The Jakarta Post
Judging from the headlines of national media published Wednesday, the meeting between Facebook officials and House of Representatives Commission I, which oversees communication did not end well. Media reports from the meeting said lawmakers were furious with Facebook executives’ nonchalant attitude toward the allegations of data harvesting, while other lawmakers complained about a lack of mea culpa from the social media giant.
The lawmakers certainly relished their moment in the spotlight as there are few occasions in which they have the opportunity to directly speak out against a giant corporation like Facebook. But the truth is, beyond the grandstanding, there is little that the lawmakers can do about Facebook’s handling of personal data from more than 96 million users in Indonesia.
And there is a simple reason for Facebook’s indifferent approach: Indonesia does not have a comprehensive regulation on the protection of online personal information. Ministerial Regulation No. 20/2016 stipulates that there is only a series of administrative penalties for individuals accused of misusing personal data harvested online. The regulation has no stipulation regarding penalties for corporations accused of stealing personal information.
The 2008 Electronic Information and Transactions (ITE) Law, amended in 2016, is so focused on curbing hate speech and hoaxes that it leaves data protection hanging in the balance. The law does not cover personal data protection.
It’s a jungle out there in cyberspace, and unless a relevant authority takes steps toward regulating the sphere, it will continue to be a wild, wild west. Many have argued that as the pace of innovation on the internet is just too fast, crafting regulations on the fly would only result in minor effects. The European Union, however, has shown the way on how to take on internet giants like Facebook.
On Wednesday, following outrage over Cambridge Analytica’s alleged data breach, Facebook began rolling out new privacy choices for its users in the EU. Under the new policy, users will be asked to review and make choices about ads they receive, including whether they want Facebook to use data from third parties. Facebook users will also be asked to review and choose what to share in terms of political, religious and relationship information on their profiles. Users will be allowed to opt in or out of the use of facial recognition technology, and they could be notified when someone uses an unauthorized picture.
The EU experience shows it is possible to take on even the biggest of internet giants, especially when it comes to user data protection. In Indonesia, lawmakers have talked about amending the 2008 ITE Law or even proposing a separate data protection law. Open season should be over soon for Facebook.