TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Why the personal data protection agency matters
While an independent agency to oversee data protection is yet to be established as mandated in the PDP Law, ensuring that this institution is truly independent from external interests and influences is vital to protecting citizens' personal data.
Change text size
Gift Premium Articles
to Anyone
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
Stock illustration of data management (Shutterstock/Miha Creative)
T
he recent ransomware attack on a national data center has significantly raised public awareness about the importance of protecting personal data. Admittedly, since the enactment of Law No. 27/2022 on personal data protection (PDP), there has never been this much public attention devoted to data privacy rights.
Coincidentally or not, the hacking incident occurred just after the government finalized the regulations on the establishment of an institution specifically tasked with overseeing personal data protection, in accordance with Article 58 of the PDP Law. According to the transitional provisions, the law is to be in full effect no later than two years after its enactment on Oct. 17, 2022. This means that this institution must be established and operational by the next quarter.
It should be understood that personal data protection is part of the effort to fulfill human rights, specifically the right to privacy, as stipulated in Article 28G of the 1945 Constitution. This article states that every person is entitled to protection of his/her own person, family, honor, dignity and properties under his/her control, to feeling secure and to protection against threat of fear to do or not do something as part of his/her fundamental rights.
To guarantee this right to privacy, the government is obligated to oversee personal data protection so that it runs properly and independently and avoids the intervention of any party.
To fulfill this obligation, Article 58 of the PDP Law requires the government to establish an institution directly responsible to the President for overseeing personal data protection. This institution is to operate independently to ensure that every citizen's personal data under the management or control of any party is truly protected.
Independence in the implementation of personal data protection is the most important reason why a special state institution is needed outside of existing institutions. According to Ananthia Ayu et al. (2019), public service independence needs to be placed outside the executive branch to ensure that the scope of the data protection principle is truly fulfilled.
This is in line with the principle of the European Union’s General Data Protection Regulation (GDPR), which states: “Each supervisory authority shall act with complete independence in performing its tasks and exercising its powers in accordance with this Regulation.”
