Protection of Privacy in Indonesia

Abstract Technology Network Background

By Denny Rahmansyah and Saprita Tahir

With regard to private and family life in Indonesia, Article 28(G) of the 1945 Constitution provides that every person has the right to: (i) Protection of their personal selves, families, respect, dignity and possessions under their control; and (ii) Security and protection from threat of fear for doing, or not doing, something which constitutes a human right.

Article 28(G) is considered the basis for more specific data privacy legislation. However, there is no specific law in Indonesia that regulates respect for private and family life. As of the time of this writing, the most relevant regulations for the protection of privacy are related to personal data protection.

Protection of Personal Data

Provisions on the protection of personal data can be found in Law No. 11 of 2008 regarding Electronic Information and Transactions, as amended by Law No. 19 of 2016 (the “Electronic Information Law”). The procedural guidelines for the Electronic Information Law are contained in Government Regulation No 82 of 2012 regarding the Implementation of Electronic Systems and Transactions (“Government Regulation 82″).

However, none of these regulations provide a comprehensive set of provisions for the protection of personal data, but rather simply provide the general idea of personal data protection without specific guidelines. On December 1, 2016, the Minister of Communication and Informatics (“MOCI”) issued a regulation specifically for the protection of personal data that is contained in an electronic system, namely MOCI Regulation No 20 of 2016 regarding Personal Data Protection in Electronic Systems (“MOCI Regulation 20″). MOCI Regulation 20 is an implementing regulation for the Electronic Information Law and Government Regulation 82.

The Ministry of Law and Human Rights (“MOLHR”) and the MOCI are still finalizing the draft law on Personal Data Protection (“PDP Draft Law”), which was initially targeted for issuance in 2017. The enactment of the PDP Draft Law would result in the first comprehensive law in Indonesia that specifically deals with the protection of personal data.

The MOCI is also preparing a draft amendment to Government Regulation 82 (“GR 82 Draft Amendment”), in coordination with Indonesia’s central bank, Bank Indonesia, the Financial Services Authority (Otoritas Jasa Keuangan or “OJK”), the MOLHR and the National Agency for Food and Drug Supervision (Badan Pengawas Obat dan Makanan or “BPOM”).

It is rumored that the GR 82 Draft Amendment is in the finalization stage and will be ready for issuance in the near future. In its current form, the GR 82 Draft Amendment introduces several new categories of data and sets forth several amendments including to the definition of electronic system provider for “public service” and the process for deleting electronic information and documents.

This publication is intended for informational purposes only and does not constitute legal advice. Any reliance on the material contained herein is at the user’s own risk. You should contact a lawyer in your jurisdiction if you require legal advice. All SSEK publications are copyrighted and may not be reproduced without the express written consent of SSEK.

Leave a Reply