TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
House pushes govt to form data protection agency
Change text size
Gift Premium Articles
to Anyone
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
Indonesia has yet to join the club of nations from Brazil to China and India that have issued stringent regulations on personal data protection, modeled on the European Union General Data Protection Regulation (GDPR). (Shutterstock/PopTika)
H
ouse of Representatives Commission I overseeing information and intelligence is pushing the government to accelerate the establishment of an oversight agency as mandated in the new Personal Data Protection Law, following a recent series of data breaches.
Lawmakers from the data breach committee held on Monday a meeting with the Communications and Information Ministry and the National Cyber and Encryption Agency (BSSN) to hear how they are building the ecosystem to protect private data from cyber-attacks following the privacy law’s enactment late last year.
The Personal Data Protection Law, the first-ever comprehensive legislation in Indonesia, mandates the government to establish the agency through a presidential regulation. The agency, which will answer to the President, will oversee data protection in the country and impose administrative sanctions and non-judicial fines on data controllers or processors that breach the rights of “data subjects”.
“We expect the drafting of the presidential regulation [by the government] on the oversight agency will be completed this year,” Commission I chairman Abdul Kharis Alamsyari said while reading out the conclusion of the hearing.
The privacy law grants citizens more control over their personal information online and seeks to spur cyber-security improvements by requiring data controllers and processors to ensure the rights of data subjects and the security of their data, including by setting up firewalls and encryption systems. The law, however, gives data handlers two years to build their security systems, and the data protection oversight agency that it calls for to administer sanctions and fines has not been established to date.
Read also: House passes long-awaited privacy bill
The law outlines two categories of sanctions. The first is administrative and includes operating suspensions and non-judicial fines for offending data handlers in both the public and private sector. The fines can amount to 2 percent of the annual revenue of the non-compliant data controller or processor. The second category, criminal penalties, is for individuals and companies that are found guilty by a court of illegally collecting, using, selling or publicizing personal data. The penalties may include prison time.
