The idea for the bill was proposed by the government of president Susilo Bambang Yudhoyono back in 2006 and the draft has been in the works at the Communications and Information Ministry since 2014.

The bill is intended to create consolidated legislation for data protection, which is currently spread out over 30 different laws, including the 2013 Citizenship Administration Law and the 2016 Electronic Information and Transactions (ITE) Law.

“This comprehensive data protection regulation is an important step toward addressing the rampant misuse of personal data,” Institute for Policy Research and Advocacy (Elsam) Wahyudi Djafar said at a recent discussion on the bill.

He cited several recent incidents that demonstrated the need for such a law, such as the revelation that bank customers’ personal data had been sold to credit card salespeople, the misuse of users’ contact lists by online peer-to-peer lending applications, as well as numerous instances of doxxing.

“The government should quickly wrap up its internal process and hand over the bill to the House of Representatives so that the House can deliberate and pass it within the 2014-2019 legislative period.”

Wahyudi added that Indonesia was lagging behind other Southeast Asian countries in passing a data protection law, with Malaysia passing one in 2010, Singapore in 2011, Philippines in 2013, Laos in 2017, and most recently Thailand in March 2019.

He said a data protection law was also necessary for Indonesia to participate in international trade agreements as preferential trading areas, regional comprehensive economic partnerships and comprehensive economic partnership agreements that encompass the digital economy require comprehensive data protection laws.

The implementation of the European Union’s General Data Protection Regulation (GDPR), which has been binding since May 2018, has also increased the urgency for such a law.

The Communications and Information Ministry’s director general of information applications, Semuel Abrijani Pangerapan, who was also at the discussion, agreed with Wahyudi on the need to pass the law soon.

“In this digital era, data is constantly being exchanged, so data exchange governance is very important,” he said.

Semuel said the ministry had completed the draft for the bill and had already requested President Joko “Jokowi” Widodo to issue a presidential letter [Surpres] to hand the bill over to the House for deliberation.

“We have already had several informal meetings with House Commission I, which oversees communication and information, and they are also hoping to pass it before their term ends in Sept. 30.”

The bill details several data privacy violations that will be punishable through damages and fines in civil courts, which are aimed at encouraging large corporations to take better care of customers’ personal data.

But Semuel said that increasing public awareness about the importance of data protection was needed in order for the law to be effective, as many of the violations are based on customer consent, i.e. whether or not the customer agrees to allow the data to be used for a particular purpose.

“If the public are not educated, and are not critical about what information they give out, and freely allow their data to be used, then the bill will not be able to help,” he said.

Sih Yuliana Wahyuningtyas, a business law lecturer at Atmajaya University, said that while the public should become “prosumers,” companies should also be more consumer-friendly by creating “protection by design.”

Wahyudi agreed, saying that changing the default settings and increasing the options available to consumers would help to improve the public’s understanding of data protection.

Popular

RI, Australia strengthen partnership on taxing crypto assets

Analysis: Indonesia denies normalization with Israel to enter OECD

Citroen to produce electric cars in Indonesia