Archive for Indonesia

Indonesia Passes A Really Great Data Privacy Law

Posted in Commentary with tags on September 21, 2022 by itnerd

Indonesia legislators Tuesday passed the data protection bill, making data handlers liable for up to five years in jail and a maximum fine of 5 billion rupiah ($334,000) for leaking or misusing private information. Reuters have the details:

The bill’s passage comes after a series of data leaks and probes into alleged breaches at government firms and institutions in Indonesia, from a state insurer, telecoms company and public utility to a contact-tracing COVID-19 app that revealed President Joko Widodo’s vaccine records.

Lawmakers overwhelmingly approved the bill, which authorises the president to form an oversight body to fine data handlers for breaching rules on distributing or gathering personal data.

The biggest fine is 2% of a corporation’s annual revenue and could see their assets confiscated or auctioned off. The law includes a two-year “adjustment” period, but does not specify how violations would be addressed during that phase.

The legislation stipulates individuals can be jailed for up to six years for falsifying personal data for personal gain or up to five years for gathering personal data illegally.

Users are entitled to compensation for data breaches and can withdraw consent to use their data.

Noris Ismail, Managing Director of Breakwater Solutions has this to say:

     “Indonesia experienced a rollercoaster journey and huge learning & relearning curve whilst drafting and debating the Bill. It’s not surprising given President Joko Widodo’s vision to accelerate Indonesia’s digital economy transformational journey (being the 4thpopulous nation in the world which contributed 40% of Southeast Asia’s 2021 e-commerce gross Merchandise Value (GMV), at $70 billion based on the 2021 e-Conomy Southeast Asia report) and mushrooming reported data breach cases in public and private sectors. Like other evolving data privacy legislative landscape in ASEAN Member States, some of the requirements partly mirror the GDPR (but with Indonesia gravitas, persona, and legislative identity). Global organisations that are processing Indonesian dataset (inside or outside Indonesia) have 2 years to kicking off assessment and remediation leading to ‘Business As Usual (BAU)’ implementation phase. Some organisations might accelerate the latter due to lessons learned from the GDPR experience and journey – subject to existing governance, business strategy, growth, process and data processing activities. Some organisations might require a tactical approach to assess top 5-10 risks and prioritise to remediate leading to aspired defensible compliance positions (due to resource, budget, and technology constraints). Pushing forward to 2 years, we’re very keen to learn Indonesia Personal Data Protection Act (PDPA)’s regulatory enforcement approach and their ‘global data interoperability’ guidance notes particularly in data localisation and PDPA adequacy determinations (from Indonesia’s lens, in addition to, the European Commissions’ lens). It might take more than 2 years and beyond to progress, evolve and mature”

Hopefully, this sort of sort of bill gets copied in other places as this will hopefully help to reduce the number of data leaks that we see.

Blackberry Porn Banned In Indonesia…. But There’s More To It Than Just Porn

Posted in Commentary with tags , on January 13, 2011 by itnerd

RIM has a new issue that they’re dealing with. Apparently the Indonesian Government doesn’t like the fact their citizens can get porn on their Blackberries. Therefore they want it banned and RIM is trying to comply:

In a statement made available to the Jakarta Globe on Monday, RIM said it shared Communications Minister Tifatul Sembiring’s “sense of urgency” on the issue and it was “fully committed to working with Indonesia’s carriers to put in place a prompt, compliant filtering solution for BlackBerry subscribers in Indonesia as soon as possible.”

RIM also said it had been engaged with the government on the matter and continued to make it a top priority to implement satisfactory technical solutions with its carrier partners as soon as possible.

Oh yeah, you might find Indonesia’s other demands familiar. Here’s what Communications Minister Tifatul Sembiring wants as well:

Apart from blocking access to pornographic Web sites, Tifatul has also been adamant in demanding that RIM set up local servers to allow the country’s law enforcers to monitor data sent between BlackBerry users.

“All telecommunications operators in Indonesia have complied with the regulation. Why not RIM? I think that they will, but they should not delay,” the minster said.

So there is a chance that a January 21st deadline could still be enforced though. We’ll have to see how things go.

The thing is, this may not be about porn:

On Tuesday, Machfud Siddiq, a legislator from Tifatul’s Prosperous Justice Party (PKS), said the campaign was more than just about blocking porn.

He said the main purpose of the ultimatum was to highlight how RIM was “taking too much money from Indonesians without even paying any taxes here.”

“The company brings no economic benefits to Indonesia, yet they take so much money from here,” he said.

“And because the company is based in Canada, it pays taxes there, not here.”

“So this isn’t just about Web filtering,” Machfud added. “It’s about justice in doing business. Indonesia shouldn’t be treated like a cash cow.”

RIM is not required to pay taxes in Indonesia because it is not involved in the retail sale of its phones in the country.

Instead, BlackBerrys are imported by authorized local agents, who pay the requisite customs and excise fees and government sales taxes for the phones, as well as their own corporate taxes.

Gee. That sounds like a form of blackmail. In my mind, it’s a little simplistic for Sembiring to think that RIM is pilfering the country’s wealth and offering nothing in return. But what do I know.

Methinks that Indonesia needs to get a clue and join the rest of us in the 21st century.