For the past two years, cases of personal data breaches in Indonesia have been rising. Some major personal data breach cases include the electronic Health Alert Card (eHAC) in August 2021, the Healthcare and Social Security Agency (BPJS Kesehatan) in May 2021, and the data breach of Tokopedia users in May 2020. Not to mention numerous minor personal data breaches these past two years. Those personal data breach cases caused concern considering Indonesia is one of the most significant internet users in the world.
According to Asosiasi Penyelenggara Jasa Internet Indonesia (APJII), internet users in Indonesia reached 210 million in 2022—which means 77 percent of the Indonesian population are now using the internet. The data breach cases raise a question: is the digital space safe for everyone? And why is personal data protection so important in the digital world?
According to General Data Protection Regulation or GDPR—an EU law on data protection and privacy in the European Union—personal data is any information relating to an identified or identifiable natural person. It may include name, date of birth, home address, email address, phone number, and identification number. Personal data is as valuable as oil and gas in this digital age. Someone can lose all the money in his bank account if his data is leaked. Someone can also lose his confidential information and job if his data is leaked. That is why the lack of personal data protection can put someone’s life in danger. At the government scale, it can be a threat to national security.
Furthermore, personal data is one of the fundamental rights owned by individuals called the right to privacy. It is mentioned in Article 12 of the Universal Declaration on Human Rights (UDHR) and Article 17 of the International Covenant on Civil and Political Rights (ICCPR). It is also mentioned in our Constitution, specifically in Article 28G. As one of the fundamental rights, personal data must be legally protected. Many countries have enacted laws concerning personal data protection. For example, Singapore that passed the Personal Data Protection Act 2012 (PDPA) in 2012 and General Data Protection Regulation (GDPR), which came into force in May 2018 and became the European Union data protection law. What about our country?
In fact, Indonesia has some regulations related to data protection, such as the Law on Electronic Information and Transactions (EIT Law) and the Regulation of the Minister of Communication and Informatics No. 20 of 2016 on the Protection of Personal Data in Electronic Systems. However, we have no regulation that protects personal data in particular. In 2019, the government, represented by the Ministry of Communication and Information Technology, proposed the personal data protection regulation to be discussed in the House of Representatives. It became a bill in 2019 named Rancangan Undang-Undang Perlindungan Data Pribadi (RUU PDP), but until today it has been enacted yet. The bill regulates the principles of personal data protection, the type of personal data, the rights of the data owner, the obligations of the personal data processor and controller, and the penalties. All of them are essential to protecting personal data.
Those data breach cases mentioned above must urge the House of Representatives and the government to enact the bill as soon as possible. The bill’s enactment will give citizens a sense of security when they set foot in digital space since their personal data is protected. In addition, every stakeholder needs to tighten their digital security so personal data breaches will not happen again.
The internet has already become an essential thing that cannot be separated from our life, and since then, we have lived in two worlds–the real and the digital one. That is why we need our data to be protected to guarantee our privacy and safety, only that the digital world will be a safe space for everyone.
References:
Agustini, Pratiwi. “Rancangan Undang-Undang Perlindungan Data Pribadi.” Kominfo. September 17, 2019. https://aptika.kominfo.go.id/2019/09/rancangan-undang-undang-perlindungan-data-pribadi/.
Akbar, Caesar. “6 Major Data Breach in Indonesia in Past 1.5 Years.” Tempo. September 3, 2021. https://en.tempo.co/read/1501851/6-major-data-breach-cases-in-indonesia-in-past-1-5-years.
APJII. “Profil Internet Indonesia 2022.” June 2022. APJII.
European Union. General Data Protection Regulation (GDPR). Article 4.
