Abstract
Indonesia is a relatively new country in regulating data protection and privacy. In 2016, the Indonesian Parliament approved the Electronic Information and Transactions Law No. 11 of 2008 (EIT). In the same year the Minister of Communication and Information (MCI) Regulation No. 20 of 2016 on Personal Data Protection in the Electronic System (PDP) was also established. This is the first law in Indonesia that goes some way to regulating personal data and privacy, although, it is restricted to data in electronic form. Regulation No. 20 of 2016, implements Regulation No. 82 of 2012 on Implementation of Electronic Transactions and Systems (Aditya Rahman A, Indonesia Enacts Personal Data Regulation, Privacy Laws and Business, Data Protection and Privacy Information Worldwide, Iss 145, 2017). However the current framework, is sectorial and is similar to India’s model. The current approach is far from achieving the same level or data protection for Indonesian citizens, to their counterparts in Singapore, Australia or the EU.
Even though privacy originated in Western thought, it is gaining traction at various levels throughout South East Asia, including Indonesia. For Indonesia, the development of privacy is considered a fundamental right, and the archipelago state is a signatory to relevant international legal instruments such as the 1966 International Covenant of Civil and Political Rights (ICCP). Furthermore, the awareness and understanding of privacy is also being strengthened from the use and application of Internet technology by Indonesians. The ICCPR has been ratified by Indonesian Law Number 15, 2005. Therefore, it is argued that privacy does apply to some level in and across Indonesia.
The development and evolution of democracy across Indonesia has also been an important part of the acceptance of the concept of privacy. Like many other nation states, the development of information communication and technology is a tool of governance within government and the private sector. Information communication is also the focus of a recent national program to enhance the adoption of the Internet, into the economy. Indonesia, is and has been looking to the EU and other neighboring states in the development of specific data protection laws. Indonesia has also followed many other countries by establishing a dedicated cybersecurity agency to oversee the protection of commercial and personal data.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Association of South East Asian Nations, https://asean.org/asean/asean-member-states/, accessed 20 December 2018.
- 2.
Ahmad, A Law and Development in Changing Indonesia, IDE Asian Law Series No. 8 Law and Development in Asian Countries, Institute of Developing Economies (IDE), JETRO, (2001).
- 3.
Ibid.
- 4.
The 1945 Constitution of the Republic of Indonesia, As amended by the First Amendment of 1999, the Second Amendment of 2000, the Third Amendment of 2001 and the Fourth Amendment of 2002, https://www.ilo.org/wcmsp5/groups/public/%2D%2D-ed_protect/%2D%2D-protrav/%2D%2D-ilo_aids/documents/legaldocument/wcms_174556.pdf, accessed 20 December 2018.
- 5.
Human Rights Law Number 39 in 1999.
- 6.
Greenleaf G, Dewi Rosadi, S Indonesia’s data protection Regulation 2012: A brief code with data breach notification, Privacy Laws & Business International Report, Issue 122, (2013), pp. 24–27.
- 7.
Law No. 39 Year 1999, Article 67 Everyone within the territory of the Republic of Indonesia is required to comply with Indonesian legislation and Indonesian Law, including unwritten law and international law concerning human rights ratified by Indonesia. Article 68 Every citizen is required to participate in measures to defend the state in accordance with prevailing legislation. Article 69 (1) Everyone is required to respect the human rights of others, and social, national, and state morals, ethics and order. (2) Every human right gives rise to the basic obligation and responsibility to uphold the human rights of others, and it is the duty of government to respect, protect uphold and promote these rights and obligations.
- 8.
Dewi, S Balancing Privacy Rights and Legal Enforcement: Indonesia Practices, Presented at The 2011 IAITL Legal Conference Series, Lecturer at Faculty of Law, Department of Law and Technology, University of Padjadjaran Bandung, Indonesia.
- 9.
Ibid.
- 10.
Internet World Stats, Usage and Population Statistics, www.internetworldstats.com, accessed 15 November 2018.
- 11.
Ibid.
- 12.
Dewi, S Balancing Privacy Rights and Legal Enforcement: Indonesia Practices, Presented at The 2011 IAITL Legal Conference Series, Lecturer at Faculty of Law, Department of Law and Technology, University of Padjadjaran Bandung, Indonesia.
- 13.
Judgment No. 012, 016/PUU-IV/2006.
- 14.
Ibid, right to privacy under Article 28F Constitution is not one of non-derogable rights. This right can be restricted according to Article 28J Constitution and Article 73 Law no. 39 of 1999 concerning Human Rights. Furthermore, Article 42(2) letter b Law No. 36 of 1999 Telecommunication Law.
- 15.
Ibid.
- 16.
Ibid.
- 17.
Electronic Information and Transaction 11/2008, Article 26. Note that the EIT and its amendement is only stipulated in article 26 that has not been used by people to claim due to very general and not any details articles how the mechanism to make a complaint will operate.
- 18.
