Skip to main content
SpringerLink
Log in

Indonesia

  • Chapter
  • First Online:
Data Protection Law

  • 1235 Accesses

Abstract

Indonesia is a relatively new country in regulating data protection and privacy. In 2016, the Indonesian Parliament approved the Electronic Information and Transactions Law No. 11 of 2008 (EIT). In the same year the Minister of Communication and Information (MCI) Regulation No. 20 of 2016 on Personal Data Protection in the Electronic System (PDP) was also established. This is the first law in Indonesia that goes some way to regulating personal data and privacy, although, it is restricted to data in electronic form. Regulation No. 20 of 2016, implements Regulation No. 82 of 2012 on Implementation of Electronic Transactions and Systems (Aditya Rahman A, Indonesia Enacts Personal Data Regulation, Privacy Laws and Business, Data Protection and Privacy Information Worldwide, Iss 145, 2017). However the current framework, is sectorial and is similar to India’s model. The current approach is far from achieving the same level or data protection for Indonesian citizens, to their counterparts in Singapore, Australia or the EU.

Even though privacy originated in Western thought, it is gaining traction at various levels throughout South East Asia, including Indonesia. For Indonesia, the development of privacy is considered a fundamental right, and the archipelago state is a signatory to relevant international legal instruments such as the 1966 International Covenant of Civil and Political Rights (ICCP). Furthermore, the awareness and understanding of privacy is also being strengthened from the use and application of Internet technology by Indonesians. The ICCPR has been ratified by Indonesian Law Number 15, 2005. Therefore, it is argued that privacy does apply to some level in and across Indonesia.

The development and evolution of democracy across Indonesia has also been an important part of the acceptance of the concept of privacy. Like many other nation states, the development of information communication and technology is a tool of governance within government and the private sector. Information communication is also the focus of a recent national program to enhance the adoption of the Internet, into the economy. Indonesia, is and has been looking to the EU and other neighboring states in the development of specific data protection laws. Indonesia has also followed many other countries by establishing a dedicated cybersecurity agency to oversee the protection of commercial and personal data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Association of South East Asian Nations, https://asean.org/asean/asean-member-states/, accessed 20 December 2018.

  2. 2.

    Ahmad, A Law and Development in Changing Indonesia, IDE Asian Law Series No. 8 Law and Development in Asian Countries, Institute of Developing Economies (IDE), JETRO, (2001).

  3. 3.

    Ibid.

  4. 4.

    The 1945 Constitution of the Republic of Indonesia, As amended by the First Amendment of 1999, the Second Amendment of 2000, the Third Amendment of 2001 and the Fourth Amendment of 2002, https://www.ilo.org/wcmsp5/groups/public/%2D%2D-ed_protect/%2D%2D-protrav/%2D%2D-ilo_aids/documents/legaldocument/wcms_174556.pdf, accessed 20 December 2018.

  5. 5.

    Human Rights Law Number 39 in 1999.

  6. 6.

    Greenleaf G, Dewi Rosadi, S Indonesia’s data protection Regulation 2012: A brief code with data breach notification, Privacy Laws & Business International Report, Issue 122, (2013), pp. 24–27.

  7. 7.

    Law No. 39 Year 1999, Article 67 Everyone within the territory of the Republic of Indonesia is required to comply with Indonesian legislation and Indonesian Law, including unwritten law and international law concerning human rights ratified by Indonesia. Article 68 Every citizen is required to participate in measures to defend the state in accordance with prevailing legislation. Article 69 (1) Everyone is required to respect the human rights of others, and social, national, and state morals, ethics and order. (2) Every human right gives rise to the basic obligation and responsibility to uphold the human rights of others, and it is the duty of government to respect, protect uphold and promote these rights and obligations.

  8. 8.

    Dewi, S Balancing Privacy Rights and Legal Enforcement: Indonesia Practices, Presented at The 2011 IAITL Legal Conference Series, Lecturer at Faculty of Law, Department of Law and Technology, University of Padjadjaran Bandung, Indonesia.

  9. 9.

