The Jakarta Post
Both the Indonesian government and digital platform companies such as Gojek and Google have agreed that more dialogue between the public and private sectors was needed to ensure that the personal data protection bill, which is currently under deliberation at the House of Representatives, be passed into a comprehensive, effective and enforceable law.
Decacorn Gojek’s chief of public policy and government relations Shinto Nugroho said such discussion was important as, in addition to protecting citizen's data, the law was expected to provide stimulus instead of being an impediment to start-ups and micro, small and medium enterprises (MSMEs).
“Data protection law will have a pivotal role for the digital economy growth in the country, let’s not make the law be another burden for MSMEs. This can only be achieved by communicating and coordinating with businesses, NGOs and academics,” said Shinto during a public webinar, JakPost UpClose, held by The Jakarta Post on Thursday.
Special advisor to Communication and Information Minister, Dedy Permadi, said that opposing views regarding how data protection should be accomplished might emerge between parties. “Thus, the ministry is calling on all participating stakeholders to join hands in bridging these gaps by intensifying dialogues,” he said.
To date, Indonesia has no specific law that comprehensively stipulates personal data protection. Regulation on data protection is rather scattered across at least 33 different laws, said Institute for Policy Research and Advocacy (ELSAM) researcher Wahyudi Djafar.
Indonesia is home to 175.4 million internet users as of January 2020, but digital literacy, including awareness of online safety, is relatively low. The Global World Digital Competitiveness Index, which includes digital literacy among other indicators, ranked Indonesia 56th out of 63 countries in 2019, far below Singapore and Malaysia, which were ranked 2nd and 26th respectively.
In a world where simply having an email account could expose an internet user to cybercrime, data protection law is increasingly urgent.
Carmela Acevedo, a senior software engineer at Google, said that Google provided users with easy to understand privacy and data protection. “Many malware and phishing attacks actually start with an email. So Gmail protects you from spam, phishing and malware better than any other email service,” she said. “Also we have blocked billions and billions of bad ads. On average we block 100 ads per second,” she went on.
The personal data protection bill, the draft of which has been undergoing an assessment by the ministry since 2014, is becoming more essential now than ever, with the COVID-19 pandemic serving as a catalyst for digital adoption including in Indonesia.
The House aims to conclude the deliberation of the bill by October this year, according to legislator Bobby Adhityo Rizaldi recently as quoted by kompas.com.
Dedy said the draft of the bill had adopted several principles and aspects of the European Union’s General Data Protection Regulation (GDPR). “The ‘Indonesian GDPR’ also focuses on five main areas, namely data collection, data processing, data security, data breach and the right to be forgotten [a right for individuals to have personal data erased],” he said.
However, Shinto said that several concepts such as the concept of “specific personal data” and “explicit consent” mentioned in the draft were still not aligned with international practices and needed to be reconsidered.
She also reminded the lawmakers to consider different business models and sizes when drafting the law to create flexibility while ensuring robust data protection.
Wahyudi, meanwhile, mentioned several problems that ELSAM had found in the bill and submitted to the House. Among the most pressing problems, Wahyudi said, were the absence of a data protection authority, a lack of clarity on the obligation of the data controller and data processor and the tendency for criminalization through the formulation of criminal sanctions.
“An independent authority to monitor data protection is important. We also recommend the House revoke criminal sanctions [in the data protection bill] and rather optimize the use of the Electronic Information and Transactions (ITE) Law to act against cybercrime,” he said.