Regulations concerning Personal Data Protection (ID0138)
Overview
At-a-Glance
Action Plan: Indonesia Action Plan 2022-2024
Action Plan Cycle: 2022
Status:
Institutions
Lead Institution: Ministry of Communication and Informatics, TIFA Foundation
Support Institution(s):
Policy Areas
Data Stewardship and Privacy, Democratizing Decision-Making, Digital Governance, Public Participation, Regulation, Regulatory GovernanceIRM Review
IRM Report: Indonesia Action Plan Review 2022-2024
Early Results: Pending IRM Review
Design i
Verifiable: Yes
Relevant to OGP Values: Yes
Ambition (see definition): Low
Implementation i
Completion: Pending IRM Review
Description
Brief Description of the Commitment
This commitment aims to encourage the preparation of regulations for the implementation of the UU PDP that are clear, effective, propositional, and in accordance with the real challenges and needs of PDP regulation through recommendations based on participatory studies.
Problem Definition
1. What problems does the commitment aim to address? The increasing use of digital personal data in various sectors in order to optimize the provision of products and services for users presents a risk to the breach of data subject privacy. Such privacy breaches can harm data subjects financially, psychologically, or reputationally. The barrage of personal data leakage cases in both the public and private sectors that have occurred over the past few years reinforces the urgency of establishing a comprehensive personal data protection legal product to provide legal certainty for data subjects. After being delayed in discussion for several years, the House of Representatives finally passed the Personal Data Protection Bill (PDP) into law. The UU PDP replaces the guarantee of personal data protection previously contained in 48 sectoral laws and regulations, covering the fields of telecommunications and informatics, population administration, health services, finance, taxation, banking, trade, industry, law enforcement, security, and education. In substance, the UU PDP has provided clarity on the formulation of regulations on several matters, but the birth of the UU PDP is not necessarily a solution to all problems of personal data protection in Indonesia. Some of the things that can still be discussed further include the provision of: (1) the balance of data protection needs and the need for public information disclosure, (2) the establishment of responsibilities and witnesses for controlling and processing personal data in the private sector and public bodies, (3) setting proportional responsibilities for controllers and processors of private sector personal data with various capacities, (4) independent pdp position and institutional structure arrangements. Therefore, in the transition period of the implementation of the UU PDP for the next 2 years where various implementing regulations will be formulated is a crucial period to support the regulation and implementation of the UU PDP that is clear, effective, propositional, and impartial. The details and depth of the various technical regulations formulated will largely determine the effectiveness of this legislation in providing legal certainty and comprehensive legal protection in the processing of personal data in Indonesia. In addition, the preparation of these implementing regulations requires the involvement of all stakeholders, in order to ensure clear regulation, answer the needs of technical arrangements, in accordance with the actual conditions of the parties charged with responsibility, and effectively protect data subjects.
2. What are the causes of the problem? The legislation process of the UU PDP in the early days tended to be open to civil society participation, but the process that took place afterwards until the ratification of the UU PDP tended to be closed and lacked the participation of interested parties, especially civil society and the private sector whose rights and obligations related to the protection of personal data were regulated in the UU PDP. In Indonesia, such legislative process has resulted in legal products that are not appropriate and the technical level is difficult by implement by the parties that has been given responsibility.
Commitment Description
1. What has been done so far to solve the problem? In the process of drafting the UU PDP since 2016, there has been participation from civil society through the Advocacy Coalition for the Protection of Personal Data (KAPDP). Civil society collaboration through its involvement with the government in the process of drafting the UU PDP is carried out, among others, through submitting an alternative Problem Inventory List (DIM), providing consultation for bill drafters on key issues, and conducting public campaigns. In the end, several recommendations of the KA-PDP were adopted in the legislative process, this shows that the involvement of civil society in the process of drafting the UU PDP is a meaningful involvement that must be continued.
2. What solution are you proposing? As a form of support for the preparation of the operationalization of the UU PDP, the implementing regulations that will be formed need to be prepared in detail, in depth, based on an understanding of good practices and real conditions in the field, as well as considering the need to synchronize various regulations related to the protection of personal data that have been sectoral. To support this process, this commitment will conduct research that serves as the basis for providing recommendations for the making of implementing regulations for the UU PDP and facilitating multi-stakeholder discussions between representatives of the government, the private sector, and civil society regarding the implementing regulations of the UU PDP.
3. What results do you want to achieve by implementing this commitment? This commitment will encourage the preparation of regulations for the implementation of the UU PDP that are clear, effective, professional, and in accordance with the real challenges and needs of PDP regulation to support the digital transformation process and the development of a safe, reliable, inclusive, and sustainable digital ecosystem. It will also promote consistent and sustainable coordination and collaboration between the government and other stakeholders, including civil society and the private sector, in the PDP arrangements in Indonesia.
Commitment Analysis
1. How will this commitment promote transparency? The drafting of regulations for the implementation of the UU PDP will transparently open public participation to produce proportionate regulation and provide legal certainty for all stakeholders, including personal data subjects who are most at risk of being harmed in the event of a PDP violation.
2. How will the commitment help foster accountability? This commitment will be transparency and public participation in the preparation of regulations for the implementation of the UU PDP which in turn can increase the accountability of the implementation process and encourage synergy and collaboration of various stakeholders. The results of the review of policy recommendations, as well as minutes and results of meetings between the government and civil society will be published in channels that are accessible to the public as a form of accountability.
3. How will the commitment improve citizen participation in defining, implementing, and monitoring solutions? In order to compile a comprehensive study and proportional recommendations, in the implementation of the process of preparing studies and recommendations for the preparation of implementing regulations for the UU PDP, this commitment will involve representatives from various civil society groups as respondents/informants.
Commitment Planning (Milestones | Expected Outputs | Expected Completion Date)
Drafting the Draft Government Regulation on PDP Institutions regarding the coordination mechanism between PDP Institutions and K/L | Availability of Draft Government Regulations on PDP Institutions regarding the coordination mechanism between PDP institutions and K/L | December 2024
Drafting recommendat ions for regulations derived from the Personal Data Protection Act regarding joint data controllers | Availability of recommendations for derivative draft regulations on joint data controllers | December 2024
Drafting the Draft Government Regulation on PDP Institutions that regulates the role of PDP Institutions in assessing the fulfillment of the requirements for transferring personal data abroad | Availability of recommendations for derivative draft government regulations on PDP institutions which regulates the role of PDP institutions in assessing the fulfillment of the requirements for transferring personal data abroad. | December 2024
Implementati on of a multistakeholder discussion forum in discussing the development of the process of drafting implementing regulations for the UU PDP | The implementation of 3 (three) multistakeholder discussion forums in discussing the development of the process of drafting implementing regulations for the UU PDP | December 2024
IRM Midterm Status Summary
Action Plan Review
Commitment 4. Implementing regulations for Personal Data Protection Law
- Verifiable: Yes
- Does it have an open government lens? Yes
- Potential for results: Modest