    Ibid.

  10. 10.

    Internet World Stats, Usage and Population Statistics, www.internetworldstats.com, accessed 15 November 2018.

  11. 11.

    Ibid.

  12. 12.

    Dewi, S Balancing Privacy Rights and Legal Enforcement: Indonesia Practices, Presented at The 2011 IAITL Legal Conference Series, Lecturer at Faculty of Law, Department of Law and Technology, University of Padjadjaran Bandung, Indonesia.

  13. 13.

    Judgment No. 012, 016/PUU-IV/2006.

  14. 14.

    Ibid, right to privacy under Article 28F Constitution is not one of non-derogable rights. This right can be restricted according to Article 28J Constitution and Article 73 Law no. 39 of 1999 concerning Human Rights. Furthermore, Article 42(2) letter b Law No. 36 of 1999 Telecommunication Law.

  15. 15.

    Ibid.

  16. 16.

    Ibid.

  17. 17.

    Electronic Information and Transaction 11/2008, Article 26. Note that the EIT and its amendement is only stipulated in article 26 that has not been used by people to claim due to very general and not any details articles how the mechanism to make a complaint will operate.

  18. 18.

    Dewi, S Balancing Privacy Rights and Legal Enforcement: Indonesia Practices, Presented at The 2011 IAITL Legal Conference Series, Lecturer at Faculty of Law, Department of Law and Technology, University of Padjadjaran Bandung, Indonesia.

  19. 19.

    Ibid.

  20. 20.

    Judgement No. 5/PUU-VII/2010.

  21. 21.

    Sinta Dewi Rosadi, LLB (Unpad), LLM (Washington College of Law, American University), Ph.D (Unpad), Associate Professor in Law at Faculty of Law University of Padjadjaran, Bandung, Indonesia, provided input and verified the information in this section.

  22. 22.

    Greenleaf G Asian Data Privacy Laws: Trade & Human Rights Perspectives, Oxford University Press, (2014) p. 381–382.

  23. 23.

    Greenleaf G The Legal and Business Risks of Inconsistencies and Gaps in Coverage in Asian Data Protection Laws Session II Materials, Asian Business Law Institute (ABLI) Data Privacy Forum, Singapore, (2018).

  24. 24.

    Public Information Disclosure Act no 14 of 2008.

  25. 25.

    Ibid.

  26. 26.

    Ibid.

  27. 27.

    Greenleaf G Asian Data Privacy Laws: Trade and Human Rights Perspective, Oxford University Press, (2014) p 383.

  28. 28.

    Ibid.

  29. 29.

    Ibid.

  30. 30.

    Harkrisnowo H, Juwana H, Oppusunggu Y Law and Justice in a Globalized, World Editors Faculty of Law, Universitas Indonesia, Indonesia (2016).

  31. 31.

    Implementation of the Electronic System and Transaction 82/2012.

  32. 32.

    Electronic Information and Transaction 11/2008.

  33. 33.

    MCI Regulation 20/2016, Article 1.

  34. 34.

    Harkrisnowo H, Juwana H, Oppusunggu Y Law and Justice in a Globalized, World Editors Faculty of Law, Universitas Indonesia, Indonesia (2016).

  35. 35.

    Ibid.

  36. 36.

    Aditya Rahman A ‘Indonesia Enacts Right to be Forgotten and Comprehensive Personal Data Regulation’, 145 Privacy Laws & Business International Report, (2017) p. 1–4.

  37. 37.

    Protection of Personal Data in the Electronic System Regulation, Article 1.

  38. 38.

    Electronic Transactions Regulation, Article 31 and 32.

  39. 39.

    Protection of Personal Data in the Electronic System Regulation, Article 35.

  40. 40.

    Certification in accordance with the Electronic Transactions Regulation, which is the Electronic System Worthiness Certification.

  41. 41.

    Electronic Transaction Regulation, Article 1.

  42. 42.

    Protection of Personal Data in the Electronic System Regulation, Article 2.

  43. 43.

    Protection of Personal Data in the Electronic System Regulation.

