Home 5 INSIGHT 5 TECHNOLOGY 5 The Personal Data Protection Regulation in Indonesia (Part 1) : The Progress

The Personal Data Protection Regulation in Indonesia (Part 1) : The Progress

by | April 10, 2022

At the launch of the 2021 Digital Economy Report by the United Nations Conference on Trade and Development (UNCTAD), the Government of Indonesia via the Minister of Communication and Information stated that digital data is very important for the people’s economic sustainability therefore the Government of Indonesia fully focused on enabling cross-border data flows, as it could contribute significantly to the progress of the digital economy.

The concern about the cross-border data flows also emerge in G20. A declaration meeting under the Kingdom of Saudi Arabia’s leadership discusses five main issues: trustworthy artificial intelligence, data-free flow with trust and cross-border data flow, smart cities, measurement of the digital economy, and digital economy security.

There are five propositions from the Government of Indonesia and one of them is about personal data protection. The third proposition is about reciprocity states that data transfer can be carried out if the country of domicile of the personal data controller, personal data processor, or international organization that receives the transfer of personal data has an equal level of protection based on the laws of the country of origin or if there is an international agreement between countries.

As we know, personal data protection is still in the draft since 2020 even though the urgency is considered high due to many data breach cases such as data from the Healthcare and Social Security Agency that was sold in online forums or the case of millions of personal data was non-consensually stolen from Tokopedia, one of the largest e-commerce in Indonesia.

Until the regulation will be formally decided to use, the people only rely on the existing regulation, the Information and Electronic Transaction Law (UU ITE), which is not reliable to cover personal data protection.

The draft of personal data protection in Indonesia basically follows the General Data Protection Regulation (GDPR) law, the golden standard for personal data protection in the world. We will explore more about the GDPR point in the other article and how it is related to the Indonesian Personal Data Protection. But now the question is why the personal data protection law is still in the draft?

The Importance Of Personal Data Protection Law

There is a difference between data security and data privacy. Data security refers to keeping private and sensitive data safe from intrusion, hackers, or malicious insiders while data privacy involves specific approval and notification procedures as well as other regulatory obligations in data management (CIPS Indonesia)

In a simple word, every piece of data that is produced by yourself is owned by yourself which means you can decide what is the purpose of the data processing and have a legal right to request the data. The ownership of data is crucial in this era of 4.0 since the company collects millions of data every day.

If you are curious about what kind of data is collected from an individual, please check this infographic:

It is not only your personal data, the company even accesses your voice data, image library, and your face data for the Artificial Intelligence improvement due to their mission to engage the people in the service.

Are you aware of this activity in your digital life?

Personal data protection’s purpose is clear: we should innovate with awareness of civil rights. I remember a jargon from a computer science week that states ” The future of Artificial Intelligence is Human”. We cannot let the novelty of technology will ruin our humanity but we can reshape the Industri 4.0 in a sustainable way, we can start by avoiding Artificial Intelligence from violating our rights.

The Challenge Of Data Protection Authority

Let’s back to the question, how is the progress of personal data protection law in Indonesia?

There is no problem with the content of the law because the GDPR law could be a benchmark and the Government of Indonesia simply adapt it based on the context. However, the problem is the Government wishes that the data protection authority should be under the Ministry of Information and Communication which causes another challenge.

If the authority of data protection is under the Government of Indonesia, the personal data violation that involved the Government itself will be really hard to investigate, in another word, it is really hard to achieve accountability.

Another challenge is the Indonesian House of Representatives did not have the same opinion about whether the authority should be under the Government or under the independent authority (VOA Indonesia)

These two challenges make the decision of formalizing the law pending from 2020 but look like the law will be discussed once again in 2022 with the agenda to agree on the proposal of authority from the Government of Indonesia.

In the next article, we will explain the personal data protection impact on the development of the system and why this could be a game-changer in innovation because this law forces every innovation to consider the safety of personal data.

Hadi Purnama Jati
Hadi Purnama Jati

Jati graduated his Master’s in ICT in Business and the Public Sector from Leiden University, the Netherlands. He is now currently pursuing his PhD from Leiden University on the topic of data privacy for the VODAN-Africa project.