The Jakarta Post
As information technology use appears to have no limits, personal data protection is becoming a cause for concern in many countries, including Indonesia. Thanks to the rapid advancement of technology, personal data gathered by banks, telecommunication providers, social media platforms and online shops is now more vulnerable to unauthorized use or careless processing than ever before and could inflict enormous losses.
When surfing or making transactions online, people might not be aware of the risks of submitting their personal data. Worse, they cannot do much, because the existing legal instrument is not adequate to defend them when unauthorized use occurs. The misuse of credit card data in telemarketing, for example, is commonplace without any legal consequences.
Many online platforms have been accused of sharing personal data with other parties without the owners’ consent. This includes access to private messages. Even though a giant social media platform like Facebook has denied these allegations, it simply shows how vulnerable our data is to unauthorized, if not illicit, use.
In Indonesia, the most widespread misuse of personal data often occurs in the financial technology industry. As reported in the media, a number of online lending platforms or peer-to-peer (P2P) lending companies used an application to access and retrieve contact numbers from debtors’ mobile phones. The online platforms used these personal contacts to humiliate borrowers if they defaulted on their debt.
At present, personal data protection is only governed under Communications and Information Ministerial Regulation No. 20/2016. However, this regulation is considered inadequate to address the growing use of personal data especially on social media, online market places and financial platforms.
It is good to hear that the ministry, representing the government, has submitted a bill on personal data protection for deliberation at the House of Representatives this year. However, because lawmakers are busy with preparations for the legislative and presidential elections in April, the deliberation of the much-needed bill will not start anytime soon.
Given the urgency, it is necessary for the House to prioritize it. The state’s role matters in line with its constitutional mandate to protect citizens’ fundamental rights and freedoms related to personal data.
The bill might replicate the European Union’s General Data Protection Regulation, which includes a provision about data subjects’ right to ask for data removal or “the right to be forgotten”.
Unlike the prevailing regulation — which limits personal data to sensitive information such as identity, financial and medical information — the bill will have a wider scope that will include email addresses, identification card numbers, location data on phones and even political views. Once in force, the law will shield us from any attempt to misuse our data for financial gain and other purposes.
Beyond the legal protection, educating citizens and providing them with new knowledge and best practices to protect their own personal data, especially when sharing them with other parties, is a role the government must also play.