  44. 44.

    Ibid.

  45. 45.

    Protection of Personal Data in the Electronic System Regulation, Article 18.

  46. 46.

    Electronic Transactions Regulation, Article 18, 19 and 20.

  47. 47.

    Protection of Personal Data in the Electronic System Regulation, 28.

  48. 48.

    Protection of Personal Data in the Electronic System Regulation, Article 22.

  49. 49.

    Protection of Personal Data in the Electronic System Regulation, Article 7.

  50. 50.

    Zeller, B., Trakman, L., Walters, R., Dewl Rosadi, S The Right to be Forgotten – the European Union and Asia Pacific Experience (Australia, Indonesia and Singapore), European Human Rights Law Review (under review).

  51. 51.

    Hak untuk dilupakan Direvisi UU ITE Masih Belum Berlaku, https://tekno.kompas.com/read/2016/11/29/09250047/, Accesses 10 July, 2018.

  52. 52.

    Protection of Personal Data in the Electronic System Regulation, Article 26.

  53. 53.

    Verified by Sinta Dewl Rosadi, LLB (Unpad), LLM (Washington College of Law, American University), Ph.D (Unpad), Associate Professor in Law at Faculty of Law University of Padjadjaran, Bandung, Indonesia. Indonesian interpretation – “Setiap Penyelenggara Sistem Elektronik wajib menghapus Informasi Elektronik dan/atau Dokumen Elektronik yang tidak relevan yang berada di bawah kendalinya atas permintaan Orang yang bersangkutan berdasarkan penetapan pengadilan.

  54. 54.

    Electronic Information and Transactions Law No. 19/2016.

  55. 55.

    Zeller, B., Trakman, L., Walters, R., Dewl Rosadi, S The Right to be Forgotten – the European Union and Asia Pacific Experience (Australia, Indonesia and Singapore), European Human Rights Law Review (under review).

  56. 56.

    Ibid.

  57. 57.

    Ibid.

  58. 58.

    Protection of Personal Data in the Electronic System Regulation, Article 6 and 9.

  59. 59.

    Ibid, Article 37.

  60. 60.

    Indonesian Civil Code, Article 330.

  61. 61.

    Protection of Personal Data in the Electronic System Regulation, Article 24.

  62. 62.

    Electronic Information and Transactions on the Amendment to Law No. 11 of 2008, Articles 27 & 28.

  63. 63.

    Protection of Personal Data in the Electronic System Regulation, Article 4.

  64. 64.

    Protection of Personal Data in the Electronic System Regulation, Article 10.

  65. 65.

    Protection of Personal Data in the Electronic System Regulation, Article 11.

  66. 66.

    Protection of Personal Data in the Electronic System Regulation, Article 15.

  67. 67.

    Ibid.

  68. 68.

    Protection of Personal Data in the Electronic System Regulation, Article 18.

  69. 69.

    Protection of Personal Data in the Electronic System Regulation, Article 23.

  70. 70.

    Electronic Information and Transactions on the Amendment to Law No. 11 of 2008. Additional penalties include – Rp. 800,000,000 fine and/ or 10 years imprisonment for interception/wiretapping of transmission; or Rp. 2,000,000,000 to Rp. 5,000,000,000 and/or 8–10 years’ imprisonment for alteration, addition, reduction, transmission, tampering, deletion, moving, hiding Electronic Information and/or Electronic Records.

  71. 71.

    Electronic Information Transaction 11/2008, Article 1.6a, Protection of Personal Data Regulation Article 1.6.

  72. 72.

    Innes M, Indonesia: Government Pushes Draft Data Protection Law Global Compliance News, (2018) https://globalcompliancenews.com/indonesia-draft-data-protection-law-20180518/, accessed 12 August 2018.

  73. 73.

    Ibid.

  74. 74.

    Ibid.

  75. 75.

    Ibid.

  76. 76.

    Sinta Dewi Rosadi, Quo Vadis Perlindungan Data Pribadi Data pribadi dalam Revisi UU ITE http://www.hukumonline.com/berita/baca/, accessed 12 July, 2018.

