On January 28th, Indonesia’s Ministry of Communication and Information Technology announced that the final draft for the Personal Data Protection Act has been submitted to the president of Indonesia.
The PDP Draft Law is now sitting with the House of Representatives and other concerned government officials. The press has been informed that they expect the draft law to be enacted this year.
Indonesia’s adaptation of the law heavily resembles the European Union’s GDPR. The draft bill accedes to almost all rights of data subjects as per the GDPR as well as the general regulations in regards to personal data processing.
Some key highlights are:
Some key provisions in the draft personal data protection law are:
Any data that can be identifiable on its own or combined with other information, both direct and indirect through electronic or non-electronic systems.
In line with GDPR’s concept of sensitive personal data, the bill clearly differentiates between general personal data and specific personal data.
Data controllers are the parties that determine the purpose and control the processing of data such as e-commerce platforms. Whereas data processors are the ones which process the data on behalf of the data controller, third party payment systems providers for eg.
The draft clearly differentiates that the data controller shall be held legally responsible for any data processing activities provided that the concerned data processor acts in accordance with the instructions given. If that isn’t the case, the data processor bears full legal responsibility.
The daft strictly prohibits monetization or profiling of personal data without “explicit consent”.
The draft has laid out strict regulations in regards to offshore data transfers. Offshore data transfer shall only be allowed if:
How To Protect Your Data Until the Law Is Fully Implemented?
The recent happenings in the Indonesian cybersecurity landscape suggest that the law shall be in full swing sooner than later. But until then, it falls upon users to safeguard their personal data from cyber snoopers and mongers. Here are a few things you can do.
Public Wi-Fi networks such as cafes and bus stations are breeding ground for hackers. Never use them without proper security measures such as using a VPN. A VPN removes all traces leading back to your original IP address and encrypts your connection to allow safe and private browsing.
Software updates often come with releases that patch bugs and security vulnerabilities upon discovery. Make sure that your softwares, especially the OS, is fully updated.
Use a strong and complex password for your accounts. Ideally, a strong password must comprise at least 7-10 characters, including numbers, symbols, and capital and lowercase letters.
It sounds simple but this simple hack goes a long way in protecting your personal data. Disabling on-screen notifications for text messages and social media apps to keep prying eyes at bay.
Govt to Expedite the Process Amid Massive Security Breaches
In the light of the increasing influence of security breaches in 2020, the government is expected to expedite the adaptation process.
In a recent security breach of Indonesian government’s database, private information of as much as 2.3 million voters’ was illicitly released on a hacker website. The General Election Commission (KPU) had also confirmed the authenticity of the data, such as home addresses and national identification numbers.
Indonesia is the world’s fourth largest country in terms of population and the leak of electoral data can have grave consequences needless to say. However, one of the commissioners denied that the leak initiated from the commission’s servers. The same data had been legally shared with the electoral candidates and political parties, he further added.
Earlier in June, another alleged breach of COVID-19 test results of Indonesian citizens shook the entire nation to its core. On June 18th, a hacker claimed to have infiltrated the test results as well as personal details of a whopping 230,000 people on an online forum. The information he claimed to have available included names, addresses, phone numbers, ages, and nationalities. The government has denied any incident of such nature but an investigation has been launched to get to the bottom of the story.
Communication and Information Technology Minister Johnny G. Plate said in a recent interview that the president assigned him some special jobs when he was appointed.
“The first message from him is to ensure data sovereignty and security; secondly, to deal with cyber crimes; and thirdly, to develop the information technology industry,” Johnny. G. Plate said
“We are entering an era where data is an economic resource much more valuable than oil and gas,” he added.
The government is speeding up the consideration work of the bill with the house of representatives to make up for the “very late move” it has taken, another minister said in a recent interview.
Wrapping It Up
Indonesia is a developing country in the process of digitizing its economy. In the last few years, there has been an unprecedented surge in internet and mobile usage with rapid development of online portals such as e-commerce platforms. Needless to say that it brings forth more challenges for the government to protect the citizens’ personal data. With the full implementation of draft personal data protection law in Indonesia, it is safe to assume that the future seems more secure and private for Indonesians.
Author Name: Anas Baig
Author Bio: With a passion for working on disruptive products, Anas Baig is currently working as a Product Lead at the Silicon Valley based company – SECURITI.ai. He holds a degree of Computer Science from Iqra University and specializes in Information Security & Data Privacy.
(SecurityAffairs – hacking, Indonesia)