Decacorn Gojek chief of public policy and government relations Shinto Nugroho said such discussion was important as, in addition to protecting citizen's data, the rule was expected to provide stimulus instead of being an impediment to start-ups and micro, small and medium enterprises (MSMEs).

“Data protection law will have a pivotal role in the growth of the country’s digital economy, let’s not make the law another burden for MSMEs. This can only be achieved by communicating and coordinating with businesses, NGOs and academics,” said Shinto during a public webinar, JakPost Up Close, held by The Jakarta Post on Thursday.

Special Advisor to the Minister of ICT, Dedy Permadi, said opposing views regarding how data protection should be accomplished might emerge between parties. 

“Thus, the ministry is calling on all participating stakeholders to join hands in bridging these gaps by intensifying dialogues,” he said.

To date, Indonesia has no specific law that comprehensively stipulates personal data protection. Regulation on data protection is rather scattered across at least 33 different laws, said Institute for Policy Research and Advocacy (ELSAM) researcher Wahyudi Djafar.

Indonesia is home to 175.4 million internet users as of January 2020, but digital literacy, including awareness of online safety, is relatively low. The Global World Digital Competitiveness Index, which includes digital literacy among other indicators, ranked Indonesia 56^th out of 63 countries in 2019, far below Singapore and Malaysia, which were ranked 2^nd and 26^th respectively.

In a world where simply having an email account could expose an internet user to cybercrime, data protection law is increasingly urgent.

Carmela Acevedo, a senior software engineer at Google, said that Google provided users with easy to understand privacy and data protection. 

“Many malware and phishing attacks actually start with an email. So, Gmail protects you from spam, phishing and malware better than any other email service,” she said. “Also we have blocked billions and billions of bad ads. On average we block 100 ads per second.”

The personal data protection bill, the draft of which has been undergoing an assessment by the ministry since 2014, is becoming more essential now than ever, with the COVID-19 pandemic serving as a catalyst for digital adoption including in Indonesia. The House and the government aim to conclude the deliberation of the bill this year.

Dedy said the draft of the bill had adopted several principles and aspects of the European Union’s General Data Protection Regulation (GDPR). 

“The ‘Indonesian GDPR’ also focuses on five main areas, namely data collection, data processing, data security, data breach and the right to be forgotten [a right for individuals to have personal data erased],” he said.

However, Shinto said that several concepts such as the concept of “specific personal data” and “explicit consent” mentioned in the draft were still not aligned with international practices and needed to be reconsidered.

She also reminded the lawmakers to consider different business models and sizes when drafting the law to create flexibility while ensuring robust data protection.

Wahyudi, meanwhile, mentioned several problems that ELSAM had found in the bill and submitted to the House. Among the most pressing problems, he said, were the absence of a data protection authority, a lack of clarity on the obligation of the data controller and data processor and the tendency for criminalization through the formulation of criminal sanctions.

“An independent authority to monitor data protection is important. We also recommend the House revoke criminal sanctions [in the data protection bill] and rather optimize the use of the Electronic Information and Transactions [ITE] Law to act against cybercrime,” he said.

Popular

To my horror, it’s just a movie!

RI, Australia strengthen partnership on taxing crypto assets

Pentagon chief congratulates Prabowo on being elected President