On Privacy and Screenshots
If someone publicly posts a screenshot of a private conversation, he/she might be liable under the Data Privacy Act, the Civil Code, and other associated laws.
The DPA penalizes the unauthorized processing of personal information. As defined, processing means:
any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
Posting screenshots does not automatically mean that there was processing personal information. The screenshots should contain personal information such as names, pictures, or any other information that would identify an individual.
Unauthorized, on the other hand, means that it does not meet the criteria for lawful processing under Section 12.
As noted in a previous post, though there is an exception under the DPA for processing personal information for solely personal, family, or household affairs, the general stance is that publicly posting personal information for the world to see would remove the person from such exception.
Note that consent from the persons whose information was disclosed in the private conversation is not the only legal basis for processing under Section 12. There are five other grounds, with legitimate interest being one. Applying the legitimate interest test, does the posting of the screenshots override the fundamental rights and freedoms of the data subjects whose information was disclosed in the private conversation?
Nevertheless, aside from the DPA, it should be noted that Article 32 of the Civil Code expressly penalizes any individual, public or private, from violating the privacy of communication and correspondence of another.
Moreover, the Philippines is a two-party consent state, meaning that parties who secretly record private conversations without the consent of all parties involved in the private conversation may be liable under the Anti-Wiretapping Act.
Finally, under the Cybercrime Prevention Act, access to the whole or part of computer systems without right are also penalized.