The Jakarta Post
The use of online platforms by individuals and enterprises is increasing rapidly in Indonesia, a country where around 40 percent of the population owns smartphones and which is en route to becoming Southeast Asia’s largest digital economy. Vast amounts of personal and corporate data and digital behavior have been pulled by online platforms for various uses, and, in some cases, misuses. Unfortunately, protection against data misuse remains particularly weak in Indonesia, which has yet to create a strong legal umbrella for data protection and cybersecurity.
Tens of millions of Lion Air Group customers affected by a leak of passport details that hit headlines this week is just one of many breaches of user data — one too many. Enterprises that manage consumers’ data, from airlines to financial service providers and from transportation companies to social media, must have greater accountability in the way they handle consumer data, including what they use the data for. Efforts must go beyond the investigation of data-related incidents toward protecting the data from further leaks or misuse and full disclosure of customer rights over their data in the process.
Enterprises, digital platforms, cloud providers, data centers and whichever other parties are in charge of user data should invest more in consumer data protection, including in highly reliable and secure cloud services and data centers and in raising public awareness about how their data will be managed through simpler terms and conditions. Digital platforms that manage personal and enterprise data have long argued that, so long as users “accept” the terms and conditions, they should understand all the risks (and benefits via personalized advertisements and references). This should not create impunity for electronic system providers. This is where the government must step in to better protect citizens’ data.
Indonesia has yet to join the club of nations from Brazil to China and India that have issued stringent regulations on personal data protection, modeled on the European Union General Data Protection Regulation (GDPR), which protects citizens from privacy and data breaches regardless of where the data is processed and which recognizes citizens’ “right to be forgotten”, so users can ask for data erasure and delisting from digital platforms and search engines.
The government, through the Communications and Information Ministry, has drafted a bill on personal data protection that adopts some of the tough stipulations inspired by the EU GDPR. The ministry plans to insert crucial data protection articles, including on the right to be forgotten, into a draft for the revision of the 2012 government regulation on electronic systems and transaction management.
It is high time to speed up deliberation of the bills and regulations to better protect Indonesians’ data wherever they are stored and managed. Lessons from around the world abound regarding regulatory frameworks to protect personal data. Consumers should participate in the discussion and become more aware of the repercussions of their online activities. The regulatory framework should ensure punishment and clear accountability mechanisms for those handling user data in the upcoming laws and regulations to end impunity for data leaks.