Disclaimer: This article is for informational purposes only and does not constitute financial advice. BitPinas has no commercial relationship with any mentioned entity unless otherwise stated.
📬 Get the biggest crypto stories in the Philippines and Southeast Asia every week — subscribe to the BitPinas Newsletter.
In an era where digital infrastructure underpins everything—from identity and finance to government systems—data privacy is no longer just a legal checkbox; it’s a core design principle. The Data Privacy Act of 2012 (Republic Act No. 10173) laid the groundwork for protecting the rights of individuals in the digital age. But as we embrace blockchain for transparency and decentralization, how can we reconcile the immutable nature of ledgers with the need to uphold privacy rights?
Through privacy-preserving technologies and mindful architecture, the two can not only coexist—but complement each other.
Paul Soliman is the Founder and CEO/CTO of Hacktiv Colab Inc. and Chairman and Group CEO of BayaniChain, where he leads initiatives in blockchain, enterprise tech, and digital nation-building. He also serves as CTO of Blockfy, driving innovation in decentralized finance solutions in the Philippines.
⚖️ Understanding the Law: A Quick Look at the Data Privacy Act of 2012
The law grants individuals full control over their personal data through rights such as:
- Right to be informed about data collection and its use
- Right to access their personal data
- Right to object to processing
- Right to rectify inaccuracies or request deletion
- Right to data portability
- Right to file complaints with the regulatory body
- Right to damages for unlawful processing
These rights are enshrined in Sections 16 to 21 of the Act and serve as a baseline for digital trust.
⛓️ The Blockchain Dilemma: Transparency vs. Privacy
Blockchains are inherently transparent and immutable—features that directly conflict with some of the rights outlined in the Data Privacy Act, like the right to erasure and correction. But in systems designed for public accountability, this transparency is vital.
The challenge, therefore, is not whether to use blockchain, but how to use it responsibly.
🔐 Privacy-Preserving Blockchain: Bridging the Gap
Modern blockchain design patterns allow us to embed data privacy principles at the protocol level. Here’s how each Data Privacy Act right maps to privacy-preserving blockchain features:
| DPA Right | Blockchain Strategy |
| Be Informed | Show user-friendly consent interfaces powered by smart contracts and logs. |
| Access Data | Use secure APIs or wallets to let users view off-chain data anchored by on-chain hashes. |
| Object to Processing | Build opt-out switches controlled by the user’s private keys or identity. |
| Rectify/Erase | Apply “effective deletion” via encryption key removal or off-chain mutable pointers. |
| Portability | Implement self-sovereign identity and interoperable data formats (e.g., JSON + encryption). |
| File Complaints | Maintain immutable, timestamped audit logs on-chain, and expose them through regulator dashboards. |
🧠 A Sample Architecture: Privacy-Aware Blockchain Layers
A well-designed privacy-preserving blockchain could include:
- Immutable Anchoring Layer: Stores hashes of transactions and user actions for audit
- Data Classifier Module: Filters what should be public or private, based on legitimate purpose and proportionality
- Encrypted Data Layer: Enables computation over sensitive data using encryption techniques
- Secure Retrieval Layer: Allows fast, private access to records while maintaining strong access control
Through this layered approach, privacy becomes programmable.
🛠 Building Privacy-First Systems for Public Use
For blockchain platforms that interact with sensitive or government-regulated data, here are core recommendations to align with the Data Privacy Act:
- Anchor only hashes or proofs on-chain—never raw data
- Implement key-based deletion to simulate the “right to be forgotten”
- Build a Privacy Dashboard so users can access, correct, or revoke consent
- Appoint a Data Protection Officer (DPO) or delegate this function internally for compliance
- Log all access events immutably for regulatory auditability
🔄 Transparency and Privacy Are Not Opposites
Transparency builds trust in systems. Privacy builds trust in people. Both are essential pillars of digital governance.
The narrative that blockchain and data privacy are in conflict is outdated. With modern cryptography—zero-knowledge proofs, homomorphic encryption, selective disclosure—we can build systems that honor the individual while protecting the collective.
This is how we move forward—not by choosing one over the other, but by designing both into the core of our systems.
This Op-Ed is published on BitPinas: Privacy by Design: How the Data Privacy Act of 2012 Aligns with Blockchain
What else is happening in Crypto Philippines and beyond?
