Leaking E-HAC Application Data Is Evidence Of The Personal Data Protection Bill That Must Be Ratified Immediately

JAKARTA - User data in the government-made Electronic Health Alert Card (e-HAC) application is suspected of being leaked. Based on this case, the Personal Data Protection Advocacy Coalition (KA-PDP) urges the government and the DPR to immediately ratify the Personal Data Protection Bill (PDP).

The Executive Director of the Institute for Community Studies and Advocacy (ELSAM) Wahyudi Djafar, as a member of the coalition considers that the absence of the PDP Law has had an impact on various problems of legal uncertainty in the protection of personal data.

Especially, he said, related to the clarity of the obligations of data controllers and processors, protecting the rights of data subjects, as well as handling when data leak incidents occur.

"The DPR and the Government will immediately accelerate the process of discussing and ratifying the Personal Data Protection Bill, while still ensuring the active participation of all stakeholders, as well as the quality of its substance," Wahyudi said in his statement, Wednesday, September 1.

Wahyudi assessed that the ratification of the PDP Bill was important, considering the many incidents related to the exploitation of personal data. In addition, the PDP Law, if passed, will also show the importance of establishing a personal data protection authority, in order to ensure the effectiveness of the implementation and enforcement of the law in the future.

Currently, the implementation of health information systems and electronic systems such as e-HAC does have a legal basis, namely Government Regulation Number 46 of 2014 concerning Health Information Systems, Government Regulation Number 71 of 2019 concerning PTSE, and Permenkominfo Number 20 of 2016 concerning Personal Data Protection. in Electronic Systems.

However, according to him, a number of these regulations have not provided comprehensive protection for citizens' personal data.

"These various regulations have not yet fully adopted the principles of personal data protection and tend to overlap with each other, as sectoralism in data protection regulations is today," he said.

For information, the research team from the vpnMentor company found that the Indonesian Ministry of Health's COVID-19 test and tracking application, called the eHAC application, risks opening up sensitive data from around 1.3 million Indonesian citizens and foreign visitors who come to this country.

In response to this, the Head of the Data Center for the Ministry of Health, Anas Ma'ruf, said that the government was conducting an investigation into the alleged data leak.

Then, Anas Ma'ruf also asked the public to delete or uninstall the e-HAC application from their respective devices.