Indonesia Passes Personal Data Protection Law
The Bill Will Apply to Local Businesses As Well As International Corporations.
Indonesia has passed a bill protecting personal data after debating it since 2016. The nation now joins other Southeast Asian countries like Singapore and Taiwan that have specific laws protecting personal data.
In light of recent data security breaches in the nation, the Indonesian government feels that passing the Personal Data Protection (PDP) Bill will be essential.
Due to the poor data protection policies, the country has been an easy target for cybercriminals. Last year, the personal data of over 279 million Indonesians were allegedly leaked and sold on a hacker platform. Earlier this year, the hackers nicknamed Bjorka leaked 20GB of information from a security breach, containing the personal identifiable information (PII) of 105 million Indonesian citizens.
What Lead To The Adoption?
The nation’s Minister of Communications and Informatics, Johnny G. Plate, welcomed the decision as a significant step and a necessity for advancing connectivity in the domestic digital market.
The nation has recently been the target of several cybersecurity threats, with the hacker collective “Bjorka” alleging to have access to the data of numerous official websites, presidential letters, and secret intelligence agency documents. In August, the same gang claimed to have gotten SIM card users’ contact information as well as their national identification numbers, according to ZDNET.
The security flaws made it clear that the data protection bill needed to be passed immediately. Joko Widodo, the president of Indonesia, emphasized the necessity for key ministries to collaborate and look into the suspected breaches of personal data. Data from Surfshark placed Indonesia third among the nations most frequently harmed by data breaches, with 12.7 million local accounts compromised.
How Will the PDP Bill Act?
The Bill is anticipated to compile all current and new regulations into one. 32 laws currently exist in Indonesia that deal with the protection of personal data. Puan Maharani, the Speaker of the House of Representatives, had the following to say about the act’s passage:
This PDP Bill will provide legal assurance so that every citizen, without exception, (has full control) over their personal data. Thus, there will be no more tears from the people due to online loans that they don’t ask for, or doxxing that makes people uncomfortable.
She also declared that derivative rules, including the establishment of a supervisory agency tasked to protect the public’s personal data, could be formed immediately after the Bill was ratified.
Based on the General Data Protection Regulation (GDPR) of the European Union, the Personal Data Protection (PDP) Bill of Indonesia includes a number of international provisions that are not currently covered by local laws, such as sensitive personal data and a data protection officer. Additionally, the Bill will regulate all methods of data processing, such as data collecting, storage, updating, and correction, as well as deletion.
Under the Bill, personal data controllers will be required to update and correct errors in personal data within 24 hours after receiving the request to do so. According to local outlet, the Jakarta Post, those who are deemed to have breached the law may face up to six years in jail and will pay penalties of up to 2% of an organisation’s annual revenue.
Indonesia has an estimated 220 million internet users, according to Tempo.co. The country was also projected to account for 40% of Southeast Asia’s 2021 e-commerce gross merchandise value, at $70 billion, as stated by ZDNET.