Indonesia: Upcoming Data Privacy Law and Regulation
Managing IP is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Indonesia: Upcoming Data Privacy Law and Regulation

There is a positive development in data privacy protection in Indonesia, due to the issuance of a draft Ministerial Regulation on Data Protection (Draft Regulation) by the Ministry of Communications and Informatics of the Republic Indonesia (MOCI). This Draft Regulation was prepared as one of the implementing regulations of Law No 11 of 2008 on Electronic Information and Transactions (EIT Law) and Government Regulation No 82 of 2012 on the Implementation of Electronic Systems and Transactions (GR 82). In October 2015, the government also issued a draft Data Protection Law (Draft Law).

Until now, there is no confirmation on the issuance date of both the Draft Regulation and Draft Law.

In general, the Draft Law is aimed at bringing Indonesia in line with some other jurisdictions when it comes to protecting data privacy, which should be essential since, until now, there is no law and regulation in Indonesia specifically regulating data privacy issues.

The Draft Law contains a definition of "personal data" which includes data of a person's life that can be identified automatically or combined with other information through electronic or non-electronic systems. It also specifically regulates that all data such as religion/belief, health, physical and mental condition, sex life and financial information is deemed as "sensitive personal data".

Moreover, according to the Draft Law, personal data operators are prohibited from transferring personal data to other countries unless the receiving country has personal data protection measures consistent with the Draft Law. This does not apply if (i) there is a contract between the personal data operator and the offshore data receiver; or (ii) there is a bilateral agreement.

The personal data operator must secure consent before transferring the data, and the data receiver cannot use the personal data except for the use that the data owner has consented to. The personal data operator must also notify the data owner in case of a merger, spin-off, consolidation or other business transactions that may affect the implementation, management or transfer of personal data.

Under the Draft Regulation, electronic system operators that will make cross-border data transfers must first coordinate with the MOCI on the transfer plan and the results of the transfer activities. Moreover, if anyone wishes to show, publish, send or disseminate personal data, or open the access to its electronic system to the public, such personal data should be derived from an electronic system dedicated to public service.

The Draft Regulation also provides time requirements for personal data storage, which is five years at minimum, in the absence of laws regulating data storage in relevant business sectors.


Daru Lukiantono

Wiku Anindito

Hadiputranto, Hadinoto & PartnersThe Indonesia Stock Exchange Building, Tower II, 21st FloorSudirman Central Business DistrictJl. Jendral Sudirman Kav 52-53Jakarta 12190, IndonesiaTel: +62 21 2960 8888Fax: +62 21 2960

more from across site and ros bottom lb

More from across our site

A team of lawyers who joined Norton Rose Fulbright from Polsinelli say they were drawn to the firm's global platform
We provide a rundown of Managing IP’s news and analysis from the week, and review what’s been happening elsewhere in IP
Lawyers say a ruling concerning liability for trademark infringement could give company directors an easy way out and create litigation uncertainty
The LMG Life Sciences Awards announces the winners for the 5th annual awards
Some US lawyers have strengthened their connections with European firms as they help clients determine whether the UPC will become a 'centre of gravity'
In the latest episode, the team discusses the battle to take control of listed company and IP business Qantm IP, and looks at some recent hiring trends
To mark Mental Health Awareness Week, lawyers explain how they manage their mental health, and how they pluck up the courage to ask themselves difficult questions
IP lawyers unpick a case heard at the CJEU’s Grand Chamber this week that could potentially create a new world for litigation in Europe
A lawyer who replied to a cease-and-desist letter with just two words has shown others how to deal with vexatious infringement allegations
The suggested rule change surrounding terminal disclaimers could ease the burden on defendants, but risks complicating prosecution strategies
Gift this article