TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Between cyber sovereignty and cross-border data flow
Blindly pursuing cyber sovereignty through policies like data localization may create excessive barriers to cross-border data flow that, in the end, could negatively impact growth.
Change Size
Cyber society: As access to the internet grows fast worldwide, including in Indonesia, security has become a global concern. Government control over the internet in the name of security, however, has proven to be counterproductive. (JP/Arif Suhardiman)
T
he dilemma between the liberalization and protection of resources has been going on for a long time, especially in developing economies like Indonesia. In the digital era, a similar debate is also going on regarding the lifeblood of the digital economy: Data.
The nature of the debate between the traditional flow of goods and services and the flow of data is somewhat similar. Developing countries with abundant natural resources, for example, tend to restrict the extraction of raw materials by foreign companies for fear that the economic benefits from merely selling raw resources may not be worth the long-term damage from environmental degradation and underdeveloped domestic technologies in resource processing.
As such, policies like the domestic market obligation, local content requirements and domestic processing are applied to sectors like the mining and energy sector.
Data is also a powerful resource that can be processed to understand user behavior and preferences. With the right processing, technology companies can use data to provide services deemed valuable by digital consumers. However, data misuse is also a risk that can lead to manipulating behavior and attitudes that are damaging not only to users, but also to the state.
As a highly valuable resource, governments have an incentive to maintain sovereignty over its data through policies that may appear as barriers to cross-border data flow. Content and data localization, for example, oblige foreign companies to store or process their data locally and refrain from transferring the data offshore. Data mirroring, which leaves a copy of the data in a local data center, is also mandated for law enforcement and security purposes. These measures give governments more power to control data at the cost of businesses.
Data localization policies also exist in Indonesia. Communication and Informatics Ministerial Regulation No. 20/2016 requires “electronic system organizers” (ESOs) that provide public services to use data and disaster recovery centers in Indonesia, while Communication and Informatics Minister’s Circular No. 3/2021 obligates cloud computing companies to store public data at local data centers.
In the financial sector, Bank Indonesia (BI) requires e-money providers to store data locally and obliges all domestic transactions to go through the National Payment Gateway (NPG). In addition, the Financial Services Authority (OJK) requires banks and insurers to use data centers and disaster recovery centers in the country. All aim to give the government more control over digital activities in the financial sector.
