Data operators could face up to five years in jail and a maximum fine of 5 billion rupiah (RM1.5mil) for leaking or misusing private information, according to Indonesia’s new data privacy Bill set to be passed by parliament this week.
Institutions may collect personal information for a specific purpose but must erase the record once that purpose has been met, according to a copy of the draft law obtained by Bloomberg.
Relevant parties have two years to comply with the rules once it becomes law.
Indonesia is under pressure to pass the law to improve its cybersecurity as breaches at companies and government institutions intensified in the past year.
Just a few days ago, the country’s National Cyber and Encryption Agency said it’s investigating an alleged data leak of 105 million Indonesians.
Earlier this month, authorities were investigating a data leak relating to mobile phone SIM cards that involved more than two million lines of data being released.
The Personal Data Protection Bill states that consent must be obtained from each individual for records such as name, gender, and medical history, with a clear agreement in place on how the data will be used, along with accountability measures.
Each person has the right to withdraw their consent and receive compensation for any breaches.
Anyone that fabricates personal data may face up to six years in jail and as much as 6 billion rupiah (RM1.8mil) in fines.
Enacting the data privacy law is even more important as Indonesia’s digital economy is set to grow to US$146bil (RM657bil) by 2025, according to the latest report by Alphabet Inc’s Google, Singapore’s Temasek Holdings Pte and global business consultants Bain & Co Cloud data provider PT DCI Indonesia said in March a new project to set up a data centre in Bintan will only proceed once the government issue a regulation on data safety and protection.
“The new law is overdue and will, if administered correctly, be a much-needed boon for Indonesia’s large and growing tech sector,” said Joel Shen, who heads the technology practice in Asia for global law firm Withers.
The passing of the Bill would make Indonesia the fifth South-East Asian country to have a specific law on personal data protection after Singapore, Malaysia, Thailand and the Philippines. — Bloomberg