by attaching them to a memorandum filed in Civil Case No. CEB-38594.

Procedural History

The RTC issued a writ of habeas data on July 5, 2012 and directed respondents to file a verified written return.
Respondents filed a verified return asserting improper parties, forum shopping, inapplicability of the writ, and lack of a reasonable expectation of privacy on Facebook.
The RTC rendered judgment on July 27, 2012 dismissing the habeas data petition and admonishing confidentiality.
Petitioners elevated the case to the Supreme Court by way of a petition for review on certiorari under Rule 45.

Issues Presented

Whether a writ of habeas data should issue under the factual circumstances of this case.
Whether petitioners proved an actual or threatened violation of the minors' right to privacy in life, liberty or security as required for habeas data relief.
Whether the writ of habeas data is confined to cases of extralegal killings and enforced disappearances.
Whether a private entity not engaged in the business of data collection may be subject to a habeas data petition.

Statutory and Doctrinal Framework

Section 1 and Section 2 of A.M. No. 08-1-16-SC define the scope of the writ of habeas data and who may file such a petition.
The writ is an independent and summary remedy to protect the right to informational privacy, image, honor, and freedom of information, and to enforce the right to truth.
The writ requires a nexus between an invasion of informational privacy and the rights to life, liberty, or security, and demands proof by substantial evidence of an actual or threatened violation, as explained in Gamboa v. Chan and Roxas v. Macapagal-Arroyo.
The phrase "engaged in the gathering, collecting or storing of data" in the Rule encompasses any person or en