The Jakarta Post
The data breach involving 91 million users of Indonesian unicorn Tokopedia is extremely disturbing and should prompt the government and digital platforms to do more to protect citizens’ personal data. The alleged online sale of users’ names, e-mail addresses and phone numbers has further exposed the vulnerability of our data and digital transactions.
The shocking revelation comes as citizens are increasingly relying on digital platforms as they are forced to stay home to help curb the spread of the COVID-19 pandemic. New sellers on Tokopedia, for example, have surged by 2.5 times to over 7.8 million during the pandemic.
As demand for online shopping increases, users are well aware of the risks in the digital sphere when they agree to the terms and conditions, but this does not mean digital platforms and the government can evade responsibility.
The digital platform boom, especially of e-commerce sites, calls for stricter security monitoring and enforcement measures both by platforms and the government. Unfortunately, Indonesia has yet to join countries around the world that have issued stringent regulations on personal data protection. A data protection bill, modeled on the European Union’s General Data Protection Regulation, has been in process for years.
Read also: Tokopedia data breach exposes vulnerability of personal data
The surge of digital platforms has given rise to cybercrimes. Hacking of platforms exposes the weaknesses of their systems. In this case Tokopedia and digital platforms facing data breach issues should immediately improve their security systems, notify their users about the state of their data and announce publicly measures to protect user data and accounts. Despite such measures being able to restore public confidence, there has been no official notification by Tokopedia to its customers on its platform regarding the data breach.
The government needs to enforce the rules and conduct an investigation separately from Tokopedia’s internal efforts. Communications and Information Minister Johnny G. Plate did the right thing by immediately summoning Tokopedia to ask about the platform’s response to the data breach.
However, to emerge out of the meeting saying financial-related data is safe based on Tokopedia’s claims does not sound right by any means. Government Regulation No. 71/2019, Communications and Information Ministerial Regulation No. 20/2016 and the 2006 Population Administration Law protect people’s rights to their personal data.
The government and law enforcement agencies need to conduct a thorough investigation into data breaches in digital platforms and punish those responsible. The government also needs to push digital platforms to notify all users whose data have been breached and to double their efforts to improve the security of their platforms.
Learning from a series of data breaches, it is high time that Indonesia enacted a personal data protection law that protects citizens’ data and privacy, acknowledges the right to be forgotten and punishes individuals and institutions that commit data misuse and theft. In the absence of stronger and more comprehensive data-protection legislation, the government and digital platforms must do more against data breaches.
Resuming deliberations of the data protection bill is one way but for the time being, digital platforms have to constantly develop and improve their security systems. The government must enforce existing rules and take stern action against those who breach, leak or mishandle citizens’ personal data.