Image: Reuters Berita 24 English - On Tuesday, the Indonesian parliament passed a bill to protect personal data . If someone is found to ha...
 |
| Image: Reuters |
The bill was passed after a series of data leaks and investigations into alleged security breaches at government firms and institutions in Indonesia, including a state insurer, telecoms company, and public utility, as well as a contact-tracing app called COVID-19 that showed the vaccine records of President Joko Widodo.
The bill was passed by a large majority of lawmakers. It gives the president the power to set up a watchdog group that can fine data handlers who break the rules about sharing or collecting personal data.
The biggest fine is 2% of a company's annual income, and the company's assets could be taken away or sold at auction. The law has a two-year "adjustment" period, but it doesn't say what would happen if someone broke it during that time.
The law says that people can go to jail for up to six years if they lie about their personal information to make money or for up to five years if they steal personal information.
Users are entitled to compensation if their data is stolen, and they can stop giving permission to use their data at any time.
Johnny G. Plate, the communications minister, said that the passing of the bill "marks a new era in the way personal data is managed in Indonesia, especially on the digital front."
A member of the commission in charge of the law, Abdul Kharis Almasyhari, said that it would mean the state was protecting the personal information of its people.
Lawmakers say that the law has been in the works since 2016, but it hasn't been passed yet because of disagreements about fines and who should run the oversight body. The government said that the law was based on laws from the European Union.
Expert on data protection Satriyo Wibowo, who was consulted while it was being written, said it would force companies to improve how they protect data.
Wahyudi Djafar, who works for the Institute for Policy Research and Advocacy and does research on data protection, questioned whether the penalties were strong enough to force government agencies to improve how they handle data.
