• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

The FBI warns that Scattered Spider is now targeting the airline sector

 | 

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

 | 

Taking over millions of developers exploiting an Open VSX Registry flaw

 | 

OneClik APT campaign targets energy sector with stealthy backdoors

 | 

APT42 impersonates cyber professionals to phish Israeli academics and journalists

 | 

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

 | 

Cisco fixed critical ISE flaws allowing Root-level remote code execution

 | 

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

 | 

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

 | 

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 

American steel giant Nucor confirms data breach in May attack

 | 

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Digital ID
  • Laws and regulations
  • Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

Pierluigi Paganini October 07, 2020

Earlier this year, Indonesia joined the ranks with the first four ASEAN countries including Malaysia, Singapore, Philippines and Thailand to have enacted laws relating to personal data protection.

On January 28th, Indonesia’s Ministry of Communication and Information Technology announced that the final draft for the Personal Data Protection Act has been submitted to the president of Indonesia.

The PDP Draft Law is now sitting with the House of Representatives and other concerned government officials. The press has been informed that they expect the draft law to be enacted this year.

Indonesia’s adaptation of the law heavily resembles the European Union’s GDPR. The draft bill accedes to almost all rights of data subjects as per the GDPR as well as the general regulations in regards to personal data processing. 

Some key highlights are:

  • “Explicit consent” is mandatory from users before processing any data that may constitute as personal data 
  • Responding timelines for data subject requests have been clearly defined
  • In case of a breach, all data controllers are liable to inform the user and the Minister within a span of 3 days
  • In case of non-compliance, the data controller can be subject to anywhere between 20 billion 70 billion Rp in fines or 2 to 7 years of penal servitude which is quite similar to GDPR penalties

Key Provisions

Some key provisions in the draft personal data protection law are:

  • Personal Data

Any data that can be identifiable on its own or combined with other information, both direct and indirect through electronic or non-electronic systems.

  • General personal data v. specific personal data 

In line with GDPR’s concept of sensitive personal data, the bill clearly differentiates between general personal data and specific personal data. 

  • Data controllers v. data processors 

Data controllers are the parties that determine the purpose and control the processing of data such as e-commerce platforms. Whereas data processors are the ones which process the data on behalf of the data controller, third party payment systems providers for eg.

The draft clearly differentiates that the data controller shall be held legally responsible for any data processing activities provided that the concerned data processor acts in accordance with the instructions given. If that isn’t the case, the data processor bears full legal responsibility. 

  • Prohibition on monetization and/or profiling 

The daft strictly prohibits monetization or profiling of personal data without “explicit consent”.

  • Offshore data transfers 

The draft has laid out strict regulations in regards to offshore data transfers. Offshore data transfer shall only be allowed if:

  • The receiving party (country or organization) has the same or higher level of data protection than the draft personal data protection law
  • There is a formal contract between the data controller and offshore receiver with due diligence for data protection
  • There is an international agreement between Indonesia and the receiving party’s country. 

How To Protect Your Data Until the Law Is Fully Implemented? 

The recent happenings in the Indonesian cybersecurity landscape suggest that the law shall be in full swing sooner than later. But until then, it falls upon users to safeguard their personal data from cyber snoopers and mongers. Here are a few things you can do.

  • Avoid Public WI-Fi

Public Wi-Fi networks such as cafes and bus stations are breeding ground for hackers. Never use them without proper security measures such as using a VPN. A VPN removes all traces leading back to your original IP address and encrypts your connection to allow safe and private browsing.

  • Keep Your Softwares Updated

Software updates often come with releases that patch bugs and security vulnerabilities upon discovery. Make sure that your softwares, especially the OS, is fully updated. 

  • Use Strong Passwords

Use a strong and complex password for your accounts. Ideally, a strong password must comprise at least 7-10 characters, including numbers, symbols, and capital and lowercase letters.

  • Turn Off On-Screen Notifications 

It sounds simple but this simple hack goes a long way in protecting your personal data. Disabling on-screen notifications for text messages and social media apps to keep prying eyes at bay. 

Govt to Expedite the Process Amid Massive Security Breaches 

In the light of the increasing influence of security breaches in 2020, the government is expected to expedite the adaptation process. 

In a recent security breach of Indonesian government’s database, private information of as much as 2.3 million voters’ was illicitly released on a hacker website. The General Election Commission (KPU) had also confirmed the authenticity of the data, such as home addresses and national identification numbers. 

Indonesia is the world’s fourth largest country in terms of population and the leak of electoral data can have grave consequences needless to say. However, one of the commissioners denied that the leak initiated from the commission’s servers. The same data had been legally shared with the electoral candidates and political parties, he further added. 

Earlier in June, another alleged breach of COVID-19 test results of Indonesian citizens shook the entire nation to its core. On June 18th, a hacker claimed to have infiltrated the test results as well as personal details of a whopping 230,000 people on an online forum. The information he claimed to have available included names, addresses, phone numbers, ages, and nationalities. The government has denied any incident of such nature but an investigation has been launched to get to the bottom of the story. 

Communication and Information Technology Minister Johnny G. Plate said in a recent interview that the president assigned him some special jobs when he was appointed.

“The first message from him is to ensure data sovereignty and security; secondly, to deal with cyber crimes; and thirdly, to develop the information technology industry,” Johnny. G. Plate said

“We are entering an era where data is an economic resource much more valuable than oil and gas,” he added.

The government is speeding up the consideration work of the bill with the house of representatives to make up for the “very late move” it has taken, another minister said in a recent interview.

Wrapping It Up

Indonesia is a developing country in the process of digitizing its economy. In the last few years, there has been an unprecedented surge in internet and mobile usage with rapid development of online portals such as e-commerce platforms. Needless to say that it brings forth more challenges for the government to protect the citizens’ personal data. With the full implementation of draft personal data protection law in Indonesia, it is safe to assume that the future seems more secure and private for Indonesians.

Author Name: Anas Baig

Author Bio: With a passion for working on disruptive products, Anas Baig is currently working as a Product Lead at the Silicon Valley based company – SECURITI.ai. He holds a degree of Computer Science from Iqra University and specializes in Information Security & Data Privacy.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Indonesia)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Asia Data Privacy Laws Hacking hacking news Indonesia information security news IT Information Security malware Pierluigi Paganini privacy Security Affairs Security News

you might also like

Pierluigi Paganini June 28, 2025
The FBI warns that Scattered Spider is now targeting the airline sector
Read more
Pierluigi Paganini June 28, 2025
LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    The FBI warns that Scattered Spider is now targeting the airline sector

    Cyber Crime / June 28, 2025

    LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

    Malware / June 28, 2025

    Taking over millions of developers exploiting an Open VSX Registry flaw

    Hacking / June 27, 2025

    OneClik APT campaign targets energy sector with stealthy backdoors

    Hacking / June 27, 2025

    APT42 impersonates cyber professionals to phish Israeli academics and journalists

    APT / June 27, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT