According to the 10th Visa Consumer Payment Attitudes Study, more Filipinos are now aware of, interested in, and using cashless and contactless payment solutions. For many, digital accounts now function like an extension of physical wallets. In any case, whether one has partially or wholeheartedly adopted cashless for paying bills and sending cash, the personal information needed for these digital channels passes through different third-party systems every day.
With so much happening behind the scenes, it’s natural to ask questions like, “Is Maya safe for savings?” or “What part of my data actually gets shared?” The reassuring news is that privacy protections in the Philippines have strengthened in recent years, with government offices such as the National Privacy Commission (NPC) pushing for better data governance and transparency across all sectors. Likewise, public awareness about digital security is rising, and new privacy frameworks are forcing companies to meet higher standards than before.
Nevertheless, entrusting personal data is required for cashless transactions and wider participation in the modern financial system. To help you better understand what actually happens to your data, here’s a simple breakdown of what’s commonly shared, what isn’t, and why these boundaries matter.
Why Digital Services Collect Your Data
Online platforms collect information to verify your identity, secure your transactions, and comply with Philippine laws such as the Data Privacy Act of 2012. Identity theft was a threat even in the analog era, and it’s become an even greater danger in today’s digital-centric world. For everyone’s safety, online platforms must verify that you are who you say you are to protect you and other parties from malicious activity.
However, collecting data does not automatically mean it has to be exposed. Legally compliant organizations follow strict rules on when, why, and with whom sensitive information may be shared.
Some Data NEED to Be Shared
To facilitate transactions, some amount of data needs to be shared. However, the process is tightly controlled and usually limited to these specific situations:
1. Required Sharing with Regulators
Digital financial services, whether they’re a bank, fintech company, or some other type of financial service provider, must disclose certain information to authorities like the Bangko Sentral ng Pilipinas (BSP) or anti-money-laundering bodies. These disclosures are intended to help curb illicit transactions and support national security. Additionally, such regulations are designed so that only information relevant to regulatory obligations is shared, and safeguards are in place to keep everything confidential.
Simply put, if you’re looking for a digital bank for your savings, the best move is to go with a BSP-supervised institution like Maya.
2. Sharing with Third-Party Service Providers
To run smoothly, most digital financial services must rely on partners such as cloud providers, IT security firms, payment processors, or SMS/email gateways. These external providers may access only the data needed to perform their tasks, and they are legally obligated to protect that data.
3. Sharing Triggered by User Requests
When you initiate a transaction, such as paying a bill or transferring funds, the system may share part of your data with partner institutions to complete the action. This requires your consent and includes basic information such as your name, account number, or transaction amount.
Responsible Platforms DO NOT Share Your Information
As a rule, entrusted information must only be shared when necessary, and any data not relevant to the actual operation of the service must be restricted. Legitimate platforms will therefore protect the following details:
1. Your Full Identity Profile
Photos and scans of your government IDs, full address, birthdate, and other personal details should remain private unless specifically required for a service you initiated.
2. Passwords, PINs, and Other Security Codes
You may have gotten notifications from your bank or e-wallet provider that they would never share or ask you to reveal your password, PIN, or one-time passwords (OTP). This is because they are restricted by the Data Privacy Act and BSP cybersecurity guidelines. Even if they wanted to, that data would be encrypted by design. It’s safe to assume that anyone who asks for these details, especially through email, social media, or text, is attempting fraud.
3. Your Complete Transaction History
While financial regulators may receive reports of specific transactions for national security reasons, your entire activity log is not shared with outside parties for any reason. Details such as where you shop, to whom you send money, or how often you transact must remain confidential unless you provide explicit consent. Only unethical providers would ever disclose that level of detail without your permission.
4. Your Data for Marketing Without Permission
Speaking of permission, Philippine-based companies cannot sell your information or use it for targeted advertising unless you explicitly agree to it. Users have the right to opt out of marketing communications at any time.
How Do You Know If a Platform Protects Your Data Well
The NPC encourages responsible data handling through scorecards and recognition programs that assess a provider’s commitment to data transparency, data governance, and user empowerment. High-scoring organizations generally do or show the following:
- Regular privacy audits
- Strict data privacy compliance procedures
- Employment of full-time data-protection officers
- Credible employee training on privacy culture and compliance
- Secure systems for storing and handling data
Clear communication with users and customers about their data rights
Digital Privacy Matters More Than You Might Think
Filipino consumers now depend heavily on digital services for everyday tasks, from sending money to family to buying snacks at the neighborhood sari-sari store. Because these services require personal data to function, businesses and everyday users alike should understand the real value of data and why malicious parties will do whatever it takes to get it.
Thanks to improvements in national privacy standards and increased public awareness, Filipino consumers are now a little more knowledgeable of what actually happens to their data when it’s shared with online platforms. However, there’s still much work to be done, and we should also take care to educate seniors, young children, and everyone else who remains vulnerable to scams and data mining. Hopefully, we will come to a point where no one falls prey to scams, identity theft, or other forms of digital exploitation.
