TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
After two years, personal data remains unprotected
After two years of deliberation, we seem to be losing the momentum in welcoming the personal data protection bill as well as in raising public awareness on safeguarding personal data in digital spaces.
Change text size
Gift Premium Articles
to Anyone
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
An illustration of data protection. (Shutterstock.com/Boiko Y)
L
ast year, we witnessed a series of alleged data breaches of national institutions that held massive and nationwide data processing including, among other breaches, data belonging to more than 200 million policyholders of the national health insurance (JKN) program, both dead and alive (The Jakarta Post, Jan. 3, 2022).
Many opinions voiced in the media and by privacy enthusiasts reestablished and piqued the urgency of passing a single comprehensive privacy law, at the time part of ongoing deliberations between the House of Representatives and the Communications and Information Ministry. After two years of deliberation, we seem to be losing the momentum in welcoming the personal data protection bill as well as in raising public awareness on safeguarding personal data in digital spaces, so-called privacy awareness. Privacy experts hope that immediately enacting such regulation will enable better ways to redress data privacy violations.
We are, as legal consultants on corporate issues, often asked by clients and prospects about how the government enforces compliance with data privacy regulation, how data breaches or privacy violations are handled or supervised by authorities and data subjects and what the maximum fines and available remedies are for data subjects, as well as how a company can limit its liability in the subject matter.
These questions, which are mostly submitted by foreign entities, may arise because in other countries, for example, in Europe and Singapore, any privacy breach may cause financial damages against a company’s turnover. They, therefore, take data privacy compliance seriously in their business operations.
In light of this, we briefly elaborate on the current guidance and provisions for stakeholders in data privacy regulation and the current plans or initiatives if a bill has not yet been issued that year.
At the end of 2021, there were two interesting focus group discussions (FGD) about the personal data protection bill and the proposed mechanism to impose administrative sanctions for data privacy violations.
First, an FGD was held by the HukumOnline law portal asking key questions about, among other things, which authority between the Communications and Information Ministry and an independent supervisory body would be the most appropriate for supervising, monitoring and controlling the implementation of personal data protection for providers of an electronic system in both the private and public sectors.
