TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Data protection bill, the human rights perspective
The government and law makers must incorporate human rights into deliberation of personal data protection bill.
Change Size
Indonesia has yet to join the club of nations from Brazil to China and India that have issued stringent regulations on personal data protection, modeled on the European Union General Data Protection Regulation (GDPR), which protects citizens from privacy and data breaches regardless of where the data is processed and which recognizes citizens’ “right to be forgotten”, so users can ask for data erasure and delisting from digital platforms and search engines. (Shutterstock/PopTika)
E
ven at a time when personal data leaks are rampant, the government and the House of Representatives have failed to pass the much-needed personal data protection bill. Deliberation of the bill has been extended five times, but the two remain unable to achieve a meeting of mind regarding the supervisory authority for protecting data privacy.
The government is eager to establish a supervisory authority under the Directorate General of Information Application at the Communications and Information Ministry, while the lawmakers insist on an independent data protection authority, or at least one that directly answers to the President. As a result, the deliberation of the bill has reached deadlock.
There is no doubt that the nation badly needs such legislation. Just recently a suspected data breach of the Indonesia Health Alert Card (e-HAC) system, which put around 1.3 million users’ data at risk, was made known. Previously, the data of around 2 million clients of BRI Life were hacked and advertised online. The list can go on, only to show how vulnerable personal data remains at a time when we are shifting into a digital era.
Sadly, the perpetrators of data breaches have gone unpunished, hence there is no deterrence. One of the obstacles law enforcers are facing is the absence of a specific law on data privacy protection. The legal norm of data privacy has indeed been incorporated into several laws, but its legal substance is too general, partial and sectorial. Indonesia lags far behind, for example, the European Union, which has already enforced such a law.
Due to the rampancy of data breaches, both the government and the House must immediately settle the debate over the supervisory authority. Neither should be shackled by adversarial opinions. An agreement can be reached if the two sides can view the bill from the standpoint of human rights.
The bill states that data privacy protection constitutes a human right. It is therefore reasonable to place the bill within the framework of human rights enforcement, including the supervisory authority of data privacy protection.
From a human rights point of view, data privacy protection refers to Article 12 of the Universal Declaration of Human Rights (1948) and Article 17 of the International Covenant on Civil and Political Rights (1966). These international instruments emphasize two main principles, protection from arbitrary interference and the protection of the law. Accordingly, the right to privacy cannot be interfered with arbitrarily and legal protection of the right to privacy is necessary.
