Indonesia to Pass New Law in Response to Data Breaches
September 15, 2022 | 4 minutes read
As data breaches and cybercrimes continue to become daily occurrences around the world due to the unregulated nature of the internet, many governments are looking for new ways to protect the personal data and privacy of their respective citizens. To this point, legislators within Indonesia have announced that they are in the process of enacting a new data protection law known as the Personal Data Protection Bill that would impose significant civil and criminal penalties against businesses and organizations should they infringe upon the privacy rights of the nation’s millions of residents. Likewise, Indonesia will become the fifth Southeast Asian country to pass a comprehensive data privacy law in the past decade, joining the ranks of Thailand, the Philippines, Singapore, and Malaysia.
Moreover, the impetus for the enactment of the new data privacy legislation in the Republic of Indonesia is a sharp increase in data breaches that have taken place in the past few years. More specifically, “the country’s National Cyber and Encryption Agency said it’s investigating an alleged data leak of 105 million Indonesians. Earlier this month, authorities were investigating a data leak relating to mobile phone SIM cards that involved more than two million lines of data being released.” As a result of this alleged data breach, in addition to many others, regulators within Indonesia are facing mounting pressure to improve the cybersecurity infrastructure that currently exists within the country.
What are the proposed provisions of Indonesia’s new privacy law?
While Indonesia’s Personal Data Protection Bill is still a draft bill that must be officially ratified into law, the proposed provisions of the law are in line with other data privacy legislation that has been enacted around the region of Southeast Asia in recent years. Subsequently, the provisions of the law would require businesses to obtain consent from data subjects prior to collecting their personal information, and would also mandate that said businesses delete the personal data of their customers after the specified purpose for which such information has been collected is complete. Moreover, the law would also require that businesses take certain steps to ensure that the personal data of their customers remain protected at all times, including technical safeguards and measures, among other things.
Indonesia’s growing economy
On top of the threat that data breaches have been posing to consumers within Indonesia, another leading factor that has influenced the passing of newfound data protection legislation is the projected growth of the Indonesian economy in the next five years. In a report released by “Alphabet Inc.’s Google, Singapore’s Temasek Holdings Pte. and global business consultants Bain & Co.”, the nation’s digital economy is expected to balloon to $146 billion by as early as 2025. For this reason, the Personal Data Protection Bill will also serve to facilitate the growth of Indonesia’s digital economy, as effective and efficient cybersecurity measures are needed to give businesses the assurance that they will be able to operate without issue when engaging in commerce with the country’s citizens.
What are the penalties for violating the law?
As it concerns the regulation and enforcement of Indonesia’s Personal Data Protection Bill, businesses that fail to comply with the proposed provisions may be subject to steep penalties. To illustrate this point further, a copy of the draft law that has been obtained by Bloomberg News has confirmed that “Leaking or misusing private information may cause data operators up to five years in jail and a maximum fine of 5 billion rupiah ($337,000).” This is in addition to any further fines or penalties that may be implemented at a later date, as the Indonesian government will also be establishing an independent regulatory body that will be responsible for administering the sections of the law.
From social media platforms to financial account details, there are a number of different means by which consumers in our current marketplace share their personal information with businesses and organizations. As a result of these new channels of business and communication, governments must implement protocols that can be used to guarantee that interactions between businesses and consumers run smoothly, as any discrepancies or issues, including but not limited to data breaches, that may arise during such transactions can result in disastrous consequences for all parties involved. With all this being said, Indonesia’s Personal Data Protection Bill stands to completely alter the ways in which citizens of the country can secure the information they disclose to businesses and organizations on a global scale.