TheJakartaPost

Please Update your browser

Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.

Jakarta Post

Lawmakers, businesses disagree over data regulation

Ghina Ghaliya (The Jakarta Post)
Jakarta
Thu, July 9, 2020

Share This Article

Change Size

Lawmakers, businesses disagree over data regulation

B

usinesses that manage large quantities of the public’s data have asked the House of Representatives not to regulate anonymized data in the personal data protection bill, saying that it could hamper their business development.

The businesses – grouped under the Indonesian Hospital Association (PERSI), the Indonesian E-Commerce Association (idEA), the Association of Indonesian Financial Technology (Aftech) and the US-ASEAN Business Council (USABC) – expressed their concerns in a hearing on the bill with House Commission I overseeing defense, foreign affairs, information and intelligence on Monday.

"We must distinguish aggregate data and individual data. Aggregate data is unidentified, unlike individual data. Unidentified data should be excluded from this regulation,” Bima Laga of idEA said.

Budi Sampurna of PERSI echoed Bima’s sentiments, saying that hospitals normally classed anonymized behavioral data of their patients as impersonal data.

He added that all patient personal data should be considered confidential, which could not be transmitted or opened without the patient's consent, except under certain circumstances.

          Lawmakers questioned the businesses' arguments for excluding anonymized data from the bill, saying that companies should get the data holders’ permission to use such data to create behavioral profiles.

"We understand the businesses' concerns, but for me, whatever the purposes are, they should have the owner’s consent," Charles Honoris of the Indonesian Democratic Party of Struggle (PDI-P) said.

Fellow PDI-P lawmaker Bobby Adhityo Rizaldi agreed, saying one of the bill’s objectives was to regulate encrypted and anonymized behavioral data as well as administrative data.

"That’s the main objective of this bill. Not regulating it means the bill would be totally different from what we’re expecting," he said.

The European Union’s General Data Protection Regulation (GDPR) treats pseudonymous encrypted data as personal data as it can be used to reidentify a person.

However, personal data that has been rendered anonymous in such a way that the individual is not identifiable is not considered personal data, and for data to be truly anonymized, the anonymization must be irreversible.

The House aims to complete deliberation on the bill by October 2020.

In addition to data pseudonymization and anonymization, several issues remain up for debate. Critics have warned of the potential for abuse of power as a result of the unequal sanctions for personal data misuse by the government, private sector and the public.

The bill does not include clear provisions on the establishment of an independent data protection authority to monitor and analyze the use of personal data in the proposed bill.

{

Your Opinion Matters

Share your experiences, suggestions, and any issues you've encountered on The Jakarta Post. We're here to listen.

Enter at least 30 characters
0 / 30

Thank You

Thank you for sharing your thoughts. We appreciate your feedback.