Digitalisation is transforming the aviation industry in radical and systemic ways. This transformation positions passengers not merely as consumers in a service-provider relationship, but as holders of digital rights embedded in every stage of their journeys. Yet Indonesia’s primary legal framework—Law No. 1 of 2009 on Aviation—was never designed to respond to the complexities of digital passenger rights or the data-driven operational environment that has become the global norm. As aviation moves toward hyper-connectivity, integrated systems, biometrics, artificial intelligence, cross-border data processing, and end-to-end travel platforms, Indonesia faces an urgent need for legal recalibration.
This article presents an expert analysis of Passenger Digital Rights (PDR), the structural limitations of Law No. 1/2009, emerging global regulatory trends, the risks of inaction, and the strategic legal reforms required for Indonesia to align with international standards.
Introduction: When Law Falls Behind Technology
Aviation stands at the forefront of global digital transformation. Within less than a decade, passenger processes have been reshaped by digital ticketing, mobile boarding passes, common-use self-service systems, biometric immigration gates, cashless payments, real-time disruption management, and intelligent baggage systems integrated with global networks.
In this rapidly changing environment, passenger data has become the operational core of the industry. Every journey produces extensive digital footprints—identity data, travel patterns, service preferences, purchase history, biometric information, and even risk profiles.
Yet while the world is advancing toward a digital rights–based framework, Indonesia still relies on a regulatory architecture created before the rise of Industry 4.0. Law No. 1/2009 effectively defines the state’s roles in safety, security, air transport, and consumer protection. Still, it contains no provisions on digital passenger data, no rules governing airline or airport digital systems, no cybersecurity obligations, no standards for platform interoperability, and no digital service traceability rights.
Aviation has become a digital industry. Our legal system still treats it as a traditional transport sector. This misalignment generates significant risks for the state, operators, and the public.
Passenger Digital Rights as a New Global Paradigm
Passenger Digital Rights (PDR) represent the latest evolution in consumer protection within aviation. The concept acknowledges that passengers interact not only with physical services—seats, baggage, gates, schedules—but with an extensive digital ecosystem that records and processes their travel data.
Across jurisdictions such as the European Union, North America, the United Kingdom, Singapore, and the UAE, PDR frameworks include key rights: the right to algorithmic transparency, automatic notifications during flight disruptions, the right to delete data after travel, the right to cybersecurity, the right to access personal data used in travel processing, and the right not to be harmed by automated decisions during delays, cancellations, or re-accommodation.
Under PDR, protection extends far beyond physical services, encompassing the entire data-processing chain.
The trend is unmistakable: aviation is moving toward data-driven passenger services. Airlines use AI for pricing; machine learning predicts weather disruptions; airports rely on biometrics for identity verification; and automated algorithms manage disruption recovery.
Without legal norms governing the roles, limits, and responsibilities of such data use, passengers risk losing control over their digital identities.
Indonesia must shift from traditional service-based consumer protection toward data-based protection. That is the essence of Passenger Digital Rights.
Structural Limitations of Law No. 1/2009
Law No. 1/2009 rests on four pillars: safety, security, air transport, and consumer protection. All remain relevant but insufficient for a digital ecosystem driven by AI and system interoperability.
Key structural gaps include: no recognition of passenger data as an object of legal protection, no cybersecurity obligations for airlines or airports, no rules on algorithmic transparency in ticket pricing, no provisions on biometric data processing at borders or terminals, no legal basis for IATA Resolution 753 digital baggage tracking, and no liability framework for digital harm or data breaches.
When data becomes a core operational asset, these omissions render the law unable to address digital realities. Indonesia must build a new legal foundation for a digital aviation ecosystem.
Emerging Legal Challenges in the Age of Aviation Digitalisation
Misalignment with global standards: ICAO incorporates cybersecurity into aviation security. IATA promotes One ID, interoperability, and AI-enabled disruption handling. Leading jurisdictions regulate passenger data tightly. Indonesia remains in the early stages with fragmented sectoral rules.
Weak state oversight of data processing: Passenger data is processed by airlines, airports, OTAs, and global platforms such as GDS providers—many outside Indonesia’s jurisdiction. Weak oversight increases risks of exploitation, manipulative pricing, and algorithmic discrimination.