Dewi, S Balancing Privacy Rights and Legal Enforcement: Indonesia Practices, Presented at The 2011 IAITL Legal Conference Series, Lecturer at Faculty of Law, Department of Law and Technology, University of Padjadjaran Bandung, Indonesia.
- 19.
Ibid.
- 20.
Judgement No. 5/PUU-VII/2010.
- 21.
Sinta Dewi Rosadi, LLB (Unpad), LLM (Washington College of Law, American University), Ph.D (Unpad), Associate Professor in Law at Faculty of Law University of Padjadjaran, Bandung, Indonesia, provided input and verified the information in this section.
- 22.
Greenleaf G Asian Data Privacy Laws: Trade & Human Rights Perspectives, Oxford University Press, (2014) p. 381–382.
- 23.
Greenleaf G The Legal and Business Risks of Inconsistencies and Gaps in Coverage in Asian Data Protection Laws Session II Materials, Asian Business Law Institute (ABLI) Data Privacy Forum, Singapore, (2018).
- 24.
Public Information Disclosure Act no 14 of 2008.
- 25.
Ibid.
- 26.
Ibid.
- 27.
Greenleaf G Asian Data Privacy Laws: Trade and Human Rights Perspective, Oxford University Press, (2014) p 383.
- 28.
Ibid.
- 29.
Ibid.
- 30.
Harkrisnowo H, Juwana H, Oppusunggu Y Law and Justice in a Globalized, World Editors Faculty of Law, Universitas Indonesia, Indonesia (2016).
- 31.
Implementation of the Electronic System and Transaction 82/2012.
- 32.
Electronic Information and Transaction 11/2008.
- 33.
MCI Regulation 20/2016, Article 1.
- 34.
Harkrisnowo H, Juwana H, Oppusunggu Y Law and Justice in a Globalized, World Editors Faculty of Law, Universitas Indonesia, Indonesia (2016).
- 35.
Ibid.
- 36.
Aditya Rahman A ‘Indonesia Enacts Right to be Forgotten and Comprehensive Personal Data Regulation’, 145 Privacy Laws & Business International Report, (2017) p. 1–4.
- 37.
Protection of Personal Data in the Electronic System Regulation, Article 1.
- 38.
Electronic Transactions Regulation, Article 31 and 32.
- 39.
Protection of Personal Data in the Electronic System Regulation, Article 35.
- 40.
Certification in accordance with the Electronic Transactions Regulation, which is the Electronic System Worthiness Certification.
- 41.
Electronic Transaction Regulation, Article 1.
- 42.
Protection of Personal Data in the Electronic System Regulation, Article 2.
- 43.
Protection of Personal Data in the Electronic System Regulation.
- 44.
Ibid.
- 45.
Protection of Personal Data in the Electronic System Regulation, Article 18.
- 46.
Electronic Transactions Regulation, Article 18, 19 and 20.
- 47.
Protection of Personal Data in the Electronic System Regulation, 28.
- 48.
Protection of Personal Data in the Electronic System Regulation, Article 22.
- 49.
Protection of Personal Data in the Electronic System Regulation, Article 7.
- 50.
Zeller, B., Trakman, L., Walters, R., Dewl Rosadi, S The Right to be Forgotten – the European Union and Asia Pacific Experience (Australia, Indonesia and Singapore), European Human Rights Law Review (under review).
- 51.
Hak untuk dilupakan Direvisi UU ITE Masih Belum Berlaku, https://tekno.kompas.com/read/2016/11/29/09250047/, Accesses 10 July, 2018.
- 52.
Protection of Personal Data in the Electronic System Regulation, Article 26.
- 53.
Verified by Sinta Dewl Rosadi, LLB (Unpad), LLM (Washington College of Law, American University), Ph.D (Unpad), Associate Professor in Law at Faculty of Law University of Padjadjaran, Bandung, Indonesia. Indonesian interpretation – “Setiap Penyelenggara Sistem Elektronik wajib menghapus Informasi Elektronik dan/atau Dokumen Elektronik yang tidak relevan yang berada di bawah kendalinya atas permintaan Orang yang bersangkutan berdasarkan penetapan pengadilan.
- 54.
Electronic Information and Transactions Law No. 19/2016.
- 55.
Zeller, B., Trakman, L., Walters, R., Dewl Rosadi, S The Right to be Forgotten – the European Union and Asia Pacific Experience (Australia, Indonesia and Singapore), European Human Rights Law Review (under review).
- 56.
Ibid.
- 57.
Ibid.
- 58.
Protection of Personal Data in the Electronic System Regulation, Article 6 and 9.
- 59.
Ibid, Article 37.
- 60.
Indonesian Civil Code, Article 330.
- 61.
Protection of Personal Data in the Electronic System Regulation, Article 24.
- 62.
Electronic Information and Transactions on the Amendment to Law No. 11 of 2008, Articles 27 & 28.
- 63.
Protection of Personal Data in the Electronic System Regulation, Article 4.
