Indonesian lawmakers pass personal data protection legislation at long last
After nearly six years of back and forth, Indonesia’s parliament has finally passed the country’s data protection bill into law, thus introducing a legal framework for managing personal data in the Southeast Asian nation.
The new law comes into force in the context of reported data breaches from government agencies and other institutions. It imposes sanctions for data collection, storage and management malpractices by local businesses and international corporate bodies, including fines and jail terms, according to a Reuters report.
Going by the law, corporations guilty of data mishandling can pay a fine of up to 2 percent of their annual corporate earnings as well as possible auctioning of some of their assets, writes Reuters.
Per the law, persons who falsify personal data for greedy ends could spend up to six years in jail, while those who collect personal data without following due process could remain behind bars for up to five years.
The legislation prescribes compensation for data subjects who suffer data breaches and allows them the right to withdraw consent for the usage of their data if they deem it necessary.
The Indonesian president also received the green light to set up an oversight commission to oversee the progressive implementation of the law, which will go through a two-year “adjustment” period, notes Reuters.
The outlet quotes Indonesia’s Minister of Communication Johnny G. Plate as underscoring the importance of the data protection law: “one of the obligations for electronic data organizers, whether public or private, is to ensure the protection of personal data in their system.”
One of the lawmakers who vetted the law told Reuters it would ease personal data transactions between Indonesia and other countries with similar data protection regulations.
Meanwhile, ZDNet reports that the recently passed bill will be ratified this coming Tuesday.
According to the technology publication, the bill’s approval means Indonesia has joined other countries in Southeast Asia, like Singapore and Thailand, which have specific legislation on personal data protection.
Biometrics are increasingly used for a range of applications in Indonesia, such as digital banking services.
Data protection is a significant issue in legal and digital identity, and many countries worldwide, such as Nigeria and Togo, are working towards putting in place data protection laws.