Unregulated biometric data use: Biometrics, if adopted without clear safeguards, expose the public to abuse of the most sensitive category of personal data.
Undefined operator liability for digital harm; Law No. 1/2009 recognises only physical and financial loss. Digital damages—identity theft, financial fraud, long-term privacy violations—are not covered.
Legal uncertainty around the use of AI: AI now influences risk assessments, cancellations, rebooking, and pricing. Indonesia has no legal basis for oversight or redress.
These challenges show that national law lags far behind developments in digital aviation.
Consequences of Inaction
Failure to reform Indonesia’s aviation law risks: massive passenger data breaches, reduced airline competitiveness due to the inability to adopt advanced digital technologies, increased national security vulnerabilities through compromised aviation systems, international interoperability barriers, particularly with GDPR-compliant jurisdictions, and declining public trust in the aviation system due to inadequate digital protections.
These consequences will intensify as global digitalisation accelerates.
Global Trends in Digital Aviation Regulation
ICAO Cybersecurity Strategy emphasises the aviation ecosystem as a digital, highly vulnerable domain requiring coordinated global standards.
IATA One ID advocates full biometric integration supported by a global trust framework and stringent privacy safeguards.
EU Digital Air Transport Review pushes regulation of automated systems, predictive AI for security, and digital baggage tracing.
Transport Canada’s Digital Transformation Blueprint positions digital rights at the core of public service delivery.
FAA NextGen stresses data governance and liability allocation across complex technology supply chains.
Changi Airport Group’s biometric journey model highlights privacy-by-design, data minimisation, and opt-out rights—still uncommon in many developing states.
Indonesia cannot remain outside these global currents. National aviation sovereignty increasingly depends on the ability to secure citizens’ digital identities.
Direction for Reform: Building Indonesia’s Digital Aviation Legal Framework
Legal reform must begin with a fundamental revision of Law No. 1/2009, incorporating digital passenger data rights, mandatory cybersecurity standards, technology interoperability requirements, biometric data rules, AI governance, and automatic digital compensation mechanisms.
Beyond statutory revision, Indonesia needs detailed regulations on digital passenger services, clear standards for AI and biometric use, defined liability for digital harm, national digital oversight mechanisms through an independent authority, and globally interoperable aviation data systems.
Reform demands political commitment, technical capability, and coordinated engagement with industry and international stakeholders.
Closing
Indonesia stands at a critical juncture. The world is moving toward fully digital, data-centric aviation services. Passengers demand digital rights, cybersecurity, algorithmic transparency, and responsive service. Airlines and airports require legal certainty to adopt advanced technologies. The state must protect data sovereignty while strengthening the competitiveness of its aviation sector.
Law No. 1/2009 can no longer address the growing digital complexity of modern aviation. Reforming Indonesian aviation law is not merely a technical necessity—it is a strategic imperative to safeguard the future of national aviation. Indonesia must design a Digital Aviation Act that regulates passenger data protection, cybersecurity, biometrics, AI governance, and operator liability in a digital environment.
With timely reform, Indonesia can emerge as a regional leader in digital aviation governance. Without it, stagnation, competitiveness loss, and legal vulnerabilities are inevitable.
References
International Civil Aviation Organization. (2019). Aviation cybersecurity strategy.
https://www.icao.int/SAM/Documents/2019-CYBER/AVIATION%20CYBERSECURITY%20STRATEGY.en.pdf
International Air Transport Association. (2023). One ID: Transforming the passenger journey.
https://www.iata.org/en/programs/passenger/one-id/
European Commission. (2022). Digital Services Act package.
https://digital-strategy.ec.europa.eu/en/policies/digital-services-act-package
European Data Protection Board. (2020). Guidelines on biometric data and data protection.
https://edpb.europa.eu/our-work-tools/our-documents/guidelines_en
Federal Aviation Administration. (2022). NextGen annual report 2022.
https://www.faa.gov/nextgen/programs/annual-report
World Economic Forum. (2020). Known Traveller Digital Identity (KTDI) framework.
https://www.weforum.org/projects/known-traveller-digital-identity
Information Commissioner’s Office (ICO). (2023). Biometric data and smart airport investigations.
