TheJakartaPost

Please Update your browser

Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.

Jakarta Post

Lawmakers, businesses at loggerheads over regulation of anonymized data

  • Ghina Ghaliya
    Ghina Ghaliya

    The Jakarta Post

Jakarta   /   Wed, July 8, 2020   /   02:30 pm
Lawmakers, businesses at loggerheads over regulation of anonymized data Data matters: A salesgirl holds up her mobile phone to show a home loan app on her screen during a property expo in Plaza Mandiri, South Jakarta, on Feb. 20. The government has proposed a bill on data protection in response to many reports of the misuse and theft of customer data. (JP/Dhoni Setiawan)

Businesses that manage large quantities of the public’s data have asked the House of Representatives not to regulate anonymized data in the personal data protection bill, saying that it could hamper their business development.

The businesses — grouped under the Indonesian Hospital Association (PERSI), Indonesian E-Commerce Association (iDEA), the Association of Indonesian Financial Technology (Aftech) and the US-ASEAN Business Council (USABC) — expressed their concerns in a hearing about the bill with House Commission I overseeing defense, foreign affairs, information and intelligence on Monday.

"We must distinguish aggregate data and individual data. Aggregate data is unidentified, unlike individual data. Unidentified data should be excluded from this regulation,” Bima Laga of the IdeA said.

Budi Sampurna of the PERSI echoed Bima’s sentiments, saying that hospitals normally classed anonymized behavioral data of their patients as non-personal data.

He added that all patient personal data should be considered confidential, which could not be transmitted or opened without the patient's consent, except in certain circumstances.
    
Lawmakers questioned the businesses' arguments for excluding anonymized data from the bill, saying that companies should get the data holders’ permission to use it in creating behavioral profiles.

"We understand the businesses' concern, but for me, whatever the purposes are, they should have the owner’s consent," Charles Honoris of the Indonesian Democratic Party of Struggle (PDI-P) said.

Fellow PDI-P lawmaker Bobby Adhityo Rizaldi agreed, saying one of the bill’s objectives was to regulate encrypted and anonymized behavioral data as well as administrative data.

"That’s the main objective of this bill. Not regulating it means the bill would be totally different from what we’re expecting," he said.

The European Union’s General Data Protection Regulation (GDPR) considers pseudonymous or encrypted data as a part of personal data as it can be used to re-identify a person.

However, personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data, and for data to be truly anonymized, the anonymization must be irreversible.

The House aims to complete deliberation on the bill by October 2020.

In addition to data pseudonymization and anonymization, several issues remain up for debate. Critics have warned of the potential for abuse of power due to the unequal sanctions for personal data misuse conducted by the government, private sector and the public.

The bill also does not include clear provisions on the establishment of an independent data protection authority to monitor and analyze the use of personal data in the proposed bill.