- 64.
Protection of Personal Data in the Electronic System Regulation, Article 10.
- 65.
Protection of Personal Data in the Electronic System Regulation, Article 11.
- 66.
Protection of Personal Data in the Electronic System Regulation, Article 15.
- 67.
Ibid.
- 68.
Protection of Personal Data in the Electronic System Regulation, Article 18.
- 69.
Protection of Personal Data in the Electronic System Regulation, Article 23.
- 70.
Electronic Information and Transactions on the Amendment to Law No. 11 of 2008. Additional penalties include – Rp. 800,000,000 fine and/ or 10 years imprisonment for interception/wiretapping of transmission; or Rp. 2,000,000,000 to Rp. 5,000,000,000 and/or 8–10 years’ imprisonment for alteration, addition, reduction, transmission, tampering, deletion, moving, hiding Electronic Information and/or Electronic Records.
- 71.
Electronic Information Transaction 11/2008, Article 1.6a, Protection of Personal Data Regulation Article 1.6.
- 72.
Innes M, Indonesia: Government Pushes Draft Data Protection Law Global Compliance News, (2018) https://globalcompliancenews.com/indonesia-draft-data-protection-law-20180518/, accessed 12 August 2018.
- 73.
Ibid.
- 74.
Ibid.
- 75.
Ibid.
- 76.
Sinta Dewi Rosadi, Quo Vadis Perlindungan Data Pribadi Data pribadi dalam Revisi UU ITE http://www.hukumonline.com/berita/baca/, accessed 12 July, 2018.
- 77.
Zeller, B., Trakman, L., Walters, R., Dewl Rosadi, S The Right to be Forgotten – the European Union and Asia Pacific Experience (Australia, Indonesia and Singapore), European Human Rights Law Review (under review).
- 78.
Ibid.
- 79.
Ibid.
- 80.
Ibid.
- 81.
Ibid.
- 82.
Schwartz, P., Janger, E Notification of Data Security Breaches, Michigan Law Review, Vol. 105:913 (2017).
- 83.
Innes M, Indonesia: Government Pushes Draft Data Protection Law Global Compliance News, (2018) https://globalcompliancenews.com/indonesia-draft-data-protection-law-20180518/, accessed 12 August 2018.
- 84.
Ibid.
- 85.
Ibid.
- 86.
Ibid.
- 87.
Ibid.
- 88.
Aditya Rahman A, Indonesia enacts Personal Data Regulation, Privacy Laws Business, (2017).
- 89.
Article 26 (2) of the Law Concerning Electronic Information and Transactions 11 2008 states that unless provided otherwise by Laws and Regulations, use of any information through electronic media that involves personal data of a Person must be made with the consent of the Person concerned. Any Person whose rights are infringed as intended by section (1) may lodge a claim for damages incurred under this Law.
References
Aditya Rahman A, Indonesia Enacts Personal Data Regulation, Privacy Laws and Business, Data Protection and Privacy Information Worldwide, Iss 145, (2017)
Ahmad, A Law and Development in Changing Indonesia, IDE Asian Law Series No. 8 Law and Development in Asian Countries, Institute of Developing Economies (IDE), JETRO, (2001)
Dewi, S (2011) Balancing Privacy Rights and Legal Enforcement: Indonesia Practices, Presented at The 2011 IAITL Legal Conference Series, Lecturer at Faculty of Law, Department of Law and Technology, University of Padjadjaran Bandung, Indonesia
Greenleaf G (2014) Asian Data Privacy Laws: Trade & Human Rights Perspectives, Oxford University Press, p. 381 – 382
Greenleaf G (2018) The Legal and Business Risks of Inconsistencies and Gaps in Coverage in Asian Data Protection Laws Session II Materials, Asian Business Law Institute (ABLI) Data Privacy Forum, Singapore
Greenleaf G, Dewi Rosadi, S (2013) Indonesia’s data protection Regulation 2012: A brief code with data breach notification, Privacy Laws & Business International Report, Issue 122, (2013), pp. 24–27.
Harkrisnowo, H, Juwana H, Oppusunggu Y (2016) Law and Justice in a Globalized, World Editors Faculty of Law, Universitas Indonesia, Indonesia
SchwartZ, P., Janger, E (2017) Notification of Data Security Breaches, Michigan Law Review, Vol. 105:913
Zeller, B., Trakman, L., Walters, R., Dewi Rosadi, S (2018) The Right to be Forgotten – the European Union and Asia Pacific Experience (Australia, Indonesia and Singapore), European Human Rights Law Review (under review).
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Walters, R., Trakman, L., Zeller, B. (2019). Indonesia. In: Data Protection Law. Springer, Singapore. https://doi.org/10.1007/978-981-13-8110-2_7
Download citation
DOI: https://doi.org/10.1007/978-981-13-8110-2_7
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-8109-6
Online ISBN: 978-981-13-8110-2
eBook Packages: Law and CriminologyLaw and Criminology (R0)