  77. 77.

    Zeller, B., Trakman, L., Walters, R., Dewl Rosadi, S The Right to be Forgotten – the European Union and Asia Pacific Experience (Australia, Indonesia and Singapore), European Human Rights Law Review (under review).

  78. 78.

    Ibid.

  79. 79.

    Ibid.

  80. 80.

    Ibid.

  81. 81.

    Ibid.

  82. 82.

    Schwartz, P., Janger, E Notification of Data Security Breaches, Michigan Law Review, Vol. 105:913 (2017).

  83. 83.

    Innes M, Indonesia: Government Pushes Draft Data Protection Law Global Compliance News, (2018) https://globalcompliancenews.com/indonesia-draft-data-protection-law-20180518/, accessed 12 August 2018.

  84. 84.

    Ibid.

  85. 85.

    Ibid.

  86. 86.

    Ibid.

  87. 87.

    Ibid.

  88. 88.

    Aditya Rahman A, Indonesia enacts Personal Data Regulation, Privacy Laws Business, (2017).

  89. 89.

    Article 26 (2) of the Law Concerning Electronic Information and Transactions 11 2008 states that unless provided otherwise by Laws and Regulations, use of any information through electronic media that involves personal data of a Person must be made with the consent of the Person concerned. Any Person whose rights are infringed as intended by section (1) may lodge a claim for damages incurred under this Law.

References

  • Aditya Rahman A, Indonesia Enacts Personal Data Regulation, Privacy Laws and Business, Data Protection and Privacy Information Worldwide, Iss 145, (2017)

    Google Scholar 

  • Ahmad, A Law and Development in Changing Indonesia, IDE Asian Law Series No. 8 Law and Development in Asian Countries, Institute of Developing Economies (IDE), JETRO, (2001)

    Google Scholar 

  • Dewi, S (2011) Balancing Privacy Rights and Legal Enforcement: Indonesia Practices, Presented at The 2011 IAITL Legal Conference Series, Lecturer at Faculty of Law, Department of Law and Technology, University of Padjadjaran Bandung, Indonesia

    Google Scholar 

  • Greenleaf G (2014) Asian Data Privacy Laws: Trade & Human Rights Perspectives, Oxford University Press, p. 381 – 382

    Google Scholar 

  • Greenleaf G (2018) The Legal and Business Risks of Inconsistencies and Gaps in Coverage in Asian Data Protection Laws Session II Materials, Asian Business Law Institute (ABLI) Data Privacy Forum, Singapore

    Google Scholar 

  • Greenleaf G, Dewi Rosadi, S (2013) Indonesia’s data protection Regulation 2012: A brief code with data breach notification, Privacy Laws & Business International Report, Issue 122, (2013), pp. 24–27.

    Google Scholar 

  • Harkrisnowo, H, Juwana H, Oppusunggu Y (2016) Law and Justice in a Globalized, World Editors Faculty of Law, Universitas Indonesia, Indonesia

    Google Scholar 

  • SchwartZ, P., Janger, E (2017) Notification of Data Security Breaches, Michigan Law Review, Vol. 105:913

    Google Scholar 

  • Zeller, B., Trakman, L., Walters, R., Dewi Rosadi, S (2018) The Right to be Forgotten – the European Union and Asia Pacific Experience (Australia, Indonesia and Singapore), European Human Rights Law Review (under review).

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Victoria University, Melbourne, VIC, Australia

    Robert Walters

  2. Faculty of Law, University of New South Wales, Kensington, NSW, Australia

    Leon Trakman

  3. University of Western Australia, Crawley, WA, Australia

    Bruno Zeller

Authors
  1. Robert Walters
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Leon Trakman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bruno Zeller
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Walters, R., Trakman, L., Zeller, B. (2019). Indonesia. In: Data Protection Law. Springer, Singapore. https://doi.org/10.1007/978-981-13-8110-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-8110-2_7

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-8109-6

  • Online ISBN: 978-981-13-8110-2

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation