TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Lawmakers, businesses at loggerheads over regulation of anonymized data
Businesses that manage large quantities of personal data have asked the House of Representatives not to regulate anonymized data in the personal data protection bill, saying that it could hamper their business development.
Change text size
Gift Premium Articles
to Anyone
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
Data matters: A salesgirl holds up her mobile phone to show a home loan app on her screen during a property expo in Plaza Mandiri, South Jakarta, on Feb. 20. The government has proposed a bill on data protection in response to many reports of the misuse and theft of customer data. (JP/Dhoni Setiawan)
B
usinesses that manage large quantities of the public’s data have asked the House of Representatives not to regulate anonymized data in the personal data protection bill, saying that it could hamper their business development.
The businesses — grouped under the Indonesian Hospital Association (PERSI), Indonesian E-Commerce Association (iDEA), the Association of Indonesian Financial Technology (Aftech) and the US-ASEAN Business Council (USABC) — expressed their concerns in a hearing about the bill with House Commission I overseeing defense, foreign affairs, information and intelligence on Monday.
"We must distinguish aggregate data and individual data. Aggregate data is unidentified, unlike individual data. Unidentified data should be excluded from this regulation,” Bima Laga of the IdeA said.
Budi Sampurna of the PERSI echoed Bima’s sentiments, saying that hospitals normally classed anonymized behavioral data of their patients as non-personal data.
He added that all patient personal data should be considered confidential, which could not be transmitted or opened without the patient's consent, except in certain circumstances.
Lawmakers questioned the businesses' arguments for excluding anonymized data from the bill, saying that companies should get the data holders’ permission to use it in creating behavioral profiles.
"We understand the businesses' concern, but for me, whatever the purposes are, they should have the owner’s consent," Charles Honoris of the Indonesian Democratic Party of Struggle (PDI-P) said.
Fellow PDI-P lawmaker Bobby Adhityo Rizaldi agreed, saying one of the bill’s objectives was to regulate encrypted and anonymized behavioral data as well as administrative data.
"That’s the main objective of this bill. Not regulating it means the bill would be totally different from what we’re expecting," he said.
The European Union’s General Data Protection Regulation (GDPR) considers pseudonymous or encrypted data as a part of personal data as it can be used to re-identify a person.
However, personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data, and for data to be truly anonymized, the anonymization must be irreversible.
The House aims to complete deliberation on the bill by October 2020.
In addition to data pseudonymization and anonymization, several issues remain up for debate. Critics have warned of the potential for abuse of power due to the unequal sanctions for personal data misuse conducted by the government, private sector and the public.
The bill also does not include clear provisions on the establishment of an independent data protection authority to monitor and analyze the use of personal data in the proposed bill.
