Indonesians Move to Control Their Data in 2019
Calls to regulate data storage and consumer data privacy have gained serious attention in Indonesia. Indonesians have been affected by the recent user data leaks from Twitter, Yahoo and several major Facebook breaches. Since 2015, the Government of Indonesia (GoI) through the Minister of Communication and Information, proposed a bill on private data protection. However, to date, the bill has not been delivered to the parliament for formal deliberations. Currently, there are lower level regulations that cover data protection and storage with one of the most important being the Organization of Electronic Transaction Regulation No.82/2012 (“GR82”). However, GR82 is under a long revision process and has not yet to be finalized. House Commission I believes that the government should instead continue with its effort to submit a draft bill to fully harmonize all regulations relevant to data privacy protection and data storage.
The issue of data privacy also adds attention to other online services; from e-commerce, cloud computing, streaming services, to data centers. The new draft bill will impact all these. We discuss all of these issues with Satya Yudha. Mr. Satya currently serves as the Vice Chairman of the Commission I (which oversees information and communication) in the Indonesian Parliament from the Golkar faction. Here are the key takeaways from this interview:
The Status of The Data Privacy Draft Bill
· Although this is an important bill, it has not been listed on the parliament’s National Legislation Program (Prolegnas), which sets priority bills on an annual basis. The government and parliament blame each other for not having it included. The government says the House’s Prolegnas is full which is preventing the bill from progressing while the House says the government has yet to come to a consensus internally on key articles among the various ministries.
· Satya Yudha affirms that House Commission I members are ready to cooperate with their counterparts in the government to move the draft bill forward as they all agree that regulating data and data privacy is a necessity.
· Parliament says Indonesia has had too many “wake up calls” where Indonesian user data has been illegally traded, shared, or leaked to third parties and steps must be taken to
· As this is a government initiated draft bill, Commission I is now anxiously waiting for the Ministry of Communication and Information and the Ministry of Justice and Human Rights to work together to finalize the draft so it can be added to the House’s National Legislation Program in early 2019 to be deliberated.
· The government must work fast to submit a complete draft to the House, as a complete government draft must be ready by early next year so it can be deliberated and passed before the 2014-2019 House concludes. This is a major bill and should be carefully deliberated as any unnecessary data controls could negatively impact economic growth and investment if the bill leads increased operational costs due to additional compliance burdens and data transfer restrictions for businesses.
· The content of the bill is expected to be quite comprehensive. Unlike the existing laws and regulations that govern data in specific sectors, this draft bill is intended to be all encompassing with regards to data privacy. As it stands now it will include:
Criminal sanctions of parties who do fail to protect their users data.
Provide requirements for data storage services. GoI has yet to finalize the articles but currently there will be some flexibility when it comes to requiring companies to establish their data centers onshore but will need to decide who should be in control of data centers and which need to be located in Indonesia. Satya believes that GoI should have more control of data centers in Indonesia.
Many others yet to be finalized.
· The business community should be reaching out to both the House and key ministries to provide their input on this bill now.
· A key government regulation on Organization of Electronic Transaction (GR No. 82/2012), is currently under review for revision and GoI hopes to include new articles on data privacy and data storage but Commission I believes that a new law would have to be passed first to fully harmonize all regulations relevant to both of these issues.
· Since our interview with Mr. Satya, the Director General at the Ministry of Communication and Information, Samuel Abrijani Pangerapan, said that there’s a need to create an “ecosystem” that would encourage companies to have data centers onshore, including companies whose data is considered “high-risk”. The ministry has given unclear definitions as to what “high-risk” means.
Foreign Companies and the Data Privacy Bill
· In general, Satya Yudha maintains that Indonesia should be open to foreign investors as much as possible but stressed that the laws and regulations of Indonesia country must be respected, especially when it involves data that relates to “national security”. He hopes to invite the business community and civil society leaders to hear their input so all sides will accept the bill.
· Companies such as Netflix, Amazon Prime Video and other foreign streaming services, will likely be required to allocate a percentage of their content libraries to local programs to fulfill local content quotas in a move similar to the European Union’s Audio Visual Law. However, Satya stressed that although there will be a local content requirement, there may be some flexibility to ensure that there would be enough Indonesian content to fill that quota.
· Satya says he would welcome a move by Amazon to enter Indonesia’s growing e-commerce market as long as it would create healthy competition for local players and increase their service quality.